Group name does't need to be sanitized before storing it in the database

It should only be sanitized before display

2 files changed, 2 insertions, 2 deletions

diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index de941f99132..b7746fed8f1 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -5,7 +5,7 @@ OCP\JSON::callCheck();
 
 $success = true;
 $username = $_POST["username"];
-$group = OC_Util::sanitizeHTML($_POST["group"]);
+$group = $_POST["group"];
 
 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
 	$l = OC_L10N::get('core');
diff --git a/settings/ajax/togglesubadmins.php b/settings/ajax/togglesubadmins.php
index 7aaa90aad5f..a99e805f69d 100644
--- a/settings/ajax/togglesubadmins.php
+++ b/settings/ajax/togglesubadmins.php
@@ -4,7 +4,7 @@ OC_JSON::checkAdminUser();
 OCP\JSON::callCheck();
 
 $username = $_POST["username"];
-$group = OC_Util::sanitizeHTML($_POST["group"]);
+$group = $_POST["group"];
 
 // Toggle group
 if(OC_SubAdmin::isSubAdminofGroup($username, $group)) {