self-hosted/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-11-28 08:52:00 +02:00
Code Issues Releases Activity

[Web] Fix potential XSS in autodiscover-json.php

Browse Source
This commit is contained in:
andryyy 2021-09-07 18:58:05 +02:00
parent 80fc18c5b4
commit 8e736ba9b0
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/web/autodiscover-json.php
View File

@ -16,6 +16,6 @@ elseif (strtolower($_GET['Protocol']) == 'autodiscoverv1') {
}
else {
http_response_code(400);
echo '{"ErrorCode":"InvalidProtocol","ErrorMessage":"The given protocol value \u0027' . $_GET['Protocol'] . '\u0027 is invalid. Supported values are \u0027ActiveSync,AutodiscoverV1\u0027"}';
echo '{"ErrorCode":"InvalidProtocol","ErrorMessage":"The given protocol value \u0027' . preg_replace("/[^\da-z]/i", '', $_GET['Protocol']) . '\u0027 is invalid. Supported values are \u0027ActiveSync,AutodiscoverV1\u0027"}';
}
?>