diff options
author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-02-20 01:07:44 +0000 |
---|---|---|
committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-02-20 01:07:44 +0000 |
commit | 285aa3983c46cf0d3e3afbd9a956cb788471bc82 (patch) | |
tree | 40d8f0134c9f454b037c3d720e840ae7d73ba5cb /mod/bookmarks/actions | |
parent | 257e2fa95b7959605f7349a561c5ade8620e765c (diff) | |
download | elgg-285aa3983c46cf0d3e3afbd9a956cb788471bc82.tar.gz elgg-285aa3983c46cf0d3e3afbd9a956cb788471bc82.tar.bz2 |
Fixes #2719: Addresses are checked and normalized (and checked again) for bookmarks.
git-svn-id: http://code.elgg.org/elgg/trunk@8352 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/bookmarks/actions')
-rw-r--r-- | mod/bookmarks/actions/bookmarks/save.php | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php index b0b9fc9c4..b01f9b6d0 100644 --- a/mod/bookmarks/actions/bookmarks/save.php +++ b/mod/bookmarks/actions/bookmarks/save.php @@ -16,6 +16,19 @@ $guid = get_input('guid'); $share = get_input('share'); $container_guid = get_input('container_guid', elgg_get_logged_in_user_guid()); +$normalized = elgg_normalize_url($address); + +// slight hack. If the original link wasn't to this site, they probably didn't mean to post +// a relative link. deny the action. +$site_url = elgg_get_site_entity()->url; +$test = str_replace($site_url, '', $normalized); + +if (trim($address, '/') == trim($test, '/')) { + $address = ''; +} else { + $address = $normalized; +} + if (!$title || !$address || !filter_var($address, FILTER_VALIDATE_URL)) { register_error(elgg_echo('bookmarks:save:failed')); forward(REFERER); @@ -45,7 +58,7 @@ $bookmark->tags = $tagarray; if ($bookmark->save()) { elgg_clear_sticky_form(); - + // @todo if (is_array($shares) && sizeof($shares) > 0) { foreach($shares as $share) { |