clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

silence parse_url on hostile input, need to get_app() for proc_run php location

This commit is contained in:
Friendika 2011-02-24 15:41:15 -08:00
parent f6788dc5f6
commit 1207bb1b55
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
boot.php
View File

@ -300,7 +300,7 @@ class App {
} }
function set_baseurl($url) { function set_baseurl($url) {
$parsed = parse_url($url); $parsed = @parse_url($url);
$this->baseurl = $url; $this->baseurl = $url;
@ -626,7 +626,7 @@ function fetch_url($url,$binary = false, &$redirects = 0) {
$matches = array(); $matches = array();
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
$url = trim(array_pop($matches)); $url = trim(array_pop($matches));
$url_parsed = parse_url($url); $url_parsed = @parse_url($url);
if (isset($url_parsed)) { if (isset($url_parsed)) {
$redirects++; $redirects++;
return fetch_url($url,$binary,$redirects); return fetch_url($url,$binary,$redirects);
@ -698,7 +698,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0) {
$matches = array(); $matches = array();
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
$url = trim(array_pop($matches)); $url = trim(array_pop($matches));
$url_parsed = parse_url($url); $url_parsed = @parse_url($url);
if (isset($url_parsed)) { if (isset($url_parsed)) {
$redirects++; $redirects++;
return post_url($url,$binary,$headers,$redirects); return post_url($url,$binary,$headers,$redirects);
@ -1423,7 +1423,7 @@ function lrdd($uri) {
// get the host meta file // get the host meta file
$host = parse_url($uri); $host = @parse_url($uri);
if($host) { if($host) {
$url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://'; $url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://';
@ -1684,7 +1684,7 @@ if(! function_exists('validate_url')) {
function validate_url(&$url) { function validate_url(&$url) {
if(substr($url,0,4) != 'http') if(substr($url,0,4) != 'http')
$url = 'http://' . $url; $url = 'http://' . $url;
$h = parse_url($url); $h = @parse_url($url);
if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) { if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) {
return true; return true;
@ -1715,7 +1715,7 @@ function validate_email($addr) {
if(! function_exists('allowed_url')) { if(! function_exists('allowed_url')) {
function allowed_url($url) { function allowed_url($url) {
$h = parse_url($url); $h = @parse_url($url);
if(! $h) { if(! $h) {
return false; return false;
@ -2438,6 +2438,9 @@ function prepare_body($item) {
if(! function_exists('proc_run')) { if(! function_exists('proc_run')) {
function proc_run($cmd){ function proc_run($cmd){
$a = get_app();
$args = func_get_args(); $args = func_get_args();
call_hooks("proc_run", $args); call_hooks("proc_run", $args);

2
mod/follow.php
View File

@ -84,7 +84,7 @@ function follow_post(&$a) {
// Google doesn't use absolute url in profile photos // Google doesn't use absolute url in profile photos
if((x($vcard,'photo')) && substr($vcard['photo'],0,1) == '/') { if((x($vcard,'photo')) && substr($vcard['photo'],0,1) == '/') {
$h = parse_url($hcard); $h = @parse_url($hcard);
if($h) if($h)
$vcard['photo'] = $h['scheme'] . '://' . $h['host'] . $vcard['photo']; $vcard['photo'] = $h['scheme'] . '://' . $h['host'] . $vcard['photo'];
} }