mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-02 20:57:26 +02:00
Code Issues Releases Wiki Activity

Allow for valid torrent URLs

Browse Source
This commit is contained in:
Cameron
2016-08-09 11:07:49 -07:00
parent 16ba11220e
commit 0b06fbda62
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
e107_handlers/e107_class.php
View File

@@ -3797,12 +3797,14 @@ class e107
} }
// FIXME - basic security - add url sanitize method to e_parse // FIXME - basic security - add url sanitize method to e_parse
$check = rawurldecode($requestUri); // urlencoded by default $check = rawurldecode($requestUri); // urlencoded by default
// a bit aggressive XSS protection... convert to e.g. htmlentities if you are not a bad guy // a bit aggressive XSS protection... convert to e.g. htmlentities if you are not a bad guy
$checkregx = $no_cbrace ? '[<>\{\}]' : '[<>]'; $checkregx = $no_cbrace ? '[<>\{\}]' : '[<>]';
if(preg_match('/'.$checkregx.'/', $check)) if(preg_match('/'.$checkregx.'/', $check))
{ {
header('HTTP/1.1 403 Forbidden'); // header('HTTP/1.1 403 Forbidden');
exit; $requestUri = filter_var($requestUri, FILTER_SANITIZE_URL);
// exit;
} }
// e_MENU fix // e_MENU fix