aboutsummaryrefslogtreecommitdiff
path: root/mod/bookmarks/actions
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-02-20 01:07:44 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2011-02-20 01:07:44 +0000
commit285aa3983c46cf0d3e3afbd9a956cb788471bc82 (patch)
tree40d8f0134c9f454b037c3d720e840ae7d73ba5cb /mod/bookmarks/actions
parent257e2fa95b7959605f7349a561c5ade8620e765c (diff)
downloadelgg-285aa3983c46cf0d3e3afbd9a956cb788471bc82.tar.gz
elgg-285aa3983c46cf0d3e3afbd9a956cb788471bc82.tar.bz2
Fixes #2719: Addresses are checked and normalized (and checked again) for bookmarks.
git-svn-id: http://code.elgg.org/elgg/trunk@8352 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/bookmarks/actions')
-rw-r--r--mod/bookmarks/actions/bookmarks/save.php15
1 files changed, 14 insertions, 1 deletions
diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php
index b0b9fc9c4..b01f9b6d0 100644
--- a/mod/bookmarks/actions/bookmarks/save.php
+++ b/mod/bookmarks/actions/bookmarks/save.php
@@ -16,6 +16,19 @@ $guid = get_input('guid');
$share = get_input('share');
$container_guid = get_input('container_guid', elgg_get_logged_in_user_guid());
+$normalized = elgg_normalize_url($address);
+
+// slight hack. If the original link wasn't to this site, they probably didn't mean to post
+// a relative link. deny the action.
+$site_url = elgg_get_site_entity()->url;
+$test = str_replace($site_url, '', $normalized);
+
+if (trim($address, '/') == trim($test, '/')) {
+ $address = '';
+} else {
+ $address = $normalized;
+}
+
if (!$title || !$address || !filter_var($address, FILTER_VALIDATE_URL)) {
register_error(elgg_echo('bookmarks:save:failed'));
forward(REFERER);
@@ -45,7 +58,7 @@ $bookmark->tags = $tagarray;
if ($bookmark->save()) {
elgg_clear_sticky_form();
-
+
// @todo
if (is_array($shares) && sizeof($shares) > 0) {
foreach($shares as $share) {