Merge branch 'master' into oc_error

apps/contacts/js/contacts.js

@@ -1699,5 +1699,7 @@ $(document).ready(function(){
 	}
 	$('#contacts_propertymenu_dropdown a').click(propertyMenuItem);
 	$('#contacts_propertymenu_dropdown a').keydown(propertyMenuItem);
+
+	Contacts.UI.loadHandlers();
+	Contacts.UI.Contacts.update();
 });
-Contacts.UI.Contacts.update();

apps/files_archive/lib/storage.php

@@ -49,6 +49,7 @@ class OC_Filestorage_Archive extends OC_Filestorage_Common{
 		OC_FakeDirStream::$dirs[$id]=$content;
 		return opendir('fakedir://'.$id);
 	}
+	public function readdir($path){}
 	public function stat($path){
 		$ctime=filectime($this->path);
 		$path=$this->stripPath($path);

apps/files_sharing/sharedstorage.php

@@ -139,6 +139,8 @@ class OC_Filestorage_Shared extends OC_Filestorage {
 		}
 	}
 	
+	public function readdir( $path ) {}
+	
 	public function is_dir($path) {
 		if ($path == "" || $path == "/") {
 			return true;

apps/files_versions/versions.php

@@ -303,66 +303,88 @@ class Storage {
          */
         public static function expireAll() {
 	
-		function deleteAll($directory, $empty = false) {
+		function deleteAll( $directory, $empty = false ) {
 		
-			if(substr($directory,-1) == "/") {
-				$directory = substr($directory,0,-1);
+			// strip leading slash
+			if( substr( $directory, 0, 1 ) == "/" ) {
+			
+				$directory = substr( $directory, 1 );
+				
+			}
+			
+			// strip trailing slash
+			if( substr( $directory, -1) == "/" ) {
+			
+				$directory = substr( $directory, 0, -1 );
+				
 			}
 
-			if(!file_exists($directory) || !is_dir($directory)) {
+			$view = new \OC_FilesystemView('');
+			
+			if ( !$view->file_exists( $directory ) || !$view->is_dir( $directory ) ) {
 			
 				return false;
 				
-			} elseif(!is_readable($directory)) {
+			} elseif( !$view->is_readable( $directory ) ) {
 			
 				return false;
 				
 			} else {
 			
-				$directoryHandle = opendir($directory);
+				$foldername = \OCP\Config::getSystemValue('datadirectory') .'/' . \OCP\USER::getUser() .'/' . $directory; // have to set an absolute path for use with PHP's opendir as OC version doesn't work
+				
+				$directoryHandle = opendir( $foldername );	
 			
-				while ($contents = readdir($directoryHandle)) {
+				while ( $contents = $view->readdir( $directoryHandle ) ) {
 				
-					if( $contents != '.' && $contents != '..') {
+					if ( $contents != '.' && $contents != '..') {
 						
 						$path = $directory . "/" . $contents;
 					
-						if( is_dir($path) ) {
+						if ( $view->is_dir( $path ) ) {
 							
-							deleteAll($path);
+							deleteAll( $path );
 						
 						} else {
-						
-							unlink($path);
+							
+							$view->unlink( \OCP\USER::getUser() .'/' . $path ); // TODO: make unlink use same system path as is_dir
 						
 						}
 					}
 				
 				}
 			
-				closedir( $directoryHandle );
+				//$view->closedir( $directoryHandle ); // TODO: implement closedir in OC_FSV
 
-				if( $empty == false ) {
+				if ( $empty == false ) {
 				
-					if(!rmdir($directory)) {
+					if ( !$view->rmdir( $directory ) ) {
 					
 						return false;
 						
 					}
 					
-				}
+ 				}
 			
 				return true;
 			}
 			
 		}
+		
+		$dir = \OCP\Config::getSystemValue('files_versionsfolder', Storage::DEFAULTFOLDER);
+		
+		deleteAll( $dir, true );
+
+// 		if ( deleteAll( $dir, 1 ) ) {
+// 		
+// 			echo "<h1>deleted ok</h1>";
+// 			
+// 		} else {
+// 			
+// 			echo "<h1>not deleted</h1>";
+// 			
+// 		}
 	
-		/*	
-		// FIXME: make this path dynamic
-		$dir = '/home/samtuke/owncloud/git/oc5/data/admin/versions';
-
-		( deleteAll( $dir, 1 ) ? return true : return false );
-		*/
         }
 
