diff options
| -rw-r--r-- | plugins/GNUsocialVideo/actions/postvideo.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/plugins/GNUsocialVideo/actions/postvideo.php b/plugins/GNUsocialVideo/actions/postvideo.php index 8ed664c58..4af34af7a 100644 --- a/plugins/GNUsocialVideo/actions/postvideo.php +++ b/plugins/GNUsocialVideo/actions/postvideo.php @@ -58,9 +58,12 @@ class PostvideoAction extends Action { return; } $uri = $_POST['video_uri']; - // XXX: validate your inputs, dummy. - $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri); - Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend)); + $uri = filter_var($uri, FILTER_SANITIZE_URL); + $uri = filter_var($uri, FILTER_VALIDATE_URL); + if($uri) { + $rend = sprintf('<video src="%s", controls="controls">Sorry, your browser doesn\'t support the video tag.</video>', $uri); + Notice::saveNew($this->user->id, 'video : ' . $uri, 'web', array('rendered' => $rend)); + } } function showContent() |