prevent xss in webfinger

author: Michiel de Jong <michiel@unhosted.org> 2012-05-07 09:26:54 +0200
committer: Michiel de Jong <michiel@unhosted.org> 2012-05-07 09:26:54 +0200
commit: 5155f589fd93132fdeb39b04fc18e30a5643cbf6 (patch)
tree: 33265a240593df9c69fc493f6de591b2046f4c5b /apps/user_webfinger
parent: cde60dba0f45cbfbe32059a50eb37c41e9da990b (diff)
download: nextcloud-server-5155f589fd93132fdeb39b04fc18e30a5643cbf6.tar.gz
nextcloud-server-5155f589fd93132fdeb39b04fc18e30a5643cbf6.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php
index da35cf29d0e..e702f27b56e 100755
--- a/apps/user_webfinger/webfinger.php
+++ b/apps/user_webfinger/webfinger.php
@@ -26,7 +26,7 @@ $WEBROOT=substr($SUBURI,0,-34);
 */
 
 
-$request = urldecode($_GET['q']);
+$request = strip_tags(urldecode($_GET['q']));
 if($_GET['q']) {
 	$reqParts = explode('@', $request);
 	$userName = $reqParts[0];
author	Michiel de Jong <michiel@unhosted.org>	2012-05-07 09:26:54 +0200
committer	Michiel de Jong <michiel@unhosted.org>	2012-05-07 09:26:54 +0200
commit	5155f589fd93132fdeb39b04fc18e30a5643cbf6 (patch)
tree	33265a240593df9c69fc493f6de591b2046f4c5b /apps/user_webfinger
parent	cde60dba0f45cbfbe32059a50eb37c41e9da990b (diff)
download	nextcloud-server-5155f589fd93132fdeb39b04fc18e30a5643cbf6.tar.gz nextcloud-server-5155f589fd93132fdeb39b04fc18e30a5643cbf6.zip