From e7f6f7e452131320a73861ad975c3d7961074190 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Sat, 9 Jun 2012 16:44:48 +0200
Subject: [PATCH] fix another XSS

---
 apps/calendar/templates/part.import.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/apps/calendar/templates/part.import.php b/apps/calendar/templates/part.import.php
index 39cda29c20..b966100cc1 100644
--- a/apps/calendar/templates/part.import.php
+++ b/apps/calendar/templates/part.import.php
@@ -8,6 +8,9 @@
 <?php
 $calendar_options = OC_Calendar_Calendar::allCalendars(OCP\USER::getUser());
 $calendar_options[] = array('id'=>'newcal', 'displayname'=>$l->t('create a new calendar'));
+for($i = 0;$i<count($calendar_options);$i++){
+	$calendar_options[$i]['displayname'] = htmlspecialchars($calendar_options[$i]['displayname']);
+}
 echo OCP\html_select_options($calendar_options, $calendar_options[0]['id'], array('value'=>'id', 'label'=>'displayname'));
 ?>
 </select>
-- 
GitLab