mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sanitize toaddress for emailing private links 

Conflicts:
	apps/files_sharing/ajax/email.php
This commit is contained in:
Michael Gapczynski 2012-07-11 15:26:22 -04:00
parent 71491612e3
commit ebcf5bce3c
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/files_sharing/ajax/email.php
View File

@ -3,11 +3,10 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('files_sharing');
$user = OCP\USER::getUser();
// TODO translations
$toaddress = OCP\Util::sanitizeHtml($_POST['toaddress']);
$type = (strpos($_POST['file'], '.') === false) ? 'folder' : 'file';
$subject = $user.' shared a '.$type.' with you';
$link = $_POST['link'];
$text = $user.' shared the '.$type.' '.$_POST['file'].' with you. It is available for download here: '.$link;
$fromaddress = OCP\Config::getUserValue($user, 'settings', 'email', 'sharing-noreply@'.OCP\Util::getServerHost());
OCP\Util::sendMail($_POST['toaddress'], $_POST['toaddress'], $subject, $text, $fromaddress, $user);
?>
OCP\Util::sendMail($toaddress, $toaddress, $subject, $text, $fromaddress, $user);