Validate OStatus avatar URL before fetching.

author Brion Vibber <brion@pobox.com>

Fri, 19 Mar 2010 17:15:00 +0000 (10:15 -0700)

committer Brion Vibber <brion@pobox.com>

Fri, 19 Mar 2010 17:16:12 +0000 (10:16 -0700)
author Brion Vibber <brion@pobox.com>
Fri, 19 Mar 2010 17:15:00 +0000 (10:15 -0700)
committer Brion Vibber <brion@pobox.com>
Fri, 19 Mar 2010 17:16:12 +0000 (10:16 -0700)
diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php

index 6ae8e4fd589889ae5ea56f4a076371f1886fa852..6145080fc7d2cfde69aa12071fe9e316e29d46e8 100644 (file)
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -781,8 +781,8 @@ class Ostatus_profile extends Memcached_DataObject
      }
  
      /**
-     *
       * Download and update given avatar image
+     *
       * @param string $url
       * @throws Exception in various failure cases
       */
@@ -792,6 +792,9 @@ class Ostatus_profile extends Memcached_DataObject
              // We've already got this one.
              return;
          }
+        if (!common_valid_http_url($url)) {
+            throw new ServerException(_m("Invalid avatar URL %s"), $url);
+        }
  
          if ($this->isGroup()) {
              $self = $this->localGroup();
author	Brion Vibber <brion@pobox.com>
	Fri, 19 Mar 2010 17:15:00 +0000 (10:15 -0700)
committer	Brion Vibber <brion@pobox.com>
	Fri, 19 Mar 2010 17:16:12 +0000 (10:16 -0700)