diff options
| author | Evan Prodromou <evan@prodromou.name> | 2008-06-05 00:01:53 -0400 |
|---|---|---|
| committer | Evan Prodromou <evan@prodromou.name> | 2008-06-05 00:01:53 -0400 |
| commit | 24ff61d159a710c047947681d68f4084eafd308f (patch) | |
| tree | 13561d109125ce4b418eb51f83e8ba1a3dbec5d7 /actions/userauthorization.php | |
| parent | 29d9f0ae64789e31dfea42c695e105d016ef9863 (diff) | |
decided to validate tag uris rather than not validating any uris
darcs-hash:20080605040153-84dde-5d180f0d8ead2fc7c5eaca3deaf035ba31d3512a.gz
Diffstat (limited to 'actions/userauthorization.php')
| -rw-r--r-- | actions/userauthorization.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/actions/userauthorization.php b/actions/userauthorization.php index a6dc2a5b0..0d3b71ac9 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -365,6 +365,10 @@ class UserauthorizationAction extends Action { throw new OAuthException("Listener URI '$listener' not found here"); } $listenee = $req->get_parameter('omb_listenee'); + if (!Validate::uri($listenee) && + !common_valid_tag($listenee)) { + throw new OAuthException("Listenee URI '$listenee' not a recognizable URI"); + } if (strlen($listenee) > 255) { throw new OAuthException("Listenee URI '$listenee' too long"); } |