From b6a25e62b2484e20486a6d5c145d6e8f3e3cda6b Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Fri, 8 Feb 2013 23:23:29 +0100
Subject: [PATCH] Contacts: sanitizeHTML

---
 lib/vcard.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/vcard.php b/lib/vcard.php
index 9bdcc63f..dd3b372a 100644
--- a/lib/vcard.php
+++ b/lib/vcard.php
@@ -753,7 +753,7 @@ class VCard {
 				$value = explode(':', $value);
 				$protocol = array_shift($value);
 				if(!isset($property['X-SERVICE-TYPE'])) {
-					$property['X-SERVICE-TYPE'] = strtoupper(strip_tags($protocol));
+					$property['X-SERVICE-TYPE'] = strtoupper(\OCP\Util::sanitizeHTML($protocol));
 				}
 				$value = implode('', $value);
 			}
@@ -763,7 +763,7 @@ class VCard {
 		}
 		$temp = array(
 			//'name' => $property->name,
-			'value' => $value,
+			'value' => \OCP\Util::sanitizeHTML($value),
 			'parameters' => array()
 		);
 
@@ -789,14 +789,14 @@ class VCard {
 				}
 				$pvalue = is_array($pvalue) ? $pvalue : array($pvalue);
 				if (isset($temp['parameters'][$parameter->name])) {
-					$temp['parameters'][$parameter->name][] = $pvalue;
+					$temp['parameters'][$parameter->name][] = \OCP\Util::sanitizeHTML($pvalue);
 				}
 				else {
-					$temp['parameters'][$parameter->name] = $pvalue;
+					$temp['parameters'][$parameter->name] = \OCP\Util::sanitizeHTML($pvalue);
 				}
 			}
 			else{
-				$temp['parameters'][$parameter->name] = $parameter->value;
+				$temp['parameters'][$parameter->name] = \OCP\Util::sanitizeHTML($parameter->value);
 			}
 		}
 		return $temp;