xss vulnerabilities fixed

e1fa9c28 · Björn Schießle · 033d372f · e1fa9c28 · e1fa9c28
Commit e1fa9c28 authored 12 years ago by Björn Schießle
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -168,7 +168,7 @@ class TileStack extends TileBase {
 	}
 	
 	public function getOnClickAction() {
-		return 'javascript:openNewGal(\''.$this->stack_name.'\');';
+		return 'javascript:openNewGal(\''.\OCP\Util::sanitizeHTML($this->stack_name).'\');';
 	}

 	private $tiles_array;

--- a/apps/gallery/templates/index.php
+++ b/apps/gallery/templates/index.php
 <script type="text/javascript">

-var root = "<?php echo $_['root']; ?>";
+var root = "<?php echo OCP\Util::sanitizeHTML($_['root']); ?>";

 $(document).ready(function() {
 		$("a[rel=images]").fancybox({