Add isValidRequest() function
Signed-off-by: Diederik de Groot <ddegroot@talon.nl>
This commit is contained in:
Diederik de Groot
@@ -8,6 +8,7 @@ include_once("config.php");
|
|||||||
- improve error handling
|
- improve error handling
|
||||||
- secure urlencoding/urldecoding
|
- secure urlencoding/urldecoding
|
||||||
- don't allow browsing
|
- don't allow browsing
|
||||||
|
- See isValidRequest()
|
||||||
- check source ip-range
|
- check source ip-range
|
||||||
- check HTTPHeader for known BrowserTypes
|
- check HTTPHeader for known BrowserTypes
|
||||||
*/
|
*/
|
||||||
@@ -76,7 +77,16 @@ class Resolver {
|
|||||||
unset($this->cache[$hash]);
|
unset($this->cache[$hash]);
|
||||||
$this->isDirty = TRUE;
|
$this->isDirty = TRUE;
|
||||||
}
|
}
|
||||||
|
function isValidRequest($request) {
|
||||||
|
/* todo: make sure request does not startwith or contain: "/", "../" or "/./" */
|
||||||
|
/* todo: make sure request only starts with filename or one of $config[$subdir]['locale'] or $config[$subdir]['wallpaper'] */
|
||||||
|
/* todo: check uri/url decode */
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
function resolve($request) /* canthrow */ {
|
function resolve($request) /* canthrow */ {
|
||||||
|
if (!$this->isValidRequest($request)) {
|
||||||
|
throw new Exception("Invalid request:'$request'");
|
||||||
|
}
|
||||||
$path = '';
|
$path = '';
|
||||||
if (array_key_exists($request, $this->cache)) {
|
if (array_key_exists($request, $this->cache)) {
|
||||||
if ($path = $this->cache[$request]) {
|
if ($path = $this->cache[$request]) {
|
||||||
|
|||||||
Reference in New Issue
Block a user