Validate OStatus avatar URL before fetching.

author: Brion Vibber <brion@pobox.com> 2010-03-19 10:15:00 -0700
committer: Brion Vibber <brion@pobox.com> 2010-03-19 10:16:12 -0700
commit: d2e66641322a3297be6a3a6680d10ed7b6720c0e (patch)
tree: 5274828b7a776b3a5acedcb28db38e23b08b5f2a /plugins/OStatus
parent: 515cdf28a83eda5cc82f0c423099a36c0168dbb6 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php
index 6ae8e4fd5..6145080fc 100644
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -781,8 +781,8 @@ class Ostatus_profile extends Memcached_DataObject
     }
 
     /**
-     *
      * Download and update given avatar image
+     *
      * @param string $url
      * @throws Exception in various failure cases
      */
@@ -792,6 +792,9 @@ class Ostatus_profile extends Memcached_DataObject
             // We've already got this one.
             return;
         }
+        if (!common_valid_http_url($url)) {
+            throw new ServerException(_m("Invalid avatar URL %s"), $url);
+        }
 
         if ($this->isGroup()) {
             $self = $this->localGroup();
author	Brion Vibber <brion@pobox.com>	2010-03-19 10:15:00 -0700
committer	Brion Vibber <brion@pobox.com>	2010-03-19 10:16:12 -0700
commit	d2e66641322a3297be6a3a6680d10ed7b6720c0e (patch)
tree	5274828b7a776b3a5acedcb28db38e23b08b5f2a /plugins/OStatus
parent	515cdf28a83eda5cc82f0c423099a36c0168dbb6 (diff)