aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Weiske <cweiske@cweiske.de>2011-05-03 19:10:12 +0200
committerChristian Weiske <cweiske@cweiske.de>2011-05-03 19:10:12 +0200
commitfb11021ed7eadf7443755e936cbad34fbfec7d4c (patch)
treef4229fbf74ce0472b85f1f9e07c3e27af6989e75 /src
parent218ac05e712a85572afd0ed76ff969bcbe6c4b09 (diff)
downloadsemanticscuttle-fb11021ed7eadf7443755e936cbad34fbfec7d4c.tar.gz
semanticscuttle-fb11021ed7eadf7443755e936cbad34fbfec7d4c.tar.bz2
do not add bookmarks with an invalid URL
Diffstat (limited to 'src')
-rw-r--r--src/SemanticScuttle/Service/Bookmark.php10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/SemanticScuttle/Service/Bookmark.php b/src/SemanticScuttle/Service/Bookmark.php
index a30ad5f..919ca7a 100644
--- a/src/SemanticScuttle/Service/Bookmark.php
+++ b/src/SemanticScuttle/Service/Bookmark.php
@@ -435,6 +435,10 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
/**
* Adds a bookmark to the database.
*
+ * Security checks are being made here, but no error reasons will be
+ * returned. It is the responsibility of the code that calls
+ * addBookmark() to verify the data.
+ *
* @param string $address Full URL of the bookmark
* @param string $title Bookmark title
* @param string $description Long bookmark description
@@ -453,7 +457,8 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* @param boolean $fromImport True when the bookmark is from an import.
* @param integer $sId ID of user who creates the bookmark.
*
- * @return integer Bookmark ID
+ * @return mixed Integer bookmark ID if saving succeeded, false in
+ * case of an error. Error reasons are not returned.
*/
public function addBookmark(
$address, $title, $description, $privateNote, $status, $tags,
@@ -466,6 +471,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
}
$address = $this->normalize($address);
+ if (!SemanticScuttle_Model_Bookmark::isValidUrl($address)) {
+ return false;
+ }
/*
* Note that if date is NULL, then it's added with a date and