diff options
| author | lolcat <will@lolcat.ca> | 2025-03-02 21:58:18 -0500 |
|---|---|---|
| committer | lolcat <will@lolcat.ca> | 2025-03-02 21:58:18 -0500 |
| commit | b2203804c715e5b6b1915bcace6dfc3df806f346 (patch) | |
| tree | b2142a23b1f23e11b9d04e2d4225f329cf9c462e /favicon.php | |
| parent | 36b0c570aaa27cd8ca7d7bc1ec9232339afc5d4e (diff) | |
path traversal exploit (this is what you get for using free software)
Diffstat (limited to 'favicon.php')
| -rw-r--r-- | favicon.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/favicon.php b/favicon.php index 2a31839..0694a12 100644 --- a/favicon.php +++ b/favicon.php @@ -15,7 +15,12 @@ class favicon{ header("Content-Type: image/png"); - if(substr_count($url, "/") !== 2){ + if( + preg_match( + '/^https?:\/\/[A-Za-z0-9.-]+$/', + $url + ) === 0 + ){ header("X-Error: Only provide the protocol and domain"); $this->defaulticon(); |