TomaHost/Chamilo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade 1-11.38

Browse Source
This commit is contained in:
xesmyd
2026-03-30 14:10:30 +02:00
parent f2a7e6d1fc
commit ac648ef29d
24665 changed files with 69682 additions and 2205004 deletions
Download Patch File Download Diff File Expand all files Collapse all files
main/inc/lib/social.lib.php
+46 -2
View File
@@ -2111,19 +2111,63 @@ class SocialManager extends UserManager
return $html;
}
/**
* Check if a URL is safe to fetch server-side (not targeting internal resources).
*
* Blocks private/reserved IP ranges, non-HTTP schemes, and unresolvable hosts
* to prevent SSRF attacks (CWE-918).
*/
public static function isUrlSafe(string $url): bool
{
$parsed = parse_url($url);
// Allow only http and https schemes
if (!isset($parsed['scheme']) || !in_array($parsed['scheme'], ['http', 'https'], true)) {
return false;
}
$host = $parsed['host'] ?? '';
if (empty($host)) {
return false;
}
// Resolve hostname to IP
$ip = gethostbyname($host);
if ($ip === $host) {
// DNS resolution failed
return false;
}
// Block private and reserved IP ranges
if (false === filter_var(
$ip,
FILTER_VALIDATE_IP,
FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
)) {
return false;
}
return true;
}
/**
* verify if Url Exist - Using Curl.
*/
public static function verifyUrl(string $uri): bool
{
if (!self::isUrlSafe($uri)) {
return false;
}
$client = new Client();
try {
$response = $client->request('GET', $uri, [
'timeout' => 15,
'timeout' => 10,
'verify' => false,
'allow_redirects' => ['max' => 3],
'headers' => [
'User-Agent' => $_SERVER['HTTP_USER_AGENT'],
'User-Agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'Chamilo',
],
]);