[Mapbender-commits] r10090 - trunk/mapbender/http/extensions
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Mon Mar 25 10:44:58 PDT 2019
Author: armin11
Date: 2019-03-25 10:44:58 -0700 (Mon, 25 Mar 2019)
New Revision: 10090
Modified:
trunk/mapbender/http/extensions/ext_featureInfoTunnel.php
Log:
Fix it better
Modified: trunk/mapbender/http/extensions/ext_featureInfoTunnel.php
===================================================================
--- trunk/mapbender/http/extensions/ext_featureInfoTunnel.php 2019-03-25 12:11:48 UTC (rev 10089)
+++ trunk/mapbender/http/extensions/ext_featureInfoTunnel.php 2019-03-25 17:44:58 UTC (rev 10090)
@@ -19,6 +19,11 @@
require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
require_once(dirname(__FILE__) . "/../classes/class_stripRequest.php");
require_once(dirname(__FILE__) . "/../classes/class_connector.php");
+
+if (strpos($_GET["url"], "file://")!== false || strpos($_POST["url"], "file://")!== false) {
+ echo "Local files are not allowed!";
+ die();
+}
if ($_GET["url"]) {
$mr = new stripRequest(urldecode($_GET["url"]));
}
@@ -25,10 +30,6 @@
else {
$mr = new stripRequest($_POST["url"]);
}
-if (strpos($mr, "file://")!== false) {
- echo "Local files are not allowed!";
- die();
-}
$nmr = $mr->encodeGET();
$isOwsproxyRequest = (mb_strpos($nmr,OWSPROXY) === 0);
if($isOwsproxyRequest){
More information about the Mapbender_commits
mailing list