From 1b10032556c6188fc5310168083042e07e8c8b59 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sun, 10 Feb 2013 14:03:40 +0100
Subject: Use sanitizeHTML instead of stripslashes + htmlspecialchars

---
 lib/helper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/helper.php b/lib/helper.php
index a0fbdd10394..124ab9da96b 100644
--- a/lib/helper.php
+++ b/lib/helper.php
@@ -437,7 +437,7 @@ class OC_Helper {
 	public static function init_var($s, $d="") {
 		$r = $d;
 		if(isset($_REQUEST[$s]) && !empty($_REQUEST[$s]))
-			$r = stripslashes(htmlspecialchars($_REQUEST[$s]));
+			$r = OC_Util::sanitizeHTML($_REQUEST[$s]);
 
 		return $r;
 	}
-- 
cgit v1.2.3


From 46103e62d2bb893daabd1e3e36e49bf857d144eb Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sun, 10 Feb 2013 14:09:49 +0100
Subject: Coding style

---
 lib/helper.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/helper.php b/lib/helper.php
index 124ab9da96b..2713ffed451 100644
--- a/lib/helper.php
+++ b/lib/helper.php
@@ -436,8 +436,9 @@ class OC_Helper {
 	//FIXME: should also check for value validation (i.e. the email is an email).
 	public static function init_var($s, $d="") {
 		$r = $d;
-		if(isset($_REQUEST[$s]) && !empty($_REQUEST[$s]))
+		if(isset($_REQUEST[$s]) && !empty($_REQUEST[$s])) {
 			$r = OC_Util::sanitizeHTML($_REQUEST[$s]);
+		}
 
 		return $r;
 	}
-- 
cgit v1.2.3