From 70c228a7cc31c6193bdd1c2f18a75dffe08785b8 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Tue, 8 Dec 2015 08:27:52 +0100
Subject: [PATCH 1/3] Get rid of passing a reference

Fixes https://github.com/owncloud/core/issues/14643
---
 lib/private/util.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/private/util.php b/lib/private/util.php
index c31ad63b9be..eb188b649e8 100644
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -1177,14 +1177,16 @@ class OC_Util {
 	 * This function is used to sanitize HTML and should be applied on any
 	 * string or array of strings before displaying it on a web page.
 	 *
-	 * @param string|array &$value
+	 * @param string|array $value
 	 * @return string|array an array of sanitized strings or a single sanitized string, depends on the input parameter.
 	 */
-	public static function sanitizeHTML(&$value) {
+	public static function sanitizeHTML($value) {
 		if (is_array($value)) {
-			array_walk_recursive($value, 'OC_Util::sanitizeHTML');
+			$value = array_map(function($value) {
+				return self::sanitizeHTML($value);
+			}, $value);
 		} else {
-			//Specify encoding for PHP<5.4
+			// Specify encoding for PHP<5.4
 			$value = htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
 		}
 		return $value;

From 4b293dffe56ac452ed3bdadb3dd094e667ecfb2d Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Tue, 8 Dec 2015 08:28:15 +0100
Subject: [PATCH 2/3] Use \OCP\Util::sanitizeHTML instead of
 \OC_Util::sanitizeHTML

---
 core/templates/login.php           | 2 +-
 lib/private/template.php           | 6 +++---
 lib/private/template/functions.php | 4 ++--
 lib/public/util.php                | 6 +++---
 settings/templates/admin.php       | 2 +-
 settings/templates/personal.php    | 2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/core/templates/login.php b/core/templates/login.php
index 7b09d4fac95..e87b871c67e 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -12,7 +12,7 @@ script('core', [
 <form method="post" name="login">
 	<fieldset>
 	<?php if (!empty($_['redirect_url'])) {
-		print_unescaped('<input type="hidden" name="redirect_url" value="' . OC_Util::sanitizeHTML($_['redirect_url']) . '">');
+		print_unescaped('<input type="hidden" name="redirect_url" value="' . \OCP\Util::sanitizeHTML($_['redirect_url']) . '">');
 	} ?>
 		<?php if (isset($_['apacheauthfailed']) && ($_['apacheauthfailed'])): ?>
 			<div class="warning">
diff --git a/lib/private/template.php b/lib/private/template.php
index 1476a964ef3..d794dacac23 100644
--- a/lib/private/template.php
+++ b/lib/private/template.php
@@ -226,12 +226,12 @@ class OC_Template extends \OC\Template\Base {
 			// Add custom headers
 			$headers = '';
 			foreach(OC_Util::$headers as $header) {
-				$headers .= '<'.OC_Util::sanitizeHTML($header['tag']);
+				$headers .= '<'.\OCP\Util::sanitizeHTML($header['tag']);
 				foreach($header['attributes'] as $name=>$value) {
-					$headers .= ' '.OC_Util::sanitizeHTML($name).'="'.OC_Util::sanitizeHTML($value).'"';
+					$headers .= ' '.\OCP\Util::sanitizeHTML($name).'="'.\OCP\Util::sanitizeHTML($value).'"';
 				}
 				if ($header['text'] !== null) {
-					$headers .= '>'.OC_Util::sanitizeHTML($header['text']).'</'.OC_Util::sanitizeHTML($header['tag']).'>';
+					$headers .= '>'.\OCP\Util::sanitizeHTML($header['text']).'</'.\OCP\Util::sanitizeHTML($header['tag']).'>';
 				} else {
 					$headers .= '/>';
 				}
diff --git a/lib/private/template/functions.php b/lib/private/template/functions.php
index 79d18632d2f..d156d26f9ce 100644
--- a/lib/private/template/functions.php
+++ b/lib/private/template/functions.php
@@ -33,7 +33,7 @@
  * @param string $string the string which will be escaped and printed
  */
 function p($string) {
-	print(OC_Util::sanitizeHTML($string));
+	print(\OCP\Util::sanitizeHTML($string));
 }
 
