From ce3b71c9340d8c8da9e7c945ecb03b24f37ef1c3 Mon Sep 17 00:00:00 2001
From: Christian Haschek <christian@haschek.at>
Date: Sun, 20 Nov 2016 23:24:01 +0100
Subject: [PATCH] url validation now only allows http, https and ftp urls.
 fixes #13

---
 http2pic.class.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/http2pic.class.php b/http2pic.class.php
index d3cc3ef..e1bfe49 100644
--- a/http2pic.class.php
+++ b/http2pic.class.php
@@ -30,7 +30,7 @@ define(RENDERINGENGINE,'wkhtmltoimage');
 define(WKHTMLTOIMAGEPATH,'/usr/sbin/wkhtmltoimage');
 
 //location of phantomJS
-define(PHANTOMJSPATH,'/usr/bin/phantomjs');
+define(PHANTOMJSPATH,__DIR__.'/phantomjs');
 
 //where shoud we store cached images
 define(CACHEDIR,__DIR__.'/cache/');
@@ -289,8 +289,16 @@ class http2pic
 	
 	function isURLValid($url)
 	{
+		if(!$this->startsWith($url,'http://') && !$this->startsWith($url,'https://') && !$this->startsWith($url,'ftp://'))
+			return false;
 		return filter_var($url, FILTER_VALIDATE_URL);
 	}
+
+	function startsWith($haystack,$needle)
+{
+    $length = strlen($needle);
+    return (substr($haystack,0,$length) === $needle);
+}
 	
 	/**
 	* https://stackoverflow.com/questions/7684771/how-check-if-file-exists-from-the-url