Added check_domain_blocklist

diff --git a/include/follow.php b/include/follow.php
index 30451910772295fb824e8ac66b127b51100182e5..11138afac8c54609989e51317f6ad0e151db339d 100644 (file)
--- a/include/follow.php
+++ b/include/follow.php
@@ -82,6 +82,11 @@ function new_contact($uid,$url,$interactive = false) {
                return $result;
        }
 
+       if (! check_domain_blocklist($url)) {
+               $result['message'] = t('Blocked domain');
+               return $result;
+       }
+
        if (! $url) {
                $result['message'] = t('Connect URL missing.');
                return $result;

diff --git a/include/network.php b/include/network.php
index f9d35c52c34557d387f09eb490b23aa3358119b2..a362f0307c37f765e20aeb574758306a14c2f944 100644 (file)
--- a/include/network.php
+++ b/include/network.php
@@ -454,13 +454,14 @@ function allowed_url($url) {
 
        $h = @parse_url($url);
 
-       if(! $h) {
+       if (! $h) {
                return false;
        }
 
-       $str_allowed = get_config('system','allowed_sites');
-       if(! $str_allowed)
+       $str_allowed = get_config('system', 'allowed_sites');
+       if (! $str_allowed) {
                return true;
+       }
 
        $found = false;
 
@@ -468,16 +469,17 @@ function allowed_url($url) {
 
        // always allow our own site
 
-       if($host == strtolower($_SERVER['SERVER_NAME']))
+       if ($host == strtolower($_SERVER['SERVER_NAME'])) {
                return true;
+       }
 
        $fnmatch = function_exists('fnmatch');
-       $allowed = explode(',',$str_allowed);
+       $allowed = explode(',', $str_allowed);
 
-       if(count($allowed)) {
-               foreach($allowed as $a) {
+       if (count($allowed)) {
+               foreach ($allowed as $a) {
                        $pat = strtolower(trim($a));
-                       if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) {
+                       if (($fnmatch && fnmatch($pat, $host)) || ($pat == $host)) {
                                $found = true;
                                break;
                        }
@@ -486,6 +488,37 @@ function allowed_url($url) {
        return $found;
 }
 
+/**
+ * Checks if the provided url domain isn't on the domain blacklist.
+ * Return true if the check passed (not on the blacklist), false if not
+ * or malformed URL
+ *
+ * @param string $url The url to check the domain from
+ * @return boolean
+ */
+function check_domain_blocklist($url) {
+       $h = @parse_url($url);
+
+       if (! $h) {
+               return false;
+       }
+
+       $domain_blocklist = get_config('system', 'blocklist', array());
+       if (! $domain_blocklist) {
+               return true;
+       }
+
+       $host = strtolower($h['host']);
+
+       foreach ($domain_blocklist as $domain_block) {
+               if (strtolower($domain_block['domain']) == $host) {
+                       return false;
+               }
+       }
+
+       return true;
+}
+
 /**
  * @brief Check if email address is allowed to register here.
  *

diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index f3875ed8e40939d8a0672c97fa312f53dcc07446..68f9448a55470d17b8100a2e5d9dc6c1c1888448 100644 (file)
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -514,6 +514,11 @@ function dfrn_request_post(App $a) {
                                        return; // NOTREACHED
                                }
 
+                               if (! check_domain_blocklist($url)) {
+                                       notice( t('Blocked domain') . EOL);
+                                       goaway(App::get_baseurl() . '/' . $a->cmd);
+                                       return; // NOTREACHED
+                               }
 
                                require_once('include/Scrape.php');