 /**
@@ -262,7 +262,7 @@ function html_select_options($options, $selected, $params=array()) {
 			$label = $label[$label_name];
 		}
 		$select = in_array($value, $selected) ? ' selected="selected"' : '';
-		$html .= '<option value="' . OC_Util::sanitizeHTML($value) . '"' . $select . '>' . OC_Util::sanitizeHTML($label) . '</option>'."\n";
+		$html .= '<option value="' . \OCP\Util::sanitizeHTML($value) . '"' . $select . '>' . \OCP\Util::sanitizeHTML($label) . '</option>'."\n";
 	}
 	return $html;
 }
diff --git a/lib/public/util.php b/lib/public/util.php
index 110028368d0..4e783b764ed 100644
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -497,11 +497,11 @@ class Util {
 	 * string or array of strings before displaying it on a web page.
 	 *
 	 * @param string|array $value
-	 * @return string|array an array of sanitized strings or a single sinitized string, depends on the input parameter.
+	 * @return string|array an array of sanitized strings or a single sanitized string, depends on the input parameter.
 	 * @since 4.5.0
 	 */
-	public static function sanitizeHTML( $value ) {
-		return(\OC_Util::sanitizeHTML($value));
+	public static function sanitizeHTML($value) {
+		return \OC_Util::sanitizeHTML($value);
 	}
 
 	/**
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 0721c0e0afb..f3de51a23c3 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -56,7 +56,7 @@ if ($_['mail_smtpmode'] == 'qmail') {
 			if (isset($form['anchor'])) {
 				$anchor = '#' . $form['anchor'];
 				$sectionName = $form['section-name'];
-				print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", OC_Util::sanitizeHTML($anchor), OC_Util::sanitizeHTML($sectionName)));
+				print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", \OCP\Util::sanitizeHTML($anchor), \OCP\Util::sanitizeHTML($sectionName)));
 			}
 		}?>
 	</ul>
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index 0eba71d77d1..09194ea3e39 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -14,7 +14,7 @@
 		if (isset($form['anchor'])) {
 			$anchor = '#' . $form['anchor'];
 			$sectionName = $form['section-name'];
-			print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", OC_Util::sanitizeHTML($anchor), OC_Util::sanitizeHTML($sectionName)));
+			print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", \OCP\Util::sanitizeHTML($anchor), \OCP\Util::sanitizeHTML($sectionName)));
 		}
 	}?>
 	</ul>

From 6d3eb7673d1671a9e1f8437388f344a90e3d71dd Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Tue, 8 Dec 2015 09:07:38 +0100
Subject: [PATCH 3/3] Add unit test for nested arrays

---
 tests/lib/util.php | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/tests/lib/util.php b/tests/lib/util.php
index 9b82be36955..fa559c17c80 100644
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@@ -95,16 +95,22 @@ class Test_Util extends \Test\TestCase {
 	}
 
 	function testSanitizeHTML() {
-		$badArray = array(
+		$badArray = [
 			'While it is unusual to pass an array',
 			'this function actually <blink>supports</blink> it.',
-			'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!'
-		);
-		$goodArray = array(
+			'And therefore there needs to be a <script>alert("Unit"+\'test\')</script> for it!',
+			[
+				'And It Even May <strong>Nest</strong>',
+			],
+		];
+		$goodArray = [
 			'While it is unusual to pass an array',
 			'this function actually &lt;blink&gt;supports&lt;/blink&gt; it.',
-			'And therefore there needs to be a &lt;script&gt;alert(&quot;Unit&quot;+&#039;test&#039;)&lt;/script&gt; for it!'
-		);
+			'And therefore there needs to be a &lt;script&gt;alert(&quot;Unit&quot;+&#039;test&#039;)&lt;/script&gt; for it!',
+			[
+				'And It Even May &lt;strong&gt;Nest&lt;/strong&gt;'
+			],
+		];
 		$result = OC_Util::sanitizeHTML($badArray);
 		$this->assertEquals($goodArray, $result);