From d9fbdae75801d00227b0295b56f997c5af00e899 Mon Sep 17 00:00:00 2001
From: Michael Gapczynski <GapczynskiM@gmail.com>
Date: Thu, 10 May 2012 10:26:12 -0400
Subject: [PATCH] Prevent XSS exploit by checking if path-info is set, thanks
 to Lukas Reschke

---
 lib/json.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/json.php b/lib/json.php
index 0d208ce12a..6782bad8bb 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -73,9 +73,11 @@ class OC_JSON{
 	* Encode and print $data in json format
 	*/
 	public static function encodedPrint($data,$setContentType=true){
-		if($setContentType){
-			self::setContentTypeHeader();
+		if(!isset($_SERVER['PATH_INFO'])) {
+			if($setContentType){
+				self::setContentTypeHeader();
+			}
+			echo json_encode($data);
 		}
-		echo json_encode($data);
 	}
 }
-- 
GitLab