summaryrefslogtreecommitdiffstats
path: root/index.php
diff options
context:
space:
mode:
authorBjoern Schiessle <schiessle@owncloud.com>2012-06-15 15:51:06 +0200
committerBjoern Schiessle <schiessle@owncloud.com>2012-06-15 15:51:06 +0200
commit3ddaedee3bcc498b144d3f5df1356eccee7fbb49 (patch)
tree479804c228e3c5cfd7366b648e00a0cdc1747e05 /index.php
parent2b228fba3463722ad19ea6ccd150b96772508791 (diff)
downloadnextcloud-server-3ddaedee3bcc498b144d3f5df1356eccee7fbb49.tar.gz
nextcloud-server-3ddaedee3bcc498b144d3f5df1356eccee7fbb49.zip
fixed xss vulnerability
Diffstat (limited to 'index.php')
-rwxr-xr-xindex.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index b90b1b310a9..32b3c88df1d 100755
--- a/index.php
+++ b/index.php
@@ -121,7 +121,7 @@ elseif(OC_User::isLoggedIn()) {
if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
$sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken;
- $redirect_url = (isset($_REQUEST['redirect_url'])) ? $_REQUEST['redirect_url'] : $_SERVER['REQUEST_URI'];
+ $redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
}
}