diff options
| author | Frank Karlitschek <frank@owncloud.org> | 2012-06-10 19:54:04 +0200 |
|---|---|---|
| committer | Frank Karlitschek <frank@owncloud.org> | 2012-06-10 19:54:04 +0200 |
| commit | 6a44d02898ce184d4947c9455b4297fe6f6a94f0 (patch) | |
| tree | 343a323c6de1489b84a566590e834dcb359dc867 /apps | |
| parent | 3970be3d7f7ba93db6689494a570d8da43bd7623 (diff) | |
| download | nextcloud-server-6a44d02898ce184d4947c9455b4297fe6f6a94f0.tar.gz nextcloud-server-6a44d02898ce184d4947c9455b4297fe6f6a94f0.zip | |
XSS--
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/external/ajax/setsites.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/external/ajax/setsites.php b/apps/external/ajax/setsites.php index c14daa258c1..f153735f094 100644 --- a/apps/external/ajax/setsites.php +++ b/apps/external/ajax/setsites.php @@ -12,7 +12,7 @@ OCP\User::checkAdminUser(); $sites = array(); for ($i = 0; $i < sizeof($_POST['site_name']); $i++) { if (!empty($_POST['site_name'][$i]) && !empty($_POST['site_url'][$i])) { - array_push($sites, array($_POST['site_name'][$i], $_POST['site_url'][$i])); + array_push($sites, array(strip_tags($_POST['site_name'][$i]), strip_tags($_POST['site_url'][$i]))); } } |