Skip to content
Snippets Groups Projects
Verified Commit 7d99854c authored by Damien's avatar Damien
Browse files

FEAT #11158 TIME 0:05 Fix url check

parent b48d3348
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/app/contentManagement/controllers/OnlyOfficeController.php
+ 3
1
View file @ 7d99854c
...@@ -151,7 +151,9 @@ class OnlyOfficeController ...@@ -151,7 +151,9 @@ class OnlyOfficeController
return $response->withStatus(400)->withJson(['errors' => 'Onlyoffice is not enabled']); return $response->withStatus(400)->withJson(['errors' => 'Onlyoffice is not enabled']);
} }
if (strpos($queryParams['url'], (string)$loadedXml->onlyoffice->server_uri .'/cache/files/') !== 0) { $checkUrl = str_replace('http://', '', $queryParams['url']);
$checkUrl = str_replace('https://', '', $checkUrl);
if (strpos($checkUrl, (string)$loadedXml->onlyoffice->server_uri .'/cache/files/') !== 0) {
return $response->withStatus(400)->withJson(['errors' => 'Query params url is not allowed']); return $response->withStatus(400)->withJson(['errors' => 'Query params url is not allowed']);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment