decided to validate tag uris rather than not validating any uris

darcs-hash:20080605040153-84dde-5d180f0d8ead2fc7c5eaca3deaf035ba31d3512a.gz
author: Evan Prodromou <evan@prodromou.name> 2008-06-05 00:01:53 -0400
committer: Evan Prodromou <evan@prodromou.name> 2008-06-05 00:01:53 -0400
commit: 24ff61d159a710c047947681d68f4084eafd308f (patch)
tree: 13561d109125ce4b418eb51f83e8ba1a3dbec5d7
parent: 29d9f0ae64789e31dfea42c695e105d016ef9863 (diff)
2 files changed, 12 insertions, 0 deletions
diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index a6dc2a5b0..0d3b71ac9 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -365,6 +365,10 @@ class UserauthorizationAction extends Action {
 			throw new OAuthException("Listener URI '$listener' not found here");
 		}
 		$listenee = $req->get_parameter('omb_listenee');
+		if (!Validate::uri($listenee) &&
+			!common_valid_tag($listenee)) {
+			throw new OAuthException("Listenee URI '$listenee' not a recognizable URI");
+		}
 		if (strlen($listenee) > 255) {
 			throw new OAuthException("Listenee URI '$listenee' too long");
 		}
diff --git a/lib/util.php b/lib/util.php
index 03b1e42a9..771a4880c 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -598,3 +598,11 @@ function common_debug($msg, $filename=NULL) {
 function common_valid_http_url($url) {
 	return Validate::uri($url, array('allowed_schemes' => array('http', 'https')));
 }
+
+function common_valid_tag($tag) {
+	if (preg_match('/^tag:(.*?),(\d{4}(-\d{2}(-\d{2})?)?):(.*)$/', $tag, $matches)) {
+		return (Validate::email($matches[1]) || 
+				preg_match('/^([\w-\.]+)$/', $matches[1]));
+	}
+	return false;
+}
author	Evan Prodromou <evan@prodromou.name>	2008-06-05 00:01:53 -0400
committer	Evan Prodromou <evan@prodromou.name>	2008-06-05 00:01:53 -0400
commit	24ff61d159a710c047947681d68f4084eafd308f (patch)
tree	13561d109125ce4b418eb51f83e8ba1a3dbec5d7
parent	29d9f0ae64789e31dfea42c695e105d016ef9863 (diff)