diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-05-28 12:56:56 +0200 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-05-28 12:56:56 +0200 |
| commit | 53da328aa18038d24738adb28d88ff0e63f2bc20 (patch) | |
| tree | 8099b97d67b4b2c0dba6858ad05a7202304edfd3 /apps | |
| parent | 8bd6d862b8bcdafa136ed944ccc85b565cffdee7 (diff) | |
| download | nextcloud-server-53da328aa18038d24738adb28d88ff0e63f2bc20.tar.gz nextcloud-server-53da328aa18038d24738adb28d88ff0e63f2bc20.zip | |
Contacts: Double check XSS.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/contacts/templates/part.contacts.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/contacts/templates/part.contacts.php b/apps/contacts/templates/part.contacts.php index 00a61f72fdd..57517505405 100644 --- a/apps/contacts/templates/part.contacts.php +++ b/apps/contacts/templates/part.contacts.php @@ -8,5 +8,5 @@ } } ?> - <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo $display; ?></a></li> + <li role="button" book-id="<?php echo $contact['addressbookid']; ?>" data-id="<?php echo $contact['id']; ?>"><a href="index.php?id=<?php echo $contact['id']; ?>"><?php echo htmlspecialchars($display); ?></a></li> <?php endforeach; ?> |