From 5b8c9eaed7897749251ab2ee1cebdf7637b6ce43 Mon Sep 17 00:00:00 2001 From: lolcat Date: Mon, 4 Sep 2023 10:17:08 -0400 Subject: [PATCH] security fix shieet --- data/instances.php | 103 ++++++++++++++++++++++++++------------------- lib/curlproxy.php | 14 ++---- 2 files changed, 63 insertions(+), 54 deletions(-) diff --git a/data/instances.php b/data/instances.php index aeb0707..d7c26e0 100644 --- a/data/instances.php +++ b/data/instances.php @@ -1,47 +1,62 @@ "lolcat's instance (master)", - "address" => [ - "uri" => "https://4get.ca/", - "displayname" => "4get.ca" - ], - "altaddresses" => [ // all these address blocks will be linked in parentheses - [ // e.g. 4get.ca (tor) (i2p) etc. - "uri" => "http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion", - "displayname" => "tor" - ] - ] - ], - [ - "name" => "zzls's instance", - "address" => [ - "uri" => "https://4get.zzls.xyz/", - "displayname" => "4get.zzls.xyz" - ], - "altaddresses" => [ - [ - "uri" => "http://4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion", - "displayname" => "tor" - ] - ] - ], - [ - "name" => "4get on a silly computer", - "address" => [ - "uri" => "https://4get.silly.computer", - "displayname" => "4get.silly.computer" - ], - "altaddresses" => [ - [ - "uri" => "https://4get.cynic.moe/", - "displayname" => "fallback domain" - ] - ] - ], + [ + "name" => "lolcat's instance (master)", + "address" => [ + "uri" => "https://4get.ca/", + "displayname" => "4get.ca" + ], + "altaddresses" => [ + [ + // all these address blocks will be linked in parentheses + // e.g. 4get.ca (tor) (i2p) etc. + "uri" => "http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion", + "displayname" => "tor" + ] + ] + ], + [ + "name" => "zzls's Chilean instance", + "address" => [ + "uri" => "https://4get.zzls.xyz/", + "displayname" => "4get.zzls.xyz" + ], + "altaddresses" => [ + [ + "uri" => "http://4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion", + "displayname" => "tor" + ] + ] + ], + [ + "name" => "zzls's United States instance", + "address" => [ + "uri" => "https://4getus.zzls.xyz/", + "displayname" => "4getus.zzls.xyz" + ], + "altaddresses" => [ + [ + "uri" => "http://4getus.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion", + "displayname" => "tor" + ] + ] + ], + [ + "name" => "4get on a silly computer", + "address" => [ + "uri" => "https://4get.silly.computer", + "displayname" => "4get.silly.computer" + ], + "altaddresses" => [ + [ + "uri" => "https://4get.cynic.moe/", + "displayname" => "fallback domain" + ] + ] + ] ] -?> \ No newline at end of file +?> diff --git a/lib/curlproxy.php b/lib/curlproxy.php index 7d4ca5d..93cdbdc 100644 --- a/lib/curlproxy.php +++ b/lib/curlproxy.php @@ -128,12 +128,9 @@ class proxy{ } // sanitize URL - try{ + if($this->validateurl($url) === false){ - $this->validateurl($url); - }catch(Exception $error){ - - throw new Exception($error->getMessage()); + throw new Exception("Invalid URL"); } $this->clientcache(); @@ -353,12 +350,9 @@ class proxy{ $this->format = $format; // sanitize URL - try{ + if($this->validateurl($url) === false){ - $this->validateurl($url); - }catch(Exception $error){ - - throw new Exception($error->getMessage()); + throw new Exception("Invalid URL"); } $this->clientcache();