diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-08-18 09:30:01 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-08-18 09:30:01 +0200 |
| commit | 6ef5edf5eac149e140f58019ceb7a35495195aef (patch) | |
| tree | ff409ab85fe84d7bda74ca89296d16e906cfa8c8 /apps/files/index.php | |
| parent | f1cabdd8e0b8746131879a4c264f7fd9c6e51e22 (diff) | |
| download | nextcloud-server-6ef5edf5eac149e140f58019ceb7a35495195aef.tar.gz nextcloud-server-6ef5edf5eac149e140f58019ceb7a35495195aef.zip | |
Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde.
Diffstat (limited to 'apps/files/index.php')
| -rw-r--r-- | apps/files/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files/index.php b/apps/files/index.php index e1c4ad7f19b..d65aa6cabb8 100644 --- a/apps/files/index.php +++ b/apps/files/index.php @@ -39,7 +39,7 @@ OCP\App::setActiveNavigationEntry( 'files_index' ); $dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : ''; // Redirect if directory does not exist if(!OC_Filesystem::is_dir($dir.'/')) { - header('Location: '.$_SERVER['PHP_SELF'].''); + header('Location: '.$_SERVER['SCRIPT_NAME'].''); exit(); } |