Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Improve API endpoint name validation

master
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent e5dd07305a
commit 26311c8ffb
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
index.php
View File

@ -18,17 +18,14 @@ $RUNTIME['OPENSIM'] = new OpenSim();
include_once("config.php"); include_once("config.php");
//TODO: add API keys and/or rate limiting
if(isset($_REQUEST['api'])) if(isset($_REQUEST['api']))
{ {
if(file_exists("./api/".$_REQUEST['api'].".php")){ if(preg_match("[a-zA-Z0-9\.]{1,100}", $_REQUEST['api']) && file_exists("./api/".$_REQUEST['api'].".php")) {
if($_REQUEST['api'] == str_replace("/"," ",$_REQUEST['api']) and $_REQUEST['api'] == str_replace("\\"," ",$_REQUEST['api']) and $_REQUEST['api'] == str_replace(".."," ",$_REQUEST['api'])){
include "./api/".$_REQUEST['api'].".php"; include "./api/".$_REQUEST['api'].".php";
} else { } else {
die("ERROR; ENDPOINT NOT EXIST"); die("ERROR; ENDPOINT NOT EXIST");
} }
}else{
die("ERROR; ENDPOINT NOT EXIST");
}
die(); die();
} }