From: Mikael Nordfeldth Date: Wed, 26 Apr 2017 20:41:59 +0000 (+0200) Subject: Test URLs against blacklist also on PuSH subscriptions. X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=bb76af4f65fde04e03a12e7e316b1ed975f62b98;p=quix0rs-gnu-social.git Test URLs against blacklist also on PuSH subscriptions. --- diff --git a/plugins/Blacklist/BlacklistPlugin.php b/plugins/Blacklist/BlacklistPlugin.php index 1ef50940b2..1572903f2e 100644 --- a/plugins/Blacklist/BlacklistPlugin.php +++ b/plugins/Blacklist/BlacklistPlugin.php @@ -211,6 +211,15 @@ class BlacklistPlugin extends Plugin return true; } + public function onUrlBlacklistTest($url) + { + common_debug('Checking URL against blacklist: '._ve($url)); + if (!$this->_checkUrl($url)) { + throw new ClientException('Forbidden URL', 403); + } + return true; + } + /** * Helper for checking nicknames * diff --git a/plugins/OStatus/actions/pushhub.php b/plugins/OStatus/actions/pushhub.php index be8076b75e..6dc22706c3 100644 --- a/plugins/OStatus/actions/pushhub.php +++ b/plugins/OStatus/actions/pushhub.php @@ -199,7 +199,7 @@ class PushHubAction extends Action /** * Grab and validate a URL from POST parameters. - * @throws ClientException for malformed or non-http/https URLs + * @throws ClientException for malformed or non-http/https or blacklisted URLs */ protected function argUrl($arg) { @@ -207,13 +207,14 @@ class PushHubAction extends Action $params = array('domain_check' => false, // otherwise breaks my local tests :P 'allowed_schemes' => array('http', 'https')); $validate = new Validate(); - if ($validate->uri($url, $params)) { - return $url; - } else { + if (!$validate->uri($url, $params)) { // TRANS: Client exception. // TRANS: %1$s is this argument to the method this exception occurs in, %2$s is a URL. throw new ClientException(sprintf(_m('Invalid URL passed for %1$s: "%2$s"'),$arg,$url)); } + + Event::handle('UrlBlacklistTest', array($url)); + return $url; } /**