diff options
author | Erik Dubbelboer <erik@dubbelboer.com> | 2021-09-10 18:25:51 +0300 |
---|---|---|
committer | Erik Dubbelboer <erik@dubbelboer.com> | 2021-09-10 18:25:51 +0300 |
commit | e24ecad7b8d1ca9e52b5d2f93dc0d43397444abf (patch) | |
tree | dbef62542c9d798ba3309fd3f57c75f88c89bafe | |
parent | a178a8e700d543714ef160df40dbf03655e408f3 (diff) |
Don't load external domains in iframe
-rw-r--r-- | index.php | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -173,7 +173,9 @@ if (count($_GET) == 0) { } else { $iframe = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1); - if (strpos($iframe, '&') !== false) { + if (strpos($iframe, '//') === 0 || strpos($iframe, 'http') === 0) { + $iframe = 'overview.php'; + } else if (strpos($iframe, '&') !== false) { $iframe = substr_replace($iframe, '.php?', strpos($iframe, '&'), 1); } else { $iframe .= '.php'; |