extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-22 07:53:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

do NOT send URL to client-side, it can contain passwords

Browse Source
This commit is contained in:
ralf 2024-08-06 14:00:55 +02:00
parent 07a0717a18
commit 0c8f4c4872
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
filemanager/inc/class.filemanager_ui.inc.php
View File

@ -1104,6 +1104,9 @@ class filemanager_ui
{ {
$row[$date_field] = Api\DateTime::server2user($row[$date_field]); $row[$date_field] = Api\DateTime::server2user($row[$date_field]);
} }
// do NOT send URL to client-side, it can contain passwords
unset($row['url']);
$rows[++$n] = $row; $rows[++$n] = $row;
$path2n[$path] = $n; $path2n[$path] = $n;
} }
@ -1234,6 +1237,8 @@ class filemanager_ui
else else
{ {
$content = $stat; $content = $stat;
// do NOT send URL to client-side, it can contain passwords
unset($content['url']);
$content['name'] = $content['itempicker_merge']['name'] = Vfs::basename($path); $content['name'] = $content['itempicker_merge']['name'] = Vfs::basename($path);
$content['dir'] = $content['itempicker_merge']['dir'] = ($dir = Vfs::dirname($path)) ? Vfs::decodePath($dir) : ''; $content['dir'] = $content['itempicker_merge']['dir'] = ($dir = Vfs::dirname($path)) ? Vfs::decodePath($dir) : '';
$content['path'] = $path; $content['path'] = $path;