fix an XSS bug

13 years ago · d2b0de614e
parent 1945cd6946
commit d2b0de614e
1 changed files with 1 additions and 1 deletions
--- a/index.php
+++ b/index.php
@ -115,6 +115,6 @@ elseif(OC_User::isLoggedIn()) {
 	if(is_null(OC::$REQUESTEDFILE)){
 		$sectoken=rand(1000000,9999999);
 		$_SESSION['sectoken']=$sectoken;
-		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
+		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?strip_tags($_REQUEST['redirect_url']):'' ));
 	}
 }