this code looks wrong to me but i'm putting it back while we find out what the right...

author Michiel de Jong <michiel@unhosted.org>

Fri, 18 May 2012 13:39:28 +0000 (15:39 +0200)

committer Michiel de Jong <michiel@unhosted.org>

Fri, 18 May 2012 13:39:28 +0000 (15:39 +0200)
author Michiel de Jong <michiel@unhosted.org>
Fri, 18 May 2012 13:39:28 +0000 (15:39 +0200)
committer Michiel de Jong <michiel@unhosted.org>
Fri, 18 May 2012 13:39:28 +0000 (15:39 +0200)
diff --git a/lib/util.php b/lib/util.php

index d2dd28b7da877357bf2b62e7e367eddfcac8e15d..22b327a88c0e9c879d594fb7ae1156b4a7e7f36d 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -312,7 +312,7 @@ class OC_Util {
         */
         public static function redirectToDefaultPage(){
                 if(isset($_REQUEST['redirect_url'])) {
-                       header( 'Location: /'.$_REQUEST['redirect_url']);
+                       header( 'Location: /'.htmlentities($_REQUEST['redirect_url']));
                 } else {
                         header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
                 }
author	Michiel de Jong <michiel@unhosted.org>
	Fri, 18 May 2012 13:39:28 +0000 (15:39 +0200)
committer	Michiel de Jong <michiel@unhosted.org>
	Fri, 18 May 2012 13:39:28 +0000 (15:39 +0200)