From d349ee8fc6b556e00300d7fefe8f0c9b9073cb6b Mon Sep 17 00:00:00 2001
From: Chris <christian@haschek.at>
Date: Thu, 2 Nov 2023 08:14:25 +0100
Subject: [PATCH] added check for private ip range

---
 api/geturl.php |  3 +++
 inc/core.php   | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/api/geturl.php b/api/geturl.php
index 4c29dc4..5fa89bb 100644
--- a/api/geturl.php
+++ b/api/geturl.php
@@ -30,6 +30,9 @@ $hash = sanatizeString(trim($_REQUEST['hash']))?sanatizeString(trim($_REQUEST['h
 
 $url = trim($_REQUEST['url']);
 
+if(checkURLForPrivateIPRange($url))
+    exit(json_encode(array('status'=>'err','reason'=>'Private IP range')));
+
 if(!$url || !startsWith($url, 'http'))
     exit(json_encode(array('status'=>'err','reason'=>'Invalid URL')));
     
diff --git a/inc/core.php b/inc/core.php
index 0e90c51..d067324 100644
--- a/inc/core.php
+++ b/inc/core.php
@@ -928,3 +928,40 @@ function executeUploadPermission()
         }
     }
 }
+
+/**
+ * Checks if a URL is valid
+ * @param string $url
+ * @return boolean (true if valid, false if not)
+ */
+function checkURLForPrivateIPRange($url)
+{
+    $host = getHost($url);
+    $ip = gethostbyname($host);
+    if(is_public_ipv4($ip) || is_public_ipv6($ip)) return false;
+    return true;
+}
+
+function getHost($url){ 
+    $URIs = parse_url(trim($url)); 
+    $host = !empty($URIs['host'])? $URIs['host'] : explode('/', $URIs['path'])[0];
+    return $host;  
+} 
+
+function is_public_ipv4($ip=NULL)
+{
+    return filter_var(
+        $ip,
+        FILTER_VALIDATE_IP,
+        FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
+    ) === $ip ? TRUE : FALSE;
+}
+
+function is_public_ipv6($ip=NULL)
+{
+    return filter_var(
+        $ip,
+        FILTER_VALIDATE_IP,
+        FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
+    ) === $ip ? TRUE : FALSE;
+}
\ No newline at end of file