Sanitzing user input

diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 9c0620578bee572560492f65ac25e17185f1bbdf..f1a474ff27d9fa1c59f030a73f533fb2d1ed73d2 100644 (file)
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -47,7 +47,7 @@ if ($_POST) {
 // fill template
 $tmpl = new OCP\Template( 'user_ldap', 'settings');
 foreach($params as $param){
-               $value = OCP\Config::getAppValue('user_ldap', $param,'');
+               $value = htmlentities(OCP\Config::getAppValue('user_ldap', $param,''));
                $tmpl->assign($param, $value);
 }