diff options
Diffstat (limited to 'actions/userauthorization.php')
| -rw-r--r-- | actions/userauthorization.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/actions/userauthorization.php b/actions/userauthorization.php index a6dc2a5b0..0d3b71ac9 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -365,6 +365,10 @@ class UserauthorizationAction extends Action { throw new OAuthException("Listener URI '$listener' not found here"); } $listenee = $req->get_parameter('omb_listenee'); + if (!Validate::uri($listenee) && + !common_valid_tag($listenee)) { + throw new OAuthException("Listenee URI '$listenee' not a recognizable URI"); + } if (strlen($listenee) > 255) { throw new OAuthException("Listenee URI '$listenee' too long"); } |