From: Evan Prodromou Date: Thu, 5 Jun 2008 04:01:53 +0000 (-0400) Subject: decided to validate tag uris rather than not validating any uris X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=24ff61d159a710c047947681d68f4084eafd308f;p=quix0rs-gnu-social.git decided to validate tag uris rather than not validating any uris darcs-hash:20080605040153-84dde-5d180f0d8ead2fc7c5eaca3deaf035ba31d3512a.gz --- diff --git a/actions/userauthorization.php b/actions/userauthorization.php index a6dc2a5b07..0d3b71ac98 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -365,6 +365,10 @@ class UserauthorizationAction extends Action { throw new OAuthException("Listener URI '$listener' not found here"); } $listenee = $req->get_parameter('omb_listenee'); + if (!Validate::uri($listenee) && + !common_valid_tag($listenee)) { + throw new OAuthException("Listenee URI '$listenee' not a recognizable URI"); + } if (strlen($listenee) > 255) { throw new OAuthException("Listenee URI '$listenee' too long"); } diff --git a/lib/util.php b/lib/util.php index 03b1e42a90..771a4880c6 100644 --- a/lib/util.php +++ b/lib/util.php @@ -598,3 +598,11 @@ function common_debug($msg, $filename=NULL) { function common_valid_http_url($url) { return Validate::uri($url, array('allowed_schemes' => array('http', 'https'))); } + +function common_valid_tag($tag) { + if (preg_match('/^tag:(.*?),(\d{4}(-\d{2}(-\d{2})?)?):(.*)$/', $tag, $matches)) { + return (Validate::email($matches[1]) || + preg_match('/^([\w-\.]+)$/', $matches[1])); + } + return false; +}