 

apps/media/js/collection.js

@@ -97,13 +97,13 @@ Collection={
 					if(artist.name && artist.songs.length>0){
 						var tr=template.clone().removeClass('template');
 						if(artist.songs.length>1){
-							tr.find('td.title a').text(artist.songs.length+' '+t('media','songs'));
-							tr.find('td.album a').text(artist.albums.length+' '+t('media','albums'));
+							tr.find('td.title a').html(artist.songs.length+' '+t('media','songs'));
+							tr.find('td.album a').html(artist.albums.length+' '+t('media','albums'));
 						}else{
-							tr.find('td.title a').text(artist.songs[0].name);
-							tr.find('td.album a').text(artist.albums[0].name);
+							tr.find('td.title a').html(artist.songs[0].name);
+							tr.find('td.album a').html(artist.albums[0].name);
 						}
-						tr.find('td.artist a').text(artist.name);
+						tr.find('td.artist a').html(artist.name);
 						tr.data('artistData',artist);
 						tr.find('td.artist a').click(function(event){
 							event.preventDefault();

apps/media/lib_scanner.php

@@ -79,19 +79,19 @@ class OC_MEDIA_SCANNER{
 			OCP\Util::writeLog('media',"error reading artist tag in '$file'",OCP\Util::WARN);
 			$artist='unknown';
 		}else{
-			$artist=strip_tags(stripslashes($data['comments']['artist'][0]));
+			$artist=OCP\Util::sanitizeHTML(stripslashes($data['comments']['artist'][0]));
 		}
 		if(!isset($data['comments']['album'])){
 			OCP\Util::writeLog('media',"error reading album tag in '$file'",OCP\Util::WARN);
 			$album='unknown';
 		}else{
-			$album=strip_tags(stripslashes($data['comments']['album'][0]));
+			$album=OCP\Util::sanitizeHTML(stripslashes($data['comments']['album'][0]));
 		}
 		if(!isset($data['comments']['title'])){
 			OCP\Util::writeLog('media',"error reading title tag in '$file'",OCP\Util::WARN);
 			$title='unknown';
 		}else{
-			$title=strip_tags(stripslashes($data['comments']['title'][0]));
+			$title=OCP\Util::sanitizeHTML(stripslashes($data['comments']['title'][0]));
 		}
 		$size=$data['filesize'];
 		if (isset($data['comments']['track']))

apps/user_ldap/group_ldap.php

@@ -166,7 +166,9 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 				$result[] = OC_LDAP::dn2username($ldap_users[0]);
 				continue;
 			} else {
-				$result[] = OC_LDAP::dn2username($member);
+				if($ocname = OC_LDAP::dn2username($member)){
+					$result[] = $ocname;
+				}
 			}
 		}
 		if(!$isMemberUid) {

apps/user_ldap/lib_ldap.php

@@ -166,11 +166,14 @@ class OC_LDAP {
 	 * @brief returns the internal ownCloud name for the given LDAP DN of the group
 	 * @param $dn the dn of the group object
 	 * @param $ldapname optional, the display name of the object
-	 * @returns string with with the name to use in ownCloud
+	 * @returns string with with the name to use in ownCloud, false on DN outside of search DN
 	 *
 	 * returns the internal ownCloud name for the given LDAP DN of the group
 	 */
 	static public function dn2groupname($dn, $ldapname = null) {
+		if(strrpos($dn, self::$ldapBaseGroups) !== (strlen($dn)-strlen(self::$ldapBaseGroups))) {
+			return false;
+		}
 		return self::dn2ocname($dn, $ldapname, false);
 	}
 
@@ -180,9 +183,12 @@ class OC_LDAP {
 	 * @param $ldapname optional, the display name of the object
 	 * @returns string with with the name to use in ownCloud
 	 *
-	 * returns the internal ownCloud name for the given LDAP DN of the user
+	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
 	 */
 	static public function dn2username($dn, $ldapname = null) {
+		if(strrpos($dn, self::$ldapBaseUsers) !== (strlen($dn)-strlen(self::$ldapBaseUsers))) {
+			return false;
+		}
 		return self::dn2ocname($dn, $ldapname, true);
 	}
 

index.php

@@ -122,7 +122,7 @@ elseif(OC_User::isLoggedIn()) {
 	if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
 		$sectoken=rand(1000000,9999999);
 		$_SESSION['sectoken']=$sectoken;
-		$redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
+		$redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
 		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
 	}
 }

lib/base.php

@@ -42,10 +42,6 @@ class OC{
 	 * the owncloud root path for http requests (e.g. owncloud/)
 	 */
 	public static $WEBROOT = '';
-	/**
-	 * the folder that stores that data files for the filesystem of the user (e.g. /srv/http/owncloud/data/myusername/files)
-	 */
-	public static $CONFIG_DATADIRECTORY = '';
 	/**
 	 * The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty)
 	 */
@@ -349,19 +345,11 @@ class OC{
 			exit;
 		}
 
