This commit is contained in:
@@ -19,6 +19,12 @@ if ($method === 'GET') {
|
||||
$result = mysqli_stmt_get_result($stmt);
|
||||
$domains = [];
|
||||
while ($row = mysqli_fetch_assoc($result)) {
|
||||
$domain = normalize_redirect_host($row['domain'] ?? '');
|
||||
if ($domain === null) {
|
||||
continue;
|
||||
}
|
||||
$row['domain'] = $domain;
|
||||
$row['id'] = (int) $row['id'];
|
||||
$domains[] = $row;
|
||||
}
|
||||
mysqli_stmt_close($stmt);
|
||||
@@ -45,4 +51,4 @@ if ($method === 'GET') {
|
||||
} else {
|
||||
echo json_encode(['success' => false, 'message' => 'Invalid request method.'], 405);
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
||||
@@ -8,11 +8,11 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
exit;
|
||||
}
|
||||
|
||||
$input = json_decode(file_get_contents('php://input'), true);
|
||||
$domain = $input['domain'] ?? '';
|
||||
$send_to = normalize_redirect_target($_SESSION["end_url"] ?? "/account/");
|
||||
$domain = is_external_domain($send_to);
|
||||
|
||||
if ($domain === '' || !isset($_SESSION['id'])) {
|
||||
echo json_encode(['success' => false, 'message' => 'Missing domain or not logged in.']);
|
||||
if ($domain === null || !isset($_SESSION['id'])) {
|
||||
echo json_encode(['success' => false, 'message' => 'Missing external domain or not logged in.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -26,4 +26,4 @@ mysqli_stmt_bind_param($stmt, 'is', $user_id, $domain);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
echo json_encode(['success' => true]);
|
||||
echo json_encode(['success' => true]);
|
||||
|
||||
@@ -282,6 +282,10 @@ function normalize_redirect_target(?string $target): string
|
||||
return '/account/';
|
||||
}
|
||||
|
||||
if (normalize_redirect_host($parts['host']) === null) {
|
||||
return '/account/';
|
||||
}
|
||||
|
||||
return $target;
|
||||
}
|
||||
|
||||
@@ -310,12 +314,11 @@ function is_external_domain(string $url): ?string
|
||||
return null;
|
||||
}
|
||||
|
||||
$host = parse_url($url, PHP_URL_HOST);
|
||||
if ($host === null || $host === '') {
|
||||
$host = normalize_redirect_host((string) parse_url($url, PHP_URL_HOST));
|
||||
if ($host === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$host = strtolower($host);
|
||||
if ($host === 'auth.jakach.ch' || str_ends_with($host, '.jakach.ch')) {
|
||||
return null;
|
||||
}
|
||||
@@ -323,4 +326,23 @@ function is_external_domain(string $url): ?string
|
||||
return $host;
|
||||
}
|
||||
|
||||
function normalize_redirect_host(string $host): ?string
|
||||
{
|
||||
$host = rtrim(strtolower(trim($host)), '.');
|
||||
|
||||
if ($host === '' || strlen($host) > 253 || preg_match('/[\x00-\x20\x7f<>"\'`]/', $host)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (filter_var($host, FILTER_VALIDATE_IP)) {
|
||||
return $host;
|
||||
}
|
||||
|
||||
if (!filter_var($host, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $host;
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user