From: Evan Prodromou <evan@prodromou.name>
Date: Thu, 5 Jun 2008 04:03:58 +0000 (-0400)
Subject: bad validation of callback URL
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=356f40198633a0e93097c589d959d24c15410193;p=quix0rs-gnu-social.git

bad validation of callback URL

darcs-hash:20080605040358-84dde-b2018db43791d1cbed722d3320cd0b62d6da94eb.gz
---

diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index 0d3b71ac98..76fde6d87d 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -408,7 +408,7 @@ class UserauthorizationAction extends Action {
 			throw new OAuthException("Invalid avatar '$avatar'");
 		}
 		$callback = $req->get_parameter('oauth_callback');
-		if ($avatar && common_valid_http_url($callback)) {
+		if ($callback && !common_valid_http_url($callback)) {
 			throw new OAuthException("Invalid callback URL '$callback'");
 		}
 	}