1
0
mirror of https://github.com/e107inc/e107.git synced 2025-08-01 20:30:39 +02:00

Allow for valid torrent URLs

This commit is contained in:
Cameron
2016-08-09 11:07:49 -07:00
parent 16ba11220e
commit 0b06fbda62

View File

@@ -3797,12 +3797,14 @@ class e107
}
// FIXME - basic security - add url sanitize method to e_parse
$check = rawurldecode($requestUri); // urlencoded by default
// a bit aggressive XSS protection... convert to e.g. htmlentities if you are not a bad guy
$checkregx = $no_cbrace ? '[<>\{\}]' : '[<>]';
if(preg_match('/'.$checkregx.'/', $check))
{
header('HTTP/1.1 403 Forbidden');
exit;
// header('HTTP/1.1 403 Forbidden');
$requestUri = filter_var($requestUri, FILTER_SANITIZE_URL);
// exit;
}
// e_MENU fix