Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents...
authorLukas Reschke <lukas@statuscode.ch>
Sat, 18 Aug 2012 07:24:35 +0000 (09:24 +0200)
committerJörn Friedrich Dreyer <jfd@butonic.de>
Fri, 24 Aug 2012 13:00:53 +0000 (15:00 +0200)
commit4e5291c77aac573860489f83c8ca627e7c793b86
tree07b7835e92eba3585b14a51893f1357ecd8059a6
parent4d3c45a8263bd394824a7d2368f0b5e83218cbda
Use SCRIPT_NAME instead of PHP_SELF which won't send the PATH_INFO, this prevents XSS in old browsers. Thanks to Nico Golde.
apps/files/index.php