diff options
author | Stefan Giehl <stefan@matomo.org> | 2022-10-12 21:03:10 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-12 21:03:10 +0300 |
commit | f29b9903b318eb6128cd935ff2dac29d8ba0f197 (patch) | |
tree | 4f7ed4265fb13e0c6a3db3520921e89e38695a68 /plugins | |
parent | 38b6bd12561629105b59bc7571d72e61711c5258 (diff) |
Check downloaded referrer spam list for validity (#19845)
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/CoreAdminHome/Tasks.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/plugins/CoreAdminHome/Tasks.php b/plugins/CoreAdminHome/Tasks.php index 1188d102c7..6b872abb79 100644 --- a/plugins/CoreAdminHome/Tasks.php +++ b/plugins/CoreAdminHome/Tasks.php @@ -317,6 +317,14 @@ class Tasks extends \Piwik\Plugin\Tasks { $url = 'https://raw.githubusercontent.com/matomo-org/referrer-spam-list/master/spammers.txt'; $list = Http::sendHttpRequest($url, 30); + + if (preg_match('/[<>&?"\']/', $list)) { + throw new \Exception(sprintf( + 'The spammers list downloaded from %s contains unexpected characters, considering it a fail', + $url + )); + } + $list = preg_split("/\r\n|\n|\r/", $list); if (count($list) < 10) { throw new \Exception(sprintf( |