Sanitize toaddress for emailing private links
This commit is contained in:
parent
c3fea30811
commit
7077678f7f
|
@ -5,9 +5,10 @@ OCP\JSON::callCheck();
|
||||||
|
|
||||||
$user = OCP\USER::getUser();
|
$user = OCP\USER::getUser();
|
||||||
// TODO translations
|
// TODO translations
|
||||||
|
$toaddress = OCP\Util::sanitizeHtml($_POST['toaddress']);
|
||||||
$type = (strpos($_POST['file'], '.') === false) ? 'folder' : 'file';
|
$type = (strpos($_POST['file'], '.') === false) ? 'folder' : 'file';
|
||||||
$subject = $user.' shared a '.$type.' with you';
|
$subject = $user.' shared a '.$type.' with you';
|
||||||
$link = $_POST['link'];
|
$link = $_POST['link'];
|
||||||
$text = $user.' shared the '.$type.' '.$_POST['file'].' with you. It is available for download here: '.$link;
|
$text = $user.' shared the '.$type.' '.$_POST['file'].' with you. It is available for download here: '.$link;
|
||||||
$fromaddress = OCP\Config::getUserValue($user, 'settings', 'email', 'sharing-noreply@'.OCP\Util::getServerHost());
|
$fromaddress = OCP\Config::getUserValue($user, 'settings', 'email', 'sharing-noreply@'.OCP\Util::getServerHost());
|
||||||
OC_Mail::send($_POST['toaddress'], $_POST['toaddress'], $subject, $text, $fromaddress, $user);
|
OCP\Util::sendMail($toaddress, $toaddress, $subject, $text, $fromaddress, $user);
|
||||||
|
|
Loading…
Reference in New Issue