diff --git a/ihtml/themes/default/framework.tpl b/ihtml/themes/default/framework.tpl
index 0c79bc62cb928af734b8f94579db71ba0885a386..299d42975d400e6d44d841eea22ecea54161b74d 100644
--- a/ihtml/themes/default/framework.tpl
+++ b/ihtml/themes/default/framework.tpl
@@ -5,16 +5,16 @@
<form action="main.php{$plug}" name="mainform" id="mainform" method="post" enctype="multipart/form-data">
<div class="setup_header">
<div id="header_left">
- <img id="fd_logo" class="optional" src="geticon.php?context=applications&icon=fusiondirectory&size=48" alt="FusionDirectory"/>
+ <img id="fd_logo" class="optional" src="geticon.php?context=applications&icon=fusiondirectory&size=48" alt="FusionDirectory"/>
<a class="maintitlebar" href="main.php?reset=1">
- <img src="geticon.php?context=actions&icon=go-home&size=22" alt="Main"/> {t}Main{/t}
+ <img src="geticon.php?context=actions&icon=go-home&size=22" alt="Main"/> {t}Main{/t}
</a>
<a class="maintitlebar logout" href="logout.php?request">
- <img src="geticon.php?context=actions&icon=application-exit&size=22" alt="Sign out"/> {t}Sign out{/t}
+ <img src="geticon.php?context=actions&icon=application-exit&size=22" alt="Sign out"/> {t}Sign out{/t}
</a>
<a class="plugtop">
- <img src="{$headline_image}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
+ <img src="{$headline_image|escape}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
</a>
</div>
<div id="header_right">
diff --git a/ihtml/themes/default/setup_header.tpl b/ihtml/themes/default/setup_header.tpl
index f313e45441fde0119338e0606efba662b795f28b..bc05ae9ecb82d8ba4aa33d22b59a344cb8730d22 100644
--- a/ihtml/themes/default/setup_header.tpl
+++ b/ihtml/themes/default/setup_header.tpl
@@ -1,6 +1,8 @@
{$php_errors}
-<div class='setup_header'>
- <div style="float:left;"><img src='geticon.php?context=applications&icon=fusiondirectory&size=48' class='center' alt='FusionDirectory' /></div>
+<div class="setup_header">
+ <div style="float:left;">
+ <img src="geticon.php?context=applications&icon=fusiondirectory&size=48" class="center" alt="FusionDirectory" />
+ </div>
<div style="padding-top:8px;text-align:right;height:38px;color:#000000;font-size:20px">{$version}</div>
</div>
diff --git a/include/class_management.inc b/include/class_management.inc
index d4d0eb189f199230a459d069836abcf364933d4e..dc5174ef3e8f082a0843b072e55c8eb67e3e6965 100644
--- a/include/class_management.inc
+++ b/include/class_management.inc
@@ -261,7 +261,7 @@ class management
}
if (get_object_info() != "") {
$display = print_header($plIcon, _($plDescription),
- '<img alt="" class="center" src="geticon.php?context=status&icon=object-locked&size=16"/>'.
+ '<img alt="" class="center" src="geticon.php?context=status&icon=object-locked&size=16"/>'.
LDAP::fix(get_object_info()));
} else {
$display = print_header($plIcon, _($plDescription));
diff --git a/include/class_pluglist.inc b/include/class_pluglist.inc
index bafff70d81e1678a87d138876f05b05511074fde..6b19eb485766d49ed66a69d7ec1653517ac902d3 100644
--- a/include/class_pluglist.inc
+++ b/include/class_pluglist.inc
@@ -298,10 +298,9 @@ class pluglist {
function gen_menu()
{
if ($this->menu == "") {
- $this->menu = '<ul class="menu">';
+ $this->menu = '<ul class="menu">'."\n";
/* Parse headlines */
foreach ($this->config->data['SECTIONS'] as $section => $section_infos) {
- //~ $menu = '<p class="menuheader">'.$section_infos['NAME']."</p>\n";
$entries = '';
/* Parse sub-plugins */
@@ -355,6 +354,7 @@ class pluglist {
$this->menu .= '<li><a>'.$section_infos['NAME']."</a>\n<ul>\n".$entries."\n</ul></li>\n";
}
}
+ $this->menu .= '</ul>'."\n";
}
/* Add the menucurrent class to current plugin */
@@ -427,7 +427,7 @@ class pluglist {
if (!preg_match("/\//", $plIcon) && !preg_match("/^geticon/", $plIcon)) {
$image = get_template_path("plugins/".preg_replace('%^.*/([^/]+)/[^/]+$%', '\1', $class_mapping[$info['CLASS']])."/images/$plIcon");
} else {
- $image = $plIcon;
+ $image = htmlentities($plIcon, ENT_COMPAT, 'UTF-8');
}
}
diff --git a/include/functions.inc b/include/functions.inc
index 123c962f8c1c7abcbd1996dd85ecec4b935009f8..fc96aee59dc25ffbabac5c1e1f2f6154b2cd5e73 100644
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -1773,15 +1773,15 @@ function check_command($cmdline)
*
* \return the $display variable
*/
-function print_header($image, $headline, $info = "")
+function print_header($image, $headline, $info = '')
{
$smarty = get_smarty();
- $smarty->assign("headline", $headline);
- $smarty->assign("headline_image", $image);
- $display = "";
+ $smarty->assign('headline', $headline);
+ $smarty->assign('headline_image', $image);
+ $display = '';
- if ($info != "") {
- $display .= "<div class=\"pluginfo\">\n";
+ if ($info != '') {
+ $display .= '<div class="pluginfo">'."\n";
$display .= "$info";
$display .= "</div>\n";
$display .= "<div></div>\n";
diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc
index 3223537259a8c6eb50e1afc4e64de0e9dbf968d3..0ceb2efd3c01aec5af57f8646a81fde8ff126144 100644
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -163,8 +163,8 @@ class user extends simplePlugin
return array(
'plShortName' => _('Generic'),
'plDescription' => _('Generic user settings'),
- 'plIcon' => 'geticon.php?context=applications&icon=user-info&size=48',
- 'plSmallIcon' => 'geticon.php?context=applications&icon=user-info&size=16',
+ 'plIcon' => 'geticon.php?context=applications&icon=user-info&size=48',
+ 'plSmallIcon' => 'geticon.php?context=applications&icon=user-info&size=16',
'plSelfModify' => TRUE,
'plObjectType' => array('user' => array(
'description' => _('Users'),
diff --git a/setup/setup_frame.tpl b/setup/setup_frame.tpl
index 5659e7796c432189a2d3c85606a3e92142771702..57cc735ec0f65e8d99c606027f6f63849596b5cd 100644
--- a/setup/setup_frame.tpl
+++ b/setup/setup_frame.tpl
@@ -4,9 +4,9 @@
<form action="setup.php" name="mainform" id="mainform" method="post" enctype="multipart/form-data">
<div class="setup_header">
<div id="header_left">
- <img id="fd_logo" class="optional" src="geticon.php?context=applications&icon=fusiondirectory&size=48" alt="FusionDirectory"/>
+ <img id="fd_logo" class="optional" src="geticon.php?context=applications&icon=fusiondirectory&size=48" alt="FusionDirectory"/>
<a class="plugtop">
- <img src="{$headline_image}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
+ <img src="{$headline_image|escape}" alt="{t}{$headline}{/t}"/>{t}{$headline}{/t}
</a>
</div>
<div id="header_right">