Sanitize redirect urls

diff --git a/index.php b/index.php
index 5d5307065bd7d36f2b6064c6a9973d36d36c7a93..952cd89141a384e8cafd0b2200495e10312f8126 100644 (file)
--- a/index.php
+++ b/index.php
@@ -115,6 +115,6 @@ elseif(OC_User::isLoggedIn()) {
        if(is_null(OC::$REQUESTEDFILE)){
                $sectoken=rand(1000000,9999999);
                $_SESSION['sectoken']=$sectoken;
-               OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?strip_tags($_REQUEST['redirect_url']):'' ));
+               OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?htmlentities($_REQUEST['redirect_url']):'' ));
        }
 }

diff --git a/lib/util.php b/lib/util.php
index 8cf6b3c030703ca7c73da3867c3aa20903f44ad3..e4546d6ac3db5adbd0c392293900d5b66f00ea2b 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -312,7 +312,7 @@ class OC_Util {
        */
        public static function redirectToDefaultPage(){
                if(isset($_REQUEST['redirect_url'])) {
-                       header( 'Location: '.$_REQUEST['redirect_url']);
+                       header( 'Location: '.htmlentities($_REQUEST['redirect_url']));
                } else {
                        header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
                }