mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sanitize redirect urls

This commit is contained in:
Michael Gapczynski 2012-05-08 17:41:50 -04:00
parent 7dcf38c40f
commit 051442bc76
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
index.php
View File

@ -115,6 +115,6 @@ elseif(OC_User::isLoggedIn()) {
if(is_null(OC::$REQUESTEDFILE)){
$sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken;
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?strip_tags($_REQUEST['redirect_url']):'' ));
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?htmlentities($_REQUEST['redirect_url']):'' ));
}
}

2
lib/util.php
View File

@ -312,7 +312,7 @@ class OC_Util {
*/
public static function redirectToDefaultPage(){
if(isset($_REQUEST['redirect_url'])) {
header( 'Location: '.$_REQUEST['redirect_url']);
header( 'Location: '.htmlentities($_REQUEST['redirect_url']));
} else {
header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
}