]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f955f6a)
fix another XSS
authorGeorg Ehrke <dev@georgswebsite.de>
Sat, 9 Jun 2012 14:44:48 +0000 (16:44 +0200)
committerGeorg Ehrke <dev@georgswebsite.de>
Sat, 9 Jun 2012 14:44:48 +0000 (16:44 +0200)
apps/calendar/templates/part.import.php patch | blob | history

diff --git a/apps/calendar/templates/part.import.php b/apps/calendar/templates/part.import.php
index e93ea1af4c934760ec43106ab498023309622bdf..3850ddde565c8ec150376b8cfc5a258b25108f88 100644 (file)
--- a/apps/calendar/templates/part.import.php
+++ b/apps/calendar/templates/part.import.php
@@ -8,6 +8,9 @@
 <?php
 $calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser());
 $calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar'));
+for($i = 0;$i<count($calendar_options);$i++){
+       $calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']);
+}
 echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname'));
 ?>
 </select>
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server