From: Michiel de Jong <michiel@unhosted.org>
Date: Fri, 18 May 2012 13:39:28 +0000 (+0200)
Subject: this code looks wrong to me but i'm putting it back while we find out what the right... 
X-Git-Tag: v4.0.0RC2~5^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=a6ff909911c2d60ae88913c05de81a7b726331aa;p=nextcloud-server.git

this code looks wrong to me but i'm putting it back while we find out what the right code should look like
---

diff --git a/lib/util.php b/lib/util.php
index d2dd28b7da8..22b327a88c0 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -312,7 +312,7 @@ class OC_Util {
 	*/
 	public static function redirectToDefaultPage(){
 		if(isset($_REQUEST['redirect_url'])) {
-			header( 'Location: /'.$_REQUEST['redirect_url']);
+			header( 'Location: /'.htmlentities($_REQUEST['redirect_url']));
 		} else {
 			header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
 		}