diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-04-11 19:42:15 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-04-11 19:42:15 +0200 |
| commit | 77ecfdd1a42811a1239b29c18b21768d2a5a3ae0 (patch) | |
| tree | 02a939f5795e226e3833802aff2852f157379681 /lib | |
| parent | e704bc2bf01e8db49634bd1ec9b9dbd11afc246d (diff) | |
| download | nextcloud-server-77ecfdd1a42811a1239b29c18b21768d2a5a3ae0.tar.gz nextcloud-server-77ecfdd1a42811a1239b29c18b21768d2a5a3ae0.zip | |
Only encode dangerous dangerous characters
There is no need to encode all characters into HTML entities, only potential dangerous characters as &, ", ', < and > should get encoded.
This may fix issues like https://github.com/owncloud/calendar/pull/394
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/private/util.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/util.php b/lib/private/util.php index 731b7c97503..a744644b39c 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -805,7 +805,7 @@ class OC_Util { array_walk_recursive($value, 'OC_Util::sanitizeHTML'); } else { //Specify encoding for PHP<5.4 - $value = htmlentities((string)$value, ENT_QUOTES, 'UTF-8'); + $value = htmlspecialchars((string)$value, ENT_QUOTES, 'UTF-8'); } return $value; } |