Prevent XSS exploit by checking if path-info is set, thanks to Lukas Reschke

2026-06-08 16:26:59 -04:00 · 2012-05-10 10:26:12 -04:00 · 2012-05-10 10:26:12 -04:00 · d9fbdae758
commit d9fbdae758
parent e3f452cf53
1 changed files with 5 additions and 3 deletions
--- a/lib/json.php
+++ b/lib/json.php
@ -73,9 +73,11 @@ class OC_JSON{
 	* Encode and print $data in json format
 	*/
 	public static function encodedPrint($data,$setContentType=true){
-		if($setContentType){
-			self::setContentTypeHeader();
+		if(!isset($_SERVER['PATH_INFO'])) {
+			if($setContentType){
+				self::setContentTypeHeader();
+			}
+			echo json_encode($data);
 		}
-		echo json_encode($data);
 	}
 }