From 80d1037e427c31c165abead3696668bac8110413 Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Tue, 27 Nov 2012 20:22:45 +0100
Subject: [PATCH] Group name does't need to be sanitized before storing it in
 the database

It should only be sanitized before display
---
 settings/ajax/togglegroups.php    | 2 +-
 settings/ajax/togglesubadmins.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index de941f9913..b7746fed8f 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -5,7 +5,7 @@ OCP\JSON::callCheck();
 
 $success = true;
 $username = $_POST["username"];
-$group = OC_Util::sanitizeHTML($_POST["group"]);
+$group = $_POST["group"];
 
 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
 	$l = OC_L10N::get('core');
diff --git a/settings/ajax/togglesubadmins.php b/settings/ajax/togglesubadmins.php
index 7aaa90aad5..a99e805f69 100644
--- a/settings/ajax/togglesubadmins.php
+++ b/settings/ajax/togglesubadmins.php
@@ -4,7 +4,7 @@ OC_JSON::checkAdminUser();
 OCP\JSON::callCheck();
 
 $username = $_POST["username"];
-$group = OC_Util::sanitizeHTML($_POST["group"]);
+$group = $_POST["group"];
 
 // Toggle group
 if(OC_SubAdmin::isSubAdminofGroup($username, $group)) {
-- 
GitLab