upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Also disallow ; in remote urls

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2020-03-24 14:20:15 +01:00
parent 5e402f8aae
commit 609b8aff12
No known key found for this signature in database
GPG key ID: 7076EA9751AACDDA
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/files_sharing/lib/Controller/ExternalSharesController.php
View file

@ -131,7 +131,7 @@ class ExternalSharesController extends Controller {
* @return DataResponse
*/
public function testRemote($remote) {
if (strpos($remote, '#') !== false || strpos($remote, '?') !== false) {
if (strpos($remote, '#') !== false || strpos($remote, '?') !== false || strpos($remote, ';') !== false) {
return new DataResponse(false);
}

1
apps/files_sharing/tests/Controller/ExternalShareControllerTest.php
View file

@ -162,6 +162,7 @@ class ExternalShareControllerTest extends \Test\TestCase {
return [
['nextcloud.com?query'],
['nextcloud.com/#anchor'],
['nextcloud.com/;tomcat'],
];
}