diff options
Diffstat (limited to 'actions/userauthorization.php')
| -rw-r--r-- | actions/userauthorization.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/actions/userauthorization.php b/actions/userauthorization.php index 680f55094..11e2d7135 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -415,6 +415,12 @@ class UserauthorizationAction extends Action { if (strlen($listenee) > 255) { throw new OAuthException("Listenee URI '$listenee' too long"); } + + $other = User::staticGet('uri', $listenee); + if ($other) { + throw new OAuthException("Listenee URI '$listenee' is local user"); + } + $remote = Remote_profile::staticGet('uri', $listenee); if ($remote) { $sub = new Subscription(); @@ -434,6 +440,11 @@ class UserauthorizationAction extends Action { if (!common_valid_http_url($profile)) { throw new OAuthException("Invalid profile URL '$profile'."); } + + if ($profile == common_local_url('showstream', array('nickname' => $nickname))) { + throw new OAuthException("Profile URL '$profile' is for a local user."); + } + $license = $req->get_parameter('omb_listenee_license'); if (!common_valid_http_url($license)) { throw new OAuthException("Invalid license URL '$license'."); @@ -476,6 +487,9 @@ class UserauthorizationAction extends Action { if ($callback && !common_valid_http_url($callback)) { throw new OAuthException("Invalid callback URL '$callback'"); } + if ($callback && $callback == common_local_url('finishremotesubscribe')) { + throw new OAuthException("Callback URL '$callback' is for local site."); + } } # Snagged from OAuthServer |