From: Frank Karlitschek <frank@owncloud.org>
Date: Sun, 10 Jun 2012 17:52:23 +0000 (+0200)
Subject: prevent XSS
X-Git-Tag: v4.5.0beta1~74^2~421^2~40
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=bf4626da931b5120762f899cbcb42034244856ed;p=nextcloud-server.git

prevent XSS
---

diff --git a/apps/external/ajax/setsites.php b/apps/external/ajax/setsites.php
index c758a3508c5..772863974ae 100644
--- a/apps/external/ajax/setsites.php
+++ b/apps/external/ajax/setsites.php
@@ -12,7 +12,7 @@ OCP\User::checkAdminUser();
 $sites = array();
 for ($i = 0; $i < sizeof($_POST['site_name']); $i++) {
 	if (!empty($_POST['site_name'][$i]) && !empty($_POST['site_url'][$i])) {
-		array_push($sites, array($_POST['site_name'][$i], $_POST['site_url'][$i]));
+		array_push($sites, array(strip_tags($_POST['site_name'][$i]), strip_tags($_POST['site_url'][$i])));
 	}
 }