diff options
author | Stefan Giehl <stefan@matomo.org> | 2021-01-20 00:03:49 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-20 00:03:49 +0300 |
commit | aafab574c381c72422942baa60f3979d365369c3 (patch) | |
tree | 4a792bb78cccb9951cb857f50cf41f39cff61d7c /core | |
parent | 6b1f0705e720caa171ba773afbd41279984be284 (diff) |
Ensure requested URLs don't contain any control characters (#17118)
Diffstat (limited to 'core')
-rw-r--r-- | core/Http.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/Http.php b/core/Http.php index 60ad0f595e..dd600226a9 100644 --- a/core/Http.php +++ b/core/Http.php @@ -162,7 +162,7 @@ class Http throw new Exception('Too many redirects (' . $followDepth . ')'); } - $aUrl = trim($aUrl); + $aUrl = preg_replace('/[\x00-\x1F\x7F]/', '', trim($aUrl)); $parsedUrl = @parse_url($aUrl); if (empty($parsedUrl['scheme'])) { |