MrPetovan/friendica
2
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

provide allow list of friend sites for education/corporate environments,

Browse source 
pattern matchable
This commit is contained in:
Mike Macgirvin 2010-09-13 17:12:54 -07:00
parent 2c96ad7739
commit 38fde6672e
2 changed files with 50 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
boot.php
View file

@ -782,16 +782,54 @@ function get_uid() {
}} }}
if(! function_exists('validate_url')) { if(! function_exists('validate_url')) {
function validate_url($url) { function validate_url(&$url) {
if(substr($url,0,4) != 'http') if(substr($url,0,4) != 'http')
$url = 'http://' . $url; $url = 'http://' . $url;
$h = parse_url($url); $h = parse_url($url);
if(! $h) if(! $h) {
return false; return false;
if(! checkdnsrr($h['host'], 'ANY')) }
if(! checkdnsrr($h['host'], 'ANY')) {
return false; return false;
}
return true; return true;
}} }}
if(! function_exists('allowed_url')) {
function allowed_url($url) {
$h = parse_url($url);
if(! $h) {
return false;
}
$str_allowed = get_config('system','allowed_sites');
if(! $str_allowed)
return true;
$found = false;
$host = strtolower($h['host']);
// always allow our own site
if($host == strtolower($_SERVER['SERVER_NAME']))
return true;
$fnmatch = function_exists('fnmatch');
$allowed = explode(',',$str_allowed);
if(count($allowed)) {
foreach($allowed as $a) {
$pat = strtolower(trim($a));
if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) {
$found = true;
break;
}
}
}
return $found;
}}

11
mod/dfrn_request.php
View file

@ -134,7 +134,7 @@ function dfrn_request_post(&$a) {
// invalid/bogus request // invalid/bogus request
notice( t("Unrecoverable protocol error.") . EOL ); notice( t('Unrecoverable protocol error.') . EOL );
goaway($a->get_baseurl()); goaway($a->get_baseurl());
return; // NOTREACHED return; // NOTREACHED
} }
@ -220,6 +220,13 @@ function dfrn_request_post(&$a) {
return; // NOTREACHED return; // NOTREACHED
} }
if(! allowed_url($url)) {
notice( t('Disallowed profile URL.') . EOL);
goaway($a->get_baseurl() . '/' . $a->cmd);
return; // NOTREACHED
}
require_once('Scrape.php'); require_once('Scrape.php');
$parms = scrape_dfrn($url); $parms = scrape_dfrn($url);
@ -301,7 +308,7 @@ function dfrn_request_post(&$a) {
// This notice will only be seen by the requestor if the requestor and requestee are on the same server. // This notice will only be seen by the requestor if the requestor and requestee are on the same server.
if(! $failed) if(! $failed)
notice( t("Your introduction has been sent.") . EOL ); notice( t('Your introduction has been sent.') . EOL );
// "Homecoming" - send the requestor back to their site to record the introduction. // "Homecoming" - send the requestor back to their site to record the introduction.