diff options
| author | Michiel de Jong <michiel@unhosted.org> | 2012-05-18 15:32:41 +0200 |
|---|---|---|
| committer | Michiel de Jong <michiel@unhosted.org> | 2012-05-18 15:32:41 +0200 |
| commit | 1a874b4c56af0ef4ef20c37a2b5d348551759ff9 (patch) | |
| tree | a008374246830f209dda93dd0d1133c11fff08d2 /index.php | |
| parent | 9b5e8a2c634e07d9c6e1693158e224eda7e5f673 (diff) | |
| download | nextcloud-server-1a874b4c56af0ef4ef20c37a2b5d348551759ff9.tar.gz nextcloud-server-1a874b4c56af0ef4ef20c37a2b5d348551759ff9.zip | |
make redirect safe by restricting it to current host
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php index 8eea0fe454f..94b9def0b41 100644 --- a/index.php +++ b/index.php @@ -117,6 +117,6 @@ elseif(OC_User::isLoggedIn()) { if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ $sectoken=rand(1000000,9999999); $_SESSION['sectoken']=$sectoken; - OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $_SERVER['REQUEST_URI'])); + OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => substr($_SERVER['REQUEST_URI'], 1))); } } |