From da260489fdf78107b6604e9f210cf444c81b7c26 Mon Sep 17 00:00:00 2001
From: "David T. Sadler" <davidtsadler@googlemail.com>
Date: Wed, 7 Jul 2021 17:07:46 +0100
Subject: Validate that a url is passed to read script

---
 public/bookmarks/read/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/bookmarks/read/index.php b/public/bookmarks/read/index.php
index e7af97f..6a4a216 100644
--- a/public/bookmarks/read/index.php
+++ b/public/bookmarks/read/index.php
@@ -10,7 +10,7 @@ if ('GET' !== filter_input(INPUT_SERVER, 'REQUEST_METHOD')) {
     respondAndExit(405, 'Method Not Allowed');
 }
 
-$requestedUrl = filter_input(INPUT_GET, 'url');
+$requestedUrl = filter_input(INPUT_GET, 'url', FILTER_VALIDATE_URL);
 
 if (!$requestedUrl || strlen($requestedUrl) > $config['max_url_length']) {
     respondAndExit(400, 'Bad Request');
-- 
cgit v1.2.3-13-gbd6f