forked from GNUsocial/gnu-social
Validate OStatus avatar URL before fetching.
This commit is contained in:
parent
05e3768e6a
commit
9e3e1d3d56
@ -839,8 +839,8 @@ class Ostatus_profile extends Memcached_DataObject
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Download and update given avatar image
|
||||
*
|
||||
* @param string $url
|
||||
* @throws Exception in various failure cases
|
||||
*/
|
||||
@ -850,6 +850,9 @@ class Ostatus_profile extends Memcached_DataObject
|
||||
// We've already got this one.
|
||||
return;
|
||||
}
|
||||
if (!common_valid_http_url($url)) {
|
||||
throw new ServerException(_m("Invalid avatar URL %s"), $url);
|
||||
}
|
||||
|
||||
if ($this->isGroup()) {
|
||||
$self = $this->localGroup();
|
||||
|
Loading…
Reference in New Issue
Block a user