We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 691c88bc authored by Zach Copley's avatar Zach Copley

Only allow RSSCloud subs to canonical RSS2 profile feeds

parent 0d66dc54
......@@ -270,13 +270,14 @@ class RSSCloudRequestNotifyAction extends Action
function userFromFeed($feed)
{
// We only do profile feeds
// We only do canonical RSS2 profile feeds (specified by ID), e.g.:
// http://www.example.com/api/statuses/user_timeline/2.rss
$path = common_path('api/statuses/user_timeline/');
$valid = '%^' . $path . '(?<nickname>.*)\.rss$%';
$valid = '%^' . $path . '(?<id>.*)\.rss$%';
if (preg_match($valid, $feed, $matches)) {
$user = User::staticGet('nickname', $matches['nickname']);
$user = User::staticGet('id', $matches['id']);
if (!empty($user)) {
return $user;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment