diff options
| author | Michiel de Jong <michiel@unhosted.org> | 2012-06-09 21:03:50 +0200 |
|---|---|---|
| committer | Michiel de Jong <michiel@unhosted.org> | 2012-06-09 21:08:24 +0200 |
| commit | 995f9c7348fcc6dd25a95f81030e7d3b6f04d6c3 (patch) | |
| tree | 412ef3e5f30d6cc746a4b66fb39773f33a552d22 | |
| parent | 322fd512612d569c75ebbf515e5d5d9d9d5578ea (diff) | |
| download | nextcloud-server-995f9c7348fcc6dd25a95f81030e7d3b6f04d6c3.tar.gz nextcloud-server-995f9c7348fcc6dd25a95f81030e7d3b6f04d6c3.zip | |
sanitize scope and host
| -rw-r--r-- | apps/remoteStorage/auth.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php index 8cbd4aa20f1..99e2272d3ab 100644 --- a/apps/remoteStorage/auth.php +++ b/apps/remoteStorage/auth.php @@ -44,9 +44,9 @@ foreach($_GET as $k => $v) { $userId=$v; } else if($k=='redirect_uri'){ $appUrlParts=explode('/', $v); - $appUrl = $appUrlParts[2];//bit dodgy i guess + $appUrl = htmlentities($appUrlParts[2]);//TODO: check if this is equal to client_id } else if($k=='scope'){ - $categories=$v; + $categories=htmlentities($v); } } $currUser = OCP\USER::getUser(); |