GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Validate OStatus avatar URL before fetching.

Browse Source
This commit is contained in:
Brion Vibber
2010-03-19 10:15:00 -07:00
parent 515cdf28a8
commit d2e6664132
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/OStatus/classes/Ostatus_profile.php
View File

@@ -781,8 +781,8 @@ class Ostatus_profile extends Memcached_DataObject
} }
/** /**
*
* Download and update given avatar image * Download and update given avatar image
*
* @param string $url * @param string $url
* @throws Exception in various failure cases * @throws Exception in various failure cases
*/ */
@@ -792,6 +792,9 @@ class Ostatus_profile extends Memcached_DataObject
// We've already got this one. // We've already got this one.
return; return;
} }
if (!common_valid_http_url($url)) {
throw new ServerException(_m("Invalid avatar URL %s"), $url);
}
if ($this->isGroup()) { if ($this->isGroup()) {
$self = $this->localGroup(); $self = $this->localGroup();