From 46c6ccafcc8ea8b79f4fd0f725e51c98fa4c01e9 Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Thu, 22 Nov 2012 19:34:31 +0100
Subject: [PATCH] Contacts: sanitize input on adding groups.

---
 ajax/categories/add.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ajax/categories/add.php b/ajax/categories/add.php
index 29b8cdfc..43330628 100644
--- a/ajax/categories/add.php
+++ b/ajax/categories/add.php
@@ -13,9 +13,9 @@ OCP\JSON::callCheck();
 
 require_once __DIR__.'/../loghandler.php';
 
-$category = isset($_POST['category']) ? $_POST['category'] : null;
+$category = isset($_POST['category']) ? trim(strip_tags($_POST['category'])) : null;
 
-if(is_null($category)) {
+if(is_null($category) || $category === "") {
 	bailOut(OCA\Contacts\App::$l10n->t('No category name given.'));
 }