diff options
| author | Friendika <info@friendika.com> | 2011-04-19 16:31:39 -0700 |
|---|---|---|
| committer | Friendika <info@friendika.com> | 2011-04-19 16:31:39 -0700 |
| commit | 29a48de5e29841f46791d42d6e329898688914fe (patch) | |
| tree | a42c9b4a2b985df3d822947b5df402d508c3034f | |
| parent | a0179235d2d4672ba9dc79b33505555766b3228a (diff) | |
| download | volse-hubzilla-29a48de5e29841f46791d42d6e329898688914fe.tar.gz volse-hubzilla-29a48de5e29841f46791d42d6e329898688914fe.tar.bz2 volse-hubzilla-29a48de5e29841f46791d42d6e329898688914fe.zip | |
follow requests most adhere to site allow policy
| -rw-r--r-- | boot.php | 2 | ||||
| -rw-r--r-- | mod/follow.php | 7 |
2 files changed, 8 insertions, 1 deletions
@@ -2,7 +2,7 @@ set_time_limit(0); -define ( 'FRIENDIKA_VERSION', '2.1.953' ); +define ( 'FRIENDIKA_VERSION', '2.1.954' ); define ( 'DFRN_PROTOCOL_VERSION', '2.21' ); define ( 'DB_UPDATE_VERSION', 1053 ); diff --git a/mod/follow.php b/mod/follow.php index 23fad81a8..a1412e6c4 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -12,6 +12,13 @@ function follow_post(&$a) { $url = $orig_url = notags(trim($_POST['url'])); + if(! allowed_url($url)) { + notice( t('Disallowed profile URL.') . EOL); + goaway($_SESSION['return_url']); + // NOTREACHED + } + + $ret = probe_url($url); |