From: Michiel de Jong <michiel@unhosted.org>
Date: Sat, 9 Jun 2012 19:03:50 +0000 (+0200)
Subject: sanitize scope and host
X-Git-Tag: v4.5.0beta1~74^2~422^2~5
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=995f9c7348fcc6dd25a95f81030e7d3b6f04d6c3;p=nextcloud-server.git

sanitize scope and host
---

diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php
index 8cbd4aa20f1..99e2272d3ab 100644
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -44,9 +44,9 @@ foreach($_GET as $k => $v) {
     $userId=$v;
   } else if($k=='redirect_uri'){
     $appUrlParts=explode('/', $v);
-    $appUrl = $appUrlParts[2];//bit dodgy i guess
+    $appUrl = htmlentities($appUrlParts[2]);//TODO: check if this is equal to client_id
   } else if($k=='scope'){
-    $categories=$v;
+    $categories=htmlentities($v);
   }
 }
 $currUser = OCP\USER::getUser();