summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorEvan Prodromou <evan@prodromou.name>2008-06-05 00:01:53 -0400
committerEvan Prodromou <evan@prodromou.name>2008-06-05 00:01:53 -0400
commit24ff61d159a710c047947681d68f4084eafd308f (patch)
tree13561d109125ce4b418eb51f83e8ba1a3dbec5d7 /actions
parent29d9f0ae64789e31dfea42c695e105d016ef9863 (diff)
decided to validate tag uris rather than not validating any uris
darcs-hash:20080605040153-84dde-5d180f0d8ead2fc7c5eaca3deaf035ba31d3512a.gz
Diffstat (limited to 'actions')
-rw-r--r--actions/userauthorization.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index a6dc2a5b0..0d3b71ac9 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -365,6 +365,10 @@ class UserauthorizationAction extends Action {
throw new OAuthException("Listener URI '$listener' not found here");
}
$listenee = $req->get_parameter('omb_listenee');
+ if (!Validate::uri($listenee) &&
+ !common_valid_tag($listenee)) {
+ throw new OAuthException("Listenee URI '$listenee' not a recognizable URI");
+ }
if (strlen($listenee) > 255) {
throw new OAuthException("Listenee URI '$listenee' too long");
}