From 5afe779ffc69bc5889a83a6fcbc4bcefc7c40a5c Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 11 Aug 2018 16:16:54 -0700
Subject: prevent json-ld bombing, turn off browser autocomplete on channel
 sources creation

---
 include/network.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'include/network.php')

diff --git a/include/network.php b/include/network.php
index 6961bf0ba..d4f4f27c6 100644
--- a/include/network.php
+++ b/include/network.php
@@ -2042,6 +2042,22 @@ function jsonld_document_loader($url) {
 
 	require_once('library/jsonld/jsonld.php');
 
+	$recursion = 0;
+
+	$x = debug_backtrace();
+	if($x) {
+		foreach($x as $n) {
+			if($n['function'] === __FUNCTION__)  {
+				$recursion ++;
+			}
+		}
+	}
+	if($recursion > 5) {
+		logger('jsonld bomb detected at: ' . $url);
+		killme();
+	}
+
+
 	$cachepath = 'store/[data]/ldcache';
 	if(! is_dir($cachepath))
 		os_mkdir($cachepath, STORAGE_DEFAULT_PERMISSIONS, true);
-- 
cgit v1.2.3