Group name does't need to be sanitized before storing it in the database

It should only be sanitized before display
This commit is contained in:
Bart Visscher 2012-11-27 20:22:45 +01:00
parent 71e8755d31
commit 80d1037e42
2 changed files with 2 additions and 2 deletions

View file

@ -5,7 +5,7 @@ OCP\JSON::callCheck();
$success = true;
$username = $_POST["username"];
$group = OC_Util::sanitizeHTML($_POST["group"]);
$group = $_POST["group"];
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
$l = OC_L10N::get('core');

View file

@ -4,7 +4,7 @@ OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$username = $_POST["username"];
$group = OC_Util::sanitizeHTML($_POST["group"]);
$group = $_POST["group"];
// Toggle group
if(OC_SubAdmin::isSubAdminofGroup($username, $group)) {