From: Ian Denhardt <ian@zenhack.net>
Date: Wed, 11 Aug 2010 18:56:42 +0000 (-0400)
Subject: validate input, dummy.
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=e3b891f0b774c053ab3e269bfa1a29b39ee28599;p=quix0rs-gnu-social.git

validate input, dummy.
---

diff --git a/plugins/GNUsocialVideo/actions/postvideo.php b/plugins/GNUsocialVideo/actions/postvideo.php
index 8ed664c588..4af34af7ab 100644
--- a/plugins/GNUsocialVideo/actions/postvideo.php
+++ b/plugins/GNUsocialVideo/actions/postvideo.php
@@ -58,9 +58,12 @@ class PostvideoAction extends Action {
             return;
         }
         $uri = $_POST['video_uri'];
-        // XXX: validate your inputs, dummy.
-        $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri);
-        Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend));
+        $uri = filter_var($uri, FILTER_SANITIZE_URL);
+        $uri = filter_var($uri, FILTER_VALIDATE_URL);
+        if($uri) { 
+            $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri);
+            Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend));
+        }
     }
  
     function showContent()