summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-03-19 10:38:54 -0700
committerZach Copley <zach@status.net>2010-03-19 10:38:54 -0700
commitf0c54243bacb06fe10c330e5474dce55ee513ad8 (patch)
tree12ea2adce650701976cc91906c5230fcd7fc6e90
parent348412f9c9a033c1bec1451dd54536a1794e0133 (diff)
parent9e3e1d3d5632b2f4690018677e2ba82beb399fca (diff)
Merge branch 'testing' of gitorious.org:statusnet/mainline into testing
* 'testing' of gitorious.org:statusnet/mainline: Validate OStatus avatar URL before fetching.
-rw-r--r--plugins/OStatus/classes/Ostatus_profile.php5
1 files changed, 4 insertions, 1 deletions
diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php
index e77c8f7e9..e0e0223b8 100644
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -839,8 +839,8 @@ class Ostatus_profile extends Memcached_DataObject
}
/**
- *
* Download and update given avatar image
+ *
* @param string $url
* @throws Exception in various failure cases
*/
@@ -850,6 +850,9 @@ class Ostatus_profile extends Memcached_DataObject
// We've already got this one.
return;
}
+ if (!common_valid_http_url($url)) {
+ throw new ServerException(_m("Invalid avatar URL %s"), $url);
+ }
if ($this->isGroup()) {
$self = $this->localGroup();