diff options
| author | Friendika <info@friendika.com> | 2011-02-24 15:41:15 -0800 |
|---|---|---|
| committer | Friendika <info@friendika.com> | 2011-02-24 15:41:15 -0800 |
| commit | 1207bb1b55f402074a73d9ff0221ff8c9a6a285a (patch) | |
| tree | 25428c7b2da873cc7812520a29ef4c582a63712f | |
| parent | f6788dc5f670e852ea9e1be001892527e5ae76dd (diff) | |
| download | volse-hubzilla-1207bb1b55f402074a73d9ff0221ff8c9a6a285a.tar.gz volse-hubzilla-1207bb1b55f402074a73d9ff0221ff8c9a6a285a.tar.bz2 volse-hubzilla-1207bb1b55f402074a73d9ff0221ff8c9a6a285a.zip | |
silence parse_url on hostile input, need to get_app() for proc_run php location
| -rw-r--r-- | boot.php | 15 | ||||
| -rw-r--r-- | mod/follow.php | 2 |
2 files changed, 10 insertions, 7 deletions
@@ -300,7 +300,7 @@ class App { } function set_baseurl($url) { - $parsed = parse_url($url); + $parsed = @parse_url($url); $this->baseurl = $url; @@ -626,7 +626,7 @@ function fetch_url($url,$binary = false, &$redirects = 0) { $matches = array(); preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); $url = trim(array_pop($matches)); - $url_parsed = parse_url($url); + $url_parsed = @parse_url($url); if (isset($url_parsed)) { $redirects++; return fetch_url($url,$binary,$redirects); @@ -698,7 +698,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0) { $matches = array(); preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); $url = trim(array_pop($matches)); - $url_parsed = parse_url($url); + $url_parsed = @parse_url($url); if (isset($url_parsed)) { $redirects++; return post_url($url,$binary,$headers,$redirects); @@ -1423,7 +1423,7 @@ function lrdd($uri) { // get the host meta file - $host = parse_url($uri); + $host = @parse_url($uri); if($host) { $url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://'; @@ -1684,7 +1684,7 @@ if(! function_exists('validate_url')) { function validate_url(&$url) { if(substr($url,0,4) != 'http') $url = 'http://' . $url; - $h = parse_url($url); + $h = @parse_url($url); if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) { return true; @@ -1715,7 +1715,7 @@ function validate_email($addr) { if(! function_exists('allowed_url')) { function allowed_url($url) { - $h = parse_url($url); + $h = @parse_url($url); if(! $h) { return false; @@ -2438,6 +2438,9 @@ function prepare_body($item) { if(! function_exists('proc_run')) { function proc_run($cmd){ + + $a = get_app(); + $args = func_get_args(); call_hooks("proc_run", $args); diff --git a/mod/follow.php b/mod/follow.php index f3bd84669..689ae8232 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -84,7 +84,7 @@ function follow_post(&$a) { // Google doesn't use absolute url in profile photos if((x($vcard,'photo')) && substr($vcard['photo'],0,1) == '/') { - $h = parse_url($hcard); + $h = @parse_url($hcard); if($h) $vcard['photo'] = $h['scheme'] . '://' . $h['host'] . $vcard['photo']; } |