Re: [Owncloud] App Mail Notify approve

[Jascha Burmeister]

Okay, I did. http://apps.owncloud.com/content/show.php?content=155982 :) -- Jascha Burmeister Screendesign WortBildTon Werbeagentur GmbH Hofholzallee 92, 24109 Kiel Tel.: +49 (0) 431 99 07 00 Fax.: +49 (0) 431 99 07 07 Leo: +49 (0) 431 99 07 900 E-Mail: burmeis...@wortbildton.de Internet: www.wortbildton.de ---------------------------------------------- Sitz der Gesellschaft: Kiel Amtsgericht Kiel, HRB 3915 Geschäftsführer: Sibylla Noack, Bernd Baumeister ----------------------------------------------

BEGIN:VCARD
VERSION:3.0
CLASS:PUBLIC
PRODID:-//class_vcard from TroyWolf.com//NONSGML Version 1//EN
REV:2013-07-22 14:45:08
FN:Jascha Burmeister
N:Burmeister;Jascha;;;
ORG:WortBildTon Werbeagentur GmbH
ADR;TYPE=work:;;Hofholzallee 92;Kiel;;24109;
EMAIL;TYPE=internet,pref:burmeis...@wortbildton.de
TEL;TYPE=work,voice:0431 99 07 00
TEL;TYPE=work,fax:0431 99 07 07
URL;TYPE=work:http://www.wortbildton.de
TZ:+0200
END:VCARD

Am 24.07.2013 um 14:46 schrieb Bernhard Posselt <nukeawh...@gmail.com>: Just upload the new package. On 07/24/2013 02:43 PM, Jascha Burmeister wrote: Hi, we want to save it in a variable to use it in a html mail… So the p() function uses print. We looked into it and found the OC_Util::sanitizeHTML(). I think this should fix the XSS stuff :) foreach($filenames as $file){ $url_path = OCP\Util::linkToAbsolute('files','index.php').'/download'.OC_Util::sanitizeHTML($file['path']); $link_text = basename($file['path']); $str_filenames .= '<li> <a href="" target="_blank">'. OC_Util::sanitizeHTML($link_text).'</a>  <font color="#696969">('.OC_Util::sanitizeHTML($file['owner']).')</font> </li>'; } So I'm waiting for an admin who approve my app in the "app store". telcy / Jascha Burmeister Am 24.07.2013 um 13:35 schrieb Bernhard Posselt <nukeawh...@gmail.com>: Line 299 and 300 in lib/mailing.php contain XSS. Please either lookup how to prevent XSS in PHP or even better: consider splitting your logic and view by using templates (oc templates provide p() which does all the escaping for you) On 07/24/2013 12:58 PM, Jascha Burmeister wrote: Hi, Any dev there who can approve my app? http://apps.owncloud.com/content/show.php/Mail+Notification?content=155982 Thank you telcy Jascha Burmeister _______________________________________________ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud

_______________________________________________
Owncloud mailing list
Owncloud@kde.org
https://mail.kde.org/mailman/listinfo/owncloud