Escape the data only in the template

author Lukas Reschke <lukas@statuscode.ch>

Sat, 2 Mar 2013 19:21:51 +0000 (20:21 +0100)

committer Lukas Reschke <lukas@statuscode.ch>

Sat, 2 Mar 2013 19:21:51 +0000 (20:21 +0100)
author Lukas Reschke <lukas@statuscode.ch>
Sat, 2 Mar 2013 19:21:51 +0000 (20:21 +0100)
committer Lukas Reschke <lukas@statuscode.ch>
Sat, 2 Mar 2013 19:21:51 +0000 (20:21 +0100)
diff --git a/lib/util.php b/lib/util.php

index ce426684feaf985bf5f490cdb3329512a73cb536..de1f870fd7eaded8c7a03209999b43f2e19099d3 100755 (executable)
--- a/lib/util.php
+++ b/lib/util.php
@@ -323,14 +323,14 @@ class OC_Util {
                         $parameters[$value] = true;
                 }
                 if (!empty($_POST['user'])) {
-                       $parameters["username"] = OC_Util::sanitizeHTML($_POST['user']).'"';
+                       $parameters["username"] = $_POST['user'];
                         $parameters['user_autofocus'] = false;
                 } else {
                         $parameters["username"] = '';
                         $parameters['user_autofocus'] = true;
                 }
                 if (isset($_REQUEST['redirect_url'])) {
-                       $redirect_url = OC_Util::sanitizeHTML($_REQUEST['redirect_url']);
+                       $redirect_url = $_REQUEST['redirect_url'];
                         $parameters['redirect_url'] = urlencode($redirect_url);
                 }
author	Lukas Reschke <lukas@statuscode.ch>
	Sat, 2 Mar 2013 19:21:51 +0000 (20:21 +0100)
committer	Lukas Reschke <lukas@statuscode.ch>
	Sat, 2 Mar 2013 19:21:51 +0000 (20:21 +0100)