summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlolcat <will@lolcat.ca>2023-09-04 10:17:08 -0400
committerlolcat <will@lolcat.ca>2023-09-04 10:17:08 -0400
commit5b8c9eaed7897749251ab2ee1cebdf7637b6ce43 (patch)
tree813c3ac6dd9a4c34b6a4cdd0415cffc9b03f3497
parent38b97a26e5e4a9c432081f8823d858e64ad6af68 (diff)
security fix shieet
-rw-r--r--data/instances.php103
-rw-r--r--lib/curlproxy.php14
2 files changed, 63 insertions, 54 deletions
diff --git a/data/instances.php b/data/instances.php
index aeb0707..d7c26e0 100644
--- a/data/instances.php
+++ b/data/instances.php
@@ -1,47 +1,62 @@
<?php
-/*
-this file exists to separate instance data from the actual about page
- HTML, and to make it easier to add/modify instances cleanly.
-*/
+
+// this file exists to separate instance data from the actual about page
+// HTML, and to make it easier to add/modify instances cleanly.
+
$instancelist = [
- [
- "name" => "lolcat's instance (master)",
- "address" => [
- "uri" => "https://4get.ca/",
- "displayname" => "4get.ca"
- ],
- "altaddresses" => [ // all these address blocks will be linked in parentheses
- [ // e.g. 4get.ca (tor) (i2p) etc.
- "uri" => "http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion",
- "displayname" => "tor"
- ]
- ]
- ],
- [
- "name" => "zzls's instance",
- "address" => [
- "uri" => "https://4get.zzls.xyz/",
- "displayname" => "4get.zzls.xyz"
- ],
- "altaddresses" => [
- [
- "uri" => "http://4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion",
- "displayname" => "tor"
- ]
- ]
- ],
- [
- "name" => "4get on a silly computer",
- "address" => [
- "uri" => "https://4get.silly.computer",
- "displayname" => "4get.silly.computer"
- ],
- "altaddresses" => [
- [
- "uri" => "https://4get.cynic.moe/",
- "displayname" => "fallback domain"
- ]
- ]
- ],
+ [
+ "name" => "lolcat's instance (master)",
+ "address" => [
+ "uri" => "https://4get.ca/",
+ "displayname" => "4get.ca"
+ ],
+ "altaddresses" => [
+ [
+ // all these address blocks will be linked in parentheses
+ // e.g. 4get.ca (tor) (i2p) etc.
+ "uri" => "http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion",
+ "displayname" => "tor"
+ ]
+ ]
+ ],
+ [
+ "name" => "zzls's Chilean instance",
+ "address" => [
+ "uri" => "https://4get.zzls.xyz/",
+ "displayname" => "4get.zzls.xyz"
+ ],
+ "altaddresses" => [
+ [
+ "uri" => "http://4get.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion",
+ "displayname" => "tor"
+ ]
+ ]
+ ],
+ [
+ "name" => "zzls's United States instance",
+ "address" => [
+ "uri" => "https://4getus.zzls.xyz/",
+ "displayname" => "4getus.zzls.xyz"
+ ],
+ "altaddresses" => [
+ [
+ "uri" => "http://4getus.zzlsghu6mvvwyy75mvga6gaf4znbp3erk5xwfzedb4gg6qqh2j6rlvid.onion",
+ "displayname" => "tor"
+ ]
+ ]
+ ],
+ [
+ "name" => "4get on a silly computer",
+ "address" => [
+ "uri" => "https://4get.silly.computer",
+ "displayname" => "4get.silly.computer"
+ ],
+ "altaddresses" => [
+ [
+ "uri" => "https://4get.cynic.moe/",
+ "displayname" => "fallback domain"
+ ]
+ ]
+ ]
]
-?> \ No newline at end of file
+?>
diff --git a/lib/curlproxy.php b/lib/curlproxy.php
index 7d4ca5d..93cdbdc 100644
--- a/lib/curlproxy.php
+++ b/lib/curlproxy.php
@@ -128,12 +128,9 @@ class proxy{
}
// sanitize URL
- try{
+ if($this->validateurl($url) === false){
- $this->validateurl($url);
- }catch(Exception $error){
-
- throw new Exception($error->getMessage());
+ throw new Exception("Invalid URL");
}
$this->clientcache();
@@ -353,12 +350,9 @@ class proxy{
$this->format = $format;
// sanitize URL
- try{
-
- $this->validateurl($url);
- }catch(Exception $error){
+ if($this->validateurl($url) === false){
- throw new Exception($error->getMessage());
+ throw new Exception("Invalid URL");
}
$this->clientcache();