fix an XSS bug

author Frank Karlitschek <frank@owncloud.org>

Sun, 6 May 2012 21:06:38 +0000 (23:06 +0200)

committer Frank Karlitschek <frank@owncloud.org>

Sun, 6 May 2012 21:06:38 +0000 (23:06 +0200)
author Frank Karlitschek <frank@owncloud.org>
Sun, 6 May 2012 21:06:38 +0000 (23:06 +0200)
committer Frank Karlitschek <frank@owncloud.org>
Sun, 6 May 2012 21:06:38 +0000 (23:06 +0200)
diff --git a/index.php b/index.php

index b9872a906d73ee8b285de40080c5b1b632f4980c..91f0cfb5e4803aee277b6fe667c9c521e3745b08 100644 (file)
--- a/index.php
+++ b/index.php
@@ -115,6 +115,6 @@ elseif(OC_User::isLoggedIn()) {
         if(is_null(OC::$REQUESTEDFILE)){
                 $sectoken=rand(1000000,9999999);
                 $_SESSION['sectoken']=$sectoken;
-               OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
+               OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?strip_tags($_REQUEST['redirect_url']):'' ));
         }
  }
author	Frank Karlitschek <frank@owncloud.org>
	Sun, 6 May 2012 21:06:38 +0000 (23:06 +0200)
committer	Frank Karlitschek <frank@owncloud.org>
	Sun, 6 May 2012 21:06:38 +0000 (23:06 +0200)