add some extra checks to avoid remote subscriptions to local users
darcs-hash:20081118180644-84dde-ab152249ac0844a482029b7e0f8db2780a0f15d6.gz
This commit is contained in:
parent
67340ce11c
commit
a179a816b5
@ -80,6 +80,11 @@ class FinishremotesubscribeAction extends Action {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) {
|
||||||
|
common_user_error(_('You can use the local subscription!'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
common_debug('listenee: "'.$omb['listenee'].'"', __FILE__);
|
common_debug('listenee: "'.$omb['listenee'].'"', __FILE__);
|
||||||
|
|
||||||
$user = User::staticGet('nickname', $omb['listenee']);
|
$user = User::staticGet('nickname', $omb['listenee']);
|
||||||
@ -89,6 +94,13 @@ class FinishremotesubscribeAction extends Action {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$other = User::staticGet('uri', $omb['listener']);
|
||||||
|
|
||||||
|
if ($other) {
|
||||||
|
common_user_error(_('You can use the local subscription!'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$fullname = $req->get_parameter('omb_listener_fullname');
|
$fullname = $req->get_parameter('omb_listener_fullname');
|
||||||
$homepage = $req->get_parameter('omb_listener_homepage');
|
$homepage = $req->get_parameter('omb_listener_homepage');
|
||||||
$bio = $req->get_parameter('omb_listener_bio');
|
$bio = $req->get_parameter('omb_listener_bio');
|
||||||
|
@ -130,6 +130,13 @@ class RemotesubscribeAction extends Action {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (omb_service_uri($omb[OAUTH_ENDPOINT_REQUEST]) ==
|
||||||
|
common_local_url('requesttoken'))
|
||||||
|
{
|
||||||
|
$this->show_form(_('That\'s a local profile! Login to subscribe.'));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
list($token, $secret) = $this->request_token($omb);
|
list($token, $secret) = $this->request_token($omb);
|
||||||
|
|
||||||
if (!$token || !$secret) {
|
if (!$token || !$secret) {
|
||||||
|
@ -415,6 +415,12 @@ class UserauthorizationAction extends Action {
|
|||||||
if (strlen($listenee) > 255) {
|
if (strlen($listenee) > 255) {
|
||||||
throw new OAuthException("Listenee URI '$listenee' too long");
|
throw new OAuthException("Listenee URI '$listenee' too long");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$other = User::staticGet('uri', $listenee);
|
||||||
|
if ($other) {
|
||||||
|
throw new OAuthException("Listenee URI '$listenee' is local user");
|
||||||
|
}
|
||||||
|
|
||||||
$remote = Remote_profile::staticGet('uri', $listenee);
|
$remote = Remote_profile::staticGet('uri', $listenee);
|
||||||
if ($remote) {
|
if ($remote) {
|
||||||
$sub = new Subscription();
|
$sub = new Subscription();
|
||||||
@ -434,6 +440,11 @@ class UserauthorizationAction extends Action {
|
|||||||
if (!common_valid_http_url($profile)) {
|
if (!common_valid_http_url($profile)) {
|
||||||
throw new OAuthException("Invalid profile URL '$profile'.");
|
throw new OAuthException("Invalid profile URL '$profile'.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($profile == common_local_url('showstream', array('nickname' => $nickname))) {
|
||||||
|
throw new OAuthException("Profile URL '$profile' is for a local user.");
|
||||||
|
}
|
||||||
|
|
||||||
$license = $req->get_parameter('omb_listenee_license');
|
$license = $req->get_parameter('omb_listenee_license');
|
||||||
if (!common_valid_http_url($license)) {
|
if (!common_valid_http_url($license)) {
|
||||||
throw new OAuthException("Invalid license URL '$license'.");
|
throw new OAuthException("Invalid license URL '$license'.");
|
||||||
@ -476,6 +487,9 @@ class UserauthorizationAction extends Action {
|
|||||||
if ($callback && !common_valid_http_url($callback)) {
|
if ($callback && !common_valid_http_url($callback)) {
|
||||||
throw new OAuthException("Invalid callback URL '$callback'");
|
throw new OAuthException("Invalid callback URL '$callback'");
|
||||||
}
|
}
|
||||||
|
if ($callback && $callback == common_local_url('finishremotesubscribe')) {
|
||||||
|
throw new OAuthException("Callback URL '$callback' is for local site.");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Snagged from OAuthServer
|
# Snagged from OAuthServer
|
||||||
|
Loading…
Reference in New Issue
Block a user