Commit 39b5e08d authored by mmn's avatar mmn

Possible XSS scenario when posting Bookmarks

parent 048af5ac
...@@ -134,6 +134,10 @@ class Bookmark extends Managed_DataObject ...@@ -134,6 +134,10 @@ class Bookmark extends Managed_DataObject
static function saveNew($profile, $title, $url, $rawtags, $description, static function saveNew($profile, $title, $url, $rawtags, $description,
$options=null) $options=null)
{ {
if (!common_valid_http_url($url)) {
throw new ClientException(_m('Only web bookmarks can be posted (HTTP or HTTPS).'));
}
$nb = self::getByURL($profile, $url); $nb = self::getByURL($profile, $url);
if (!empty($nb)) { if (!empty($nb)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment