From: Raphaƫl Gertz Date: Sun, 22 Nov 2020 01:14:13 +0000 (+0100) Subject: Prevent answer on empty key X-Git-Tag: 2.0.3~4 X-Git-Url: https://git.rapsys.eu/acme/commitdiff_plain/091adca76d273ad4437229ca68af5bebcb13aca2?ds=sidebyside;hp=32ad47376f926bd2013771bb7dba299e72979e63 Prevent answer on empty key --- diff --git a/www/acme-challenge.php b/www/acme-challenge.php index 0b26303..bdd1561 100644 --- a/www/acme-challenge.php +++ b/www/acme-challenge.php @@ -4,12 +4,12 @@ $conf = '/etc/acme/config'; //Unable to show key.thumbprint couple if ( + //Handle get key parsing + empty($_GET['key']) || !preg_match('/^[-_a-zA-Z0-9]+$/', $_GET['key']) || //Handle config parsing !is_readable($conf) || ($config = file_get_contents($conf)) === false || ($config = json_decode($config)) === null || //Handle thumbprint file read - !is_readable($config->thumbprint) || ($thumbprint = file_get_contents($config->thumbprint)) === false || - //Handle get key parsing - empty($_GET['key']) || !preg_match('/^[-_a-zA-Z0-9]+$/', $_GET['key']) + !is_readable($config->thumbprint) || empty($thumbprint = file_get_contents($config->thumbprint)) ) { header((!empty($_SERVER['SERVER_PROTOCOL'])?$_SERVER['SERVER_PROTOCOL']:'HTTP/1.0').' 404 Not Found'); exit;