Adding hexadecimal check for photos

author Philipp Holzer <admin+github@philipp.info>

Wed, 29 May 2019 18:28:25 +0000 (20:28 +0200)

committer Philipp Holzer <admin+github@philipp.info>

Wed, 29 May 2019 18:28:25 +0000 (20:28 +0200)
author Philipp Holzer <admin+github@philipp.info>
Wed, 29 May 2019 18:28:25 +0000 (20:28 +0200)
committer Philipp Holzer <admin+github@philipp.info>
Wed, 29 May 2019 18:28:25 +0000 (20:28 +0200)
diff --git a/mod/photos.php b/mod/photos.php

index b18c06e2a3a4e5bf4b410f47b1a83f3c910b1245..6a84e61388cec16e76698090ae5fd158431900aa 100644 (file)
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -1027,6 +1027,10 @@ function photos_content(App $a)
  
         // Display a single photo album
         if ($datatype === 'album') {
+               // if $datum is not a valid hex, redirect to the default page
+               if (!Strings::isHex($datum)) {
+                       $a->internalRedirect();
+               }
                 $album = hex2bin($datum);
  
                 $total = 0;
diff --git a/src/Util/Strings.php b/src/Util/Strings.php

index 3f8990d6c124ee268b0de9b10becd1e35adba9d5..14fbde899c2dad26a86b2784a0e24f698f9108fc 100644 (file)
--- a/src/Util/Strings.php
+++ b/src/Util/Strings.php
@@ -31,6 +31,18 @@ class Strings
          return $return;
      }
  
+       /**
+        * Checks, if the given string is a valid hexadecimal code
+        *
+        * @param string $hexCode
+        *
+        * @return bool
+        */
+    public static function isHex($hexCode)
+    {
+           return @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1);
+    }
+
      /**
       * @brief This is our primary input filter.
       *
author	Philipp Holzer <admin+github@philipp.info>
	Wed, 29 May 2019 18:28:25 +0000 (20:28 +0200)
committer	Philipp Holzer <admin+github@philipp.info>
	Wed, 29 May 2019 18:28:25 +0000 (20:28 +0200)
mod/photos.php		patch \| blob \| history
src/Util/Strings.php		patch \| blob \| history