diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2014-07-28 11:07:41 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2014-07-28 11:07:41 +0200 |
| commit | ab8efe3aa22fbe216077a9c9584d553d698420a5 (patch) | |
| tree | 55813b65766d21072cdcae3ab15b009e077d5488 | |
| parent | f2982b7a089780732bb2027ca9ba3362f1d01846 (diff) | |
| parent | 260729fd7dbc0b81d1966d60f8bd413bdf62f683 (diff) | |
| download | nextcloud-server-ab8efe3aa22fbe216077a9c9584d553d698420a5.tar.gz nextcloud-server-ab8efe3aa22fbe216077a9c9584d553d698420a5.zip | |
Merge pull request #9935 from owncloud/harden-get-urlco
Verify whether the URL is valid
| -rwxr-xr-x | lib/private/util.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/private/util.php b/lib/private/util.php index eea194288f9..67da7a2f63f 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1217,11 +1217,16 @@ class OC_Util { /** * @Brief Get file content via curl. * @param string $url Url to get content + * @throws Exception If the URL does not start with http:// or https:// * @return string of the response or false on error * This function get the content of a page via curl, if curl is enabled. * If not, file_get_contents is used. */ public static function getUrlContent($url) { + if (strpos($url, 'http://') !== 0 && strpos($url, 'https://') !== 0) { + throw new Exception('$url must start with https:// or http://', 1); + } + if (function_exists('curl_init')) { $curl = curl_init(); $max_redirects = 10; |