diff --git a/www/errorreport.php b/www/errorreport.php index 1c80713058474b613f35fa9a80b877493c7570b8..025a81edecebf5602e65820f3c75ba0425683e77 100644 --- a/www/errorreport.php +++ b/www/errorreport.php @@ -17,6 +17,10 @@ $reportId = $_REQUEST['reportId']; $email = $_REQUEST['email']; $text = $_REQUEST['text']; +if (!preg_match('/^[0-9a-f]{8}$/', $reportId)) { + throw new \SimpleSAML\Error\Exception('Invalid reportID'); +} + $data = null; try { $session = \SimpleSAML\Session::getSessionFromRequest();