Solved XF\Http\Reader should not allow .internal domains to be fetched from an untrusted context

Thread starter Xon
Start date Sep 3, 2024

This topic has been solved

Xon

Guest

Sep 3, 2024

.INTERNAL is now reserved for private-use applications

XF\Http\Reader::isRequestableUntrustedUrlExtended should return false for domains which match .internal (maybe even internal), as this can be used for internal DNS resolution and should not be publicly available.

Similar logic probably should handle .example/.invalid/.test/.local/.localhost which are reserve top-level domains.

HCaptcha::isLocalDomain likely should...

Read more

Continue reading...

You must log in or register to reply here.

Similar threads

Bug XF\Http\Reader should not allow .internal domains to be fetched from an untrusted context

Replies: 0

Views: 29

XenForo General Discussions Aug 10, 2024

Xon

XenForo Failed to open stream: No such file or directory src/XF/Http/Reader.php:444

Replies: 0

Views: 239

XenForo Development & Modifications Sep 15, 2023

Mr Lucky

Solved TypeError: array_merge(): Argument #1 must be of type array, bool given src/XF/Http/Reader.php:118

Replies: 0

Views: 479

XenForo General Discussions Oct 5, 2022

Kirby

Bug TypeError: array_merge(): Argument #1 must be of type array, bool given src/XF/Http/Reader.php:118

Replies: 0

Views: 494

XenForo General Discussions Sep 9, 2022

Kirby

Bug Must pass valid resource in src/XF/Http/ResponseStream.php:18

Replies: 0

Views: 34

XenForo General Discussions Jul 6, 2024

rkxh

Facebook X (Twitter) Reddit Pinterest WhatsApp Email Link

Top Bottom

Back

Welcome To The Geeks-Board!
For full use of the forum, you need to register. The registration will take only 1 minute and after that, you can enter and read topics. So don't hesitate and register now!
Log in Register
🔥 Hardware & Software Products
🔥 Android Devices Support
🔥 Web Development

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Search

Search

Solved XF\Http\Reader should not allow .internal domains to be fetched from an untrusted context

Xon

Guest

Similar threads