diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2014-03-12 00:18:51 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2014-03-12 00:18:51 +0100 |
| commit | 7c78368e8b0c4b796a2f01757e50a1428a4ac017 (patch) | |
| tree | 492e31cc2537dbc8921f93279f46a45edcb56cce /lib | |
| parent | 364e1f852fe8640d7d6fa149f784a0d2d1de0a57 (diff) | |
| download | nextcloud-server-7c78368e8b0c4b796a2f01757e50a1428a4ac017.tar.gz nextcloud-server-7c78368e8b0c4b796a2f01757e50a1428a4ac017.zip | |
sanitize fallbackId
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/eventsource.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php index 4df0bc2e7cd..5a41ddd8b37 100644 --- a/lib/private/eventsource.php +++ b/lib/private/eventsource.php @@ -63,8 +63,9 @@ class OC_EventSource{ $type=null; } if($this->fallback) { + $fallBackId = OC_Util::sanitizeHTML($this->fallBackId); $response='<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack(' - .$this->fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL; + .$fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL; echo $response; }else{ if($type) { |