diff options
author | Andrew Dolgov <[email protected]> | 2020-09-17 15:53:13 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2020-09-17 15:53:13 +0300 |
commit | 27e695436fd7594b515a3d01babbf570f179cada (patch) | |
tree | 5fc2a62b3d76045785e4e5573aa2cdce036a1532 | |
parent | afa0023c518b3ee90e3f95de834cab9bafa4f872 (diff) |
fetch_file_contents: validate effective URL (after redirects) if using CURL
-rw-r--r-- | include/functions.php | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/include/functions.php b/include/functions.php index 565a8fd41..122e86b3e 100644 --- a/include/functions.php +++ b/include/functions.php @@ -246,7 +246,7 @@ $ip_addr = gethostbyname($url_host); if (!$ip_addr || strpos($ip_addr, "127.") === 0) { - $fetch_last_error = "URL hostname failed to resolve or resolved to loopback address ($ip_addr)"; + $fetch_last_error = "URL hostname failed to resolve or resolved to a loopback address ($ip_addr)"; return false; } @@ -350,6 +350,20 @@ $fetch_effective_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL); + if (!validate_url($fetch_effective_url)) { + $fetch_last_error = "URL hostname received after redirection failed to validate."; + + return false; + } + + $fetch_effective_ip_addr = gethostbyname(parse_url($fetch_effective_url, PHP_URL_HOST)); + + if (!$fetch_effective_ip_addr || strpos($fetch_effective_ip_addr, "127.") === 0) { + $fetch_last_error = "URL hostname received after redirection failed to resolve or resolved to a loopback address ($fetch_effective_ip_addr)"; + + return false; + } + $fetch_last_error_code = $http_code; if ($http_code != 200 || $type && strpos($fetch_last_content_type, "$type") === false) { |