Skip to content
This repository was archived by the owner on Aug 12, 2024. It is now read-only.

Commit 3f39f2d

Browse files
committed
Bug #93, fix for security vulnerability in Timedtext controller
* https://iet.eu.teamwork.com/desk/#/tickets/366419
1 parent 6ea6528 commit 3f39f2d

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

Diff for: application/controllers/timedtext.php

+6
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,12 @@ public function webvtt() {
3939
$this->_error("Error, 'url' is a required parameter.", 400);
4040
}
4141

42+
// Security.
43+
if (! preg_match('@^https?:\/\/podcast.open.ac.uk\/@', $ttml_url)) {
44+
$this->_error("Error, bad 'url' parameter.", 400);
45+
return;
46+
}
47+
4248
$p = parse_url($ttml_url);
4349

4450

0 commit comments

Comments
 (0)