XSS--

diff --git a/apps/external/ajax/setsites.php b/apps/external/ajax/setsites.php
index c14daa258c12f914783123b0b52d9003380d67f0..f153735f0942e8f93e0f128f863d6d7ec3ab2a25 100644 (file)
--- a/apps/external/ajax/setsites.php
+++ b/apps/external/ajax/setsites.php
@@ -12,7 +12,7 @@ OCP\User::checkAdminUser();
 $sites = array();
 for ($i = 0; $i < sizeof($_POST['site_name']); $i++) {
        if (!empty($_POST['site_name'][$i]) && !empty($_POST['site_url'][$i])) {
-               array_push($sites, array($_POST['site_name'][$i], $_POST['site_url'][$i]));
+               array_push($sites, array(strip_tags($_POST['site_name'][$i]), strip_tags($_POST['site_url'][$i])));
        }
 }