Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
authorStefan Giehl <stefan@matomo.org>2022-10-12 21:03:10 +0300
committerGitHub <noreply@github.com>2022-10-12 21:03:10 +0300
commitf29b9903b318eb6128cd935ff2dac29d8ba0f197 (patch)
tree4f7ed4265fb13e0c6a3db3520921e89e38695a68 /plugins
parent38b6bd12561629105b59bc7571d72e61711c5258 (diff)
Check downloaded referrer spam list for validity (#19845)
Diffstat (limited to 'plugins')
-rw-r--r--plugins/CoreAdminHome/Tasks.php8
1 files changed, 8 insertions, 0 deletions
diff --git a/plugins/CoreAdminHome/Tasks.php b/plugins/CoreAdminHome/Tasks.php
index 1188d102c7..6b872abb79 100644
--- a/plugins/CoreAdminHome/Tasks.php
+++ b/plugins/CoreAdminHome/Tasks.php
@@ -317,6 +317,14 @@ class Tasks extends \Piwik\Plugin\Tasks
{
$url = 'https://raw.githubusercontent.com/matomo-org/referrer-spam-list/master/spammers.txt';
$list = Http::sendHttpRequest($url, 30);
+
+ if (preg_match('/[<>&?"\']/', $list)) {
+ throw new \Exception(sprintf(
+ 'The spammers list downloaded from %s contains unexpected characters, considering it a fail',
+ $url
+ ));
+ }
+
$list = preg_split("/\r\n|\n|\r/", $list);
if (count($list) < 10) {
throw new \Exception(sprintf(
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 01:01:53 +0300