From: Raphaƫl Gertz Date: Sun, 22 Nov 2020 01:14:13 +0000 (+0100) Subject: Prevent answer on empty key X-Git-Tag: 2.0.1~1 X-Git-Url: https://git.rapsys.eu/acme/commitdiff_plain/f3268ba095e26d6309107726ad312cfb7d32d40c Prevent answer on empty key --- diff --git a/www/acme-challenge.php b/www/acme-challenge.php index 0b26303..bdd1561 100644 --- a/www/acme-challenge.php +++ b/www/acme-challenge.php @@ -4,12 +4,12 @@ $conf = '/etc/acme/config'; //Unable to show key.thumbprint couple if ( + //Handle get key parsing + empty($_GET['key']) || !preg_match('/^[-_a-zA-Z0-9]+$/', $_GET['key']) || //Handle config parsing !is_readable($conf) || ($config = file_get_contents($conf)) === false || ($config = json_decode($config)) === null || //Handle thumbprint file read - !is_readable($config->thumbprint) || ($thumbprint = file_get_contents($config->thumbprint)) === false || - //Handle get key parsing - empty($_GET['key']) || !preg_match('/^[-_a-zA-Z0-9]+$/', $_GET['key']) + !is_readable($config->thumbprint) || empty($thumbprint = file_get_contents($config->thumbprint)) ) { header((!empty($_SERVER['SERVER_PROTOCOL'])?$_SERVER['SERVER_PROTOCOL']:'HTTP/1.0').' 404 Not Found'); exit;