mirror of
https://github.com/nextcloud/server.git
synced 2024-07-25 13:54:59 +02:00
Only encode dangerous dangerous characters
There is no need to encode all characters into HTML entities, only potential dangerous characters as &, ", ', < and > should get encoded. This may fix issues like https://github.com/owncloud/calendar/pull/394
This commit is contained in:
parent
e704bc2bf0
commit
77ecfdd1a4
@ -805,7 +805,7 @@ class OC_Util {
|
||||
array_walk_recursive($value, 'OC_Util::sanitizeHTML');
|
||||
} else {
|
||||
//Specify encoding for PHP<5.4
|
||||
$value = htmlentities((string)$value, ENT_QUOTES, 'UTF-8');
|
||||
$value = htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
return $value;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user