genuineparts/alltube
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prevent SSRF requests

Browse source 
By validating the provided URL before passing it to youtube-dl
This commit is contained in:
Pierre Rudloff 2022-02-27 10:54:56 +01:00
parent 2afbfb4bf2
commit 3a4f09dda0
7 changed files with 814 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tests/FrontControllerTest.php
View file

@ -11,6 +11,7 @@ use Alltube\Exception\ConfigException;
use Alltube\Exception\DependencyException;
use Alltube\Library\Exception\AlltubeLibraryException;
use Exception;
use Graby\HttpClient\Plugin\ServerSideRequestForgeryProtection\Exception\InvalidURLException;
use Slim\Http\Environment;
use Slim\Http\Request;
use SmartyException;
@ -113,7 +114,8 @@ class FrontControllerTest extends ControllerTest
*/
public function testInfoWithoutUrl()
{
$this->assertRequestIsRedirect('info');
$this->expectException(InvalidURLException::class);
$this->getRequestResult('info', []);
}
/**