Group name does't need to be sanitized before storing it in the database
It should only be sanitized before display
This commit is contained in:
parent
71e8755d31
commit
80d1037e42
2 changed files with 2 additions and 2 deletions
|
@ -5,7 +5,7 @@ OCP\JSON::callCheck();
|
|||
|
||||
$success = true;
|
||||
$username = $_POST["username"];
|
||||
$group = OC_Util::sanitizeHTML($_POST["group"]);
|
||||
$group = $_POST["group"];
|
||||
|
||||
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
|
||||
$l = OC_L10N::get('core');
|
||||
|
|
|
@ -4,7 +4,7 @@ OC_JSON::checkAdminUser();
|
|||
OCP\JSON::callCheck();
|
||||
|
||||
$username = $_POST["username"];
|
||||
$group = OC_Util::sanitizeHTML($_POST["group"]);
|
||||
$group = $_POST["group"];
|
||||
|
||||
// Toggle group
|
||||
if(OC_SubAdmin::isSubAdminofGroup($username, $group)) {
|
||||
|
|
Loading…
Reference in a new issue