diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-06-11 00:36:58 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-06-11 00:36:58 +0200 |
| commit | 3f9b967be72ed6271921c5a18042ea2d3c15d6fe (patch) | |
| tree | 165708001debe7f15ac95eab49bb6e75f3639401 /apps/gallery | |
| parent | f8d2e21c66e68d1786f203a8eb7e8cb38b4e670e (diff) | |
| download | nextcloud-server-3f9b967be72ed6271921c5a18042ea2d3c15d6fe.tar.gz nextcloud-server-3f9b967be72ed6271921c5a18042ea2d3c15d6fe.zip | |
Sanitizing user input
Diffstat (limited to 'apps/gallery')
| -rw-r--r-- | apps/gallery/lib/tiles.php | 4 | ||||
| -rw-r--r-- | apps/gallery/templates/index.php | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php index e43c99bb76a..5837c752ef6 100644 --- a/apps/gallery/lib/tiles.php +++ b/apps/gallery/lib/tiles.php @@ -141,7 +141,7 @@ class TileStack extends TileBase { } public function get() { - $r = '<div class="title gallery_div">'.$this->stack_name.'</div>'; + $r = '<div class="title gallery_div">'.htmlentities($this->stack_name).'</div>'; for ($i = 0; $i < count($this->tiles_array); $i++) { $top = rand(-5, 5); $left = rand(-5, 5); @@ -168,7 +168,7 @@ class TileStack extends TileBase { } public function getOnClickAction() { - return 'javascript:openNewGal(\''.$this->stack_name.'\');'; + return 'javascript:openNewGal(\''.htmlentities($this->stack_name).'\');'; } private $tiles_array; diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php index fd83490d60c..f9926045498 100644 --- a/apps/gallery/templates/index.php +++ b/apps/gallery/templates/index.php @@ -14,7 +14,7 @@ div.visible { opacity: 0.8;} </style> <script type="text/javascript"> -var root = "<?php echo $root; ?>"; +var root = "<?php echo htmlentities($root); ?>"; function explode(element) { $('div', element).each(function(index, elem) { |