Issue 2367: The data for the gserver table is now sanitized.
This commit is contained in:
parent
26463d92da
commit
8a3de7b186
|
@ -722,7 +722,8 @@ function poco_check_server($server_url, $network = "", $force = false) {
|
|||
// Will also return data for Friendica and GNU Social - but it will be overwritten later
|
||||
// The "not implemented" is a special treatment for really, really old Friendica versions
|
||||
$serverret = z_fetch_url($server_url."/api/statusnet/version.json");
|
||||
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND ($serverret["body"] != '') AND (strlen($serverret["body"]) < 250)) {
|
||||
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND
|
||||
($serverret["body"] != '') AND (strlen($serverret["body"]) < 30)) {
|
||||
$platform = "StatusNet";
|
||||
$version = trim($serverret["body"], '"');
|
||||
$network = NETWORK_OSTATUS;
|
||||
|
@ -730,7 +731,8 @@ function poco_check_server($server_url, $network = "", $force = false) {
|
|||
|
||||
// Test for GNU Social
|
||||
$serverret = z_fetch_url($server_url."/api/gnusocial/version.json");
|
||||
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND ($serverret["body"] != '') AND (strlen($serverret["body"]) < 250)) {
|
||||
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND
|
||||
($serverret["body"] != '') AND (strlen($serverret["body"]) < 30)) {
|
||||
$platform = "GNU Social";
|
||||
$version = trim($serverret["body"], '"');
|
||||
$network = NETWORK_OSTATUS;
|
||||
|
@ -857,6 +859,11 @@ function poco_check_server($server_url, $network = "", $force = false) {
|
|||
// Check again if the server exists
|
||||
$servers = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", dbesc(normalise_link($server_url)));
|
||||
|
||||
$version = strip_tags($version);
|
||||
$site_name = strip_tags($site_name);
|
||||
$info = strip_tags($info);
|
||||
$platform = strip_tags($platform);
|
||||
|
||||
if ($servers)
|
||||
q("UPDATE `gserver` SET `url` = '%s', `version` = '%s', `site_name` = '%s', `info` = '%s', `register_policy` = %d, `poco` = '%s', `noscrape` = '%s',
|
||||
`network` = '%s', `platform` = '%s', `last_contact` = '%s', `last_failure` = '%s' WHERE `nurl` = '%s'",
|
||||
|
|
Loading…
Reference in New Issue
Block a user