]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
Possible XSS scenario when posting Bookmarks
authorMikael Nordfeldth <mmn@hethane.se>
Sat, 25 Oct 2014 12:56:38 +0000 (14:56 +0200)
committerMikael Nordfeldth <mmn@hethane.se>
Sat, 25 Oct 2014 13:00:29 +0000 (15:00 +0200)
plugins/Bookmark/classes/Bookmark.php

index 65c767efddaffc36212daa00707d2cd8df6babb2..a99df87ee3d7da8da3a2117839f9d4d3a96d7a58 100644 (file)
@@ -134,6 +134,10 @@ class Bookmark extends Managed_DataObject
     static function saveNew($profile, $title, $url, $rawtags, $description,
                             $options=null)
     {
+        if (!common_valid_http_url($url)) {
+            throw new ClientException(_m('Only web bookmarks can be posted (HTTP or HTTPS).'));
+        }
+
         $nb = self::getByURL($profile, $url);
 
         if (!empty($nb)) {