valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fetch_file_contents: validate effective URL (after redirects) if using CURL

This commit is contained in:
Andrew Dolgov 2020-09-17 15:53:13 +03:00
parent afa0023c51
commit 27e695436f
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/functions.php
View File

@ -246,7 +246,7 @@
$ip_addr = gethostbyname($url_host);
if (!$ip_addr || strpos($ip_addr, "127.") === 0) {
$fetch_last_error = "URL hostname failed to resolve or resolved to loopback address ($ip_addr)";
$fetch_last_error = "URL hostname failed to resolve or resolved to a loopback address ($ip_addr)";
return false;
}
@ -350,6 +350,20 @@
$fetch_effective_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
if (!validate_url($fetch_effective_url)) {
$fetch_last_error = "URL hostname received after redirection failed to validate.";
return false;
}
$fetch_effective_ip_addr = gethostbyname(parse_url($fetch_effective_url, PHP_URL_HOST));
if (!$fetch_effective_ip_addr || strpos($fetch_effective_ip_addr, "127.") === 0) {
$fetch_last_error = "URL hostname received after redirection failed to resolve or resolved to a loopback address ($fetch_effective_ip_addr)";
return false;
}
$fetch_last_error_code = $http_code;
if ($http_code != 200 || $type && strpos($fetch_last_content_type, "$type") === false) {