Commit 39b5e08d authored by mmn's avatar mmn

Possible XSS scenario when posting Bookmarks

parent 048af5ac
......@@ -134,6 +134,10 @@ class Bookmark extends Managed_DataObject
static function saveNew($profile, $title, $url, $rawtags, $description,
if (!common_valid_http_url($url)) {
throw new ClientException(_m('Only web bookmarks can be posted (HTTP or HTTPS).'));
$nb = self::getByURL($profile, $url);
if (!empty($nb)) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment