From: Thomas Tanghus <thomas@tanghus.net>
Date: Mon, 20 Feb 2012 13:36:21 +0000 (+0100)
Subject: Contacts: Apply strip_tags on compound values.
X-Git-Tag: v4.0.0beta~201^2~30
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=456ada01fa44a5de3146f58ea5de60baffe31521;p=nextcloud-server.git

Contacts: Apply strip_tags on compound values.
---

diff --git a/apps/contacts/ajax/addproperty.php b/apps/contacts/ajax/addproperty.php
index 03a45532f9b..028974e1c66 100644
--- a/apps/contacts/ajax/addproperty.php
+++ b/apps/contacts/ajax/addproperty.php
@@ -66,6 +66,7 @@ foreach($current as $item) {
 
 if(is_array($value)) {
 	ksort($value);  // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form!
+	$value = array_map('strip_tags', $value);
 } else {
 	$value = strip_tags($value);
 }
diff --git a/apps/contacts/ajax/saveproperty.php b/apps/contacts/ajax/saveproperty.php
index 6c8132c1dbf..0c9e0cc7836 100644
--- a/apps/contacts/ajax/saveproperty.php
+++ b/apps/contacts/ajax/saveproperty.php
@@ -52,6 +52,7 @@ $checksum = isset($_POST['checksum'])?$_POST['checksum']:null;
 // }
 
 if(is_array($value)){ // FIXME: How to strip_tags for compound values?
+	$value = array_map('strip_tags', $value);
 	ksort($value); // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form!
 	$value = OC_VObject::escapeSemicolons($value);
 } else {