rooty/OwncloudBookmarksOfficial
1
0
Fork 0
mirror of https://github.com/owncloud/bookmarks.git synced 2025-01-21 17:52:10 +01:00
Code Issues Releases Activity

Sanitize exported file properly

Browse Source
This commit is contained in:
Lukas Reschke 2015-02-02 14:02:42 +01:00
parent 943c0afb8a
commit 09d0002622
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
controller/rest/bookmarkcontroller.php
View File

@ -241,7 +241,7 @@ EOT;
$url_parts = parse_url($bm['url']); $url_parts = parse_url($bm['url']);
$title = isset($url_parts['host']) ? OCA\Bookmarks\Controller\Lib\Helper::getDomainWithoutExt($url_parts['host']) : $bm['url']; $title = isset($url_parts['host']) ? OCA\Bookmarks\Controller\Lib\Helper::getDomainWithoutExt($url_parts['host']) : $bm['url'];
} }
$file .= '<DT><A HREF="' . $bm['url'] . '" TAGS="' . implode(',', $bm['tags']) . '">'; $file .= '<DT><A HREF="' . \OC_Util::sanitizeHTML($bm['url']) . '" TAGS="' . implode(',', \OC_Util::sanitizeHTML($bm['tags'])) . '">';
$file .= htmlspecialchars($title, ENT_QUOTES, 'UTF-8') . '</A>'; $file .= htmlspecialchars($title, ENT_QUOTES, 'UTF-8') . '</A>';
if ($bm['description']) if ($bm['description'])
$file .= '<DD>' . htmlspecialchars($bm['description'], ENT_QUOTES, 'UTF-8'); $file .= '<DD>' . htmlspecialchars($bm['description'], ENT_QUOTES, 'UTF-8');