From: Hypolite Petovan Date: Tue, 20 Dec 2016 01:19:26 +0000 (-0500) Subject: proxy_url: Fix extension extraction for URLs containing a . after a ? X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=c0ec9c59077cdc3c7c98a2882fe5007ecc04438f;p=friendica.git proxy_url: Fix extension extraction for URLs containing a . after a ? --- diff --git a/mod/proxy.php b/mod/proxy.php index 45c9e94569..af0f912616 100644 --- a/mod/proxy.php +++ b/mod/proxy.php @@ -281,14 +281,14 @@ function proxy_url($url, $writemode = false, $size = '') { $longpath .= '/' . strtr(base64_encode($url), '+/', '-_'); - // Checking for valid extensions. Only add them if they are safe - $pos = strrpos($url, '.'); - if ($pos) { - $extension = strtolower(substr($url, $pos + 1)); - $pos = strpos($extension, '?'); - if ($pos) { - $extension = substr($extension, 0, $pos); - } + // Extract the URL extension, disregarding GET parameters starting with ? + $question_mark_pos = strpos($url, '?'); + if ($question_mark_pos === false) { + $question_mark_pos = strlen($url); + } + $dot_pos = strrpos($url, '.', $question_mark_pos - strlen($url)); + if ($dot_pos !== false) { + $extension = strtolower(substr($url, $dot_pos + 1, $question_mark_pos - ($dot_pos + 1))); } $extensions = array('jpg', 'jpeg', 'gif', 'png');