From 38fde6672eb3d46b8b154ba2f22df99f91f64852 Mon Sep 17 00:00:00 2001
From: Mike Macgirvin <mike@macgirvin.com>
Date: Mon, 13 Sep 2010 17:12:54 -0700
Subject: provide allow list of friend sites for education/corporate
 environments, pattern matchable

---
 mod/dfrn_request.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'mod')

diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 617d4b2d8..a22492fe6 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -134,7 +134,7 @@ function dfrn_request_post(&$a) {
 
  		// invalid/bogus request
 
-		notice( t("Unrecoverable protocol error.") . EOL );
+		notice( t('Unrecoverable protocol error.') . EOL );
 		goaway($a->get_baseurl());
 		return; // NOTREACHED
 	}
@@ -219,7 +219,14 @@ function dfrn_request_post(&$a) {
 				goaway($a->get_baseurl() . '/' . $a->cmd);
 				return; // NOTREACHED
 			}
+
+			if(! allowed_url($url)) {
+				notice( t('Disallowed profile URL.') . EOL);
+				goaway($a->get_baseurl() . '/' . $a->cmd);
+				return; // NOTREACHED
+			}
 			
+
 			require_once('Scrape.php');
 
 			$parms = scrape_dfrn($url);
@@ -301,7 +308,7 @@ function dfrn_request_post(&$a) {
 		// This notice will only be seen by the requestor if  the requestor and requestee are on the same server.
 
 		if(! $failed) 
-			notice( t("Your introduction has been sent.") . EOL );
+			notice( t('Your introduction has been sent.') . EOL );
 
 		// "Homecoming" - send the requestor back to their site to record the introduction.
 
-- 
cgit v1.2.3