From d2b0de614eb3bbcdb2eae90929af48a69777f49c Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Sun, 6 May 2012 23:06:38 +0200
Subject: [PATCH] fix an XSS bug

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index b9872a906d7..91f0cfb5e48 100644
--- a/index.php
+++ b/index.php
@@ -115,6 +115,6 @@ elseif(OC_User::isLoggedIn()) {
 	if(is_null(OC::$REQUESTEDFILE)){
 		$sectoken=rand(1000000,9999999);
 		$_SESSION['sectoken']=$sectoken;
-		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
+		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?strip_tags($_REQUEST['redirect_url']):'' ));
 	}
 }
-- 
2.39.5