From: Thomas Tanghus <thomas@tanghus.net>
Date: Mon, 28 May 2012 10:58:51 +0000 (+0200)
Subject: Contacts: Double check XSS, and fix a rookie error ;-)
X-Git-Tag: v4.5.0beta1~74^2~428^2~3^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=df5bdc8e42a39ee8c74aac91ddbd03aef2731586;p=nextcloud-server.git

Contacts: Double check XSS, and fix a rookie error ;-)
---

diff --git a/apps/contacts/lib/vcard.php b/apps/contacts/lib/vcard.php
index 2414efe6764..a8ad695f620 100644
--- a/apps/contacts/lib/vcard.php
+++ b/apps/contacts/lib/vcard.php
@@ -227,7 +227,7 @@ class OC_Contacts_VCard{
 			$vcard->setString('FN', $fn);
 			OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. Added missing \'FN\' field: '.$fn,OCP\Util::DEBUG);
 		}
-		if(!$n || $n = ';;;;'){ // Fix missing 'N' field. Ugly hack ahead ;-)
+		if(!$n || $n == ';;;;'){ // Fix missing 'N' field. Ugly hack ahead ;-)
 			$slice = array_reverse(array_slice(explode(' ', $fn), 0, 2)); // Take 2 first name parts of 'FN' and reverse.
 			if(count($slice) < 2) { // If not enought, add one more...
 				$slice[] = "";
diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php
index 00a61f72fdd..57517505405 100644
--- a/apps/contacts/templates/part.contacts.php
+++ b/apps/contacts/templates/part.contacts.php
@@ -8,5 +8,5 @@
 		}
 	}
 ?>
-	<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li>
+	<li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li>
 <?php endforeach; ?>