aboutsummaryrefslogtreecommitdiffstats
path: root/apps/external
diff options
context:
space:
mode:
authorFrank Karlitschek <frank@owncloud.org>2012-06-10 19:52:23 +0200
committerFrank Karlitschek <frank@owncloud.org>2012-06-10 19:52:23 +0200
commitbf4626da931b5120762f899cbcb42034244856ed (patch)
tree80c625fcb2366a3f49a895daa280495b30d11e35 /apps/external
parentc11f6cc3f9121fbb337c248807b802c72b18087b (diff)
downloadnextcloud-server-bf4626da931b5120762f899cbcb42034244856ed.tar.gz
nextcloud-server-bf4626da931b5120762f899cbcb42034244856ed.zip
prevent XSS
Diffstat (limited to 'apps/external')
-rw-r--r--apps/external/ajax/setsites.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/external/ajax/setsites.php b/apps/external/ajax/setsites.php
index c758a3508c5..772863974ae 100644
--- a/apps/external/ajax/setsites.php
+++ b/apps/external/ajax/setsites.php
@@ -12,7 +12,7 @@ OCP\User::checkAdminUser();
$sites = array();
for ($i = 0; $i < sizeof($_POST['site_name']); $i++) {
if (!empty($_POST['site_name'][$i]) && !empty($_POST['site_url'][$i])) {
- array_push($sites, array($_POST['site_name'][$i], $_POST['site_url'][$i]));
+ array_push($sites, array(strip_tags($_POST['site_name'][$i]), strip_tags($_POST['site_url'][$i])));
}
}