diff options
| author | David T. Sadler <davidtsadler@googlemail.com> | 2021-07-07 17:07:46 +0100 |
|---|---|---|
| committer | David T. Sadler <davidtsadler@googlemail.com> | 2021-07-07 17:07:46 +0100 |
| commit | da260489fdf78107b6604e9f210cf444c81b7c26 (patch) | |
| tree | 8d00cf4706cd70fb1ea105807d134745fd9831c6 /public | |
| parent | 3e2f64ef6f3ea5fff69a0621f42f41bdbbbf7e51 (diff) | |
Validate that a url is passed to read script
Diffstat (limited to 'public')
| -rw-r--r-- | public/bookmarks/read/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/public/bookmarks/read/index.php b/public/bookmarks/read/index.php index e7af97f..6a4a216 100644 --- a/public/bookmarks/read/index.php +++ b/public/bookmarks/read/index.php @@ -10,7 +10,7 @@ if ('GET' !== filter_input(INPUT_SERVER, 'REQUEST_METHOD')) { respondAndExit(405, 'Method Not Allowed'); } -$requestedUrl = filter_input(INPUT_GET, 'url'); +$requestedUrl = filter_input(INPUT_GET, 'url', FILTER_VALIDATE_URL); if (!$requestedUrl || strlen($requestedUrl) > $config['max_url_length']) { respondAndExit(400, 'Bad Request'); |