diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-22 13:58:15 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-22 13:58:15 +0200 |
| commit | 5b46734a401e88c0830b0577682a365e012c5999 (patch) | |
| tree | 31eb4f787c08cecfccf3dfd79803c4c3105b7154 /apps/gallery/lib | |
| parent | 8c2803a7c1d2b5d6b1d4bab5d36ebceb19324729 (diff) | |
| download | nextcloud-server-5b46734a401e88c0830b0577682a365e012c5999.tar.gz nextcloud-server-5b46734a401e88c0830b0577682a365e012c5999.zip | |
xss vulnerability fixed
Diffstat (limited to 'apps/gallery/lib')
| -rw-r--r-- | apps/gallery/lib/tiles.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php index 2ff4fa5647b..2bc8d4fcce0 100644 --- a/apps/gallery/lib/tiles.php +++ b/apps/gallery/lib/tiles.php @@ -141,7 +141,7 @@ class TileStack extends TileBase { } public function get() { - $r = '<div class="title gallery_div">'.$this->stack_name.'</div>'; + $r = '<div class="title gallery_div">'. \OCP\Util::sanitizeHTML($this->stack_name).'</div>'; for ($i = 0; $i < count($this->tiles_array); $i++) { $top = rand(-5, 5); $left = rand(-5, 5); |