Add some basic sanitization

Better to be safe than sorry ;)
This commit is contained in:
Lukas Reschke 2014-10-17 10:35:24 +02:00
parent 04323fbc19
commit 479424a459
1 changed files with 2 additions and 2 deletions

View File

@ -13,7 +13,7 @@
if (isset($form['anchor'])) {
$anchor = '#' . $form['anchor'];
$sectionName = $form['section-name'];
print_unescaped("<li><a href='$anchor'>$sectionName</a></li>");
print_unescaped(sprintf("<li><a href='%s'>%s</a></li>", OC_Util::sanitizeHTML($anchor), OC_Util::sanitizeHTML($sectionName)));
}
}?>
</ul>
@ -165,7 +165,7 @@ if($_['passwordChangeSupported']) {
<?php foreach($_['forms'] as $form) {
if (isset($form['form'])) {?>
<div id="<?php isset($form['anchor']) ? print_unescaped($form['anchor']) : p('');?>"><?php print_unescaped($form['form']);?></div>
<div id="<?php isset($form['anchor']) ? p($form['anchor']) : p('');?>"><?php print_unescaped($form['form']);?></div>
<?php }
};?>