Skip to content
Permalink
Browse files Browse the repository at this point in the history
Preventing uploads from other origin
Credits to:  Fady Othman, Security Consultant # ZINAD IT
  • Loading branch information
myvesta committed Mar 14, 2021
1 parent fdc6e19 commit 3402071
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions web/upload/UploadHandler.php
Expand Up @@ -2,6 +2,13 @@

//session_start();

$hostname = exec('hostname');
$port = $_SERVER['SERVER_PORT'];
$expected_http_origin="https://".$hostname.":".$port;
if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
die ("Nope.");
}

include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

// Check login_as feature
Expand Down

0 comments on commit 3402071

Please sign in to comment.