Merge pull request #1701 from owncloud/XSS-fixes

Sanitize HTML
author: Lukas Reschke <lukas@statuscode.ch> 2013-02-14 10:50:46 -0800
committer: Lukas Reschke <lukas@statuscode.ch> 2013-02-14 10:50:46 -0800
commit: 5624f1b838575fc26d45d97e7aa6ea2f58bf29e3 (patch)
tree: 6f232b0bd32c93a9423f8b1d79073be4848f2558 /core
parent: 7f1b8274a895972b9e850e90b56797c42adae30e (diff)
parent: c7094197bfe4b6702397e147847ef9cfd8d21b63 (diff)
download: nextcloud-server-5624f1b838575fc26d45d97e7aa6ea2f58bf29e3.tar.gz
nextcloud-server-5624f1b838575fc26d45d97e7aa6ea2f58bf29e3.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php
index c8b580b5fd9..38aa31be32b 100644
--- a/core/templates/layout.user.php
+++ b/core/templates/layout.user.php
@@ -31,7 +31,7 @@
 
 			<ul id="settings" class="svg">
 				<span id="expand">
-					<?php echo OCP\User::getDisplayName($user=null)?OCP\User::getDisplayName($user=null):(OC_User::getUser()?OC_User::getUser():'') ?>
+					<?php echo OCP\User::getDisplayName($user=null)?OC_Util::sanitizeHTML(OCP\User::getDisplayName($user=null)):(OC_User::getUser()?OC_User::getUser():'') ?>
 					<img class="svg" src="<?php echo image_path('', 'actions/caret.svg'); ?>" />
 				</span>
 				<div id="expanddiv">
author	Lukas Reschke <lukas@statuscode.ch>	2013-02-14 10:50:46 -0800
committer	Lukas Reschke <lukas@statuscode.ch>	2013-02-14 10:50:46 -0800
commit	5624f1b838575fc26d45d97e7aa6ea2f58bf29e3 (patch)
tree	6f232b0bd32c93a9423f8b1d79073be4848f2558 /core
parent	7f1b8274a895972b9e850e90b56797c42adae30e (diff)
parent	c7094197bfe4b6702397e147847ef9cfd8d21b63 (diff)
download	nextcloud-server-5624f1b838575fc26d45d97e7aa6ea2f58bf29e3.tar.gz nextcloud-server-5624f1b838575fc26d45d97e7aa6ea2f58bf29e3.zip