]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - plugins/GNUsocialVideo/actions/postvideo.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
validate input, dummy.
[quix0rs-gnu-social.git] / plugins / GNUsocialVideo / actions / postvideo.php
diff --git a/plugins/GNUsocialVideo/actions/postvideo.php b/plugins/GNUsocialVideo/actions/postvideo.php
index 8ed664c588c70edfb75e1162ab20dd7e401c9eac..4af34af7ab9a8ee90e91ab272e389f2e32737523 100644 (file)
--- a/plugins/GNUsocialVideo/actions/postvideo.php
+++ b/plugins/GNUsocialVideo/actions/postvideo.php
@@ -58,9 +58,12 @@ class PostvideoAction extends Action {
             return;
         }
         $uri = $_POST['video_uri'];
-        // XXX: validate your inputs, dummy.
-        $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri);
-        Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend));
+        $uri = filter_var($uri, FILTER_SANITIZE_URL);
+        $uri = filter_var($uri, FILTER_VALIDATE_URL);
+        if($uri) { 
+            $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri);
+            Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend));
+        }
     }
  
     function showContent()
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)