summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.htaccess1
-rw-r--r--3rdparty/Sabre/DAV/Server.php2
-rw-r--r--apps/files/appinfo/remote.php2
-rw-r--r--remote.php12
4 files changed, 11 insertions, 6 deletions
diff --git a/.htaccess b/.htaccess
index adc6667d5bf..73e1af62134 100644
--- a/.htaccess
+++ b/.htaccess
@@ -19,5 +19,6 @@ RewriteRule ^.well-known/carddav /remote/carddav.php [R]
RewriteRule ^.well-known/caldav /remote/caldav.php [R]
RewriteRule ^apps/([^/]*)/(.*\.(css|php))$ index.php?app=$1&getfile=$2 [QSA,L]
+RewriteRule ^remote/(.*) remote.php [QSA,L]
</IfModule>
Options -Indexes
diff --git a/3rdparty/Sabre/DAV/Server.php b/3rdparty/Sabre/DAV/Server.php
index 4284c127b6e..50b190e8fab 100644
--- a/3rdparty/Sabre/DAV/Server.php
+++ b/3rdparty/Sabre/DAV/Server.php
@@ -215,7 +215,7 @@ class Sabre_DAV_Server {
$DOM->appendChild($error);
$error->appendChild($DOM->createElement('s:exception',get_class($e)));
- $error->appendChild($DOM->createElement('s:message',$e->getMessage()));
+ $error->appendChild($DOM->createElement('s:message',htmlentities($e->getMessage())));
if ($this->debugExceptions) {
$error->appendChild($DOM->createElement('s:file',$e->getFile()));
$error->appendChild($DOM->createElement('s:line',$e->getLine()));
diff --git a/apps/files/appinfo/remote.php b/apps/files/appinfo/remote.php
index 6d54a4baed2..0f618c391ad 100644
--- a/apps/files/appinfo/remote.php
+++ b/apps/files/appinfo/remote.php
@@ -37,7 +37,7 @@ $publicDir = new OC_Connector_Sabre_Directory('');
// Fire up server
$server = new Sabre_DAV_Server($publicDir);
-$server->setBaseUri(OC::$WEBROOT.'/remote/webdav.php');
+$server->setBaseUri($baseuri);
// Load plugins
$server->addPlugin(new Sabre_DAV_Auth_Plugin($authBackend,'ownCloud'));
diff --git a/remote.php b/remote.php
index e11b72ee8c2..ab5364aad6e 100644
--- a/remote.php
+++ b/remote.php
@@ -2,11 +2,15 @@
$RUNTIME_NOSETUPFS = true;
//$RUNTIME_NOAPPS = TRUE;
require_once('lib/base.php');
-$file = OCP\CONFIG::getAppValue('core', $_GET['service']);
+$path_info = $_SERVER['PATH_INFO'];
+if (!$pos = strpos($path_info, '/', 1)) {
+ $pos = strlen($path_info);
+}
+$service=substr($path_info, 1, $pos-1);
+$file = OCP\CONFIG::getAppValue('core', $service);
if(is_null($file)){
header('HTTP/1.0 404 Not Found');
exit;
}
-$baseuri = OC::$WEBROOT . '/remote.php?service=' . $_GET['service'] . '&amp;p=';
-parse_str($_GET['p'], $_GET);
-require_once(OC::$APPSROOT . $file); \ No newline at end of file
+$baseuri = '/remote.php/'.$service.'/';
+require_once(OC::$APPSROOT . $file);