]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - plugins/OpenID/openidlogin.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add whitelist and blacklist for openid URLs
[quix0rs-gnu-social.git] / plugins / OpenID / openidlogin.php
diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php
index 9ba55911c014c8afa156e16ce71b7fb33610ba3d..2a743672cf68d2bfb59e4bcfa61c0239cccd489c 100644 (file)
--- a/plugins/OpenID/openidlogin.php
+++ b/plugins/OpenID/openidlogin.php
@@ -31,6 +31,8 @@ class OpenidloginAction extends Action
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $openid_url = $this->trimmed('openid_url');
 
+            oid_assert_allowed($openid_url);
+
             # CSRF protection
             $token = $this->trimmed('token');
             if (!$token || $token != common_session_token()) {
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)