sanitize when logged in as another user

author Michiel de Jong <michiel@unhosted.org>

Sat, 9 Jun 2012 18:39:24 +0000 (20:39 +0200)

committer Michiel de Jong <michiel@unhosted.org>

Sat, 9 Jun 2012 18:39:24 +0000 (20:39 +0200)
author Michiel de Jong <michiel@unhosted.org>
Sat, 9 Jun 2012 18:39:24 +0000 (20:39 +0200)
committer Michiel de Jong <michiel@unhosted.org>
Sat, 9 Jun 2012 18:39:24 +0000 (20:39 +0200)
diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php

index ac0e83bb373ad770152f762ceab73bb6b3e3ff3b..f508983d05236b0453c215f241753b0b1f165593 100644 (file)
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -112,7 +112,7 @@ if($userId && $appUrl && $categories) {
                 }//end 'need to click Allow still'
         } else {//login not ok
                 if($currUser) {
-                       die('You are logged in as '.$currUser.' instead of '.$userId);
+                       die('You are logged in as '.$currUser.' instead of '.htmlentities($userId));
                 } else {
                         header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING']));
                 }
author	Michiel de Jong <michiel@unhosted.org>
	Sat, 9 Jun 2012 18:39:24 +0000 (20:39 +0200)
committer	Michiel de Jong <michiel@unhosted.org>
	Sat, 9 Jun 2012 18:39:24 +0000 (20:39 +0200)