}}
if(! function_exists('validate_url')) {
-function validate_url($url) {
+function validate_url(&$url) {
if(substr($url,0,4) != 'http')
$url = 'http://' . $url;
$h = parse_url($url);
- if(! $h)
+ if(! $h) {
return false;
- if(! checkdnsrr($h['host'], 'ANY'))
+ }
+ if(! checkdnsrr($h['host'], 'ANY')) {
return false;
+ }
return true;
}}
+if(! function_exists('allowed_url')) {
+function allowed_url($url) {
+
+ $h = parse_url($url);
+
+ if(! $h) {
+ return false;
+ }
+
+ $str_allowed = get_config('system','allowed_sites');
+ if(! $str_allowed)
+ return true;
+
+ $found = false;
+
+ $host = strtolower($h['host']);
+
+ // always allow our own site
+
+ if($host == strtolower($_SERVER['SERVER_NAME']))
+ return true;
+
+ $fnmatch = function_exists('fnmatch');
+ $allowed = explode(',',$str_allowed);
+
+ if(count($allowed)) {
+ foreach($allowed as $a) {
+ $pat = strtolower(trim($a));
+ if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) {
+ $found = true;
+ break;
+ }
+ }
+ }
+ return $found;
+}}
// invalid/bogus request
- notice( t("Unrecoverable protocol error.") . EOL );
+ notice( t('Unrecoverable protocol error.') . EOL );
goaway($a->get_baseurl());
return; // NOTREACHED
}
goaway($a->get_baseurl() . '/' . $a->cmd);
return; // NOTREACHED
}
+
+ if(! allowed_url($url)) {
+ notice( t('Disallowed profile URL.') . EOL);
+ goaway($a->get_baseurl() . '/' . $a->cmd);
+ return; // NOTREACHED
+ }
+
require_once('Scrape.php');
$parms = scrape_dfrn($url);
// This notice will only be seen by the requestor if the requestor and requestee are on the same server.
if(! $failed)
- notice( t("Your introduction has been sent.") . EOL );
+ notice( t('Your introduction has been sent.') . EOL );
// "Homecoming" - send the requestor back to their site to record the introduction.
projects / friendica.git / commitdiff