diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-02-10 06:23:01 -0800 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-02-10 06:23:01 -0800 |
| commit | 32b1c7ad5d07beaacd77ab29a9a2781b00aae45c (patch) | |
| tree | 1694ea070ceede3dc58dd81d4c55a9cd18174671 | |
| parent | 6f785e211ba4f5d1f9c85b86913195f56a15a88f (diff) | |
| parent | 46103e62d2bb893daabd1e3e36e49bf857d144eb (diff) | |
| download | nextcloud-server-32b1c7ad5d07beaacd77ab29a9a2781b00aae45c.tar.gz nextcloud-server-32b1c7ad5d07beaacd77ab29a9a2781b00aae45c.zip | |
Merge pull request #1589 from owncloud/use-sanitizeHTML
Use sanitizeHTML instead of stripslashes + htmlspecialchars
| -rw-r--r-- | lib/helper.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/helper.php b/lib/helper.php index a0fbdd10394..2713ffed451 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -436,8 +436,9 @@ class OC_Helper { //FIXME: should also check for value validation (i.e. the email is an email). public static function init_var($s, $d="") { $r = $d; - if(isset($_REQUEST[$s]) && !empty($_REQUEST[$s])) - $r = stripslashes(htmlspecialchars($_REQUEST[$s])); + if(isset($_REQUEST[$s]) && !empty($_REQUEST[$s])) { + $r = OC_Util::sanitizeHTML($_REQUEST[$s]); + } return $r; } |