From b46903fa767eae1152bcd285250556ebf13130b9 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Sat, 9 Jun 2012 20:39:24 +0200 Subject: [PATCH] sanitize when logged in as another user --- apps/remoteStorage/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php index ac0e83bb373..f508983d052 100644 --- a/apps/remoteStorage/auth.php +++ b/apps/remoteStorage/auth.php @@ -112,7 +112,7 @@ if($userId && $appUrl && $categories) { }//end 'need to click Allow still' } else {//login not ok if($currUser) { - die('You are logged in as '.$currUser.' instead of '.$userId); + die('You are logged in as '.$currUser.' instead of '.htmlentities($userId)); } else { header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING'])); } -- 2.39.5