mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Contacts: XSS fix. Still some more to check.

This commit is contained in:
Thomas Tanghus 2012-05-21 21:47:15 +02:00
parent ede89ee405
commit a896da0d91
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/contacts/lib/vcard.php
View File

@ -188,6 +188,9 @@ class OC_Contacts_VCard{
if($upgrade && in_array($property->name, $stringprops)) { if($upgrade && in_array($property->name, $stringprops)) {
self::decodeProperty($property); self::decodeProperty($property);
} }
if(in_array($property->name, $stringprops)) {
$property->value = strip_tags($property->value);
}
// Fix format of type parameters. // Fix format of type parameters.
if($upgrade && in_array($property->name, $typeprops)) { if($upgrade && in_array($property->name, $typeprops)) {
OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. before: '.$property->serialize(),OCP\Util::DEBUG); OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. before: '.$property->serialize(),OCP\Util::DEBUG);