[Pkg-owncloud-commits] [owncloud] 64/75: Strip tags

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v3.0.1
in repository owncloud.

commit beaa76feb2a119ada452ada7a0a5c3ebef31855b
Author: Thomas Tanghus <thomas at tanghus.net>
Date:   Mon Mar 12 20:17:19 2012 +0100

    Strip tags
---
 apps/contacts/ajax/addproperty.php |    3 +++
 apps/contacts/ajax/setproperty.php |    4 ++++
 2 files changed, 7 insertions(+)

diff --git a/apps/contacts/ajax/addproperty.php b/apps/contacts/ajax/addproperty.php
index c90af21..f8a3cbe 100644
--- a/apps/contacts/ajax/addproperty.php
+++ b/apps/contacts/ajax/addproperty.php
@@ -67,6 +67,9 @@ foreach($current as $item) {
 
 if(is_array($value)) {
 	ksort($value);  // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form!
+	$value = array_map('strip_tags', $value);
+} else {
+	$value = strip_tags($value);
 }
 
 $property = $vcard->addProperty($name, $value); //, $parameters);
diff --git a/apps/contacts/ajax/setproperty.php b/apps/contacts/ajax/setproperty.php
index cf3fe58..ef26b34 100644
--- a/apps/contacts/ajax/setproperty.php
+++ b/apps/contacts/ajax/setproperty.php
@@ -37,6 +37,10 @@ $line = OC_Contacts_App::getPropertyLineByChecksum($vcard, $checksum);
 $value = $_POST['value'];
 if(is_array($value)){
 	ksort($value);  // NOTE: Important, otherwise the compound value will be set in the order the fields appear in the form!
+	$value = array_map('strip_tags', $value);
+	$value = OC_VObject::escapeSemicolons($value);
+} else {
+	$value = strip_tags($value);
 }
 OC_Log::write('contacts','ajax/setproperty.php: setting: '.$vcard->children[$line]->name.': '.$value, OC_Log::DEBUG);
 $vcard->children[$line]->setValue($value);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git