-		// TODO: we should get rid of this one, too
-		// WARNING: to make everything even more confusing,
-		//   DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT
-		//   stays the same, but is set by "datadirectory".
-		//   Any questions?
-		OC::$CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
-
 		// User and Groups
 		if( !OC_Config::getValue( "installed", false )){
 			$_SESSION['user_id'] = '';
 		}
 
-
 		OC_User::useBackend( OC_Config::getValue( "userbackend", "database" ));
 		OC_Group::useBackend(new OC_Group_Database());
 

lib/filecache/cached.php

@@ -55,6 +55,9 @@ class OC_FileCache_Cached{
 			$root=OC_Filesystem::getRoot();
 		}
 		$parent=OC_FileCache::getId($path,$root);
+		if($parent==-1){
+			return array();
+		}
 		$query=OC_DB::prepare('SELECT path,name,ctime,mtime,mimetype,size,encrypted,versioned,writable FROM *PREFIX*fscache WHERE parent=? AND (mimetype LIKE ? OR mimetype = ?)');
 		$result=$query->execute(array($parent, $mimetype_filter.'%', 'httpd/unix-directory'))->fetchAll();
 		if(is_array($result)){

lib/files.php

@@ -30,12 +30,9 @@ class OC_Files {
 
 	/**
 	* get the content of a directory
-	* @param dir $directory
+	* @param dir $directory path under datadirectory
 	*/
 	public static function getDirectoryContent($directory, $mimetype_filter = ''){
-		if(strpos($directory,OC::$CONFIG_DATADIRECTORY)===0){
-			$directory=substr($directory,strlen(OC::$CONFIG_DATADIRECTORY));
-		}
 		$files=OC_FileCache::getFolderContent($directory, false, $mimetype_filter);
 		foreach($files as &$file){
 			$file['directory']=$directory;

lib/filestorage.php

@@ -28,6 +28,7 @@ abstract class OC_Filestorage{
 	abstract public function mkdir($path);
 	abstract public function rmdir($path);
 	abstract public function opendir($path);
+	abstract public function readdir($path);
 	abstract public function is_dir($path);
 	abstract public function is_file($path);
 	abstract public function stat($path);

lib/filestorage/local.php

@@ -20,6 +20,9 @@ class OC_Filestorage_Local extends OC_Filestorage{
 	public function opendir($path){
 		return opendir($this->datadir.$path);
 	}
+	public function readdir($handle){
+		return readdir($handle);
+	}
 	public function is_dir($path){
 		if(substr($path,-1)=='/'){
 			$path=substr($path,0,-1);

lib/filesystem.php

@@ -399,6 +399,9 @@ class OC_Filesystem{
 	static public function opendir($path){
 		return self::$defaultInstance->opendir($path);
 	}
+	static public function readdir($path){
+		return self::$defaultInstance->readdir($path);
+	}
 	static public function is_dir($path){
 		return self::$defaultInstance->is_dir($path);
 	}

lib/filesystemview.php

@@ -158,6 +158,10 @@ class OC_FilesystemView {
 	public function opendir($path){
 		return $this->basicOperation('opendir',$path,array('read'));
 	}
+	public function readdir($handle){
+		$fsLocal= new OC_Filestorage_Local( array( 'datadir' => '/' ) );
+		return $fsLocal->readdir( $handle );
+	}
 	public function is_dir($path){
 		if($path=='/'){
 			return true;

lib/public/util.php

@@ -264,6 +264,18 @@ class Util {
 	public static function callCheck(){
 		return(\OC_Util::callCheck());
 	}
+	
+	/**
+	 * @brief Used to sanitize HTML
+	 *
+	 * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
+	 *
+	 * @param string or array of strings
+	 * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+	 */
+	public static function sanitizeHTML( $value ){
+		return(\OC_Util::sanitizeHTML($value)); //Specify encoding for PHP<5.4
+	}
 }
 
 ?>

lib/template.php

@@ -308,28 +308,11 @@ class OC_Template{
 	 * If the key existed before, it will be overwritten
 	 */
 	public function assign( $key, $value, $sanitizeHTML=true ){
-		if($sanitizeHTML == true) {
-			if(is_array($value)) {
-				array_walk_recursive($value,'OC_Template::sanitizeHTML');
-			} else {
-				$value = OC_Template::sanitizeHTML($value);
-			}
-		}
+		if($sanitizeHTML == true) $value=OC_Util::sanitizeHTML($value);
 		$this->vars[$key] = $value;
 		return true;
 	}
 
