Contacts: Double check XSS, and fix a rookie error ;-)

diff --git a/apps/contacts/lib/vcard.php b/apps/contacts/lib/vcard.php
index 2414efe6764c75a2f961a6a2bc5358535c07a112..a8ad695f6209bfd44121236c9713c59faf7fb806 100644 (file)
--- a/apps/contacts/lib/vcard.php
+++ b/apps/contacts/lib/vcard.php
@@ -227,7 +227,7 @@ class OC_Contacts_VCard{
                        $vcard->setString('FN', $fn);
                        OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. Added missing \'FN\' field: '.$fn,OCP\Util::DEBUG);
                }
-               if(!$n || $n = ';;;;'){ // Fix missing 'N' field. Ugly hack ahead ;-)
+               if(!$n || $n == ';;;;'){ // Fix missing 'N' field. Ugly hack ahead ;-)
                        $slice = array_reverse(array_slice(explode(' ', $fn), 0, 2)); // Take 2 first name parts of 'FN' and reverse.
                        if(count($slice) < 2) { // If not enought, add one more...
                                $slice[] = "";

diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php
index 00a61f72fdd9ce578db6146e9db3e8d58cc4b794..57517505405fdd63c640d293feb312d41d58dd9d 100644 (file)
--- a/apps/contacts/templates/part.contacts.php
+++ b/apps/contacts/templates/part.contacts.php
@@ -8,5 +8,5 @@
                }
        }
 ?>
-       <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li>
+       <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li>
 <?php endforeach; ?>