diff options
| author | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2024-11-28 11:05:06 +0100 |
|---|---|---|
| committer | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2024-11-28 11:22:15 +0100 |
| commit | ae1c3b372e2ab91a42c840028d61517a5b84bd55 (patch) | |
| tree | 73b2e7cebcd00b36ff4ef18fcb30bbcd33d1f1aa /apps/files_sharing/lib/Controller | |
| parent | a9c36c17262db8053a257c584eb29a1fa28b9eea (diff) | |
| download | nextcloud-server-ae1c3b372e2ab91a42c840028d61517a5b84bd55.tar.gz nextcloud-server-ae1c3b372e2ab91a42c840028d61517a5b84bd55.zip | |
chore: stricter access to testremote endpoint
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
Diffstat (limited to 'apps/files_sharing/lib/Controller')
| -rw-r--r-- | apps/files_sharing/lib/Controller/ExternalSharesController.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/files_sharing/lib/Controller/ExternalSharesController.php b/apps/files_sharing/lib/Controller/ExternalSharesController.php index 70e9eb5c465..e7189dabfbd 100644 --- a/apps/files_sharing/lib/Controller/ExternalSharesController.php +++ b/apps/files_sharing/lib/Controller/ExternalSharesController.php @@ -100,10 +100,11 @@ class ExternalSharesController extends Controller { * * @param string $remote * @return DataResponse + * @AnonRateThrottle(limit=5, period=120) */ #[PublicPage] public function testRemote($remote) { - if (str_contains($remote, '#') || str_contains($remote, '?') || str_contains($remote, ';')) { + if (preg_match('%[!#$&\'()*+,;=?@[\]]%', $remote)) { return new DataResponse(false); } |