Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Improve API endpoint name validation

master
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent e5dd07305a
commit 26311c8ffb
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
index.php
View File

@ -18,15 +18,12 @@ $RUNTIME['OPENSIM'] = new OpenSim();
include_once("config.php");
//TODO: add API keys and/or rate limiting
if(isset($_REQUEST['api']))
{
if(file_exists("./api/".$_REQUEST['api'].".php")){
if($_REQUEST['api'] == str_replace("/"," ",$_REQUEST['api']) and $_REQUEST['api'] == str_replace("\\"," ",$_REQUEST['api']) and $_REQUEST['api'] == str_replace(".."," ",$_REQUEST['api'])){
include "./api/".$_REQUEST['api'].".php";
}else{
die("ERROR; ENDPOINT NOT EXIST");
}
}else{
if(preg_match("[a-zA-Z0-9\.]{1,100}", $_REQUEST['api']) && file_exists("./api/".$_REQUEST['api'].".php")) {
include "./api/".$_REQUEST['api'].".php";
} else {
die("ERROR; ENDPOINT NOT EXIST");
}