From 5155f589fd93132fdeb39b04fc18e30a5643cbf6 Mon Sep 17 00:00:00 2001
From: Michiel de Jong <michiel@unhosted.org>
Date: Mon, 7 May 2012 09:26:54 +0200
Subject: [PATCH] prevent xss in webfinger

---
 apps/user_webfinger/webfinger.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php
index da35cf29d0..e702f27b56 100755
--- a/apps/user_webfinger/webfinger.php
+++ b/apps/user_webfinger/webfinger.php
@@ -26,7 +26,7 @@ $WEBROOT=substr($SUBURI,0,-34);
 */
 
 
-$request = urldecode($_GET['q']);
+$request = strip_tags(urldecode($_GET['q']));
 if($_GET['q']) {
 	$reqParts = explode('@', $request);
 	$userName = $reqParts[0];
-- 
GitLab