Prevent XSS exploit by checking if path-info is set, thanks to Lukas Reschke

author: Michael Gapczynski <GapczynskiM@gmail.com> 2012-05-10 10:26:12 -0400
committer: Michael Gapczynski <GapczynskiM@gmail.com> 2012-05-10 10:26:12 -0400
commit: d9fbdae75801d00227b0295b56f997c5af00e899 (patch)
tree: c29f8762692917baaf2fb7adcb4957fd52a88cf8 /lib
parent: e3f452cf539d26c61c9b2d84143ebc231c102c8b (diff)
download: nextcloud-server-d9fbdae75801d00227b0295b56f997c5af00e899.tar.gz
nextcloud-server-d9fbdae75801d00227b0295b56f997c5af00e899.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/json.php b/lib/json.php
index 0d208ce12a2..6782bad8bb7 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -73,9 +73,11 @@ class OC_JSON{
 	* Encode and print $data in json format
 	*/
 	public static function encodedPrint($data,$setContentType=true){
-		if($setContentType){
-			self::setContentTypeHeader();
+		if(!isset($_SERVER['PATH_INFO'])) {
+			if($setContentType){
+				self::setContentTypeHeader();
+			}
+			echo json_encode($data);
 		}
-		echo json_encode($data);
 	}
 }
author	Michael Gapczynski <GapczynskiM@gmail.com>	2012-05-10 10:26:12 -0400
committer	Michael Gapczynski <GapczynskiM@gmail.com>	2012-05-10 10:26:12 -0400
commit	d9fbdae75801d00227b0295b56f997c5af00e899 (patch)
tree	c29f8762692917baaf2fb7adcb4957fd52a88cf8 /lib
parent	e3f452cf539d26c61c9b2d84143ebc231c102c8b (diff)
download	nextcloud-server-d9fbdae75801d00227b0295b56f997c5af00e899.tar.gz nextcloud-server-d9fbdae75801d00227b0295b56f997c5af00e899.zip