validate input, dummy.

diff --git a/plugins/GNUsocialVideo/actions/postvideo.php b/plugins/GNUsocialVideo/actions/postvideo.php
index 8ed664c588c70edfb75e1162ab20dd7e401c9eac..4af34af7ab9a8ee90e91ab272e389f2e32737523 100644 (file)
--- a/plugins/GNUsocialVideo/actions/postvideo.php
+++ b/plugins/GNUsocialVideo/actions/postvideo.php
@@ -58,9 +58,12 @@ class PostvideoAction extends Action {
             return;
         }
         $uri = $_POST['video_uri'];
-        // XXX: validate your inputs, dummy.
-        $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri);
-        Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend));
+        $uri = filter_var($uri, FILTER_SANITIZE_URL);
+        $uri = filter_var($uri, FILTER_VALIDATE_URL);
+        if($uri) { 
+            $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri);
+            Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend));
+        }
     }
  
     function showContent()