xss vulnerability fixed

diff --git a/apps/calendar/lib/object.php b/apps/calendar/lib/object.php
index f0a9bf050fcd599b714d493a2fc1175f4e437839..cc80a0bb708d3c0ef9b6f154dd467dc9b91bfe8a 100644 (file)
--- a/apps/calendar/lib/object.php
+++ b/apps/calendar/lib/object.php
@@ -600,8 +600,8 @@ class OC_Calendar_Object{
 
        public static function updateVCalendarFromRequest($request, $vcalendar)
        {
-               $title = $request["title"];
-               $location = $request["location"];
+               $title = strip_tags($request["title"]);
+               $location = strip_tags($request["location"]);
                $categories = $request["categories"];
                $allday = isset($request["allday"]);
                $from = $request["from"];
@@ -611,7 +611,7 @@ class OC_Calendar_Object{
                        $totime = $request['totime'];
                }
                $vevent = $vcalendar->VEVENT;
-               $description = $request["description"];
+               $description = strip_tags($request["description"]);
                $repeat = $request["repeat"];
                if($repeat != 'doesnotrepeat'){
                        $rrule = '';