open redirect vulnerability fixes (#201)

* open redirect vulnerability fix for opengraph * open redirect vulnerability fix for twitter cards * open redirect vulnerability fix for setTitle * fixed preg replace * Update OpenGraph.php * Update TwitterCards.php
artesaos · Apr 2, 2020 · ca27cd0 · ca27cd0
1 parent 445c0bf
commit ca27cd0
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 0 deletions.
diff --git a/src/SEOTools/OpenGraph.php b/src/SEOTools/OpenGraph.php
@@ -258,6 +258,7 @@ protected function eachProperties(
      */
     protected function makeTag($key = null, $value = null, $ogPrefix = false)
     {
+        $value = str_replace(['http-equiv=', 'url='], '', $value);
         return sprintf(
             '<meta property="%s%s" content="%s" />%s',
             $ogPrefix ? $this->og_prefix : '',

diff --git a/src/SEOTools/SEOMeta.php b/src/SEOTools/SEOMeta.php
@@ -213,6 +213,9 @@ public function generate($minify = false)
      */
     public function setTitle($title, $appendDefault = true)
     {
+        // open redirect vulnerability fix
+        $title = str_replace(['http-equiv=', 'url='], '', $title);
+
         // clean title
         $title = strip_tags($title);
 

diff --git a/src/SEOTools/TwitterCards.php b/src/SEOTools/TwitterCards.php
@@ -83,6 +83,7 @@ protected function eachValue(array $values, $prefix = null)
      */
     private function makeTag($key, $value)
     {
+        $value = str_replace(['http-equiv=', 'url='], '', $value);
         return '<meta name="'.$this->prefix.strip_tags($key).'" content="'.strip_tags($value).'" />';
     }