2 files changed, 28 insertions, 1 deletions
diff --git a/lib/public/util.php b/lib/public/util.php
index d79d3f26b1e..7c0cb666077 100644
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -264,6 +264,18 @@ class Util {
 	public static function callCheck(){
 		return(\OC_Util::callCheck());
 	}
+	
+	/**
+	 * @brief Used to sanitize HTML
+	 *
+	 * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
+	 *
+	 * @param string or array of strings
+	 * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+	 */
+	public static function sanitizeHTML( $value ){
+		return(\OC_Util::sanitizeHTML($value)); //Specify encoding for PHP<5.4
+	}
 }
 
 ?>
diff --git a/lib/util.php b/lib/util.php
index 0266a8ecc5f..bcfeb417c1d 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -370,7 +370,7 @@ class OC_Util {
 		$_SESSION['requesttoken-'.$token]=time();
 
 		// cleanup old tokens garbage collector
-		// only run every 20th time so we don�t waste cpu cycles
+		// only run every 20th time so we don't waste cpu cycles
 		if(rand(0,20)==0) {  
 			foreach($_SESSION as $key=>$value) {
 				// search all tokens in the session
@@ -426,4 +426,19 @@ class OC_Util {
 			exit;
 		}
 	}
+	
+	/**
+	 * @brief Public function to sanitize HTML
+	 *
+	 * This function is used to sanitize HTML and should be applied on any string or array of strings before displaying it on a web page.
+	 * 
+	 * @param string or array of strings
+	 * @return array with sanitized strings or a single sinitized string, depends on the input parameter.
+	 */
+	public static function sanitizeHTML( &$value ){
+		if (is_array($value) || is_object($value)) array_walk_recursive($value,'OC_Util::sanitizeHTML');
+		else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
+		return $value;
+	}
+
 }