forked from GNUsocial/gnu-social
Test URLs against blacklist also on PuSH subscriptions.
This commit is contained in:
parent
adfd76f44b
commit
bb76af4f65
@ -211,6 +211,15 @@ class BlacklistPlugin extends Plugin
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function onUrlBlacklistTest($url)
|
||||||
|
{
|
||||||
|
common_debug('Checking URL against blacklist: '._ve($url));
|
||||||
|
if (!$this->_checkUrl($url)) {
|
||||||
|
throw new ClientException('Forbidden URL', 403);
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Helper for checking nicknames
|
* Helper for checking nicknames
|
||||||
*
|
*
|
||||||
|
@ -199,7 +199,7 @@ class PushHubAction extends Action
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Grab and validate a URL from POST parameters.
|
* Grab and validate a URL from POST parameters.
|
||||||
* @throws ClientException for malformed or non-http/https URLs
|
* @throws ClientException for malformed or non-http/https or blacklisted URLs
|
||||||
*/
|
*/
|
||||||
protected function argUrl($arg)
|
protected function argUrl($arg)
|
||||||
{
|
{
|
||||||
@ -207,13 +207,14 @@ class PushHubAction extends Action
|
|||||||
$params = array('domain_check' => false, // otherwise breaks my local tests :P
|
$params = array('domain_check' => false, // otherwise breaks my local tests :P
|
||||||
'allowed_schemes' => array('http', 'https'));
|
'allowed_schemes' => array('http', 'https'));
|
||||||
$validate = new Validate();
|
$validate = new Validate();
|
||||||
if ($validate->uri($url, $params)) {
|
if (!$validate->uri($url, $params)) {
|
||||||
return $url;
|
|
||||||
} else {
|
|
||||||
// TRANS: Client exception.
|
// TRANS: Client exception.
|
||||||
// TRANS: %1$s is this argument to the method this exception occurs in, %2$s is a URL.
|
// TRANS: %1$s is this argument to the method this exception occurs in, %2$s is a URL.
|
||||||
throw new ClientException(sprintf(_m('Invalid URL passed for %1$s: "%2$s"'),$arg,$url));
|
throw new ClientException(sprintf(_m('Invalid URL passed for %1$s: "%2$s"'),$arg,$url));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Event::handle('UrlBlacklistTest', array($url));
|
||||||
|
return $url;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user