Group name does't need to be sanitized before storing it in the database

It should only be sanitized before display

Group name does't need to be sanitized before storing it in the database
80d1037e · Bart Visscher · 71e8755d · 80d1037e · 80d1037e
Commit 80d1037e authored 12 years ago by Bart Visscher
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -5,7 +5,7 @@ OCP\JSON::callCheck();

 $success = true;
 $username = $_POST["username"];
-$group = OC_Util::sanitizeHTML($_POST["group"]);
+$group = $_POST["group"];

 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
 	$l = OC_L10N::get('core');

--- a/settings/ajax/togglesubadmins.php
+++ b/settings/ajax/togglesubadmins.php
@@ -4,7 +4,7 @@ OC_JSON::checkAdminUser();
 OCP\JSON::callCheck();

 $username = $_POST["username"];
-$group = OC_Util::sanitizeHTML($_POST["group"]);
+$group = $_POST["group"];

 // Toggle group
 if(OC_SubAdmin::isSubAdminofGroup($username, $group)) {