diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-06-09 16:44:48 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-06-09 16:45:37 +0200 |
| commit | e7f6f7e452131320a73861ad975c3d7961074190 (patch) | |
| tree | 06e1043aad3bde87d0d85ce04d7d0e6ef8f1bede /apps | |
| parent | c9214afff804ec60f90b514159520355aa6e80c6 (diff) | |
| download | nextcloud-server-e7f6f7e452131320a73861ad975c3d7961074190.tar.gz nextcloud-server-e7f6f7e452131320a73861ad975c3d7961074190.zip | |
fix another XSS
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/calendar/templates/part.import.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/calendar/templates/part.import.php b/apps/calendar/templates/part.import.php index 39cda29c20d..b966100cc11 100644 --- a/apps/calendar/templates/part.import.php +++ b/apps/calendar/templates/part.import.php @@ -8,6 +8,9 @@ <?php $calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser()); $calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar')); +for($i = 0;$i<count($calendar_options);$i++){ + $calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']); +} echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname')); ?> </select> |