[Owncloud] App Mail Notify approve

Jascha Burmeister burmeister at wortbildton.de
Wed Jul 24 13:32:01 UTC 2013 

Okay, I did.

http://apps.owncloud.com/content/show.php?content=155982

:)

--
Jascha Burmeister
Screendesign

WortBildTon Werbeagentur GmbH
Hofholzallee 92, 24109 Kiel

Tel.: +49 (0) 431 99 07 00
Fax.: +49 (0) 431 99 07 07
Leo: +49 (0) 431 99 07 900

E-Mail: burmeister at wortbildton.de
Internet: www.wortbildton.de

----------------------------------------------
Sitz der Gesellschaft: Kiel
Amtsgericht Kiel, HRB 3915

Geschäftsführer:
Sibylla Noack, Bernd Baumeister
----------------------------------------------



Am 24.07.2013 um 14:46 schrieb Bernhard Posselt <nukeawhale at gmail.com>:

> Just upload the new package.
> 
> On 07/24/2013 02:43 PM, Jascha Burmeister wrote:
>> 
>> Hi,
>> 
>> we want to save it in a variable to use it in a html mail…
>> 
>> So the p() function uses print. We looked into it and found the OC_Util::sanitizeHTML().
>> 
>> I think this should fix the XSS stuff :)
>> 
>> 
>> foreach($filenames as $file){
>>  $url_path = OCP\Util::linkToAbsolute('files','index.php').'/download'.OC_Util::sanitizeHTML($file['path']);
>>  $link_text = basename($file['path']);
>> 
>>  $str_filenames .= '<li>
>>  <a href="'.$url_path.'" target="_blank">'. OC_Util::sanitizeHTML($link_text).'</a> 
>>  <font color="#696969">('.OC_Util::sanitizeHTML($file['owner']).')</font>
>>  </li>';
>>  }
>> 
>> 
>> So I'm waiting for an admin who approve my app in the "app store".
>> 
>> 
>> telcy / Jascha Burmeister
>> 
>> 
>> 
>> Am 24.07.2013 um 13:35 schrieb Bernhard Posselt <nukeawhale at gmail.com>:
>> 
>>> Line 299 and 300 in lib/mailing.php contain XSS. Please either lookup how to prevent XSS in PHP or even better: consider splitting your logic and view by using templates (oc templates provide p() which does all the escaping for you)
>>> 
>>> On 07/24/2013 12:58 PM, Jascha Burmeister wrote:
>>>> Hi,
>>>> 
>>>> Any dev there who can approve my app?
>>>> 
>>>> http://apps.owncloud.com/content/show.php/Mail+Notification?content=155982
>>>> 
>>>> Thank you
>>>> 
>>>> telcy
>>>> 
>>>> Jascha Burmeister
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Owncloud mailing list
>>>> Owncloud at kde.org
>>>> https://mail.kde.org/mailman/listinfo/owncloud
>>> 
>>> _______________________________________________
>>> Owncloud mailing list
>>> Owncloud at kde.org
>>> https://mail.kde.org/mailman/listinfo/owncloud
>> 
>> 
>> 
>> _______________________________________________
>> Owncloud mailing list
>> Owncloud at kde.org
>> https://mail.kde.org/mailman/listinfo/owncloud
> 
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130724/b6f94e55/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: WortBildTon_Jascha_Burmeister.vcf
Type: text/directory
Size: 438 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130724/b6f94e55/attachment.bin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130724/b6f94e55/attachment-0001.html>

More information about the Owncloud mailing list