Closed dontqwerty closed 1 year ago
This is the PR fixing issue #319.
Description The function validate_geomap_server_base_url takes the geomap server URL as parameter and checks the following:
validate_geomap_server_base_url
HTTP
HTTPS
If one or more of the above checks does not succeed, the function throws an exception.
Furthermore, a modification to the context passed to file_get_contents avoids redirects.
file_get_contents
Note An SSRF is still possible, but this solution limits the attack surface without limiting the feature.
Thanks for your contribution! :1st_place_medal:
This is the PR fixing issue #319.
Description The function
validate_geomap_server_base_url
takes the geomap server URL as parameter and checks the following:HTTP
orHTTPS
If one or more of the above checks does not succeed, the function throws an exception.
Furthermore, a modification to the context passed to
file_get_contents
avoids redirects.Note An SSRF is still possible, but this solution limits the attack surface without limiting the feature.