diff options
| -rw-r--r-- | boot.php | 2 | ||||
| -rw-r--r-- | mod/follow.php | 4 |
2 files changed, 5 insertions, 1 deletions
@@ -4,7 +4,7 @@ set_time_limit(0); ini_set('pcre.backtrack_limit', 250000); -define ( 'FRIENDIKA_VERSION', '2.2.986' ); +define ( 'FRIENDIKA_VERSION', '2.2.987' ); define ( 'DFRN_PROTOCOL_VERSION', '2.21' ); define ( 'DB_UPDATE_VERSION', 1054 ); diff --git a/mod/follow.php b/mod/follow.php index 5f4ac1df0..6786e9039 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -12,6 +12,10 @@ function follow_post(&$a) { $url = $orig_url = notags(trim($_POST['url'])); + // remove ajax junk + + $url = str_replace('/#!/','/',$url); + if(! allowed_url($url)) { notice( t('Disallowed profile URL.') . EOL); goaway($_SESSION['return_url']); |