mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-03-22 13:10:41 +08:00
Make PHP paste ID function more robust
This commit is contained in:
parent
541fff199a
commit
7cb942aca3
|
@ -80,9 +80,17 @@ class Request
|
||||||
*/
|
*/
|
||||||
private function getPasteId()
|
private function getPasteId()
|
||||||
{
|
{
|
||||||
return preg_match(
|
// RegEx to check for valid paste ID (16 base64 chars)
|
||||||
'/[a-f0-9]{16}/', $_SERVER['QUERY_STRING'], $match
|
$pasteIdRegEx = '/^[a-f0-9]{16}$/';
|
||||||
) ? $match[0] : 'invalid id';
|
|
||||||
|
foreach ($_GET as $key => $value) {
|
||||||
|
// only return if value is empty and key matches RegEx
|
||||||
|
if (($value === "") and preg_match($pasteIdRegEx, $key, $match)) {
|
||||||
|
return $match[0];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
return 'invalid id';
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue
Block a user