lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-24 12:07:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix filter_src() undefined HTTP_HOST

Browse Source
This commit is contained in:
xiaomlove
2025-11-09 13:30:14 +07:00
parent f997c97958
commit ab7c3a71a4
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/globalfunctions.php
+8 -5
View File
@@ -507,7 +507,7 @@ function isHttps(): bool
} }
function getSchemeAndHttpHost(bool $fromConfig = false) function getSchemeAndHttpHost(bool $fromConfig = false): string
{ {
if (isRunningInConsole() || $fromConfig) { if (isRunningInConsole() || $fromConfig) {
$host = get_setting("basic.BASEURL"); $host = get_setting("basic.BASEURL");
@@ -1378,12 +1378,15 @@ function filter_src($src)
return $src; return $src;
} }
$host = parse_url($src, PHP_URL_HOST); $host = parse_url($src, PHP_URL_HOST);
if (!empty($host) && $host != $_SERVER['HTTP_HOST']) { $currentHost = parse_url(getSchemeAndHttpHost(), PHP_URL_HOST);
if (!empty($host) && $host != $currentHost) {
return $src; return $src;
} }
$guessScriptFilename = sprintf("%s/%s", $_SERVER['DOCUMENT_ROOT'], trim($path, '/')); if (isset($_SERVER['DOCUMENT_ROOT'])) {
if (!file_exists($guessScriptFilename)) { $guessScriptFilename = sprintf("%s/%s", $_SERVER['DOCUMENT_ROOT'], trim($path, '/'));
return $src; if (!file_exists($guessScriptFilename)) {
return $src;
}
} }
//only allow these //only allow these
$imgExtensions = implode("|", \App\Models\Attachment::IMG_EXTENSIONS); $imgExtensions = implode("|", \App\Models\Attachment::IMG_EXTENSIONS);