wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1589 from owncloud/use-sanitizeHTML

Browse source 
Use sanitizeHTML instead of stripslashes + htmlspecialchars
This commit is contained in:
Lukas Reschke 2013-02-10 06:23:01 -08:00
commit 32b1c7ad5d
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/helper.php
View file

@ -436,8 +436,9 @@ class OC_Helper {
//FIXME: should also check for value validation (i.e. the email is an email).
public static function init_var($s, $d="") {
$r = $d;
if(isset($_REQUEST[$s]) && !empty($_REQUEST[$s]))
$r = stripslashes(htmlspecialchars($_REQUEST[$s]));
if(isset($_REQUEST[$s]) && !empty($_REQUEST[$s])) {
$r = OC_Util::sanitizeHTML($_REQUEST[$s]);
}
return $r;
}