Skip to content
GitLab
Commit 62f6d25a authored by Sergio Bertolin's avatar Sergio Bertolin
Browse files

Adding some protection against xml injection

parent b6cd8fd2
Hide whitespace changes
Inline Side-by-side
tests/integration/features/bootstrap/Comments.php
View file @ 62f6d25a
<?php
/**
* @author Lukas Reschke <lukas@owncloud.com>
* @author Sergio Bertolin <sbertolin@owncloud.com>
*
* @copyright Copyright (c) 2017, ownCloud, Gmbh.
* @license AGPL-3.0
......@@ -198,7 +199,7 @@ trait Comments {
<d:propertyupdate xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
<d:set>
<d:prop>
<oc:message>'. $content .'</oc:message>
<oc:message>'. htmlspecialchars($content, ENT_XML1, 'UTF-8') .'</oc:message>
</d:prop>
</d:set>
</d:propertyupdate>');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment