Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrank Karlitschek <frank@owncloud.org>2012-06-10 21:54:04 +0400
committerFrank Karlitschek <frank@owncloud.org>2012-06-10 21:54:04 +0400
commit6a44d02898ce184d4947c9455b4297fe6f6a94f0 (patch)
tree343a323c6de1489b84a566590e834dcb359dc867
parent3970be3d7f7ba93db6689494a570d8da43bd7623 (diff)
XSS--
Diffstat
-rw-r--r--apps/external/ajax/setsites.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/external/ajax/setsites.php b/apps/external/ajax/setsites.php
index c14daa258c1..f153735f094 100644
--- a/apps/external/ajax/setsites.php
+++ b/apps/external/ajax/setsites.php
@@ -12,7 +12,7 @@ OCP\User::checkAdminUser();
$sites = array();
for ($i = 0; $i < sizeof($_POST['site_name']); $i++) {
if (!empty($_POST['site_name'][$i]) && !empty($_POST['site_url'][$i])) {
- array_push($sites, array($_POST['site_name'][$i], $_POST['site_url'][$i]));
+ array_push($sites, array(strip_tags($_POST['site_name'][$i]), strip_tags($_POST['site_url'][$i])));
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-03 02:56:46 +0300