mirror of
https://github.com/nextcloud/server.git
synced 2026-04-29 18:11:41 -04:00
Sanitizing the user input to prevent a reflected XSS. Thanks to Nico Golde (ngolde.de)
This commit is contained in:
Lukas Reschke
Jörn Friedrich Dreyer
parent
eadb894eff
commit
63d6884e23
1 changed files with 38 additions and 38 deletions
|
|
@ -14,7 +14,7 @@ div.visible { opacity: 0.8;}
|
|||
</style>
|
||||
<script type="text/javascript">
|
||||
|
||||
var root = "<?php echo $root; ?>";
|
||||
var root = "<?php echo htmlentities($root); ?>";
|
||||
|
||||
function explode(element) {
|
||||
$('div', element).each(function(index, elem) {
|
||||
|
|
@ -83,56 +83,56 @@ $tl = new \OC\Pictures\TilesLine();
|
|||
$ts = new \OC\Pictures\TileStack(array(), '');
|
||||
$previous_element = @$images[0];
|
||||
|
||||
$root_images = array();
|
||||
$second_level_images = array();
|
||||
|
||||
$root_images = array();
|
||||
$second_level_images = array();
|
||||
|
||||
$fallback_images = array(); // if the folder only cotains subfolders with images -> these are taken for the stack preview
|
||||
|
||||
for($i = 0; $i < count($images); $i++) {
|
||||
$prev_dir_arr = explode('/', $previous_element);
|
||||
$dir_arr = explode('/', $images[$i]);
|
||||
|
||||
if(count($dir_arr) == 1) { // getting the images in this directory
|
||||
$root_images[] = $root.$images[$i];
|
||||
} else {
|
||||
if(strcmp($prev_dir_arr[0], $dir_arr[0]) != 0) { // if we entered a new directory
|
||||
if(count($second_level_images) == 0) { // if we don't have images in this directory
|
||||
if(count($fallback_images) != 0) { // but have fallback_images
|
||||
$tl->addTile(new \OC\Pictures\TileStack($fallback_images, $prev_dir_arr[0]));
|
||||
$fallback_images = array();
|
||||
}
|
||||
} else { // if we collected images for this directory
|
||||
$tl->addTile(new \OC\Pictures\TileStack($second_level_images, $prev_dir_arr[0]));
|
||||
$fallback_images = array();
|
||||
$second_level_images = array();
|
||||
}
|
||||
}
|
||||
if (count($dir_arr) == 2) { // These are the pics in our current subdir
|
||||
$second_level_images[] = $root.$images[$i];
|
||||
$fallback_images = array();
|
||||
} else { // These are images from the deeper directories
|
||||
if(count($second_level_images) == 0) {
|
||||
$fallback_images[] = $root.$images[$i];
|
||||
}
|
||||
}
|
||||
// have us a little something to compare against
|
||||
$previous_element = $images[$i];
|
||||
if(count($dir_arr) == 1) { // getting the images in this directory
|
||||
$root_images[] = $root.$images[$i];
|
||||
} else {
|
||||
if(strcmp($prev_dir_arr[0], $dir_arr[0]) != 0) { // if we entered a new directory
|
||||
if(count($second_level_images) == 0) { // if we don't have images in this directory
|
||||
if(count($fallback_images) != 0) { // but have fallback_images
|
||||
$tl->addTile(new \OC\Pictures\TileStack($fallback_images, $prev_dir_arr[0]));
|
||||
$fallback_images = array();
|
||||
}
|
||||
} else { // if we collected images for this directory
|
||||
$tl->addTile(new \OC\Pictures\TileStack($second_level_images, $prev_dir_arr[0]));
|
||||
$fallback_images = array();
|
||||
$second_level_images = array();
|
||||
}
|
||||
}
|
||||
if (count($dir_arr) == 2) { // These are the pics in our current subdir
|
||||
$second_level_images[] = $root.$images[$i];
|
||||
$fallback_images = array();
|
||||
} else { // These are images from the deeper directories
|
||||
if(count($second_level_images) == 0) {
|
||||
$fallback_images[] = $root.$images[$i];
|
||||
}
|
||||
}
|
||||
// have us a little something to compare against
|
||||
$previous_element = $images[$i];
|
||||
}
|
||||
}
|
||||
|
||||
// if last element in the directory was a directory we don't want to miss it :)
|
||||
if(count($second_level_images)>0) {
|
||||
$tl->addTile(new \OC\Pictures\TileStack($second_level_images, $prev_dir_arr[0]));
|
||||
// if last element in the directory was a directory we don't want to miss it :)
|
||||
if(count($second_level_images)>0) {
|
||||
$tl->addTile(new \OC\Pictures\TileStack($second_level_images, $prev_dir_arr[0]));
|
||||
}
|
||||
|
||||
// if last element in the directory was a directory with no second_level_images we also don't want to miss it ...
|
||||
if(count($fallback_images)>0) {
|
||||
$tl->addTile(new \OC\Pictures\TileStack($fallback_images, $prev_dir_arr[0]));
|
||||
// if last element in the directory was a directory with no second_level_images we also don't want to miss it ...
|
||||
if(count($fallback_images)>0) {
|
||||
$tl->addTile(new \OC\Pictures\TileStack($fallback_images, $prev_dir_arr[0]));
|
||||
}
|
||||
|
||||
// and finally our images actually stored in the root folder
|
||||
for($i = 0; $i<count($root_images); $i++) {
|
||||
$tl->addTile(new \OC\Pictures\TileSingle($root_images[$i]));
|
||||
// and finally our images actually stored in the root folder
|
||||
for($i = 0; $i<count($root_images); $i++) {
|
||||
$tl->addTile(new \OC\Pictures\TileSingle($root_images[$i]));
|
||||
}
|
||||
|
||||
echo $tl->get();
|
||||
|
|
|
|||
Loading…
Reference in a new issue