Validate OStatus avatar URL before fetching.

2010-03-19 10:15:00 -07:00
parent 515cdf28a8
commit d2e6664132
1 changed files with 4 additions and 1 deletions
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -781,8 +781,8 @@ class Ostatus_profile extends Memcached_DataObject
    }

    /**
-     *
     * Download and update given avatar image
+     *
     * @param string $url
     * @throws Exception in various failure cases
     */
@@ -792,6 +792,9 @@ class Ostatus_profile extends Memcached_DataObject
            // We've already got this one.
            return;
        }
+        if (!common_valid_http_url($url)) {
+            throw new ServerException(_m("Invalid avatar URL %s"), $url);
+        }

        if ($this->isGroup()) {
            $self = $this->localGroup();