Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this...

Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde.

Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this...
4e5291c7 · Lukas Reschke · Jörn Friedrich Dreyer · 4d3c45a8 · 4e5291c7
Commit 4e5291c7 authored Aug 18, 2012 by Lukas Reschke Committed by Jörn Friedrich Dreyer Aug 24, 2012
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -39,7 +39,7 @@ OCP\App::setActiveNavigationEntry( 'files_index' );
 $dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
 // Redirect if directory does not exist
 if(!OC_Filesystem::is_dir($dir.'/')) {
-	header('Location: '.$_SERVER['PHP_SELF'].'');
+	header('Location: '.$_SERVER['SCRIPT_NAME'].'');
 }

 $files = array();