From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Tue, 5 Jun 2012 08:37:22 +0000 (+0200)
Subject: xss vulnerability fixed
X-Git-Tag: v4.5.0beta1~74^2~424^2~31
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=dcc5b5ca0a67d4e21442bb96d67d9d23fc7f1647;p=nextcloud-server.git

xss vulnerability fixed
---

diff --git a/apps/calendar/lib/object.php b/apps/calendar/lib/object.php
index f0a9bf050fc..cc80a0bb708 100644
--- a/apps/calendar/lib/object.php
+++ b/apps/calendar/lib/object.php
@@ -600,8 +600,8 @@ class OC_Calendar_Object{
 
 	public static function updateVCalendarFromRequest($request, $vcalendar)
 	{
-		$title = $request["title"];
-		$location = $request["location"];
+		$title = strip_tags($request["title"]);
+		$location = strip_tags($request["location"]);
 		$categories = $request["categories"];
 		$allday = isset($request["allday"]);
 		$from = $request["from"];
@@ -611,7 +611,7 @@ class OC_Calendar_Object{
 			$totime = $request['totime'];
 		}
 		$vevent = $vcalendar->VEVENT;
-		$description = $request["description"];
+		$description = strip_tags($request["description"]);
 		$repeat = $request["repeat"];
 		if($repeat != 'doesnotrepeat'){
 			$rrule = '';