diff options
author | Stefan Giehl <stefan@matomo.org> | 2020-12-10 01:31:52 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-10 01:31:52 +0300 |
commit | 6d6add46049b7b407762a245ec3967888577fdda (patch) | |
tree | 6f21762b5b562807d2545c72b60949156a02fccd /plugins/GeoIp2 | |
parent | 1fe1bb3917e4b624a3c45272d60fafa08f672626 (diff) |
Harden check for db-ip urls (#16911)
Diffstat (limited to 'plugins/GeoIp2')
-rw-r--r-- | plugins/GeoIp2/GeoIP2AutoUpdater.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/plugins/GeoIp2/GeoIP2AutoUpdater.php b/plugins/GeoIp2/GeoIP2AutoUpdater.php index 9e3f5d7780..7d64dc9e9a 100644 --- a/plugins/GeoIp2/GeoIP2AutoUpdater.php +++ b/plugins/GeoIp2/GeoIP2AutoUpdater.php @@ -767,12 +767,12 @@ class GeoIP2AutoUpdater extends Task public static function isDbIpUrl($url) { - return !! preg_match('/db-ip\.com/', $url); + return !! preg_match('/^http[s]?:\/\/([a-z0-9-]+\.)?db-ip\.com/', $url); } protected static function isPaidDbIpUrl($url) { - return !! preg_match('/db-ip\.com\/account\/[0-9a-z]+\/db/', $url); + return !! preg_match('/^http[s]?:\/\/([a-z0-9-]+\.)?db-ip\.com\/account\/[0-9a-z]+\/db/', $url); } protected function fetchPaidDbIpUrl($url) |