Merge pull request #1589 from owncloud/use-sanitizeHTML
Use sanitizeHTML instead of stripslashes + htmlspecialchars
This commit is contained in:
commit
32b1c7ad5d
|
@ -436,8 +436,9 @@ class OC_Helper {
|
|||
//FIXME: should also check for value validation (i.e. the email is an email).
|
||||
public static function init_var($s, $d="") {
|
||||
$r = $d;
|
||||
if(isset($_REQUEST[$s]) && !empty($_REQUEST[$s]))
|
||||
$r = stripslashes(htmlspecialchars($_REQUEST[$s]));
|
||||
if(isset($_REQUEST[$s]) && !empty($_REQUEST[$s])) {
|
||||
$r = OC_Util::sanitizeHTML($_REQUEST[$s]);
|
||||
}
|
||||
|
||||
return $r;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue