diff options
| author | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2024-11-28 11:05:06 +0100 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2024-11-28 10:48:18 +0000 |
| commit | e39137de2d6adafcb6300bd7dc1b5f54ff0b71db (patch) | |
| tree | 75e99be15dc235a4512b86ed4930884e8da630d2 | |
| parent | b1ffafc1dd14d264e5ec81d5500575ab6935ad01 (diff) | |
| download | nextcloud-server-e39137de2d6adafcb6300bd7dc1b5f54ff0b71db.tar.gz nextcloud-server-e39137de2d6adafcb6300bd7dc1b5f54ff0b71db.zip | |
chore: stricter access to testremote endpoint
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
| -rw-r--r-- | apps/files_sharing/lib/Controller/ExternalSharesController.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/files_sharing/lib/Controller/ExternalSharesController.php b/apps/files_sharing/lib/Controller/ExternalSharesController.php index 726e99345fa..d62df7a071d 100644 --- a/apps/files_sharing/lib/Controller/ExternalSharesController.php +++ b/apps/files_sharing/lib/Controller/ExternalSharesController.php @@ -118,9 +118,10 @@ class ExternalSharesController extends Controller { * * @param string $remote * @return DataResponse + * @AnonRateThrottle(limit=5, period=120) */ public function testRemote($remote) { - if (str_contains($remote, '#') || str_contains($remote, '?') || str_contains($remote, ';')) { + if (preg_match('%[!#$&\'()*+,;=?@[\]]%', $remote)) { return new DataResponse(false); } |