From e817504569dce49fd7a677fa510e500394af0c48 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Tue, 5 Jun 2012 10:46:28 +0200
Subject: [PATCH] xss vulnerability fixed

---
 apps/media/lib_scanner.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/media/lib_scanner.php b/apps/media/lib_scanner.php
index dc2a8a9beb4..82170e5ca82 100644
--- a/apps/media/lib_scanner.php
+++ b/apps/media/lib_scanner.php
@@ -79,19 +79,19 @@ class OC_MEDIA_SCANNER{
 			OCP\Util::writeLog('media',"error reading artist tag in '$file'",OCP\Util::WARN);
 			$artist='unknown';
 		}else{
-			$artist=stripslashes($data['comments']['artist'][0]);
+			$artist=strip_tags(stripslashes($data['comments']['artist'][0]));
 		}
 		if(!isset($data['comments']['album'])){
 			OCP\Util::writeLog('media',"error reading album tag in '$file'",OCP\Util::WARN);
 			$album='unknown';
 		}else{
-			$album=stripslashes($data['comments']['album'][0]);
+			$album=strip_tags(stripslashes($data['comments']['album'][0]));
 		}
 		if(!isset($data['comments']['title'])){
 			OCP\Util::writeLog('media',"error reading title tag in '$file'",OCP\Util::WARN);
 			$title='unknown';
 		}else{
-			$title=stripslashes($data['comments']['title'][0]);
+			$title=strip_tags(stripslashes($data['comments']['title'][0]));
 		}
 		$size=$data['filesize'];
 		if (isset($data['comments']['track']))
-- 
GitLab