Adlist can contain userinfo (basicauth)

Web side of fix https://github.com/pi-hole/pi-hole/pull/3912 Signed-off-by: Matej Dujava <mdujava@kocurkovo.cz>
2026-04-24 02:39:25 +01:00 · 2021-01-05 15:18:03 +01:00
parent 373770db74
commit c09263b926
1 changed files with 5 additions and 1 deletions
--- a/scripts/pi-hole/php/groups.php
+++ b/scripts/pi-hole/php/groups.php
@@ -920,7 +920,11 @@ if ($_POST['action'] == 'get_groups') {
                continue;
            }

-            if(preg_match("/[^a-zA-Z0-9:\/?&%=~._()-;]/", $address) !== 0) {
+            // this will remove first @ that is after schema and before domain
+           // $1 is optional schema, $2 is userinfo
+            $check_address = preg_replace("|([^:/]*://)?([^/]+)@|", "$1$2", $address, 1);
+
+            if(preg_match("/[^a-zA-Z0-9:\/?&%=~._()-;]/", $check_address) !== 0) {
                throw new Exception('<strong>Invalid adlist URL ' . htmlentities($address) . '</strong><br>'.
                'Added ' . $added . " out of ". $total . " adlists");
            }