diff options
| author | Zach Copley <zach@status.net> | 2010-03-19 10:38:54 -0700 |
|---|---|---|
| committer | Zach Copley <zach@status.net> | 2010-03-19 10:38:54 -0700 |
| commit | f0c54243bacb06fe10c330e5474dce55ee513ad8 (patch) | |
| tree | 12ea2adce650701976cc91906c5230fcd7fc6e90 /plugins | |
| parent | 348412f9c9a033c1bec1451dd54536a1794e0133 (diff) | |
| parent | 9e3e1d3d5632b2f4690018677e2ba82beb399fca (diff) | |
Merge branch 'testing' of gitorious.org:statusnet/mainline into testing
* 'testing' of gitorious.org:statusnet/mainline:
Validate OStatus avatar URL before fetching.
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/OStatus/classes/Ostatus_profile.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index e77c8f7e9..e0e0223b8 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -839,8 +839,8 @@ class Ostatus_profile extends Memcached_DataObject } /** - * * Download and update given avatar image + * * @param string $url * @throws Exception in various failure cases */ @@ -850,6 +850,9 @@ class Ostatus_profile extends Memcached_DataObject // We've already got this one. return; } + if (!common_valid_http_url($url)) { + throw new ServerException(_m("Invalid avatar URL %s"), $url); + } if ($this->isGroup()) { $self = $this->localGroup(); |