diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-22 14:11:57 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-22 14:11:57 +0200 |
| commit | e1fa9c282bd268efdcb09a63fcfbd0a68ee11a7a (patch) | |
| tree | 56367ece561406ef7d1b7378c212ac8f98421d7f /apps/gallery | |
| parent | 033d372f986bb91c3772ad5130361387990d6ce3 (diff) | |
| download | nextcloud-server-e1fa9c282bd268efdcb09a63fcfbd0a68ee11a7a.tar.gz nextcloud-server-e1fa9c282bd268efdcb09a63fcfbd0a68ee11a7a.zip | |
xss vulnerabilities fixed
Diffstat (limited to 'apps/gallery')
| -rw-r--r-- | apps/gallery/lib/tiles.php | 2 | ||||
| -rw-r--r-- | apps/gallery/templates/index.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php index 2bc8d4fcce0..011168471f0 100644 --- a/apps/gallery/lib/tiles.php +++ b/apps/gallery/lib/tiles.php @@ -168,7 +168,7 @@ class TileStack extends TileBase { } public function getOnClickAction() { - return 'javascript:openNewGal(\''.$this->stack_name.'\');'; + return 'javascript:openNewGal(\''.\OCP\Util::sanitizeHTML($this->stack_name).'\');'; } private $tiles_array; diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php index 1890552fc0c..037e53059d1 100644 --- a/apps/gallery/templates/index.php +++ b/apps/gallery/templates/index.php @@ -1,6 +1,6 @@ <script type="text/javascript"> -var root = "<?php echo $_['root']; ?>"; +var root = "<?php echo OCP\Util::sanitizeHTML($_['root']); ?>"; $(document).ready(function() { $("a[rel=images]").fancybox({ |