proxy_url: Fix extension extraction for URLs containing a . after a ?

author Hypolite Petovan <ben.lort@gmail.com>

Tue, 20 Dec 2016 01:19:26 +0000 (20:19 -0500)

committer Roland Haeder <roland@mxchange.org>

Tue, 20 Dec 2016 20:21:08 +0000 (21:21 +0100)
author Hypolite Petovan <ben.lort@gmail.com>
Tue, 20 Dec 2016 01:19:26 +0000 (20:19 -0500)
committer Roland Haeder <roland@mxchange.org>
Tue, 20 Dec 2016 20:21:08 +0000 (21:21 +0100)
diff --git a/mod/proxy.php b/mod/proxy.php

index ff58bba7f1b2dc627bf2ce037cb69bb8da1d470b..d57d9baec5f3b26f43674252af48f9a2c5d20d47 100644 (file)
--- a/mod/proxy.php
+++ b/mod/proxy.php
@@ -281,14 +281,14 @@ function proxy_url($url, $writemode = false, $size = '') {
  
         $longpath .= '/' . strtr(base64_encode($url), '+/', '-_');
  
-       // Checking for valid extensions. Only add them if they are safe
-       $pos = strrpos($url, '.');
-       if ($pos) {
-               $extension = strtolower(substr($url, $pos + 1));
-               $pos = strpos($extension, '?');
-               if ($pos) {
-                       $extension = substr($extension, 0, $pos);
-               }
+       // Extract the URL extension, disregarding GET parameters starting with ?
+       $question_mark_pos = strpos($url, '?');
+       if ($question_mark_pos === false) {
+               $question_mark_pos = strlen($url);
+       }
+       $dot_pos = strrpos($url, '.', $question_mark_pos - strlen($url));
+       if ($dot_pos !== false) {
+               $extension = strtolower(substr($url, $dot_pos + 1, $question_mark_pos - ($dot_pos + 1)));
         }
  
         $extensions = array('jpg', 'jpeg', 'gif', 'png');
author	Hypolite Petovan <ben.lort@gmail.com>
	Tue, 20 Dec 2016 01:19:26 +0000 (20:19 -0500)
committer	Roland Haeder <roland@mxchange.org>
	Tue, 20 Dec 2016 20:21:08 +0000 (21:21 +0100)