diff options
author | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-05-08 17:41:50 -0400 |
---|---|---|
committer | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-05-08 17:41:50 -0400 |
commit | 051442bc7654cc41bc8e1bb48762494764111daa (patch) | |
tree | b4cbee9163001652c70feb0f95550d690a754eca | |
parent | 7dcf38c40f2866210135680f8ed73f9401669f17 (diff) | |
download | nextcloud-server-051442bc7654cc41bc8e1bb48762494764111daa.tar.gz nextcloud-server-051442bc7654cc41bc8e1bb48762494764111daa.zip |
Sanitize redirect urls
-rw-r--r-- | index.php | 2 | ||||
-rw-r--r-- | lib/util.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/index.php b/index.php index 5d5307065bd..952cd89141a 100644 --- a/index.php +++ b/index.php @@ -115,6 +115,6 @@ elseif(OC_User::isLoggedIn()) { if(is_null(OC::$REQUESTEDFILE)){ $sectoken=rand(1000000,9999999); $_SESSION['sectoken']=$sectoken; - OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?strip_tags($_REQUEST['redirect_url']):'' )); + OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?htmlentities($_REQUEST['redirect_url']):'' )); } } diff --git a/lib/util.php b/lib/util.php index 8cf6b3c0307..e4546d6ac3d 100644 --- a/lib/util.php +++ b/lib/util.php @@ -312,7 +312,7 @@ class OC_Util { */ public static function redirectToDefaultPage(){ if(isset($_REQUEST['redirect_url'])) { - header( 'Location: '.$_REQUEST['redirect_url']); + header( 'Location: '.htmlentities($_REQUEST['redirect_url'])); } else { header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files')); } |