-
-	/**
-	 * @brief Internaly used to sanitze HTML
-	 *
-	 * This function is internally used to sanitize HTML.
-	 */
- 	private static function sanitizeHTML( &$value ){
- 			$value = htmlentities( $value , ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
- 			return $value;
-    }
-
 	/**
 	 * @brief Appends a variable
 	 * @param $key key

lib/user.php

@@ -240,13 +240,17 @@ class OC_User {
 	 * Checks if the user is logged in
 	 */
 	public static function isLoggedIn(){
+		static $is_login_checked = null;
+		if (!is_null($is_login_checked)) {
+			return $is_login_checked;
+		}
 		if( isset($_SESSION['user_id']) AND $_SESSION['user_id']) {
 			OC_App::loadApps(array('authentication'));
 			if (self::userExists($_SESSION['user_id']) ){
-				return true;
+				return $is_login_checked = true;
 			}
 		}
-		return false;
+		return $is_login_checked = false;
 	}
 
 	/**

lib/util.php

@@ -19,50 +19,21 @@ class OC_Util {
 			return false;
 		}
 
-		$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
-		$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
-
-		// Check if config folder is writable.
-		if(!is_writable(OC::$SERVERROOT."/config/")) {
-			$tmpl = new OC_Template( '', 'error', 'guest' );
-			$tmpl->assign('errors',array(1=>array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud")));
-			$tmpl->printPage();
-			exit;
-		}
-		
-		// Check if apps folder is writable.
-		if(OC_Config::getValue('writable_appsdir', true) && !is_writable(OC::$SERVERROOT."/apps/")) {
-			$tmpl = new OC_Template( '', 'error', 'guest' );
-			$tmpl->assign('errors',array(1=>array('error'=>"Can't write into apps directory 'apps'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud")));
-			$tmpl->printPage();
-			exit;
-		}
-		
-		// Create root dir.
-		if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){
-			$success=@mkdir($CONFIG_DATADIRECTORY_ROOT);
-			if(!$success) {
-				$tmpl = new OC_Template( '', 'error', 'guest' );
-				$tmpl->assign('errors',array(1=>array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY_ROOT.")",'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' ")));
-				$tmpl->printPage();
-				exit;
-  			}
-		}
-
 		// If we are not forced to load a specific user we load the one that is logged in
 		if( $user == "" && OC_User::isLoggedIn()){
 			$user = OC_User::getUser();
 		}
 
+		$CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
 		//first set up the local "root" storage
 		if(!self::$rootMounted){
-			OC_Filesystem::mount('OC_Filestorage_Local',array('datadir'=>$CONFIG_DATADIRECTORY_ROOT),'/');
+			OC_Filesystem::mount('OC_Filestorage_Local',array('datadir'=>$CONFIG_DATADIRECTORY),'/');
 			self::$rootMounted=true;
 		}
 		if( $user != "" ){ //if we aren't logged in, there is no use to set up the filesystem
-			OC::$CONFIG_DATADIRECTORY = $CONFIG_DATADIRECTORY_ROOT."/$user/$root";
-			if( !is_dir( OC::$CONFIG_DATADIRECTORY )){
-				mkdir( OC::$CONFIG_DATADIRECTORY, 0755, true );
+			$userdirectory = $CONFIG_DATADIRECTORY."/$user/$root";
+			if( !is_dir( $userdirectory )){
+				mkdir( $userdirectory, 0755, true );
 			}
 
 			//jail the user into his "home" directory
@@ -71,8 +42,8 @@ class OC_Util {
 			OC_FileProxy::register($quotaProxy);
 			self::$fsSetup=true;
 			// Load personal mount config
-			if (is_file($CONFIG_DATADIRECTORY_ROOT.'/'.$user.'/mount.php')) {
-				$mountConfig = include($CONFIG_DATADIRECTORY_ROOT.'/'.$user.'/mount.php');
+			if (is_file($CONFIG_DATADIRECTORY.'/'.$user.'/mount.php')) {
+				$mountConfig = include($CONFIG_DATADIRECTORY.'/'.$user.'/mount.php');
 				if (isset($mountConfig['user'][$user])) {
 					foreach ($mountConfig['user'][$user] as $mountPoint => $options) {
 						OC_Filesystem::mount($options['class'], $options['options'], $mountPoint);
@@ -209,9 +180,6 @@ class OC_Util {
 	 * @return array arrays with error messages and hints
 	 */
 	public static function checkServer(){
-		$CONFIG_DATADIRECTORY_ROOT = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
-		$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
-		$CONFIG_INSTALLED = OC_Config::getValue( "installed", false );
 		$errors=array();
 
