mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-03 08:40:05 +08:00
[Web] Fix potential XSS in autodiscover-json.php
This commit is contained in:
parent
80fc18c5b4
commit
8e736ba9b0
@ -16,6 +16,6 @@ elseif (strtolower($_GET['Protocol']) == 'autodiscoverv1') {
|
||||
}
|
||||
else {
|
||||
http_response_code(400);
|
||||
echo '{"ErrorCode":"InvalidProtocol","ErrorMessage":"The given protocol value \u0027' . $_GET['Protocol'] . '\u0027 is invalid. Supported values are \u0027ActiveSync,AutodiscoverV1\u0027"}';
|
||||
echo '{"ErrorCode":"InvalidProtocol","ErrorMessage":"The given protocol value \u0027' . preg_replace("/[^\da-z]/i", '', $_GET['Protocol']) . '\u0027 is invalid. Supported values are \u0027ActiveSync,AutodiscoverV1\u0027"}';
|
||||
}
|
||||
?>
|
||||
|
Loading…
Reference in New Issue
Block a user