From 27e695436fd7594b515a3d01babbf570f179cada Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 17 Sep 2020 15:53:13 +0300
Subject: fetch_file_contents: validate effective URL (after redirects) if
 using CURL

---
 include/functions.php | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/functions.php b/include/functions.php
index 565a8fd41..122e86b3e 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -246,7 +246,7 @@
 		$ip_addr = gethostbyname($url_host);
 
 		if (!$ip_addr || strpos($ip_addr, "127.") === 0) {
-			$fetch_last_error = "URL hostname failed to resolve or resolved to loopback address ($ip_addr)";
+			$fetch_last_error = "URL hostname failed to resolve or resolved to a loopback address ($ip_addr)";
 			return false;
 		}
 
@@ -350,6 +350,20 @@
 
 			$fetch_effective_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
 
+			if (!validate_url($fetch_effective_url)) {
+				$fetch_last_error = "URL hostname received after redirection failed to validate.";
+
+				return false;
+			}
+
+			$fetch_effective_ip_addr = gethostbyname(parse_url($fetch_effective_url, PHP_URL_HOST));
+
+			if (!$fetch_effective_ip_addr || strpos($fetch_effective_ip_addr, "127.") === 0) {
+				$fetch_last_error = "URL hostname received after redirection failed to resolve or resolved to a loopback address ($fetch_effective_ip_addr)";
+
+				return false;
+			}
+
 			$fetch_last_error_code = $http_code;
 
 			if ($http_code != 200 || $type && strpos($fetch_last_content_type, "$type") === false) {
-- 
cgit v1.2.3