From 7c78368e8b0c4b796a2f01757e50a1428a4ac017 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20M=C3=BCller?= <thomas.mueller@tmit.eu>
Date: Wed, 12 Mar 2014 00:18:51 +0100
Subject: [PATCH] sanitize fallbackId

---
 lib/private/eventsource.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php
index 4df0bc2e7c..5a41ddd8b3 100644
--- a/lib/private/eventsource.php
+++ b/lib/private/eventsource.php
@@ -63,8 +63,9 @@ class OC_EventSource{
 			$type=null;
 		}
 		if($this->fallback) {
+			$fallBackId = OC_Util::sanitizeHTML($this->fallBackId);
 			$response='<script type="text/javascript">window.parent.OC.EventSource.fallBackCallBack('
-				.$this->fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL;
+				.$fallBackId.',"' . $type . '",' . OCP\JSON::encode($data) . ')</script>' . PHP_EOL;
 			echo $response;
 		}else{
 			if($type) {