silence parse_url on hostile input, need to get_app() for proc_run php location

author Friendika <info@friendika.com>

Thu, 24 Feb 2011 23:41:15 +0000 (15:41 -0800)

committer Friendika <info@friendika.com>

Thu, 24 Feb 2011 23:41:15 +0000 (15:41 -0800)
author Friendika <info@friendika.com>
Thu, 24 Feb 2011 23:41:15 +0000 (15:41 -0800)
committer Friendika <info@friendika.com>
Thu, 24 Feb 2011 23:41:15 +0000 (15:41 -0800)
diff --git a/boot.php b/boot.php

index dc92d8dbb6f59dda9bde6e5f59b918e01283fd39..77ff230563920cdff6381f681c4fa2c30f3f585c 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -300,7 +300,7 @@ class App {
         }
  
         function set_baseurl($url) {
-               $parsed = parse_url($url);
+               $parsed = @parse_url($url);
  
                 $this->baseurl = $url;
  
@@ -626,7 +626,7 @@ function fetch_url($url,$binary = false, &$redirects = 0) {
          $matches = array();
          preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
          $url = trim(array_pop($matches));
-        $url_parsed = parse_url($url);
+        $url_parsed = @parse_url($url);
          if (isset($url_parsed)) {
              $redirects++;
              return fetch_url($url,$binary,$redirects);
@@ -698,7 +698,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0) {
          $matches = array();
          preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
          $url = trim(array_pop($matches));
-        $url_parsed = parse_url($url);
+        $url_parsed = @parse_url($url);
          if (isset($url_parsed)) {
              $redirects++;
              return post_url($url,$binary,$headers,$redirects);
@@ -1423,7 +1423,7 @@ function lrdd($uri) {
  
         // get the host meta file
  
-       $host = parse_url($uri);
+       $host = @parse_url($uri);
  
         if($host) {
                 $url  = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://';
@@ -1684,7 +1684,7 @@ if(! function_exists('validate_url')) {
  function validate_url(&$url) {
         if(substr($url,0,4) != 'http')
                 $url = 'http://' . $url;
-       $h = parse_url($url);
+       $h = @parse_url($url);
  
         if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) {
                 return true;
@@ -1715,7 +1715,7 @@ function validate_email($addr) {
  if(! function_exists('allowed_url')) {
  function allowed_url($url) {
  
-       $h = parse_url($url);
+       $h = @parse_url($url);
  
         if(! $h) {
                 return false;
@@ -2438,6 +2438,9 @@ function prepare_body($item) {
  
  if(! function_exists('proc_run')) {
  function proc_run($cmd){
+
+       $a = get_app();
+
         $args = func_get_args();
         call_hooks("proc_run", $args);
  
diff --git a/mod/follow.php b/mod/follow.php

index f3bd84669f6dfbc3e2417c8e4862fcd8028415ce..689ae823291410d09840a8f1b8c8c9d2cc4953c5 100644 (file)
--- a/mod/follow.php
+++ b/mod/follow.php
@@ -84,7 +84,7 @@ function follow_post(&$a) {
                 // Google doesn't use absolute url in profile photos
  
                 if((x($vcard,'photo')) && substr($vcard['photo'],0,1) == '/') {
-                       $h = parse_url($hcard);
+                       $h = @parse_url($hcard);
                         if($h)
                                 $vcard['photo'] = $h['scheme'] . '://' . $h['host'] . $vcard['photo'];
                 }
author	Friendika <info@friendika.com>
	Thu, 24 Feb 2011 23:41:15 +0000 (15:41 -0800)
committer	Friendika <info@friendika.com>
	Thu, 24 Feb 2011 23:41:15 +0000 (15:41 -0800)
boot.php		patch \| blob \| history
mod/follow.php		patch \| blob \| history