eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

Possible XSS scenario when posting Bookmarks

Browse Source
This commit is contained in:
Mikael Nordfeldth 2014-10-25 14:56:38 +02:00
parent 048af5ac73
commit 39b5e08d44
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/Bookmark/classes/Bookmark.php
View File

@ -134,6 +134,10 @@ class Bookmark extends Managed_DataObject
static function saveNew($profile, $title, $url, $rawtags, $description, static function saveNew($profile, $title, $url, $rawtags, $description,
$options=null) $options=null)
{ {
if (!common_valid_http_url($url)) {
throw new ClientException(_m('Only web bookmarks can be posted (HTTP or HTTPS).'));
}
$nb = self::getByURL($profile, $url); $nb = self::getByURL($profile, $url);
if (!empty($nb)) { if (!empty($nb)) {