From 72c1b248442fb05ef2ef1e8fbf3399cb06188013 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Mon, 15 May 2017 14:33:27 +0200
Subject: Check whether the $_SERVER['REQUEST_*'] vars exist before using them

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .../AppFramework/Middleware/Security/SecurityMiddleware.php   | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'lib/private/AppFramework')

diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index e420a9dacc0..4e41c946432 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -246,12 +246,11 @@ class SecurityMiddleware extends Middleware {
 				);
 			} else {
 				if($exception instanceof NotLoggedInException) {
-					$url = $this->urlGenerator->linkToRoute(
-						'core.login.showLoginForm',
-						[
-							'redirect_url' => $this->request->server['REQUEST_URI'],
-						]
-					);
+					$params = [];
+					if (isset($this->request->server['REQUEST_URI'])) {
+						$params['redirect_url'] = $this->request->server['REQUEST_URI'];
+					}
+					$url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', $params);
 					$response = new RedirectResponse($url);
 				} else {
 					$response = new TemplateResponse('core', '403', ['file' => $exception->getMessage()], 'guest');
-- 
cgit v1.2.3