From 7077678f7fb33b376e05eece3b62dc4ae058055a Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Wed, 11 Jul 2012 15:26:22 -0400 Subject: [PATCH] Sanitize toaddress for emailing private links --- apps/files_sharing/ajax/email.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/files_sharing/ajax/email.php b/apps/files_sharing/ajax/email.php index ca63f540f93..0765bdd9885 100644 --- a/apps/files_sharing/ajax/email.php +++ b/apps/files_sharing/ajax/email.php @@ -5,9 +5,10 @@ OCP\JSON::callCheck(); $user = OCP\USER::getUser(); // TODO translations +$toaddress = OCP\Util::sanitizeHtml($_POST['toaddress']); $type = (strpos($_POST['file'], '.') === false) ? 'folder' : 'file'; $subject = $user.' shared a '.$type.' with you'; $link = $_POST['link']; $text = $user.' shared the '.$type.' '.$_POST['file'].' with you. It is available for download here: '.$link; $fromaddress = OCP\Config::getUserValue($user, 'settings', 'email', 'sharing-noreply@'.OCP\Util::getServerHost()); -OC_Mail::send($_POST['toaddress'], $_POST['toaddress'], $subject, $text, $fromaddress, $user); +OCP\Util::sendMail($toaddress, $toaddress, $subject, $text, $fromaddress, $user); -- 2.39.5