Merge pull request #432 from gnuheidix/PR_rss_version_parameter

Strict feed template name checking (#431)
2016-12-15 05:31:09 +01:00 · 2016-12-15 05:31:09 +01:00 · ccfc8c31c2
commit ccfc8c31c2
parent e9f98f80f0 99e9b70c9b
1 changed files with 1 additions and 1 deletions
--- a/rss.php
+++ b/rss.php
@ -23,7 +23,7 @@ if (empty($version)) {
 } else {
    # be sure it is an allowed version, to prevent attackers sniffing for unrelated files on the file system
    $allowed_versions = ['opml1.0', '0.91', '1.0',  '2.0', 'atom0.3', 'atom1.0'];
-    if (! in_array($version, $allowed_versions)) {
+    if (! in_array($version, $allowed_versions, true)) {
        header('Status: 404 Not Found');
        exit;
    }