Use sanitizeHTML instead of strip_tags

2012-08-26 15:41:41 +02:00 · 2012-08-26 15:41:41 +02:00 · 726be04e5f
parent 39a9a4e73e
commit 726be04e5f
1 changed files with 2 additions and 2 deletions
--- a/apps/impress/player.php
+++ b/apps/impress/player.php
@ -26,8 +26,8 @@ require_once('lib/impress.php');
 // Check if we are a user
 OCP\User::checkLoggedIn();

-$filename = strip_tags($_GET['file']);
-$title = strip_tags($_GET['name']);
+$filename = OCP\Util::sanitizeHTML($_GET['file']);
+$title = OCP\Util::sanitizeHTML($_GET['name']);

 if(!OC_Filesystem::file_exists($filename)){
 	header("HTTP/1.0 404 Not Found");