From 022ca1c6a4dd2df06238038dd3886170dfbcf227 Mon Sep 17 00:00:00 2001
From: "alejandro.campos@artica.es" <alejandro.campos@artica.es>
Date: Wed, 1 Feb 2023 13:12:12 +0100
Subject: [PATCH] fixed ssrf vulnerability

---
 pandora_console/extensions/api_checker.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pandora_console/extensions/api_checker.php b/pandora_console/extensions/api_checker.php
index 895d621178..6b4dcf4d72 100755
--- a/pandora_console/extensions/api_checker.php
+++ b/pandora_console/extensions/api_checker.php
@@ -103,6 +103,15 @@ function api_execute(
         }
     }
 
+    $url_protocol = parse_url($url)['scheme'];
+
+    if ($url_protocol !== 'http' && $url_protocol !== 'https') {
+        return [
+            'url'    => $url,
+            'result' => '',
+        ];
+    }
+
     $curlObj = curl_init($url);
     if (empty($data) === false) {
         $url .= http_build_query($data);