hanhan1978/lolipop-mc-vuln-challenge.patch

## lolipop-mc-vuln-challenge.patch
diff --git a/global/index.php b/global/index.php
index 956a254..179265a 100644
--- a/global/index.php
+++ b/global/index.php
@@ -9,7 +9,7 @@
   require_once('./auth.php');
   $auth = new Auth();
   $secret_token = $auth->generateToken();
-  extract($_POST);
+  $token = $_POST['token'];
   $auth->render($token, $secret_token);
 ?>
 </body>
diff --git a/image_uploader/image.php b/image_uploader/image.php
index c261f7e..a9a427f 100644
--- a/image_uploader/image.php
+++ b/image_uploader/image.php
@@ -9,7 +9,7 @@ class Image

   public function validateImage($mime)
   {
-    if (preg_match('/image\/(.+)/', $mime) === 1) {
+    if (preg_match('/\Aimage\/[a-z]+\z/', $mime) === 1) {
       return true;
     } else {
       return false;
diff --git a/magic_hash/auth.php b/magic_hash/auth.php
index bd287cf..de6a60f 100644
--- a/magic_hash/auth.php
+++ b/magic_hash/auth.php
@@ -6,7 +6,7 @@ class Auth

   public function isValid($token)
   {
-    return md5($token) == $this::SECRET_TOKEN;
+    return md5($token) === $this::SECRET_TOKEN;
   }

   public function render($token)
diff --git a/scheme/template.php b/scheme/template.php
index 8233144..8e3ec9e 100644
--- a/scheme/template.php
+++ b/scheme/template.php
@@ -1,10 +1,10 @@
 <?php
 class Template {
   public function validUrl($url) {
-    return filter_var($url, FILTER_VALIDATE_URL);
+    return filter_var($url, FILTER_VALIDATE_URL) && (strpos($url, "http://") === 0 || strpos($url, "https://") === 0);
   }
   public function render($url) {
-    if ($this->validUrl($url, FILTER_VALIDATE_URL) === false) {
+    if ($this->validUrl($url) === false) {
       return "invalid";
     }
diff --git a/switch/router.php b/switch/router.php
index 9ba76cf..4d7c148 100644
--- a/switch/router.php
+++ b/switch/router.php
@@ -4,16 +4,12 @@ class Router
 {
   public function render($id)
   {
-    switch($id) {
-    case 1:
+    if($id === '1' || $id === '2'){
       require_once $id . '.php';
-      break;
-    case 2:
-      require_once $id . '.php';
-      break;
-    default:
-      echo "Not Found";
-      break;
+      return;
+    }else{
+        echo "Not Found";
+        return;
     }
   }
 }
	diff --git a/global/index.php b/global/index.php
	index 956a254..179265a 100644
	--- a/global/index.php
	+++ b/global/index.php
	@@ -9,7 +9,7 @@
	require_once('./auth.php');
	$auth = new Auth();
	$secret_token = $auth->generateToken();
	- extract($_POST);
	+ $token = $_POST['token'];
	$auth->render($token, $secret_token);
	?>
	</body>
	diff --git a/image_uploader/image.php b/image_uploader/image.php
	index c261f7e..a9a427f 100644
	--- a/image_uploader/image.php
	+++ b/image_uploader/image.php
	@@ -9,7 +9,7 @@ class Image

	public function validateImage($mime)
	{
	- if (preg_match('/image\/(.+)/', $mime) === 1) {
	+ if (preg_match('/\Aimage\/[a-z]+\z/', $mime) === 1) {
	return true;
	} else {
	return false;
	diff --git a/magic_hash/auth.php b/magic_hash/auth.php
	index bd287cf..de6a60f 100644
	--- a/magic_hash/auth.php
	+++ b/magic_hash/auth.php
	@@ -6,7 +6,7 @@ class Auth

	public function isValid($token)
	{
	- return md5($token) == $this::SECRET_TOKEN;
	+ return md5($token) === $this::SECRET_TOKEN;
	}

	public function render($token)
	diff --git a/scheme/template.php b/scheme/template.php
	index 8233144..8e3ec9e 100644
	--- a/scheme/template.php
	+++ b/scheme/template.php
	@@ -1,10 +1,10 @@
	<?php
	class Template {
	public function validUrl($url) {
	- return filter_var($url, FILTER_VALIDATE_URL);
	+ return filter_var($url, FILTER_VALIDATE_URL) && (strpos($url, "http://") === 0 \|\| strpos($url, "https://") === 0);
	}
	public function render($url) {
	- if ($this->validUrl($url, FILTER_VALIDATE_URL) === false) {
	+ if ($this->validUrl($url) === false) {
	return "invalid";
	}
	diff --git a/switch/router.php b/switch/router.php
	index 9ba76cf..4d7c148 100644
	--- a/switch/router.php
	+++ b/switch/router.php
	@@ -4,16 +4,12 @@ class Router
	{
	public function render($id)
	{
	- switch($id) {
	- case 1:
	+ if($id === '1' \|\| $id === '2'){
	require_once $id . '.php';
	- break;
	- case 2:
	- require_once $id . '.php';
	- break;
	- default:
	- echo "Not Found";
	- break;
	+ return;
	+ }else{
	+ echo "Not Found";
	+ return;
	}
	}
	}