From e24ecad7b8d1ca9e52b5d2f93dc0d43397444abf Mon Sep 17 00:00:00 2001
From: Erik Dubbelboer <erik@dubbelboer.com>
Date: Fri, 10 Sep 2021 15:25:51 +0000
Subject: [PATCH] Don't load external domains in iframe

---
 index.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 6b9bd5c..be7c9d8 100644
--- a/index.php
+++ b/index.php
@@ -173,7 +173,9 @@ function getDbInfo($d, $info, $padding = '') {
 } else {
   $iframe = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);
 
-  if (strpos($iframe, '&') !== false) {
+  if (strpos($iframe, '//') === 0 || strpos($iframe, 'http') === 0) {
+    $iframe = 'overview.php';
+  } else if (strpos($iframe, '&') !== false) {
     $iframe = substr_replace($iframe, '.php?', strpos($iframe, '&'), 1);
   } else {
     $iframe .= '.php';