From 40f95ffdf3edf9ab45c15bd5b9018d7f4d92baa9 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <dev@georgswebsite.de>
Date: Thu, 26 Apr 2012 17:55:00 +0200
Subject: fix security check for the path of the requested file

---
 core/js/js.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'core/js')

diff --git a/core/js/js.js b/core/js/js.js
index 84875ca162f..12303d7dd91 100644
--- a/core/js/js.js
+++ b/core/js/js.js
@@ -53,13 +53,12 @@ OC={
 	filePath:function(app,type,file){
 		var isCore=OC.coreApps.indexOf(app)!=-1;
 		var link=OC.webroot;
-		var splitted = file.split('?');
-		if((splitted[0].substring(splitted[0].length-3) == 'php' || splitted[0].substring(splitted[0].length-3) == 'css') && !isCore){
+		if((file.substring(file.length-3) == 'php' || file.substring(file.length-3) == 'css') && !isCore){
 			link+='/?app=' + app + '&getfile=';
 			if(type){
 				link+=encodeURI(type + '/');
 			}
-			link+= file + '?' + splitted[1];
+			link+= file;
 		}else if(file.substring(file.length-3) != 'php' && !isCore){
 			link=OC.appswebroot;
 			link+='/';
-- 
cgit v1.2.3