diff options
| author | Ian Denhardt <ian@zenhack.net> | 2010-08-11 14:56:42 -0400 |
|---|---|---|
| committer | Ian Denhardt <ian@zenhack.net> | 2010-08-11 14:56:42 -0400 |
| commit | e3b891f0b774c053ab3e269bfa1a29b39ee28599 (patch) | |
| tree | 4d6cd985116e73c3af416f5706c8b964d52528bf | |
| parent | 8f37b432f82ffa5381d670ede65d6e63c8aea574 (diff) | |
validate input, dummy.
| -rw-r--r-- | plugins/GNUsocialVideo/actions/postvideo.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/plugins/GNUsocialVideo/actions/postvideo.php b/plugins/GNUsocialVideo/actions/postvideo.php index 8ed664c58..4af34af7a 100644 --- a/plugins/GNUsocialVideo/actions/postvideo.php +++ b/plugins/GNUsocialVideo/actions/postvideo.php @@ -58,9 +58,12 @@ class PostvideoAction extends Action { return; } $uri = $_POST['video_uri']; - // XXX: validate your inputs, dummy. - $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri); - Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend)); + $uri = filter_var($uri, FILTER_SANITIZE_URL); + $uri = filter_var($uri, FILTER_VALIDATE_URL); + if($uri) { + $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri); + Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend)); + } } function showContent() |