sanitize fallbackId

author Thomas Müller <thomas.mueller@tmit.eu>

Tue, 11 Mar 2014 23:18:51 +0000 (00:18 +0100)

committer Thomas Müller <thomas.mueller@tmit.eu>

Tue, 11 Mar 2014 23:18:51 +0000 (00:18 +0100)
author Thomas Müller <thomas.mueller@tmit.eu>
Tue, 11 Mar 2014 23:18:51 +0000 (00:18 +0100)
committer Thomas Müller <thomas.mueller@tmit.eu>
Tue, 11 Mar 2014 23:18:51 +0000 (00:18 +0100)
diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php

index 4df0bc2e7cd4de73c9c20221d486c2a31f75f8ce..5a41ddd8b372775a5145f7a0f107fcc380365de8 100644 (file)
--- a/lib/private/eventsource.php
+++ b/lib/private/eventsource.php
@@ -63,8 +63,9 @@ class OC_EventSource{
                         $type=null;
                 }
                 if($this->fallback) {
+                       $fallBackId = OC_Util::sanitizeHTML($this->fallBackId);
                         $response='<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack('
-                               .$this->fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL;
+                               .$fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL;
                         echo $response;
                 }else{
                         if($type) {
author	Thomas Müller <thomas.mueller@tmit.eu>
	Tue, 11 Mar 2014 23:18:51 +0000 (00:18 +0100)
committer	Thomas Müller <thomas.mueller@tmit.eu>
	Tue, 11 Mar 2014 23:18:51 +0000 (00:18 +0100)