mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-01 20:30:39 +02:00
Code Issues Releases Wiki Activity

Allow for valid torrent URLs

Browse Source
This commit is contained in:
Cameron
2016-08-09 11:07:49 -07:00
parent 16ba11220e
commit 0b06fbda62
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
e107_handlers/e107_class.php
View File

@@ -3797,12 +3797,14 @@ class e107
}
// FIXME - basic security - add url sanitize method to e_parse
$check = rawurldecode($requestUri); // urlencoded by default
// a bit aggressive XSS protection... convert to e.g. htmlentities if you are not a bad guy
$checkregx = $no_cbrace ? '[<>\{\}]' : '[<>]';
if(preg_match('/'.$checkregx.'/', $check))
{
header('HTTP/1.1 403 Forbidden');
exit;
// header('HTTP/1.1 403 Forbidden');
$requestUri = filter_var($requestUri, FILTER_SANITIZE_URL);
// exit;
}
// e_MENU fix