aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Pouar <thepouar@gmail.com>2017-02-21 16:08:53 -0600
committerGravatar Pouar <thepouar@gmail.com>2017-02-21 16:08:53 -0600
commit16804632b6648901b71ba99e253695a20da4cb4c (patch)
tree1df12dee7ed0d0e7e00b1e6bea15290922153d98
parentapparently we don't need this much (diff)
Add some validation of input to avoid injection like vulnerabilities. Drop command line support of the PHP version as the C version is prefered for this and having both in the PHP version makes the code more difficult to read.
-rw-r--r--identifur.php16
1 files changed, 9 insertions, 7 deletions
diff --git a/identifur.php b/identifur.php
index f692964..8fca45e 100644
--- a/identifur.php
+++ b/identifur.php
@@ -3,19 +3,21 @@
https://github.com/Megasaxon/php-xxhash
*/
header('Content-Type: image/svg+xml');
-if (defined('STDIN')) {
- $hash = hexdec(xxhash32( $argv[1] ));
-} else {
- $hash = hexdec(xxhash32( $_GET["value"] ));
+if(!isset($_GET["value"]))
+{
+ header('Content-Type: text/plain');
+ exit("GET variable 'value' must be set");
}
+$hash = hexdec(xxhash32( $_GET["value"] ));
$height=1024.0;
-if((empty($_GET["height"]) && !defined('STDIN')) || (empty($argv[2]) && defined('STDIN')) )
+if(empty($_GET["height"])
{
$newheight=1024.0;
}
-else if (defined('STDIN'))
+else if (!is_numeric($_GET["height"])
{
- $newheight= (float)$argv[2];
+ header('Content-Type: text/plain');
+ exit("GET variable 'height' must be numeric");
}
else
{