From 9c63ae6e443e7b23f64e31617a1762393473509a Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Thu, 25 Mar 2010 16:58:05 -0400
Subject: add whitelist and blacklist for openid URLs

---
 plugins/OpenID/openidlogin.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'plugins/OpenID/openidlogin.php')

diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php
index 9ba55911c..2a743672c 100644
--- a/plugins/OpenID/openidlogin.php
+++ b/plugins/OpenID/openidlogin.php
@@ -31,6 +31,8 @@ class OpenidloginAction extends Action
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $openid_url = $this->trimmed('openid_url');
 
+            oid_assert_allowed($openid_url);
+
             # CSRF protection
             $token = $this->trimmed('token');
             if (!$token || $token != common_session_token()) {
-- 
cgit v1.2.3