github
/
phpservermon
mirror of https://github.com/phpservermon/phpservermon
1
0
Fork 0
Code Issues Releases Wiki Activity

Refactor header checking to be sure that we can't crash this !

pull/569/head
Nls 2016-08-26 21:50:51 +02:00 committed by Timz99
parent b835de1cf6
commit 8d720496d4
No known key found for this signature in database
GPG Key ID: 4D8268DC68E8339D
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/psm/Util/Server/Updater/StatusUpdater.php
View File

@ -256,22 +256,27 @@ class StatusUpdater {
} }
// Should we check a header ? // Should we check a header ?
if($this->server['header_name'] != '') { if($this->server['header_name'] != '' && $this->server['header_value'] != '') {
$header_text = substr($curl_result, 0, strpos($curl_result, "\r\n\r\n")); $header_flag = false;
$header_text = substr($curl_result, 0, strpos($curl_result, "\r\n\r\n")); // Only get the header text if the result also includes the body
foreach (explode("\r\n", $header_text) as $i => $line) { foreach (explode("\r\n", $header_text) as $i => $line) {
if ($i === 0) if ($i === 0 || strpos($line, ':') == false) {
continue; // We skip the status code continue; // We skip the status code & other non-header lines. Needed for proxy or redirects
else { } else {
list ($key, $value) = explode(': ', $line); list ($key, $value) = explode(': ', $line);
if ($key == $this->server['header_name']) { if (strcasecmp($key, $this->server['header_name']) == 0) { // Header found (case-insensitive)
if(!preg_match("/{$this->server['header_value']}/i", $value)) { // The value doesn't match what we needed if(!preg_match("/{$this->server['header_value']}/i", $value)) { // The value doesn't match what we needed
$result = false; $result = false;
} } else {
$header_flag = true;
break; // No need to go further break; // No need to go further
} }
} }
} }
} }
if(!$header_flag) $result = false; // Header was not present
}
} }
} }