forked from GNUsocial/gnu-social
Test URLs against blacklist also on PuSH subscriptions.
This commit is contained in:
parent
839b3e7392
commit
e1df763940
@ -249,6 +249,15 @@ class BlacklistPlugin extends Plugin
|
||||
return true;
|
||||
}
|
||||
|
||||
public function onUrlBlacklistTest($url)
|
||||
{
|
||||
common_debug('Checking URL against blacklist: '._ve($url));
|
||||
if (!$this->_checkUrl($url)) {
|
||||
throw new ClientException('Forbidden URL', 403);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper for checking nicknames
|
||||
*
|
||||
|
@ -199,7 +199,7 @@ class PushHubAction extends Action
|
||||
|
||||
/**
|
||||
* Grab and validate a URL from POST parameters.
|
||||
* @throws ClientException for malformed or non-http/https URLs
|
||||
* @throws ClientException for malformed or non-http/https or blacklisted URLs
|
||||
*/
|
||||
protected function argUrl($arg)
|
||||
{
|
||||
@ -207,13 +207,14 @@ class PushHubAction extends Action
|
||||
$params = array('domain_check' => false, // otherwise breaks my local tests :P
|
||||
'allowed_schemes' => array('http', 'https'));
|
||||
$validate = new Validate();
|
||||
if ($validate->uri($url, $params)) {
|
||||
return $url;
|
||||
} else {
|
||||
if (!$validate->uri($url, $params)) {
|
||||
// TRANS: Client exception.
|
||||
// TRANS: %1$s is this argument to the method this exception occurs in, %2$s is a URL.
|
||||
throw new ClientException(sprintf(_m('Invalid URL passed for %1$s: "%2$s"'),$arg,$url));
|
||||
}
|
||||
|
||||
Event::handle('UrlBlacklistTest', array($url));
|
||||
return $url;
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user