Sanitize toaddress for emailing private links

author: Michael Gapczynski <mtgap@owncloud.com> 2012-07-11 15:26:22 -0400
committer: Michael Gapczynski <mtgap@owncloud.com> 2012-07-11 15:26:22 -0400
commit: 7077678f7fb33b376e05eece3b62dc4ae058055a (patch)
tree: 808f4fafc4e8b4b7c3f1667ca8b7290358829714 /apps/files_sharing/ajax
parent: c3fea30811f845fe357b70d5beb511ca4ad42eca (diff)
download: nextcloud-server-7077678f7fb33b376e05eece3b62dc4ae058055a.tar.gz
nextcloud-server-7077678f7fb33b376e05eece3b62dc4ae058055a.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/files_sharing/ajax/email.php b/apps/files_sharing/ajax/email.php
index ca63f540f93..0765bdd9885 100644
--- a/apps/files_sharing/ajax/email.php
+++ b/apps/files_sharing/ajax/email.php
@@ -5,9 +5,10 @@ OCP\JSON::callCheck();
 
 $user = OCP\USER::getUser();
 // TODO translations
+$toaddress = OCP\Util::sanitizeHtml($_POST['toaddress']);
 $type = (strpos($_POST['file'], '.') === false) ? 'folder' : 'file';
 $subject = $user.' shared a '.$type.' with you';
 $link = $_POST['link'];
 $text = $user.' shared the '.$type.' '.$_POST['file'].' with you. It is available for download here: '.$link;
 $fromaddress = OCP\Config::getUserValue($user, 'settings', 'email', 'sharing-noreply@'.OCP\Util::getServerHost());
-OC_Mail::send($_POST['toaddress'], $_POST['toaddress'], $subject, $text, $fromaddress, $user);
+OCP\Util::sendMail($toaddress, $toaddress, $subject, $text, $fromaddress, $user);
author	Michael Gapczynski <mtgap@owncloud.com>	2012-07-11 15:26:22 -0400
committer	Michael Gapczynski <mtgap@owncloud.com>	2012-07-11 15:26:22 -0400
commit	7077678f7fb33b376e05eece3b62dc4ae058055a (patch)
tree	808f4fafc4e8b4b7c3f1667ca8b7290358829714 /apps/files_sharing/ajax
parent	c3fea30811f845fe357b70d5beb511ca4ad42eca (diff)
download	nextcloud-server-7077678f7fb33b376e05eece3b62dc4ae058055a.tar.gz nextcloud-server-7077678f7fb33b376e05eece3b62dc4ae058055a.zip