diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-06-09 18:44:48 +0400 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-06-09 18:44:48 +0400 |
| commit | 642e7ce110cb8c320072532c29abe003385d50f5 (patch) | |
| tree | d83e568a0aaf6ee9d8b76c902f168e8a4a8550c3 | |
| parent | f955f6a6857754826af8903475688ba54f72c1bb (diff) | |
fix another XSS
| -rw-r--r-- | apps/calendar/templates/part.import.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/calendar/templates/part.import.php b/apps/calendar/templates/part.import.php index e93ea1af4c9..3850ddde565 100644 --- a/apps/calendar/templates/part.import.php +++ b/apps/calendar/templates/part.import.php @@ -8,6 +8,9 @@ <?php $calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser()); $calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar')); +for($i = 0;$i<count($calendar_options);$i++){ + $calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']); +} echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname')); ?> </select> |