tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 08:45:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixed ssrf vulnerability

Browse Source
This commit is contained in:
alejandro.campos@artica.es 2023-02-01 13:12:12 +01:00
parent 6d2f4d7eac
commit 022ca1c6a4
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_console/extensions/api_checker.php
View File

@ -103,6 +103,15 @@ function api_execute(
} }
} }
$url_protocol = parse_url($url)['scheme'];
if ($url_protocol !== 'http' && $url_protocol !== 'https') {
return [
'url' => $url,
'result' => '',
];
}
$curlObj = curl_init($url); $curlObj = curl_init($url);
if (empty($data) === false) { if (empty($data) === false) {
$url .= http_build_query($data); $url .= http_build_query($data);