From a6ff909911c2d60ae88913c05de81a7b726331aa Mon Sep 17 00:00:00 2001
From: Michiel de Jong <michiel@unhosted.org>
Date: Fri, 18 May 2012 15:39:28 +0200
Subject: [PATCH] this code looks wrong to me but i'm putting it back while we
 find out what the right code should look like

---
 lib/util.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/util.php b/lib/util.php
index d2dd28b7da8..22b327a88c0 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -312,7 +312,7 @@ class OC_Util {
 	*/
 	public static function redirectToDefaultPage(){
 		if(isset($_REQUEST['redirect_url'])) {
-			header( 'Location: /'.$_REQUEST['redirect_url']);
+			header( 'Location: /'.htmlentities($_REQUEST['redirect_url']));
 		} else {
 			header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
 		}
-- 
2.39.5