owncloud-archive · pirate · Sep 9, 2017 · Sep 9, 2017 · Sep 9, 2017 · Sep 9, 2017
diff --git a/external/ajax/setsites.php b/external/ajax/setsites.php
@@ -11,10 +11,21 @@
 OCP\User::checkAdminUser();
 OCP\JSON::callCheck();
 
+$valid_targets = array('_blank', '_top', '_self');  // TODO: import this from external/settings.php
+
 $sites = array();
 for ($i = 0; $i < sizeof($_POST['site_name']); $i++) {
 	if (!empty($_POST['site_name'][$i]) && !empty($_POST['site_url'][$i])) {
-		array_push($sites, array(strip_tags($_POST['site_name'][$i]), strip_tags($_POST['site_url'][$i]), strip_tags($_POST['site_icon'][$i])));
+		// make sure site_target is a safe link target type
+		if (!in_array($_POST['site_target'][$i], $valid_targets)) {
+		    throw new Exception('Invalid site target, must be one of: ' . implode(", ", $valid_targets));
+		}
+		array_push($sites, array(
+			strip_tags($_POST['site_name'][$i]),
+			strip_tags($_POST['site_url'][$i]),
+			strip_tags($_POST['site_icon'][$i]),
+			strip_tags($_POST['site_target'][$i]),
+		));
 	}
 }
 

diff --git a/external/appinfo/app.php b/external/appinfo/app.php
@@ -31,12 +31,23 @@
 	$navigationManager = \OC::$server->getNavigationManager();
 	for ($i = 0; $i < sizeof($sites); $i++) {
 		$navigationEntry = function () use ($i, $urlGenerator, $sites) {
+			$site_id = ($i + 1);
+			$href = $sites[$i][1];
+			if ($target == '_self') {
+				// if link is iframed, change href to point to internal url /external/<site_id>
+				$href = $urlGenerator->linkToRoute('external_index', ['id'=> $site_id]);
+			}
+			$icon_name = empty($sites[$i][2]) ? 'external.svg' : $sites[$i][2];
+			$icon = $urlGenerator->imagePath('external', $icon_name);
+			$name = $sites[$i][0];
+			$target = $sites[$i][3];
 			return [
-				'id'    => 'external_index' . ($i + 1),
-				'order' => 80 + $i,
-				'href' => $urlGenerator->linkToRoute('external_index', ['id'=> $i + 1]),
-				'icon' => $urlGenerator->imagePath('external', !empty($sites[$i][2]) ? $sites[$i][2] : 'external.svg'),
-				'name' => $sites[$i][0],
+				'id'     => 'external_index' . $site_id,
+				'order'  => 80 + $i,
+				'href'   => $href,
+				'icon'   => $icon,
+				'name'   => $name,
+				'target' => $target,
 			];
 		};
 		$navigationManager->add($navigationEntry);

diff --git a/external/settings.php b/external/settings.php
@@ -27,4 +27,10 @@
 
 $tmpl->assign('images', $images);
 
+$targets = array('_blank', '_top', '_self');
+$targets_desc = array('New Window', 'Replace Current Window', 'Inside OwnCloud Frame');
+$tmpl->assign('targets', $targets);
+$tmpl->assign('targets_desc', $targets_desc);
+
+
 return $tmpl->fetchPage();
diff --git a/external/templates/settings.php b/external/templates/settings.php
@@ -30,6 +30,14 @@
 			} else {
 				print_unescaped('<option value="">'.$l->t('Select an icon').'</option>');
 			}
+			print_unescaped('</select><select class="site_target" name="site_target[]">');
+			foreach($_['targets'] as $idx=>$target) {
+				if ($target == $sites[$i][3]) {
+					print_unescaped('<option value="'.$target.'" selected>'.$_['targets_desc'][$idx].'</option>');
+				} else {
+					print_unescaped('<option value="'.$target.'">'.$_['targets_desc'][$idx].'</option>');
+				}
+			}
 			print_unescaped('</select>
 			<img class="svg action delete_button" src="'.OCP\image_path("", "actions/delete.svg") .'" title="'.$l->t("Remove site").'" />
 			</li>');