Merge branch 'ent-11783-arbitrary-file-read-via-api-checker-page' into 'develop'

Ent 11783 arbitrary file read via api checker page See merge request artica/pandorafms!6311
2023-08-07 10:20:59 +00:00 · 2023-08-07 10:20:59 +00:00 · 633370fdc1
parent 4e926e3076 10b2b6f6f4
commit 633370fdc1
1 changed files with 11 additions and 1 deletions
--- a/pandora_console/extensions/api_checker.php
+++ b/pandora_console/extensions/api_checker.php
@ -157,7 +157,6 @@ function extension_api_checker()
    }

    $url = io_safe_output(get_parameter('url', ''));
-
    $ip = io_safe_output(get_parameter('ip', '127.0.0.1'));
    $pandora_url = io_safe_output(get_parameter('pandora_url', $config['homeurl_static']));
    $apipass = io_safe_output(get_parameter('apipass', ''));
@ -175,6 +174,17 @@ function extension_api_checker()

    $api_execute = (bool) get_parameter('api_execute', false);

+    if ($url !== '') {
+        $validate_url = parse_url($url);
+        if ($validate_url['scheme'] === 'http' || $validate_url['scheme'] === 'https') {
+            ui_print_success_message(__('Request successfully processed'));
+        } else {
+            ui_print_error_message(__('Incorrect URL'));
+            $url = '';
+            $api_execute = false;
+        }
+    }
+
    $return_call_api = '';
    if ($api_execute === true) {
        $return_call_api = api_execute(