mirror of
https://git.lolcat.ca/lolcat/4get.git
synced 2025-06-28 11:39:53 +00:00
path traversal exploit (this is what you get for using free software)
This commit is contained in:
lolcat
parent
36b0c570aa
commit
b2203804c7
1 changed files with 6 additions and 1 deletions
|
|
@ -15,7 +15,12 @@ class favicon{
|
|||
|
||||
header("Content-Type: image/png");
|
||||
|
||||
if(substr_count($url, "/") !== 2){
|
||||
if(
|
||||
preg_match(
|
||||
'/^https?:\/\/[A-Za-z0-9.-]+$/',
|
||||
$url
|
||||
) === 0
|
||||
){
|
||||
|
||||
header("X-Error: Only provide the protocol and domain");
|
||||
$this->defaulticon();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue