xss vulnerability fixed

2012-06-22 13:58:15 +02:00 · 2012-06-22 13:58:15 +02:00 · 5b46734a40
commit 5b46734a40
parent 8c2803a7c1
1 changed files with 1 additions and 1 deletions
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@ -141,7 +141,7 @@ class TileStack extends TileBase {
 	}

 	public function get() {
-		$r = '<div class="title gallery_div">'.$this->stack_name.'</div>';
+		$r = '<div class="title gallery_div">'. \OCP\Util::sanitizeHTML($this->stack_name).'</div>';
 		for ($i = 0; $i < count($this->tiles_array); $i++) {
 			$top = rand(-5, 5);
 			$left = rand(-5, 5);