Skip to content
Permalink
Browse files
Don't load external domains in iframe
  • Loading branch information
erikdubbelboer committed Sep 10, 2021
1 parent a178a8e commit e24ecad7b8d1ca9e52b5d2f93dc0d43397444abf
Showing with 3 additions and 1 deletion.
  1. +3 −1 index.php
@@ -173,7 +173,9 @@ function getDbInfo($d, $info, $padding = '') {
} else {
$iframe = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);

if (strpos($iframe, '&') !== false) {
if (strpos($iframe, '//') === 0 || strpos($iframe, 'http') === 0) {
$iframe = 'overview.php';
} else if (strpos($iframe, '&') !== false) {
$iframe = substr_replace($iframe, '.php?', strpos($iframe, '&'), 1);
} else {
$iframe .= '.php';

0 comments on commit e24ecad

Please sign in to comment.