diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-04-23 00:26:40 +0300 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-04-23 00:26:40 +0300 |
| commit | 6e78c4fcc04820717afe5cdb55112d4a22d6f2dc (patch) | |
| tree | 9b306e15dfa44d4c62930489fdb846f7fbbed4d4 /lib | |
| parent | 4af4a5bd98505673bf0207c7ae6efaa6fc15734a (diff) | |
| download | nextcloud-server-6e78c4fcc04820717afe5cdb55112d4a22d6f2dc.tar.gz nextcloud-server-6e78c4fcc04820717afe5cdb55112d4a22d6f2dc.zip | |
Disallow URLs containing a @
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/base.php b/lib/base.php index 7b0967df9f9..a32ed460907 100644 --- a/lib/base.php +++ b/lib/base.php @@ -631,8 +631,13 @@ class OC { // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); - header('Location: ' . $location); - return; + + // Deny the redirect if the URL contains a @ + // This prevents unvalidated redirects like ?redirect_url=:user@domain.com + if (strpos($location, '@') === FALSE) { + header('Location: ' . $location); + return; + } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { |