From 091adca76d273ad4437229ca68af5bebcb13aca2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rapha=C3=ABl=20Gertz?= Date: Sun, 22 Nov 2020 02:14:13 +0100 Subject: [PATCH 1/1] Prevent answer on empty key --- www/acme-challenge.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/www/acme-challenge.php b/www/acme-challenge.php index 0b26303..bdd1561 100644 --- a/www/acme-challenge.php +++ b/www/acme-challenge.php @@ -4,12 +4,12 @@ $conf = '/etc/acme/config'; //Unable to show key.thumbprint couple if ( + //Handle get key parsing + empty($_GET['key']) || !preg_match('/^[-_a-zA-Z0-9]+$/', $_GET['key']) || //Handle config parsing !is_readable($conf) || ($config = file_get_contents($conf)) === false || ($config = json_decode($config)) === null || //Handle thumbprint file read - !is_readable($config->thumbprint) || ($thumbprint = file_get_contents($config->thumbprint)) === false || - //Handle get key parsing - empty($_GET['key']) || !preg_match('/^[-_a-zA-Z0-9]+$/', $_GET['key']) + !is_readable($config->thumbprint) || empty($thumbprint = file_get_contents($config->thumbprint)) ) { header((!empty($_SERVER['SERVER_PROTOCOL'])?$_SERVER['SERVER_PROTOCOL']:'HTTP/1.0').' 404 Not Found'); exit; -- 2.41.1