Prevent XSS exploit by checking if path-info is set, thanks to Lukas Reschke

14 years ago · d9fbdae758
1 changed files with 5 additions and 3 deletions
--- a/lib/json.php
+++ b/lib/json.php
@ -73,9 +73,11 @@ class OC_JSON{
 	* Encode and print $data in json format
 	*/
 	public static function encodedPrint($data,$setContentType=true){
-		if($setContentType){
-			self::setContentTypeHeader();
+		if(!isset($_SERVER['PATH_INFO'])) {
+			if($setContentType){
+				self::setContentTypeHeader();
+			}
+			echo json_encode($data);
 		}
-		echo json_encode($data);
 	}
 }