Skip to content

Commit abc9599

Browse files
committed
fix #1752
1 parent a583f4c commit abc9599

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

Diff for: lhc_web/modules/lhcobrowse/proxycss.php

+8-2
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,13 @@
1515
$browse = erLhcoreClassCoBrowse::getBrowseInstance($chat);
1616
}
1717

18-
$url = parse_url($_GET['base']);
18+
$base = trim($_GET['base']);
19+
20+
if (!filter_var($base, FILTER_VALIDATE_URL)) {
21+
exit;
22+
}
23+
24+
$url = parse_url($base);
1925

2026
// Only http/https supported
2127
if (!in_array($url['scheme'],['http','https']) || (isset($url['port']) && !in_array($url['port'],[80,443]))) {
@@ -42,7 +48,7 @@
4248
}
4349
} else {
4450

45-
if (!in_array($urlCSS['scheme'],['http','https']) || (isset($urlCSS['port']) && !in_array($urlCSS['port'],[80,443]))) {
51+
if (!filter_var($_GET['css'], FILTER_VALIDATE_URL) || !in_array($urlCSS['scheme'],['http','https']) || (isset($urlCSS['port']) && !in_array($urlCSS['port'],[80,443]))) {
4652
exit;
4753
}
4854

0 commit comments

Comments
 (0)