wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Might as well put a FILTER_SANITIZE_EMAIL there

Browse Source 
Not that I think we could break out of the directory since
we use basename, but you never know... maybe there's a unicode
bug in PHP or something.
This commit is contained in:
Mikael Nordfeldth 2016-02-13 14:06:05 +01:00
parent 4bf26eff4c
commit c23c3a4f53
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
socialfy-your-domain/dot-well-known/webfinger/index.php
View File

@ -31,6 +31,9 @@ if (mb_strpos($u, 'acct:')===0) {
$u = substr($u, 5); $u = substr($u, 5);
} }
// Just to be a little bit safer, you know, with all the unicode stuff going on
$u = filter_var($u, FILTER_SANITIZE_EMAIL);
$f = $u . ".xml"; $f = $u . ".xml";
if (file_exists($f)) { if (file_exists($f)) {