diff options
| author | Michiel de Jong <michiel@unhosted.org> | 2012-06-09 20:39:24 +0200 |
|---|---|---|
| committer | Michiel de Jong <michiel@unhosted.org> | 2012-06-09 20:39:24 +0200 |
| commit | b46903fa767eae1152bcd285250556ebf13130b9 (patch) | |
| tree | ea5d30b81245493857091419ec448586c65b81b8 | |
| parent | 897bfa8814eaebe6d0d44b8554b99725819214e7 (diff) | |
| download | nextcloud-server-b46903fa767eae1152bcd285250556ebf13130b9.tar.gz nextcloud-server-b46903fa767eae1152bcd285250556ebf13130b9.zip | |
sanitize when logged in as another user
| -rw-r--r-- | apps/remoteStorage/auth.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php index ac0e83bb373..f508983d052 100644 --- a/apps/remoteStorage/auth.php +++ b/apps/remoteStorage/auth.php @@ -112,7 +112,7 @@ if($userId && $appUrl && $categories) { }//end 'need to click Allow still' } else {//login not ok if($currUser) { - die('You are logged in as '.$currUser.' instead of '.$userId); + die('You are logged in as '.$currUser.' instead of '.htmlentities($userId)); } else { header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING'])); } |