rooty/OwncloudContactsOfficial
1
0
Fork 0
mirror of https://github.com/owncloudarchive/contacts.git synced 2024-11-29 11:24:11 +01:00
Code Issues Releases Activity

Contacts: Backport XSS fix.

Browse Source
This commit is contained in:
Thomas Tanghus 2012-05-21 21:49:35 +02:00
parent c2a1821393
commit 393578a609
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/vcard.php
View File

@ -188,6 +188,9 @@ class OC_Contacts_VCard{
if($upgrade && in_array($property->name, $stringprops)) {
self::decodeProperty($property);
}
if(in_array($property->name, $stringprops)) {
$property->value = strip_tags($property->value);
}
// Fix format of type parameters.
if($upgrade && in_array($property->name, $typeprops)) {
OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. before: '.$property->serialize(),OCP\Util::DEBUG);