bad validation of callback URL

darcs-hash:20080605040358-84dde-b2018db43791d1cbed722d3320cd0b62d6da94eb.gz

diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index 0d3b71ac98b76967ee5bc28a88b6d680eb8dedbb..76fde6d87d9db9d7ccaa43cf09bfffc7df8acb0e 100644 (file)
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -408,7 +408,7 @@ class UserauthorizationAction extends Action {
                        throw new OAuthException("Invalid avatar '$avatar'");
                }
                $callback = $req->get_parameter('oauth_callback');
-               if ($avatar && common_valid_http_url($callback)) {
+               if ($callback && !common_valid_http_url($callback)) {
                        throw new OAuthException("Invalid callback URL '$callback'");
                }
        }