wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde.

Browse source
This commit is contained in:
Lukas Reschke 2012-08-18 09:24:35 +02:00 committed by Jörn Friedrich Dreyer
parent 4d3c45a826
commit 4e5291c77a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/files/index.php
View file

@ -39,7 +39,7 @@ OCP\App::setActiveNavigationEntry( 'files_index' );
$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
// Redirect if directory does not exist
if(!OC_Filesystem::is_dir($dir.'/')) {
header('Location: '.$_SERVER['PHP_SELF'].'');
header('Location: '.$_SERVER['SCRIPT_NAME'].'');
}
$files = array();