Adding hexadecimal check for parse_rul

author Philipp Holzer <admin+github@philipp.info>

Wed, 29 May 2019 18:32:16 +0000 (20:32 +0200)

committer Philipp Holzer <admin+github@philipp.info>

Wed, 29 May 2019 18:32:16 +0000 (20:32 +0200)
author Philipp Holzer <admin+github@philipp.info>
Wed, 29 May 2019 18:32:16 +0000 (20:32 +0200)
committer Philipp Holzer <admin+github@philipp.info>
Wed, 29 May 2019 18:32:16 +0000 (20:32 +0200)
diff --git a/mod/parse_url.php b/mod/parse_url.php

index 3b2522a..f4fb2d0 100644 (file)
--- a/mod/parse_url.php
+++ b/mod/parse_url.php
@@ -9,12 +9,14 @@
   *
   * @see ParseUrl::getSiteinfo() for more information about scraping embeddable content
   */
+
  use Friendica\App;
  use Friendica\Core\Hook;
  use Friendica\Core\Logger;
  use Friendica\Core\System;
  use Friendica\Util\Network;
  use Friendica\Util\ParseUrl;
+use Friendica\Util\Strings;
  
  function parse_url_content(App $a)
  {
@@ -25,10 +27,13 @@ function parse_url_content(App $a)
  
         $br = "\n";
  
-       if (!empty($_GET['binurl'])) {
+       if (!empty($_GET['binurl']) && Strings::isHex($_GET['binurl'])) {
                 $url = trim(hex2bin($_GET['binurl']));
-       } else {
+       } elseif (!empty($_GET['url'])) {
                 $url = trim($_GET['url']);
+       // fallback in case no url is valid
+       } else {
+               $a->internalRedirect();
         }
  
         if (!empty($_GET['title'])) {
author	Philipp Holzer <admin+github@philipp.info>
	Wed, 29 May 2019 18:32:16 +0000 (20:32 +0200)
committer	Philipp Holzer <admin+github@philipp.info>
	Wed, 29 May 2019 18:32:16 +0000 (20:32 +0200)