.INTERNAL is now reserved for private-use applications
Similar logic probably should handle
Read more
Читать далее...
XF\Http\Reader::isRequestableUntrustedUrlExtended should return false for domains which match .internal (maybe even internal), as this can be used for internal DNS resolution and should not be publicly available.Similar logic probably should handle
.example/.invalid/.test/.local/.localhost which are reserve top-level domains.HCaptcha::isLocalDomain likely should...Read more
Читать далее...
