From 5155f589fd93132fdeb39b04fc18e30a5643cbf6 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Mon, 7 May 2012 09:26:54 +0200 Subject: [PATCH] prevent xss in webfinger --- apps/user_webfinger/webfinger.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php index da35cf29d0..e702f27b56 100755 --- a/apps/user_webfinger/webfinger.php +++ b/apps/user_webfinger/webfinger.php @@ -26,7 +26,7 @@ $WEBROOT=substr($SUBURI,0,-34); */ -$request = urldecode($_GET['q']); +$request = strip_tags(urldecode($_GET['q'])); if($_GET['q']) { $reqParts = explode('@', $request); $userName = $reqParts[0];