Prevent XSS exploit by checking if path-info is set, thanks to Lukas Reschke

author Michael Gapczynski <GapczynskiM@gmail.com>

Thu, 10 May 2012 14:26:12 +0000 (10:26 -0400)

committer Michael Gapczynski <GapczynskiM@gmail.com>

Thu, 10 May 2012 14:26:12 +0000 (10:26 -0400)
author Michael Gapczynski <GapczynskiM@gmail.com>
Thu, 10 May 2012 14:26:12 +0000 (10:26 -0400)
committer Michael Gapczynski <GapczynskiM@gmail.com>
Thu, 10 May 2012 14:26:12 +0000 (10:26 -0400)
diff --git a/lib/json.php b/lib/json.php

index 0d208ce12a223af5d61fde3a0cd45a9607266626..6782bad8bb70dc95a2f3f7dc287a0bf8f449388c 100644 (file)
--- a/lib/json.php
+++ b/lib/json.php
@@ -73,9 +73,11 @@ class OC_JSON{
         * Encode and print $data in json format
         */
         public static function encodedPrint($data,$setContentType=true){
-               if($setContentType){
-                       self::setContentTypeHeader();
+               if(!isset($_SERVER['PATH_INFO'])) {
+                       if($setContentType){
+                               self::setContentTypeHeader();
+                       }
+                       echo json_encode($data);
                 }
-               echo json_encode($data);
         }
  }
author	Michael Gapczynski <GapczynskiM@gmail.com>
	Thu, 10 May 2012 14:26:12 +0000 (10:26 -0400)
committer	Michael Gapczynski <GapczynskiM@gmail.com>
	Thu, 10 May 2012 14:26:12 +0000 (10:26 -0400)