Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Don't load external domains in iframe
  • Loading branch information
erikdubbelboer committed Sep 10, 2021
1 parent a178a8e commit e24ecad
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion index.php
Expand Up @@ -173,7 +173,9 @@ function getDbInfo($d, $info, $padding = '') {
} else {
$iframe = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);

if (strpos($iframe, '&') !== false) {
if (strpos($iframe, '//') === 0 || strpos($iframe, 'http') === 0) {
$iframe = 'overview.php';
} else if (strpos($iframe, '&') !== false) {
$iframe = substr_replace($iframe, '.php?', strpos($iframe, '&'), 1);
} else {
$iframe .= '.php';
Expand Down

0 comments on commit e24ecad

Please sign in to comment.