Use sanitizeHTML instead of strip_tags

author Lukas Reschke <lukas@statuscode.ch>

Sun, 26 Aug 2012 13:41:41 +0000 (15:41 +0200)

committer Lukas Reschke <lukas@statuscode.ch>

Sun, 26 Aug 2012 13:41:41 +0000 (15:41 +0200)
author Lukas Reschke <lukas@statuscode.ch>
Sun, 26 Aug 2012 13:41:41 +0000 (15:41 +0200)
committer Lukas Reschke <lukas@statuscode.ch>
Sun, 26 Aug 2012 13:41:41 +0000 (15:41 +0200)
diff --git a/apps/impress/player.php b/apps/impress/player.php

index 12497de54c1ca89b6983cb5874792ab16dc313c2..cd534757fb4c0062586589e212d1e8bdffcf6af2 100755 (executable)
--- a/apps/impress/player.php
+++ b/apps/impress/player.php
@@ -26,8 +26,8 @@ require_once('lib/impress.php');
  // Check if we are a user
  OCP\User::checkLoggedIn();
  
-$filename = strip_tags($_GET['file']);
-$title = strip_tags($_GET['name']);
+$filename = OCP\Util::sanitizeHTML($_GET['file']);
+$title = OCP\Util::sanitizeHTML($_GET['name']);
  
  if(!OC_Filesystem::file_exists($filename)){
         header("HTTP/1.0 404 Not Found");
author	Lukas Reschke <lukas@statuscode.ch>
	Sun, 26 Aug 2012 13:41:41 +0000 (15:41 +0200)
committer	Lukas Reschke <lukas@statuscode.ch>
	Sun, 26 Aug 2012 13:41:41 +0000 (15:41 +0200)