]> source.dussan.org Git - nextcloud-server.git/commit
projects / nextcloud-server.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e4ca0c9) | patch
tain-escape the cookie input 25554/head
authorRoeland Jago Douma <roeland@famdouma.nl>
Tue, 9 Feb 2021 21:35:18 +0000 (22:35 +0100)
committerRoeland Jago Douma <roeland@famdouma.nl>
Tue, 9 Feb 2021 21:35:18 +0000 (22:35 +0100)
commit784a752c0f38c6f667516e8377a42b37cd527038
treebce8c1b0c07faf2e8fd481b3fc6117d88fdd3f7dtree | snapshot
parente4ca0c9fa0339b54ca7b95e158d18091ddd0e5d6commit | diff
tain-escape the cookie input

we only set the cookie if it is a proper <=32 char alphanum string.
Otherwise we just ignore the input.
Makes psalm also happier so that we can focus on other errors.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
apps/files/ajax/download.php diff | blob | history
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server