diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-06-25 05:03:30 +0200 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-06-25 05:03:30 +0200 |
| commit | 5ac4830e757eb07ff2ca993954f2c31bbe80185f (patch) | |
| tree | 9674a2639fc614e1470aea7e0cdb1e48874f8d7f /settings/templates/apps.php | |
| parent | c3130919c2fa67caa5d7d52124b20388633c5cfa (diff) | |
| download | nextcloud-server-5ac4830e757eb07ff2ca993954f2c31bbe80185f.tar.gz nextcloud-server-5ac4830e757eb07ff2ca993954f2c31bbe80185f.zip | |
XSS fix.
Diffstat (limited to 'settings/templates/apps.php')
| -rw-r--r-- | settings/templates/apps.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/settings/templates/apps.php b/settings/templates/apps.php index b9beedca151..6edaf6c5848 100644 --- a/settings/templates/apps.php +++ b/settings/templates/apps.php @@ -12,7 +12,7 @@ <ul id="leftcontent"> <?php foreach($_['apps'] as $app):?> <li <?php if($app['active']) echo 'class="active"'?> data-id="<?php echo $app['id'] ?>"> - <a href="?appid=<?php echo $app['id'] ?>"><?php echo $app['name'] ?></a> + <a href="?appid=<?php echo $app['id'] ?>"><?php echo htmlentities($app['name']) ?></a> <span class="hidden"> <?php OC_JSON::encodedPrint($app,false) ?> </span> |