|
|
@@ -631,8 +631,13 @@ class OC { |
|
|
|
// Handle redirect URL for logged in users |
|
|
|
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { |
|
|
|
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); |
|
|
|
header('Location: ' . $location); |
|
|
|
return; |
|
|
|
|
|
|
|
// Deny the redirect if the URL contains a @ |
|
|
|
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com |
|
|
|
if (strpos($location, '@') === FALSE) { |
|
|
|
header('Location: ' . $location); |
|
|
|
return; |
|
|
|
} |
|
|
|
} |
|
|
|
// Handle WebDAV |
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { |