From c0ec9c59077cdc3c7c98a2882fe5007ecc04438f Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Mon, 19 Dec 2016 20:19:26 -0500 Subject: [PATCH] proxy_url: Fix extension extraction for URLs containing a . after a ? --- mod/proxy.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/mod/proxy.php b/mod/proxy.php index 45c9e94569..af0f912616 100644 --- a/mod/proxy.php +++ b/mod/proxy.php @@ -281,14 +281,14 @@ function proxy_url($url, $writemode = false, $size = '') { $longpath .= '/' . strtr(base64_encode($url), '+/', '-_'); - // Checking for valid extensions. Only add them if they are safe - $pos = strrpos($url, '.'); - if ($pos) { - $extension = strtolower(substr($url, $pos + 1)); - $pos = strpos($extension, '?'); - if ($pos) { - $extension = substr($extension, 0, $pos); - } + // Extract the URL extension, disregarding GET parameters starting with ? + $question_mark_pos = strpos($url, '?'); + if ($question_mark_pos === false) { + $question_mark_pos = strlen($url); + } + $dot_pos = strrpos($url, '.', $question_mark_pos - strlen($url)); + if ($dot_pos !== false) { + $extension = strtolower(substr($url, $dot_pos + 1, $question_mark_pos - ($dot_pos + 1))); } $extensions = array('jpg', 'jpeg', 'gif', 'png'); -- 2.39.5