open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde.

Browse Source
remotes/origin/stable45
Lukas Reschke 13 years ago committed by Jörn Friedrich Dreyer
parent 4d3c45a826
commit 4e5291c77a
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      apps/files/index.php

2
apps/files/index.php
Unescape View File

@ -39,7 +39,7 @@ OCP\App::setActiveNavigationEntry( 'files_index' );
$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : ''; $dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
// Redirect if directory does not exist // Redirect if directory does not exist
if(!OC_Filesystem::is_dir($dir.'/')) { if(!OC_Filesystem::is_dir($dir.'/')) {
header('Location: '.$_SERVER['PHP_SELF'].''); header('Location: '.$_SERVER['SCRIPT_NAME'].'');
} }
$files = array(); $files = array();

Write Preview
Loading…
Cancel
Save