]> git.mxchange.org Git - friendica.git/commitdiff
provide allow list of friend sites for education/corporate environments,
authorMike Macgirvin <mike@macgirvin.com>
Tue, 14 Sep 2010 00:12:54 +0000 (17:12 -0700)
committerMike Macgirvin <mike@macgirvin.com>
Tue, 14 Sep 2010 00:12:54 +0000 (17:12 -0700)
pattern matchable

boot.php
mod/dfrn_request.php

index 30a8b24417614da5ea9e7316e701d68b3baf58b0..b69502ef2a78a00e8b67e8945c26fba74313aec8 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -782,16 +782,54 @@ function get_uid() {
 }}
 
 if(! function_exists('validate_url')) {
-function validate_url($url) {
+function validate_url(&$url) {
        if(substr($url,0,4) != 'http')
                $url = 'http://' . $url;
        $h = parse_url($url);
 
-       if(! $h)
+       if(! $h) {
                return false;
-       if(! checkdnsrr($h['host'], 'ANY'))
+       }
+       if(! checkdnsrr($h['host'], 'ANY')) {
                return false;
+       }
        return true;
 }}
 
+if(! function_exists('allowed_url')) {
+function allowed_url($url) {
+
+       $h = parse_url($url);
+
+       if(! $h) {
+               return false;
+       }
+
+       $str_allowed = get_config('system','allowed_sites');
+       if(! $str_allowed)
+               return true;
+
+       $found = false;
+
+       $host = strtolower($h['host']);
+
+       // always allow our own site
+
+       if($host == strtolower($_SERVER['SERVER_NAME']))
+               return true;
+
+       $fnmatch = function_exists('fnmatch');
+       $allowed = explode(',',$str_allowed);
+
+       if(count($allowed)) {
+               foreach($allowed as $a) {
+                       $pat = strtolower(trim($a));
+                       if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) {
+                               $found = true; 
+                               break;
+                       }
+               }
+       }
+       return $found;
+}}
 
index 617d4b2d865a905be1eb9bc1370dbc91ccc0f333..a22492fe66c9b5463cfbeb5d510bc19f7b0fca2e 100644 (file)
@@ -134,7 +134,7 @@ function dfrn_request_post(&$a) {
 
                // invalid/bogus request
 
-               notice( t("Unrecoverable protocol error.") . EOL );
+               notice( t('Unrecoverable protocol error.') . EOL );
                goaway($a->get_baseurl());
                return; // NOTREACHED
        }
@@ -219,7 +219,14 @@ function dfrn_request_post(&$a) {
                                goaway($a->get_baseurl() . '/' . $a->cmd);
                                return; // NOTREACHED
                        }
+
+                       if(! allowed_url($url)) {
+                               notice( t('Disallowed profile URL.') . EOL);
+                               goaway($a->get_baseurl() . '/' . $a->cmd);
+                               return; // NOTREACHED
+                       }
                        
+
                        require_once('Scrape.php');
 
                        $parms = scrape_dfrn($url);
@@ -301,7 +308,7 @@ function dfrn_request_post(&$a) {
                // This notice will only be seen by the requestor if  the requestor and requestee are on the same server.
 
                if(! $failed) 
-                       notice( t("Your introduction has been sent.") . EOL );
+                       notice( t('Your introduction has been sent.') . EOL );
 
                // "Homecoming" - send the requestor back to their site to record the introduction.