From: Michiel de Jong <michiel@unhosted.org>
Date: Sat, 9 Jun 2012 18:39:24 +0000 (+0200)
Subject: sanitize  when logged in as another user
X-Git-Tag: v4.5.0beta1~74^2~422^2~8
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b46903fa767eae1152bcd285250556ebf13130b9;p=nextcloud-server.git

sanitize  when logged in as another user
---

diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php
index ac0e83bb373..f508983d052 100644
--- a/apps/remoteStorage/auth.php
+++ b/apps/remoteStorage/auth.php
@@ -112,7 +112,7 @@ if($userId && $appUrl && $categories) {
 		}//end 'need to click Allow still'
 	} else {//login not ok
 		if($currUser) {
-			die('You are logged in as '.$currUser.' instead of '.$userId);
+			die('You are logged in as '.$currUser.' instead of '.htmlentities($userId));
 		} else {
 			header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING']));
 		}