From 33240c4d21efbe15bb15fd9d742fae87bf9c8a87 Mon Sep 17 00:00:00 2001
From: Revvy <nothingtohide@revvy.de>
Date: Tue, 29 Aug 2023 14:07:50 -0400
Subject: [PATCH] fix high-severity vulnerability

---
 image_proxy.php | 2 +-
 misc/tools.php  | 8 +-------
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/image_proxy.php b/image_proxy.php
index bfeab02..9b5f775 100644
--- a/image_proxy.php
+++ b/image_proxy.php
@@ -6,7 +6,7 @@
     $url = $_REQUEST["url"];
     $requested_root_domain = get_root_domain($url);
 
-    $allowed_domains = array("qwant.com", "wikimedia.org", get_root_domain($config->invidious_instance_for_video_results));
+    $allowed_domains = array("s2.qwant.com", "s1.qwant.com", "upload.wikimedia.org", get_root_domain($config->invidious_instance_for_video_results));
 
     if (in_array($requested_root_domain, $allowed_domains))
     {
diff --git a/misc/tools.php b/misc/tools.php
index 20ffa9b..f210bf0 100644
--- a/misc/tools.php
+++ b/misc/tools.php
@@ -6,13 +6,7 @@
     }
 
     function get_root_domain($url) {
-        $split_url = explode("/", $url);
-        $base_url = $split_url[2];
-
-        $base_url_main_split = explode(".", strrev($base_url));
-        $root_domain = strrev($base_url_main_split[1]) . "." . strrev($base_url_main_split[0]);
-
-        return $root_domain;
+        return parse_url($url, PHP_URL_HOST);
     }
 
     function try_replace_with_frontend($url, $frontend, $original, $opts) {