prevent xss in webfinger

diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php
index da35cf29d0e7fb6b5b1113a978a9ac851842510f..e702f27b56e64dd610e8a6898f8508e070518f9a 100755 (executable)
--- a/apps/user_webfinger/webfinger.php
+++ b/apps/user_webfinger/webfinger.php
@@ -26,7 +26,7 @@ $WEBROOT=substr($SUBURI,0,-34);
 */
 
 
-$request = urldecode($_GET['q']);
+$request = strip_tags(urldecode($_GET['q']));
 if($_GET['q']) {
        $reqParts = explode('@', $request);
        $userName = $reqParts[0];