diff options
| author | Björn Schießle <schiessle@owncloud.com> | 2013-01-29 22:32:59 +0100 |
|---|---|---|
| committer | Björn Schießle <schiessle@owncloud.com> | 2013-01-29 22:32:59 +0100 |
| commit | d19de49606d45046f9d7755b180e5850bceccd19 (patch) | |
| tree | e36e65f325ebecfea641fcfc6980cb483fcb1dac /core/templates/layout.user.php | |
| parent | 56c6e6a334caf690184c84bae290ea596f53c3de (diff) | |
| download | nextcloud-server-d19de49606d45046f9d7755b180e5850bceccd19.tar.gz nextcloud-server-d19de49606d45046f9d7755b180e5850bceccd19.zip | |
prevent xss
Diffstat (limited to 'core/templates/layout.user.php')
| -rw-r--r-- | core/templates/layout.user.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index fb63200123e..3337449a6c0 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -1,7 +1,7 @@ <!DOCTYPE html> <html> <head> - <title><?php echo isset($_['application']) && !empty($_['application'])?$_['application'].' | ':'' ?>ownCloud <?php echo OC_User::getDisplayName()?' ('.OC_User::getDisplayName().') ':'' ?></title> + <title><?php echo isset($_['application']) && !empty($_['application'])?$_['application'].' | ':'' ?>ownCloud <?php echo OC_User::getDisplayName()?' ('.OC_Util::sanitizeHTML(OC_User::getDisplayName()).') ':'' ?></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="shortcut icon" href="<?php echo image_path('', 'favicon.png'); ?>" /><link rel="apple-touch-icon-precomposed" href="<?php echo image_path('', 'favicon-touch.png'); ?>" /> <?php foreach($_['cssfiles'] as $cssfile): ?> |