From 72c1b248442fb05ef2ef1e8fbf3399cb06188013 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Mon, 15 May 2017 14:33:27 +0200
Subject: Check whether the $_SERVER['REQUEST_*'] vars exist before using them

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/base.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/base.php')

diff --git a/lib/base.php b/lib/base.php
index 483cd656916..bddd6a92cc8 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -132,7 +132,7 @@ class OC {
 
 		OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT)));
 		/**
-		 * FIXME: The following lines are required because we can't yet instantiiate
+		 * FIXME: The following lines are required because we can't yet instantiate
 		 *        \OC::$server->getRequest() since \OC::$server does not yet exist.
 		 */
 		$params = [
@@ -174,7 +174,7 @@ class OC {
 
 			// Resolve /nextcloud to /nextcloud/ to ensure to always have a trailing
 			// slash which is required by URL generation.
-			if($_SERVER['REQUEST_URI'] === \OC::$WEBROOT &&
+			if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT &&
 					substr($_SERVER['REQUEST_URI'], -1) !== '/') {
 				header('Location: '.\OC::$WEBROOT.'/');
 				exit();
@@ -1005,7 +1005,7 @@ class OC {
 		}
 
 		// Handle WebDAV
-		if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
+		if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PROPFIND') {
 			// not allowed any more to prevent people
 			// mounting this root directly.
 			// Users need to mount remote.php/webdav instead.
-- 
cgit v1.2.3