fix an XSS bug

This commit is contained in:
Frank Karlitschek 2012-05-06 23:06:38 +02:00
parent 1945cd6946
commit d2b0de614e
1 changed files with 1 additions and 1 deletions

View File

@ -115,6 +115,6 @@ elseif(OC_User::isLoggedIn()) {
if(is_null(OC::$REQUESTEDFILE)){
$sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken;
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?strip_tags($_REQUEST['redirect_url']):'' ));
}
}