From: Michiel de Jong <michiel@unhosted.org>
Date: Mon, 7 May 2012 07:26:54 +0000 (+0200)
Subject: prevent xss in webfinger
X-Git-Tag: v4.0.0beta~1^2~21
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=5155f589fd93132fdeb39b04fc18e30a5643cbf6;p=nextcloud-server.git

prevent xss in webfinger
---

diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php
index da35cf29d0e..e702f27b56e 100755
--- a/apps/user_webfinger/webfinger.php
+++ b/apps/user_webfinger/webfinger.php
@@ -26,7 +26,7 @@ $WEBROOT=substr($SUBURI,0,-34);
 */
 
 
-$request = urldecode($_GET['q']);
+$request = strip_tags(urldecode($_GET['q']));
 if($_GET['q']) {
 	$reqParts = explode('@', $request);
 	$userName = $reqParts[0];