Skip to content
  • Lukas Reschke's avatar
    Do only follow HTTP and HTTPS redirects · 6eeb9058
    Lukas Reschke authored
    We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)
    
    Get final redirect manually using get_headers()
    
    Migrate to HTTPHelper class and add unit tests
    6eeb9058