diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-05 10:37:22 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-05 10:37:22 +0200 |
| commit | dcc5b5ca0a67d4e21442bb96d67d9d23fc7f1647 (patch) | |
| tree | 96a18cc1e88b143c7cbafb9e642617c6cebefc79 | |
| parent | 6d70f42dd432eca06cf73d5fe5f34c3bc3bb924f (diff) | |
| download | nextcloud-server-dcc5b5ca0a67d4e21442bb96d67d9d23fc7f1647.tar.gz nextcloud-server-dcc5b5ca0a67d4e21442bb96d67d9d23fc7f1647.zip | |
xss vulnerability fixed
| -rw-r--r-- | apps/calendar/lib/object.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/apps/calendar/lib/object.php b/apps/calendar/lib/object.php index f0a9bf050fc..cc80a0bb708 100644 --- a/apps/calendar/lib/object.php +++ b/apps/calendar/lib/object.php @@ -600,8 +600,8 @@ class OC_Calendar_Object{ public static function updateVCalendarFromRequest($request, $vcalendar) { - $title = $request["title"]; - $location = $request["location"]; + $title = strip_tags($request["title"]); + $location = strip_tags($request["location"]); $categories = $request["categories"]; $allday = isset($request["allday"]); $from = $request["from"]; @@ -611,7 +611,7 @@ class OC_Calendar_Object{ $totime = $request['totime']; } $vevent = $vcalendar->VEVENT; - $description = $request["description"]; + $description = strip_tags($request["description"]); $repeat = $request["repeat"]; if($repeat != 'doesnotrepeat'){ $rrule = ''; |