fix another XSS

owncloud · Jun 9, 2012 · 642e7ce · 642e7ce
1 parent f955f6a
commit 642e7ce
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/apps/calendar/templates/part.import.php b/apps/calendar/templates/part.import.php
@@ -8,6 +8,9 @@
 <?php
 $calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser());
 $calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar'));
+for($i = 0;$i<count($calendar_options);$i++){
+	$calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']);
+}
 echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname'));
 ?>
 </select>