mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Also disallow ; in remote urls 

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2020-03-24 14:20:15 +01:00
parent 5e402f8aae
commit 609b8aff12
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/files_sharing/lib/Controller/ExternalSharesController.php
View File

@ -131,7 +131,7 @@ class ExternalSharesController extends Controller {
* @return DataResponse
*/
public function testRemote($remote) {
if (strpos($remote, '#') !== false || strpos($remote, '?') !== false) {
if (strpos($remote, '#') !== false || strpos($remote, '?') !== false || strpos($remote, ';') !== false) {
return new DataResponse(false);
}

1
apps/files_sharing/tests/Controller/ExternalShareControllerTest.php
View File

@ -162,6 +162,7 @@ class ExternalShareControllerTest extends \Test\TestCase {
return [
['nextcloud.com?query'],
['nextcloud.com/#anchor'],
['nextcloud.com/;tomcat'],
];
}