From 356f40198633a0e93097c589d959d24c15410193 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Thu, 5 Jun 2008 00:03:58 -0400
Subject: bad validation of callback URL

darcs-hash:20080605040358-84dde-b2018db43791d1cbed722d3320cd0b62d6da94eb.gz
---
 actions/userauthorization.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actions')

diff --git a/actions/userauthorization.php b/actions/userauthorization.php
index 0d3b71ac9..76fde6d87 100644
--- a/actions/userauthorization.php
+++ b/actions/userauthorization.php
@@ -408,7 +408,7 @@ class UserauthorizationAction extends Action {
 			throw new OAuthException("Invalid avatar '$avatar'");
 		}
 		$callback = $req->get_parameter('oauth_callback');
-		if ($avatar && common_valid_http_url($callback)) {
+		if ($callback && !common_valid_http_url($callback)) {
 			throw new OAuthException("Invalid callback URL '$callback'");
 		}
 	}
-- 
cgit v1.2.3-54-g00ecf