Skip to content

Commit

Permalink
Contacts: Backport XSS fix.
Browse files Browse the repository at this point in the history
  • Loading branch information
@tanghus
tanghus committed May 21, 2012
1 parent 3775c0d commit 54a3717
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions apps/contacts/lib/vcard.php
View file
Expand Up @@ -188,6 +188,9 @@ protected static function updateValuesFromAdd($aid, &$vcard) { // any suggestion
if($upgrade && in_array($property->name, $stringprops)) { if($upgrade && in_array($property->name, $stringprops)) {
self::decodeProperty($property); self::decodeProperty($property);
} }
if(in_array($property->name, $stringprops)) {
$property->value = strip_tags($property->value);
}
// Fix format of type parameters. // Fix format of type parameters.
if($upgrade && in_array($property->name, $typeprops)) { if($upgrade && in_array($property->name, $typeprops)) {
OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. before: '.$property->serialize(),OCP\Util::DEBUG); OCP\Util::writeLog('contacts','OC_Contacts_VCard::updateValuesFromAdd. before: '.$property->serialize(),OCP\Util::DEBUG);
Expand Down

0 comments on commit 54a3717

Please sign in to comment.