]> git.mxchange.org Git - friendica.git/commitdiff
projects / friendica.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 26463d9)
Issue 2367: The data for the gserver table is now sanitized.
authorMichael Vogel <icarus@dabo.de>
Fri, 19 Feb 2016 06:30:28 +0000 (07:30 +0100)
committerMichael Vogel <icarus@dabo.de>
Fri, 19 Feb 2016 06:30:28 +0000 (07:30 +0100)
include/socgraph.php patch | blob | history

diff --git a/include/socgraph.php b/include/socgraph.php
index 186326f42d961a11ca39c9e002f7b8b16ec07692..33d62dc5b9abba5030c28706ab53237c9b76ab7d 100644 (file)
--- a/include/socgraph.php
+++ b/include/socgraph.php
@@ -722,7 +722,8 @@ function poco_check_server($server_url, $network = "", $force = false) {
                // Will also return data for Friendica and GNU Social - but it will be overwritten later
                // The "not implemented" is a special treatment for really, really old Friendica versions
                $serverret = z_fetch_url($server_url."/api/statusnet/version.json");
-               if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND ($serverret["body"] != '') AND (strlen($serverret["body"]) < 250)) {
+               if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND
+                       ($serverret["body"] != '') AND (strlen($serverret["body"]) < 30)) {
                        $platform = "StatusNet";
                        $version = trim($serverret["body"], '"');
                        $network = NETWORK_OSTATUS;
@@ -730,7 +731,8 @@ function poco_check_server($server_url, $network = "", $force = false) {
 
                // Test for GNU Social
                $serverret = z_fetch_url($server_url."/api/gnusocial/version.json");
-               if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND ($serverret["body"] != '') AND (strlen($serverret["body"]) < 250)) {
+               if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND
+                       ($serverret["body"] != '') AND (strlen($serverret["body"]) < 30)) {
                        $platform = "GNU Social";
                        $version = trim($serverret["body"], '"');
                        $network = NETWORK_OSTATUS;
@@ -857,6 +859,11 @@ function poco_check_server($server_url, $network = "", $force = false) {
        // Check again if the server exists
        $servers = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", dbesc(normalise_link($server_url)));
 
+       $version = strip_tags($version);
+       $site_name = strip_tags($site_name);
+       $info = strip_tags($info);
+       $platform = strip_tags($platform);
+
        if ($servers)
                 q("UPDATE `gserver` SET `url` = '%s', `version` = '%s', `site_name` = '%s', `info` = '%s', `register_policy` = %d, `poco` = '%s', `noscrape` = '%s',
                        `network` = '%s', `platform` = '%s', `last_contact` = '%s', `last_failure` = '%s' WHERE `nurl` = '%s'",
Unnamed repository; edit this file 'description' to name the repository.