Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/apps
diff options
context:
space:
mode:
authorMichiel de Jong <michiel@unhosted.org>2012-05-07 11:26:54 +0400
committerMichiel de Jong <michiel@unhosted.org>2012-05-07 11:26:54 +0400
commit5155f589fd93132fdeb39b04fc18e30a5643cbf6 (patch)
tree33265a240593df9c69fc493f6de591b2046f4c5b /apps
parentcde60dba0f45cbfbe32059a50eb37c41e9da990b (diff)
prevent xss in webfinger
Diffstat (limited to 'apps')
-rwxr-xr-xapps/user_webfinger/webfinger.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php
index da35cf29d0e..e702f27b56e 100755
--- a/apps/user_webfinger/webfinger.php
+++ b/apps/user_webfinger/webfinger.php
@@ -26,7 +26,7 @@ $WEBROOT=substr($SUBURI,0,-34);
*/
-$request = urldecode($_GET['q']);
+$request = strip_tags(urldecode($_GET['q']));
if($_GET['q']) {
$reqParts = explode('@', $request);
$userName = $reqParts[0];
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-22 22:35:27 +0300