add whitelist and blacklist for openid URLs

author: Evan Prodromou <evan@status.net> 2010-03-25 16:58:05 -0400
committer: Evan Prodromou <evan@status.net> 2010-03-25 16:58:05 -0400
commit: 9c63ae6e443e7b23f64e31617a1762393473509a (patch)
tree: 740ce8c74676f0ee5c6d1482891ad01d8c79a9a9 /plugins/OpenID/openidlogin.php
parent: 5b23b7e7367a1c42ac5e44b0d799328a8235d96c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php
index 9ba55911c..2a743672c 100644
--- a/plugins/OpenID/openidlogin.php
+++ b/plugins/OpenID/openidlogin.php
@@ -31,6 +31,8 @@ class OpenidloginAction extends Action
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $openid_url = $this->trimmed('openid_url');
 
+            oid_assert_allowed($openid_url);
+
             # CSRF protection
             $token = $this->trimmed('token');
             if (!$token || $token != common_session_token()) {
author	Evan Prodromou <evan@status.net>	2010-03-25 16:58:05 -0400
committer	Evan Prodromou <evan@status.net>	2010-03-25 16:58:05 -0400
commit	9c63ae6e443e7b23f64e31617a1762393473509a (patch)
tree	740ce8c74676f0ee5c6d1482891ad01d8c79a9a9 /plugins/OpenID/openidlogin.php
parent	5b23b7e7367a1c42ac5e44b0d799328a8235d96c (diff)