aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-08-11 16:16:54 -0700
committerzotlabs <mike@macgirvin.com>2018-08-11 16:16:54 -0700
commit5afe779ffc69bc5889a83a6fcbc4bcefc7c40a5c (patch)
treec3db7397b580a709be1a641cfd3605ec0f1e068d /include
parent1d13cc1601eb6e4a127d975465fda32d92c402a1 (diff)
downloadvolse-hubzilla-5afe779ffc69bc5889a83a6fcbc4bcefc7c40a5c.tar.gz
volse-hubzilla-5afe779ffc69bc5889a83a6fcbc4bcefc7c40a5c.tar.bz2
volse-hubzilla-5afe779ffc69bc5889a83a6fcbc4bcefc7c40a5c.zip
prevent json-ld bombing, turn off browser autocomplete on channel sources creation
Diffstat (limited to 'include')
-rw-r--r--include/network.php16
1 files changed, 16 insertions, 0 deletions
diff --git a/include/network.php b/include/network.php
index 6961bf0ba..d4f4f27c6 100644
--- a/include/network.php
+++ b/include/network.php
@@ -2042,6 +2042,22 @@ function jsonld_document_loader($url) {
require_once('library/jsonld/jsonld.php');
+ $recursion = 0;
+
+ $x = debug_backtrace();
+ if($x) {
+ foreach($x as $n) {
+ if($n['function'] === __FUNCTION__) {
+ $recursion ++;
+ }
+ }
+ }
+ if($recursion > 5) {
+ logger('jsonld bomb detected at: ' . $url);
+ killme();
+ }
+
+
$cachepath = 'store/[data]/ldcache';
if(! is_dir($cachepath))
os_mkdir($cachepath, STORAGE_DEFAULT_PERMISSIONS, true);