Strict feed template name checking (#431)

otherwise requests like /rss.php?version=1 will still crash
2016-12-14 18:19:44 +01:00 · 2016-12-14 18:19:44 +01:00 · 99e9b70c9b
commit 99e9b70c9b
parent e9f98f80f0
1 changed files with 1 additions and 1 deletions
--- a/rss.php
+++ b/rss.php
@ -23,7 +23,7 @@ if (empty($version)) {
 } else {
    # be sure it is an allowed version, to prevent attackers sniffing for unrelated files on the file system
    $allowed_versions = ['opml1.0', '0.91', '1.0',  '2.0', 'atom0.3', 'atom1.0'];
-    if (! in_array($version, $allowed_versions)) {
+    if (! in_array($version, $allowed_versions, true)) {
        header('Status: 404 Not Found');
        exit;
    }