From 238b8e878ad48f370903465192b57c2072f65d86 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <gohr@cosmocode.de>
Date: Tue, 27 Jun 2017 15:04:23 +0200
Subject: [PATCH] filter special chars from ajax call parameter. fixes #2019

---
 lib/exe/ajax.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
index b3e9a618f5..9f9db5391a 100644
--- a/lib/exe/ajax.php
+++ b/lib/exe/ajax.php
@@ -15,9 +15,9 @@
 
 //call the requested function
 if($INPUT->post->has('call')){
-    $call = $INPUT->post->str('call');
+    $call = $INPUT->post->filter('utf8_stripspecials')->str('call');
 }else if($INPUT->get->has('call')){
-    $call = $INPUT->get->str('call');
+    $call = $INPUT->get->filter('utf8_stripspecials')->str('call');
 }else{
     exit;
 }