diff options
Diffstat (limited to 'p/api/pshb.php')
| -rw-r--r-- | p/api/pshb.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/p/api/pshb.php b/p/api/pshb.php index f8903d385..6b5bda4b5 100644 --- a/p/api/pshb.php +++ b/p/api/pshb.php @@ -19,7 +19,7 @@ FreshRSS_Context::systemConf()->auth_type = 'none'; // avoid necessity to be log // Minz_Log::debug(print_r(['_SERVER' => $_SERVER, '_GET' => $_GET, '_POST' => $_POST, 'INPUT' => $ORIGINAL_INPUT], true), PSHB_LOG); -$key = isset($_GET['k']) ? substr($_GET['k'], 0, 128) : ''; +$key = isset($_GET['k']) && is_string($_GET['k']) ? substr($_GET['k'], 0, 128) : ''; if (!ctype_xdigit($key)) { header('HTTP/1.1 422 Unprocessable Entity'); die('Invalid feed key format!'); @@ -67,7 +67,7 @@ if (empty($users)) { } if (!empty($_REQUEST['hub_mode']) && $_REQUEST['hub_mode'] === 'subscribe') { - $leaseSeconds = empty($_REQUEST['hub_lease_seconds']) ? 0 : (int)$_REQUEST['hub_lease_seconds']; + $leaseSeconds = empty($_REQUEST['hub_lease_seconds']) || !is_numeric($_REQUEST['hub_lease_seconds']) ? 0 : (int)$_REQUEST['hub_lease_seconds']; if ($leaseSeconds > 60) { $hubJson['lease_end'] = time() + $leaseSeconds; } else { |