]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - plugins/OpenID/finishopenidlogin.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add whitelist and blacklist for openid URLs
[quix0rs-gnu-social.git] / plugins / OpenID / finishopenidlogin.php
diff --git a/plugins/OpenID/finishopenidlogin.php b/plugins/OpenID/finishopenidlogin.php
index 1f9bde0f157959fc86fd5e98ea26a798b9b49102..f3a48330063f1a93aac04835785b01c66f520f3c 100644 (file)
--- a/plugins/OpenID/finishopenidlogin.php
+++ b/plugins/OpenID/finishopenidlogin.php
@@ -158,6 +158,9 @@ class FinishopenidloginAction extends Action
             $canonical = ($response->endpoint->canonicalID) ?
               $response->endpoint->canonicalID : $response->getDisplayIdentifier();
 
+            oid_assert_allowed($display);
+            oid_assert_allowed($canonical);
+
             $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($response);
 
             if ($sreg_resp) {
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)