From: Thomas Müller <thomas.mueller@tmit.eu>
Date: Tue, 11 Mar 2014 23:18:51 +0000 (+0100)
Subject: sanitize fallbackId
X-Git-Tag: v7.0.0alpha2~640^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7c78368e8b0c4b796a2f01757e50a1428a4ac017;p=nextcloud-server.git

sanitize fallbackId
---

diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php
index 4df0bc2e7cd..5a41ddd8b37 100644
--- a/lib/private/eventsource.php
+++ b/lib/private/eventsource.php
@@ -63,8 +63,9 @@ class OC_EventSource{
 			$type=null;
 		}
 		if($this->fallback) {
+			$fallBackId = OC_Util::sanitizeHTML($this->fallBackId);
 			$response='<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack('
-				.$this->fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL;
+				.$fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL;
 			echo $response;
 		}else{
 			if($type) {