Skip to content

Commit

Permalink
fixed xss vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
Bjoern Schiessle committed Jun 15, 2012
1 parent 5c6a717 commit 0074062
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion index.php
View file
Expand Up @@ -118,7 +118,7 @@
if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
$sectoken=rand(1000000,9999999); $sectoken=rand(1000000,9999999);
$_SESSION['sectoken']=$sectoken; $_SESSION['sectoken']=$sectoken;
$redirect_url = (isset($_REQUEST['redirect_url'])) ? $_REQUEST['redirect_url'] : $_SERVER['REQUEST_URI']; $redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url)); OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
} }
} }

0 comments on commit 0074062

Please sign in to comment.