diff options
author | Frank Karlitschek <frank@owncloud.org> | 2012-06-10 19:52:23 +0200 |
---|---|---|
committer | Frank Karlitschek <frank@owncloud.org> | 2012-06-10 19:52:23 +0200 |
commit | bf4626da931b5120762f899cbcb42034244856ed (patch) | |
tree | 80c625fcb2366a3f49a895daa280495b30d11e35 /apps/external | |
parent | c11f6cc3f9121fbb337c248807b802c72b18087b (diff) | |
download | nextcloud-server-bf4626da931b5120762f899cbcb42034244856ed.tar.gz nextcloud-server-bf4626da931b5120762f899cbcb42034244856ed.zip |
prevent XSS
Diffstat (limited to 'apps/external')
-rw-r--r-- | apps/external/ajax/setsites.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/external/ajax/setsites.php b/apps/external/ajax/setsites.php index c758a3508c5..772863974ae 100644 --- a/apps/external/ajax/setsites.php +++ b/apps/external/ajax/setsites.php @@ -12,7 +12,7 @@ OCP\User::checkAdminUser(); $sites = array(); for ($i = 0; $i < sizeof($_POST['site_name']); $i++) { if (!empty($_POST['site_name'][$i]) && !empty($_POST['site_url'][$i])) { - array_push($sites, array($_POST['site_name'][$i], $_POST['site_url'][$i])); + array_push($sites, array(strip_tags($_POST['site_name'][$i]), strip_tags($_POST['site_url'][$i]))); } } |