diff options
| author | Bart Visscher <bartv@thisnet.nl> | 2013-02-09 15:03:47 +0100 |
|---|---|---|
| committer | Bart Visscher <bartv@thisnet.nl> | 2013-02-09 15:10:40 +0100 |
| commit | 9dddcae9ca3dcf872893e36e2f478ebecafdc6e2 (patch) | |
| tree | 161ce14d97ef95699266ead95da5f5f2bd97fb68 /lib/base.php | |
| parent | 12bdc6ddb6021f772e8e6364eee89f1406ee3d7d (diff) | |
| download | nextcloud-server-9dddcae9ca3dcf872893e36e2f478ebecafdc6e2.tar.gz nextcloud-server-9dddcae9ca3dcf872893e36e2f478ebecafdc6e2.zip | |
Remove invalid characters from app id to prevent loading of invalid resources
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/base.php b/lib/base.php index 5bfdb0b7c0a..b9e59c3431e 100644 --- a/lib/base.php +++ b/lib/base.php @@ -468,7 +468,7 @@ class OC { register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters - self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? str_replace(array('\0', '/', '\\', '..'), '', strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files')); + self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files')); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1); |