keith/friendica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add more Strings::isHex() checks to photos

Browse source
This commit is contained in:
Philipp Holzer 2019-05-30 10:30:15 +02:00
parent 392137b433
commit 4c5dd9f47c
No known key found for this signature in database
GPG key ID: D8365C3D36B77D90
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
mod/photos.php
View file

@ -188,6 +188,9 @@ function photos_post(App $a)
} }
if ($a->argc > 3 && $a->argv[2] === 'album') { if ($a->argc > 3 && $a->argv[2] === 'album') {
if (!Strings::isHex($a->argv[3])) {
$a->internalRedirect();
}
$album = hex2bin($a->argv[3]); $album = hex2bin($a->argv[3]);
if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) { if ($album === L10n::t('Profile Photos') || $album === 'Contact Photos' || $album === L10n::t('Contact Photos')) {
@ -960,7 +963,7 @@ function photos_content(App $a)
return; return;
} }
$selname = $datum ? hex2bin($datum) : ''; $selname = Strings::isHex($datum) ? hex2bin($datum) : '';
$albumselect = ''; $albumselect = '';

2
src/Util/Strings.php
View file

@ -40,7 +40,7 @@ class Strings
*/ */
public static function isHex($hexCode) public static function isHex($hexCode)
{ {
return @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1); return !empty($hexCode) ? @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1) : false;
} }
/** /**