diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-03-12 09:22:46 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-03-12 09:22:46 +0100 |
| commit | 942d5fcff3712da5f4bd085308a7a6e8fa93c44a (patch) | |
| tree | d2c17432bc12f4f781ed547f41445ee452b5038d | |
| parent | 8320b8eb7aed2e5ca951663d2b3894f0484f407d (diff) | |
| parent | 7c78368e8b0c4b796a2f01757e50a1428a4ac017 (diff) | |
| download | nextcloud-server-942d5fcff3712da5f4bd085308a7a6e8fa93c44a.tar.gz nextcloud-server-942d5fcff3712da5f4bd085308a7a6e8fa93c44a.zip | |
Merge pull request #7682 from owncloud/sanitize-fallbackid-master
sanitize fallbackId
| -rw-r--r-- | lib/private/eventsource.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php index 4df0bc2e7cd..5a41ddd8b37 100644 --- a/lib/private/eventsource.php +++ b/lib/private/eventsource.php @@ -63,8 +63,9 @@ class OC_EventSource{ $type=null; } if($this->fallback) { + $fallBackId = OC_Util::sanitizeHTML($this->fallBackId); $response='<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack(' - .$this->fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL; + .$fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL; echo $response; }else{ if($type) { |