Make PHP paste ID function more robust

This commit is contained in:
rugk 2019-01-21 23:19:41 +01:00
parent 541fff199a
commit 7cb942aca3
No known key found for this signature in database
GPG Key ID: 05D40A636AFAB34D
1 changed files with 11 additions and 3 deletions

View File

@ -80,9 +80,17 @@ class Request
*/ */
private function getPasteId() private function getPasteId()
{ {
return preg_match( // RegEx to check for valid paste ID (16 base64 chars)
'/[a-f0-9]{16}/', $_SERVER['QUERY_STRING'], $match $pasteIdRegEx = '/^[a-f0-9]{16}$/';
) ? $match[0] : 'invalid id';
foreach ($_GET as $key => $value) {
// only return if value is empty and key matches RegEx
if (($value === "") and preg_match($pasteIdRegEx, $key, $match)) {
return $match[0];
};
}
return 'invalid id';
} }
/** /**