Skip to content
Permalink
Browse files Browse the repository at this point in the history
do a little more sanitizing of the site param when REST PRoxy enabled
  • Loading branch information
Mike Nelson committed Apr 27, 2019
1 parent 0c4b305 commit 8584a28
Showing 1 changed file with 28 additions and 13 deletions.
41 changes: 28 additions & 13 deletions includes/vendor/mnelson4/RestApiDetector/RestApiDetector.php
Expand Up @@ -30,11 +30,7 @@ class RestApiDetector
*/
public function __construct($site)
{
// If the REST API Proxy Plugin isn't active, always use the current site.
if(! PMB_REST_PROXY_EXISTS){
$site = '';
}
$this->setSite($site);
$this->setSite($this->sanitizeSite($site));
$this->getSiteInfo();
}

Expand All @@ -55,14 +51,7 @@ public function getSiteInfo()
$this->setLocal(true);
return;
}
// If they forgot to add http(s), add it for them.
if(strpos($this->getSite(), 'http://') === false && strpos($this->getSite(), 'https://') === false) {
$this->setSite( 'http://' . $this->getSite());
}
// if there is one, check if it exists in wordpress.com, eg "retirementreflections.com"
$site = trailingslashit(sanitize_text_field($this->getSite()));


$site = $this->getSite();
// Let's see if it's self-hosted...
$data = $this->getSelfHostedSiteInfo($site);
// if($data === false){
Expand All @@ -77,6 +66,32 @@ public function getSiteInfo()
return $data;
}

/**
* Avoid SSRF by sanitizing the site received.
* @since $VID:$
* @param $site
* @return mixed|string
*/
protected function sanitizeSite($site)
{
// If the REST API Proxy Plugin isn't active, always use the current site.
if(! PMB_REST_PROXY_EXISTS){
return '';
}
// If they forgot to add http(s), add it for them.
if(strpos($site, 'http://') === false && strpos($site, 'https://') === false) {
$site = 'http://' . $site;
}
// if there is one, check if it exists in wordpress.com, eg "retirementreflections.com"

$file_info = pathinfo($site);
if( isset($file_info['extension'])){
$site = str_replace($file_info['filename'] . "." . $file_info['extension'], "", $site);
}
$site = trailingslashit(sanitize_text_field($site));
return $site;
}

/**
* Tries to get the site's name, description, and URL, assuming it's self-hosted.
* Returns a true on success, false if the site works but wasn't a self-hosted WordPress site, or
Expand Down

0 comments on commit 8584a28

Please sign in to comment.