Also disallow ; in remote urls

Signed-off-by: Joas Schilling <coding@schilljs.com>

apps/files_sharing/lib/Controller/ExternalSharesController.php

@@ -131,7 +131,7 @@ class ExternalSharesController extends Controller {
 	 * @return DataResponse
 	 */
 	public function testRemote($remote) {
-		if (strpos($remote, '#') !== false || strpos($remote, '?') !== false) {
+		if (strpos($remote, '#') !== false || strpos($remote, '?') !== false || strpos($remote, ';') !== false) {
 			return new DataResponse(false);
 		}
 

apps/files_sharing/tests/Controller/ExternalShareControllerTest.php

@@ -162,6 +162,7 @@ class ExternalShareControllerTest extends \Test\TestCase {
 		return [
 			['nextcloud.com?query'],
 			['nextcloud.com/#anchor'],
+			['nextcloud.com/;tomcat'],
 		];
 	}