xss vulnerability fixed

author Bjoern Schiessle <schiessle@owncloud.com>

Fri, 22 Jun 2012 11:58:15 +0000 (13:58 +0200)

committer Bjoern Schiessle <schiessle@owncloud.com>

Fri, 22 Jun 2012 11:58:15 +0000 (13:58 +0200)
author Bjoern Schiessle <schiessle@owncloud.com>
Fri, 22 Jun 2012 11:58:15 +0000 (13:58 +0200)
committer Bjoern Schiessle <schiessle@owncloud.com>
Fri, 22 Jun 2012 11:58:15 +0000 (13:58 +0200)
diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php

index 2ff4fa5647b7a46240fc5a76cfa25ea6ae6a63e6..2bc8d4fcce0519a3d6ee502964e7665779499a76 100644 (file)
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -141,7 +141,7 @@ class TileStack extends TileBase {
         }
  
         public function get() {
-               $r = '<div class="title gallery_div">'.$this->stack_name.'</div>';
+               $r = '<div class="title gallery_div">'. \OCP\Util::sanitizeHTML($this->stack_name).'</div>';
                 for ($i = 0; $i < count($this->tiles_array); $i++) {
                         $top = rand(-5, 5);
                         $left = rand(-5, 5);
author	Bjoern Schiessle <schiessle@owncloud.com>
	Fri, 22 Jun 2012 11:58:15 +0000 (13:58 +0200)
committer	Bjoern Schiessle <schiessle@owncloud.com>
	Fri, 22 Jun 2012 11:58:15 +0000 (13:58 +0200)