diff options
| author | Joas Schilling <coding@schilljs.com> | 2020-03-24 16:20:15 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2020-04-14 19:56:06 +0300 |
| commit | 609b8aff12935ac158d60491fe7211946ed28838 (patch) | |
| tree | c03bc008b90a9d8bd7d59258c3d3cebb6c2df203 /apps/files_sharing/lib/Controller | |
| parent | 5e402f8aaeacf05f956c6a73d7300e7849bc4bae (diff) | |
Also disallow ; in remote urls
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps/files_sharing/lib/Controller')
| -rw-r--r-- | apps/files_sharing/lib/Controller/ExternalSharesController.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files_sharing/lib/Controller/ExternalSharesController.php b/apps/files_sharing/lib/Controller/ExternalSharesController.php index c5dd21cda30..96b9ebffac8 100644 --- a/apps/files_sharing/lib/Controller/ExternalSharesController.php +++ b/apps/files_sharing/lib/Controller/ExternalSharesController.php @@ -131,7 +131,7 @@ class ExternalSharesController extends Controller { * @return DataResponse */ public function testRemote($remote) { - if (strpos($remote, '#') !== false || strpos($remote, '?') !== false) { + if (strpos($remote, '#') !== false || strpos($remote, '?') !== false || strpos($remote, ';') !== false) { return new DataResponse(false); } |