From: Lukas Reschke Date: Sun, 27 Jul 2014 14:46:32 +0000 (+0200) Subject: Verify whether the URL is valid X-Git-Tag: v7.0.1RC1^2~35 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=05301825e22f16c7553a5cd490452e35d38e6ac5;p=nextcloud-server.git Verify whether the URL is valid Required for https://github.com/owncloud/mail/pull/100#issuecomment-50266017 @karlitschek Backport for stable6 and stable7 requested. --- diff --git a/lib/private/util.php b/lib/private/util.php index eea194288f9..67da7a2f63f 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1217,11 +1217,16 @@ class OC_Util { /** * @Brief Get file content via curl. * @param string $url Url to get content + * @throws Exception If the URL does not start with http:// or https:// * @return string of the response or false on error * This function get the content of a page via curl, if curl is enabled. * If not, file_get_contents is used. */ public static function getUrlContent($url) { + if (strpos($url, 'http://') !== 0 && strpos($url, 'https://') !== 0) { + throw new Exception('$url must start with https:// or http://', 1); + } + if (function_exists('curl_init')) { $curl = curl_init(); $max_redirects = 10;