Prevent XSS exploit by checking if path-info is set, thanks to Lukas …

…Reschke
owncloud · May 10, 2012 · d9fbdae · d9fbdae
1 parent e3f452c
commit d9fbdae
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/lib/json.php b/lib/json.php
@@ -73,9 +73,11 @@ public static function success($data = array()){
 	* Encode and print $data in json format
 	*/
 	public static function encodedPrint($data,$setContentType=true){
-		if($setContentType){
-			self::setContentTypeHeader();
+		if(!isset($_SERVER['PATH_INFO'])) {
+			if($setContentType){
+				self::setContentTypeHeader();
+			}
+			echo json_encode($data);
 		}
-		echo json_encode($data);
 	}
 }