upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-24 23:59:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 35

Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde.

Browse source
This commit is contained in:
Lukas Reschke 2012-08-18 09:30:01 +02:00
parent f1cabdd8e0
commit 6ef5edf5ea
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/files/index.php
View file

@ -39,7 +39,7 @@ OCP\App::setActiveNavigationEntry( 'files_index' );
$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
// Redirect if directory does not exist
if(!OC_Filesystem::is_dir($dir.'/')) {
header('Location: '.$_SERVER['PHP_SELF'].'');
header('Location: '.$_SERVER['SCRIPT_NAME'].'');
exit();
}