decided to validate tag uris rather than not validating any uris
darcs-hash:20080605040153-84dde-5d180f0d8ead2fc7c5eaca3deaf035ba31d3512a.gz
This commit is contained in:
parent
29d9f0ae64
commit
24ff61d159
@ -365,6 +365,10 @@ class UserauthorizationAction extends Action {
|
|||||||
throw new OAuthException("Listener URI '$listener' not found here");
|
throw new OAuthException("Listener URI '$listener' not found here");
|
||||||
}
|
}
|
||||||
$listenee = $req->get_parameter('omb_listenee');
|
$listenee = $req->get_parameter('omb_listenee');
|
||||||
|
if (!Validate::uri($listenee) &&
|
||||||
|
!common_valid_tag($listenee)) {
|
||||||
|
throw new OAuthException("Listenee URI '$listenee' not a recognizable URI");
|
||||||
|
}
|
||||||
if (strlen($listenee) > 255) {
|
if (strlen($listenee) > 255) {
|
||||||
throw new OAuthException("Listenee URI '$listenee' too long");
|
throw new OAuthException("Listenee URI '$listenee' too long");
|
||||||
}
|
}
|
||||||
|
@ -598,3 +598,11 @@ function common_debug($msg, $filename=NULL) {
|
|||||||
function common_valid_http_url($url) {
|
function common_valid_http_url($url) {
|
||||||
return Validate::uri($url, array('allowed_schemes' => array('http', 'https')));
|
return Validate::uri($url, array('allowed_schemes' => array('http', 'https')));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function common_valid_tag($tag) {
|
||||||
|
if (preg_match('/^tag:(.*?),(\d{4}(-\d{2}(-\d{2})?)?):(.*)$/', $tag, $matches)) {
|
||||||
|
return (Validate::email($matches[1]) ||
|
||||||
|
preg_match('/^([\w-\.]+)$/', $matches[1]));
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user