Issue 8565: Sanitize input data

Fixes #8565
This commit is contained in:
Michael 2020-05-17 06:13:58 +00:00
parent 78d6137ee3
commit d771c50d63

View File

@ -339,7 +339,7 @@ class GServer
* @param string $server_url address of the server
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
private static function discoverRelay(string $server_url)
public static function discoverRelay(string $server_url)
{
Logger::info('Discover relay data', ['server' => $server_url]);
@ -353,6 +353,15 @@ class GServer
return;
}
// Sanitize incoming data, see https://github.com/friendica/friendica/issues/8565
$data['subscribe'] = (bool)$data['subscribe'] ?? false;
if (!$data['subscribe'] || empty($data['scope']) || !in_array(strtolower($data['scope']), ['all', 'tags'])) {
$data['scope'] = '';
$data['subscribe'] = false;
$data['tags'] = [];
}
$gserver = DBA::selectFirst('gserver', ['id', 'relay-subscribe', 'relay-scope'], ['nurl' => Strings::normaliseLink($server_url)]);
if (!DBA::isResult($gserver)) {
return;