mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

use strip_tags for calendar names

This commit is contained in:
Georg Ehrke 2012-02-02 21:23:41 +01:00
parent bfa69c3e59
commit ab31a890b6
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/calendar/ajax/createcalendar.php
View File

@ -25,7 +25,7 @@ foreach($calendars as $cal){
}
$userid = OC_User::getUser();
$calendarid = OC_Calendar_Calendar::addCalendar($userid, htmlspecialchars($_POST['name']), 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']);
$calendarid = OC_Calendar_Calendar::addCalendar($userid, strip_tags($_POST['name']), 'VEVENT,VTODO,VJOURNAL', null, 0, $_POST['color']);
OC_Calendar_Calendar::setCalendarActive($calendarid, 1);
$calendar = OC_Calendar_Calendar::find($calendarid);

2
apps/calendar/ajax/updatecalendar.php
View File

@ -26,7 +26,7 @@ foreach($calendars as $cal){
$calendarid = $_POST['id'];
$calendar = OC_Calendar_App::getCalendar($calendarid);//access check
OC_Calendar_Calendar::editCalendar($calendarid, htmlspecialchars($_POST['name']), null, null, null, $_POST['color']);
OC_Calendar_Calendar::editCalendar($calendarid, strip_tags($_POST['name']), null, null, null, $_POST['color']);
OC_Calendar_Calendar::setCalendarActive($calendarid, $_POST['active']);
$calendar = OC_Calendar_App::getCalendar($calendarid);