You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Based on the code in LookingGlass.php, part of the validation process is to reject RFC1918 (private, ex 10.x.x.x. 192.168.x.x, etc.) IP space, but after the validIP function fails, an IP address can be allowed through the validURL function. I added some code in the validURL function to catch an IP address that sneaks through the validIP function. Only a private IP would get this far, so any IP address is rejected.
private function validUrl($url)
{
// check for http
if (stripos($url, 'http') === false) {
$url = 'http://' . $url;
}
// validate url
if (filter_var($url, FILTER_VALIDATE_URL)) {
// parse url for host
if ($host = parse_url($url, PHP_URL_HOST)) {
//check if an IP address made it this far and fail validation (useful for filtering out private space)
if (filter_var($host, FILTER_VALIDATE_IP)) {
return false;
}
//otherwise return just the host (not full url)
return $host;
}
return $url;
}
return false;
}
The text was updated successfully, but these errors were encountered:
Based on the code in LookingGlass.php, part of the validation process is to reject RFC1918 (private, ex 10.x.x.x. 192.168.x.x, etc.) IP space, but after the validIP function fails, an IP address can be allowed through the validURL function. I added some code in the validURL function to catch an IP address that sneaks through the validIP function. Only a private IP would get this far, so any IP address is rejected.
The text was updated successfully, but these errors were encountered: