diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2013-11-25 14:42:34 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2013-11-25 14:42:34 +0100 |
| commit | b9fed935b455d06ef943c562093c87171b71e4fc (patch) | |
| tree | 6686f24988233abf51f49d5371039d93fb0625db /lib/private | |
| parent | a0a665ea459fe96a0006766cc0d0b25e5cd258df (diff) | |
| download | nextcloud-server-b9fed935b455d06ef943c562093c87171b71e4fc.tar.gz nextcloud-server-b9fed935b455d06ef943c562093c87171b71e4fc.zip | |
in case uri and script name don't match we better throw an exception
Diffstat (limited to 'lib/private')
| -rwxr-xr-x | lib/private/request.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/private/request.php b/lib/private/request.php index 9cf09ac7343..7a75bf25208 100755 --- a/lib/private/request.php +++ b/lib/private/request.php @@ -138,8 +138,16 @@ class OC_Request { public static function getRawPathInfo() { $requestUri = $_SERVER['REQUEST_URI']; // remove too many leading slashes - can be caused by reverse proxy configuration - $requestUri = '/' . ltrim($requestUri, '/'); - $path_info = substr($requestUri, strlen($_SERVER['SCRIPT_NAME'])); + if (strpos($requestUri, '/') === 0) { + $requestUri = '/' . ltrim($requestUri, '/'); + } + + $scriptName = $_SERVER['SCRIPT_NAME']; + // in case uri and script name don't match we better throw an exception + if (strpos($requestUri, $scriptName) !== 0) { + throw new Exception("REQUEST_URI($requestUri) does not start with the SCRIPT_NAME($scriptName)"); + } + $path_info = substr($requestUri, strlen($scriptName)); // Remove the query string from REQUEST_URI if ($pos = strpos($path_info, '?')) { $path_info = substr($path_info, 0, $pos); |