mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

xss vulnerability fixed

This commit is contained in:
Bjoern Schiessle 2012-06-05 10:46:28 +02:00
parent 564b0358f9
commit d71c4db10a
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/media/lib_scanner.php
View File

@ -79,19 +79,19 @@ class OC_MEDIA_SCANNER{
OCP\Util::writeLog('media',"error reading artist tag in '$file'",OCP\Util::WARN); OCP\Util::writeLog('media',"error reading artist tag in '$file'",OCP\Util::WARN);
$artist='unknown'; $artist='unknown';
}else{ }else{
$artist=stripslashes($data['comments']['artist'][0]); $artist=strip_tags(stripslashes($data['comments']['artist'][0]));
} }
if(!isset($data['comments']['album'])){ if(!isset($data['comments']['album'])){
OCP\Util::writeLog('media',"error reading album tag in '$file'",OCP\Util::WARN); OCP\Util::writeLog('media',"error reading album tag in '$file'",OCP\Util::WARN);
$album='unknown'; $album='unknown';
}else{ }else{
$album=stripslashes($data['comments']['album'][0]); $album=strip_tags(stripslashes($data['comments']['album'][0]));
} }
if(!isset($data['comments']['title'])){ if(!isset($data['comments']['title'])){
OCP\Util::writeLog('media',"error reading title tag in '$file'",OCP\Util::WARN); OCP\Util::writeLog('media',"error reading title tag in '$file'",OCP\Util::WARN);
$title='unknown'; $title='unknown';
}else{ }else{
$title=stripslashes($data['comments']['title'][0]); $title=strip_tags(stripslashes($data['comments']['title'][0]));
} }
$size=$data['filesize']; $size=$data['filesize'];
if (isset($data['comments']['track'])) if (isset($data['comments']['track']))