summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--actions/userauthorization.php4
-rw-r--r--lib/util.php8
2 files changed, 12 insertions, 0 deletions
diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index a6dc2a5b0..0d3b71ac9 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -365,6 +365,10 @@ class UserauthorizationAction extends Action {
throw new OAuthException("Listener URI '$listener' not found here");
}
$listenee = $req->get_parameter('omb_listenee');
+ if (!Validate::uri($listenee) &&
+ !common_valid_tag($listenee)) {
+ throw new OAuthException("Listenee URI '$listenee' not a recognizable URI");
+ }
if (strlen($listenee) > 255) {
throw new OAuthException("Listenee URI '$listenee' too long");
}
diff --git a/lib/util.php b/lib/util.php
index 03b1e42a9..771a4880c 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -598,3 +598,11 @@ function common_debug($msg, $filename=NULL) {
function common_valid_http_url($url) {
return Validate::uri($url, array('allowed_schemes' => array('http', 'https')));
}
+
+function common_valid_tag($tag) {
+ if (preg_match('/^tag:(.*?),(\d{4}(-\d{2}(-\d{2})?)?):(.*)$/', $tag, $matches)) {
+ return (Validate::email($matches[1]) ||
+ preg_match('/^([\w-\.]+)$/', $matches[1]));
+ }
+ return false;
+}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-02 08:18:49 +0000