diff options
| author | Brice Maron <brice@bmaron.net> | 2012-06-14 21:16:59 +0000 |
|---|---|---|
| committer | Brice Maron <brice@bmaron.net> | 2012-06-14 21:16:59 +0000 |
| commit | 4753cc3ebde9867ab4deb1979fb4231b0c847426 (patch) | |
| tree | c6944e947bc84c8716b57b7e2b06ef51efccb3db /apps/remoteStorage/auth.php | |
| parent | 6da5a2fdd4e8a19ab993b4a1f7de7e45b8922a16 (diff) | |
| parent | f3b30e4658c4dde82b56b458c672fa5edcba5d6b (diff) | |
| download | nextcloud-server-4753cc3ebde9867ab4deb1979fb4231b0c847426.tar.gz nextcloud-server-4753cc3ebde9867ab4deb1979fb4231b0c847426.zip | |
Merge branch 'master' into multi_app_dir
Conflicts:
apps/bookmarks/ajax/addBookmark.php
config/config.sample.php
lib/app.php
remote.php
Diffstat (limited to 'apps/remoteStorage/auth.php')
| -rw-r--r-- | apps/remoteStorage/auth.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/apps/remoteStorage/auth.php b/apps/remoteStorage/auth.php index ac0e83bb373..99e2272d3ab 100644 --- a/apps/remoteStorage/auth.php +++ b/apps/remoteStorage/auth.php @@ -25,6 +25,7 @@ * */ +header("X-Frame-Options: Sameorigin"); // Do not load FS ... $RUNTIME_NOSETUPFS = true; @@ -43,9 +44,9 @@ foreach($_GET as $k => $v) { $userId=$v; } else if($k=='redirect_uri'){ $appUrlParts=explode('/', $v); - $appUrl = $appUrlParts[2];//bit dodgy i guess + $appUrl = htmlentities($appUrlParts[2]);//TODO: check if this is equal to client_id } else if($k=='scope'){ - $categories=$v; + $categories=htmlentities($v); } } $currUser = OCP\USER::getUser(); @@ -112,7 +113,7 @@ if($userId && $appUrl && $categories) { }//end 'need to click Allow still' } else {//login not ok if($currUser) { - die('You are logged in as '.$currUser.' instead of '.$userId); + die('You are logged in as '.$currUser.' instead of '.htmlentities($userId)); } else { header('Location: /?redirect_url='.urlencode('/apps/remoteStorage/auth.php'.$_SERVER['PATH_INFO'].'?'.$_SERVER['QUERY_STRING'])); } |