Also disallow ; in remote urls

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2020-03-24 14:20:15 +0100
committer: Joas Schilling <coding@schilljs.com> 2020-04-14 18:56:06 +0200
commit: 609b8aff12935ac158d60491fe7211946ed28838 (patch)
tree: c03bc008b90a9d8bd7d59258c3d3cebb6c2df203 /apps/files_sharing/lib
parent: 5e402f8aaeacf05f956c6a73d7300e7849bc4bae (diff)
download: nextcloud-server-609b8aff12935ac158d60491fe7211946ed28838.tar.gz
nextcloud-server-609b8aff12935ac158d60491fe7211946ed28838.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files_sharing/lib/Controller/ExternalSharesController.php b/apps/files_sharing/lib/Controller/ExternalSharesController.php
index c5dd21cda30..96b9ebffac8 100644
--- a/apps/files_sharing/lib/Controller/ExternalSharesController.php
+++ b/apps/files_sharing/lib/Controller/ExternalSharesController.php
@@ -131,7 +131,7 @@ class ExternalSharesController extends Controller {
 	 * @return DataResponse
 	 */
 	public function testRemote($remote) {
-		if (strpos($remote, '#') !== false || strpos($remote, '?') !== false) {
+		if (strpos($remote, '#') !== false || strpos($remote, '?') !== false || strpos($remote, ';') !== false) {
 			return new DataResponse(false);
 		}
author	Joas Schilling <coding@schilljs.com>	2020-03-24 14:20:15 +0100
committer	Joas Schilling <coding@schilljs.com>	2020-04-14 18:56:06 +0200
commit	609b8aff12935ac158d60491fe7211946ed28838 (patch)
tree	c03bc008b90a9d8bd7d59258c3d3cebb6c2df203 /apps/files_sharing/lib
parent	5e402f8aaeacf05f956c6a73d7300e7849bc4bae (diff)
download	nextcloud-server-609b8aff12935ac158d60491fe7211946ed28838.tar.gz nextcloud-server-609b8aff12935ac158d60491fe7211946ed28838.zip