 		//check for database drivers
@@ -224,19 +192,31 @@ class OC_Util {
 		//common hint for all file permissons error messages
 		$permissionsHint="Permissions can usually be fixed by giving the webserver write access to the ownCloud directory";
 
+		// Check if config folder is writable.
+		if(!is_writable(OC::$SERVERROOT."/config/")) {
+			$errors[]=array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud");
+		}
+
+		// Check if apps folder is writable.
+		if(OC_Config::getValue('writable_appsdir', true) && !is_writable(OC::$SERVERROOT."/apps/")) {
+			$errors[]=array('error'=>"Can't write into apps directory 'apps'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud");
+		}
+
+		$CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
 		//check for correct file permissions
 		if(!stristr(PHP_OS, 'WIN')){
                 	$permissionsModHint="Please change the permissions to 0770 so that the directory cannot be listed by other users.";
-			$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY_ROOT)),-3);
+			$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)),-3);
 			if(substr($prems,-1)!='0'){
-				OC_Helper::chmodr($CONFIG_DATADIRECTORY_ROOT,0770);
+				OC_Helper::chmodr($CONFIG_DATADIRECTORY,0770);
 				clearstatcache();
-				$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY_ROOT)),-3);
+				$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)),-3);
 				if(substr($prems,2,1)!='0'){
-					$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY_ROOT.') is readable for other users<br/>','hint'=>$permissionsModHint);
+					$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') is readable for other users<br/>','hint'=>$permissionsModHint);
 				}
 			}
 			if( OC_Config::getValue( "enablebackup", false )){
+				$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
 				$prems=substr(decoct(@fileperms($CONFIG_BACKUPDIRECTORY)),-3);
 				if(substr($prems,-1)!='0'){
 					OC_Helper::chmodr($CONFIG_BACKUPDIRECTORY,0770);
@@ -250,8 +230,14 @@ class OC_Util {
 		}else{
 			//TODO: permissions checks for windows hosts
 		}
-		if(is_dir($CONFIG_DATADIRECTORY_ROOT) and !is_writable($CONFIG_DATADIRECTORY_ROOT)){
-			$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY_ROOT.') not writable by ownCloud<br/>','hint'=>$permissionsHint);
+		// Create root dir.
+		if(!is_dir($CONFIG_DATADIRECTORY)){
+			$success=@mkdir($CONFIG_DATADIRECTORY);
+			if(!$success) {
+				$errors[]=array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY.")",'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' ");
+			}
+		} else if(!is_writable($CONFIG_DATADIRECTORY)){
+			$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') not writable by ownCloud<br/>','hint'=>$permissionsHint);
 		}
 
 		// check if all required php modules are present
@@ -370,7 +356,7 @@ class OC_Util {
 		$_SESSION['requesttoken-'.$token]=time();
 
 		// cleanup old tokens garbage collector
-		// only run every 20th time so we don´t waste cpu cycles
+		// only run every 20th time so we don't waste cpu cycles
 		if(rand(0,20)==0) {  
 			foreach($_SESSION as $key=>$value) {
 				// search all tokens in the session
@@ -426,4 +412,19 @@ class OC_Util {
 			exit;
 		}
 	}
+	
+	/**
+	 * @brief Public function to sanitize HTML
+	 *
+	 * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
+	 * 
+	 * @param string or array of strings
+	 * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+	 */
+	public static function sanitizeHTML( &$value ){
+		if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
+		else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
+		return $value;
+	}
+
 }

settings/admin.php

@@ -23,7 +23,7 @@ function compareEntries($a,$b){
 usort($entries, 'compareEntries');
 
 $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 ));
-$tmpl->assign('entries',$entries,false);
+$tmpl->assign('entries',$entries);
 $tmpl->assign('forms',array());
 foreach($forms as $form){
 	$tmpl->append('forms',$form);

settings/ajax/getlog.php

@@ -14,4 +14,4 @@ $count=(isset($_GET['count']))?$_GET['count']:50;
 $offset=(isset($_GET['offset']))?$_GET['offset']:0;
 
 $entries=OC_Log_Owncloud::getEntries($count,$offset);
-OC_JSON::success(array("data" => $entries));
+OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries)));

settings/js/log.js

@@ -39,7 +39,7 @@ OC.Log={
 			row.append(appTd);
 			
 			var messageTd=$('<td/>');
-			messageTd.text(entry.message.replace(/</, "&lt;").replace(/>/, "&gt;"));
+			messageTd.text(entry.message);
 			row.append(messageTd);
 			
 			var timeTd=$('<td/>');