external-repos/pictshare
1
0
Fork 0
mirror of https://github.com/HaschekSolutions/pictshare.git synced 2025-11-14 04:04:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

added check for private ip range

Browse Source
This commit is contained in:
Chris
2023-11-02 08:14:25 +01:00
parent 5c3ee9e159
commit d349ee8fc6
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
api/geturl.php
View File

@@ -30,6 +30,9 @@ $hash = sanatizeString(trim($_REQUEST['hash']))?sanatizeString(trim($_REQUEST['h
$url = trim($_REQUEST['url']); $url = trim($_REQUEST['url']);
if(checkURLForPrivateIPRange($url))
exit(json_encode(array('status'=>'err','reason'=>'Private IP range')));
if(!$url || !startsWith($url, 'http')) if(!$url || !startsWith($url, 'http'))
exit(json_encode(array('status'=>'err','reason'=>'Invalid URL'))); exit(json_encode(array('status'=>'err','reason'=>'Invalid URL')));

37
inc/core.php
View File

@@ -928,3 +928,40 @@ function executeUploadPermission()
} }
} }
} }
/**
* Checks if a URL is valid
* @param string $url
* @return boolean (true if valid, false if not)
*/
function checkURLForPrivateIPRange($url)
{
$host = getHost($url);
$ip = gethostbyname($host);
if(is_public_ipv4($ip) || is_public_ipv6($ip)) return false;
return true;
}
function getHost($url){
$URIs = parse_url(trim($url));
$host = !empty($URIs['host'])? $URIs['host'] : explode('/', $URIs['path'])[0];
return $host;
}
function is_public_ipv4($ip=NULL)
{
return filter_var(
$ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV4 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
) === $ip ? TRUE : FALSE;
}
function is_public_ipv6($ip=NULL)
{
return filter_var(
$ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_IPV6 | FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
) === $ip ? TRUE : FALSE;
}