sanitize scope and host

author Michiel de Jong <michiel@unhosted.org>

Sat, 9 Jun 2012 19:03:50 +0000 (21:03 +0200)

committer Michiel de Jong <michiel@unhosted.org>

Sat, 9 Jun 2012 19:08:24 +0000 (21:08 +0200)
author Michiel de Jong <michiel@unhosted.org>
Sat, 9 Jun 2012 19:03:50 +0000 (21:03 +0200)
committer Michiel de Jong <michiel@unhosted.org>
Sat, 9 Jun 2012 19:08:24 +0000 (21:08 +0200)
diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php

index 8cbd4aa20f12495a9b8c91d7f5c527ae9fb1c664..99e2272d3abf4b59bee6cb3b35596b5ced405045 100644 (file)
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -44,9 +44,9 @@ foreach($_GET as $k => $v) {
      $userId=$v;
    } else if($k=='redirect_uri'){
      $appUrlParts=explode('/', $v);
-    $appUrl = $appUrlParts[2];//bit dodgy i guess
+    $appUrl = htmlentities($appUrlParts[2]);//TODO: check if this is equal to client_id
    } else if($k=='scope'){
-    $categories=$v;
+    $categories=htmlentities($v);
    }
  }
  $currUser = OCP\USER::getUser();
author	Michiel de Jong <michiel@unhosted.org>
	Sat, 9 Jun 2012 19:03:50 +0000 (21:03 +0200)
committer	Michiel de Jong <michiel@unhosted.org>
	Sat, 9 Jun 2012 19:08:24 +0000 (21:08 +0200)