We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 9e3e1d3d authored by Brion Vibber's avatar Brion Vibber

Validate OStatus avatar URL before fetching.

parent 05e3768e
......@@ -839,8 +839,8 @@ class Ostatus_profile extends Memcached_DataObject
}
/**
*
* Download and update given avatar image
*
* @param string $url
* @throws Exception in various failure cases
*/
......@@ -850,6 +850,9 @@ class Ostatus_profile extends Memcached_DataObject
// We've already got this one.
return;
}
if (!common_valid_http_url($url)) {
throw new ServerException(_m("Invalid avatar URL %s"), $url);
}
if ($this->isGroup()) {
$self = $this->localGroup();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment