From e1fa9c282bd268efdcb09a63fcfbd0a68ee11a7a Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 22 Jun 2012 14:11:57 +0200
Subject: [PATCH] xss vulnerabilities fixed

---
 apps/gallery/lib/tiles.php       | 2 +-
 apps/gallery/templates/index.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/gallery/lib/tiles.php b/apps/gallery/lib/tiles.php
index 2bc8d4fcce..011168471f 100644
--- a/apps/gallery/lib/tiles.php
+++ b/apps/gallery/lib/tiles.php
@@ -168,7 +168,7 @@ class TileStack extends TileBase {
 	}
 	
 	public function getOnClickAction() {
-		return 'javascript:openNewGal(\''.$this->stack_name.'\');';
+		return 'javascript:openNewGal(\''.\OCP\Util::sanitizeHTML($this->stack_name).'\');';
 	}
 
 	private $tiles_array;
diff --git a/apps/gallery/templates/index.php b/apps/gallery/templates/index.php
index 1890552fc0..037e53059d 100644
--- a/apps/gallery/templates/index.php
+++ b/apps/gallery/templates/index.php
@@ -1,6 +1,6 @@
 <script type="text/javascript">
 
-var root = "<?php echo $_['root']; ?>";
+var root = "<?php echo OCP\Util::sanitizeHTML($_['root']); ?>";
 
 $(document).ready(function() {
 		$("a[rel=images]").fancybox({
-- 
GitLab