diff options
author | Evan Prodromou <evan@status.net> | 2010-03-25 16:58:05 -0400 |
---|---|---|
committer | Evan Prodromou <evan@status.net> | 2010-03-25 16:58:05 -0400 |
commit | 9c63ae6e443e7b23f64e31617a1762393473509a (patch) | |
tree | 740ce8c74676f0ee5c6d1482891ad01d8c79a9a9 /plugins/OpenID/openidlogin.php | |
parent | 5b23b7e7367a1c42ac5e44b0d799328a8235d96c (diff) |
add whitelist and blacklist for openid URLs
Diffstat (limited to 'plugins/OpenID/openidlogin.php')
-rw-r--r-- | plugins/OpenID/openidlogin.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php index 9ba55911c..2a743672c 100644 --- a/plugins/OpenID/openidlogin.php +++ b/plugins/OpenID/openidlogin.php @@ -31,6 +31,8 @@ class OpenidloginAction extends Action } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $openid_url = $this->trimmed('openid_url'); + oid_assert_allowed($openid_url); + # CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { |