public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 10:05:56 +00:00
Code Issues Releases Wiki Activity

- fix multiple vulnerabilities in af_proxy_http

Browse Source 
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
This commit is contained in:
Andrew Dolgov
2020-09-14 19:46:52 +03:00
parent 5b17fdc362
commit c3d14e1fa5
9 changed files with 72 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
classes/diskcache.php
View File

@@ -191,7 +191,7 @@ class DiskCache {
];
public function __construct($dir) {
$this->dir = CACHE_DIR . "/" . clean_filename($dir);
$this->dir = CACHE_DIR . "/" . basename(clean($dir));
}
public function getDir() {
@@ -227,9 +227,7 @@ class DiskCache {
}
public function getFullPath($filename) {
$filename = clean_filename($filename);
return $this->dir . "/" . $filename;
return $this->dir . "/" . basename(clean($filename));
}
public function put($filename, $data) {