bitPickups/friendica_2020-09-1_sharedHosting
1
0
Fork 0
Code Pull requests Activity

Merge pull request #10786 from annando/sanitize-addon-author

Browse source 
Sanitize the addon author if it is not a valid URL but a handle
This commit is contained in:
Tobias Diekershoff 2021-10-01 15:30:30 +02:00 committed by GitHub
commit 3727be9d6c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/Core/Addon.php
View file

@ -23,6 +23,7 @@ namespace Friendica\Core;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\Contact;
use Friendica\Util\Strings;
/**
@ -257,6 +258,12 @@ class Addon
if ($type == "author" || $type == "maintainer") {
$r = preg_match("|([^<]+)<([^>]+)>|", $v, $m);
if ($r) {
if (!empty($m[2]) && empty(parse_url($m[2], PHP_URL_SCHEME))) {
$contact = Contact::getByURL($m[2], false);
if (!empty($contact['url'])) {
$m[2] = $contact['url'];
}
}
$info[$type][] = ['name' => $m[1], 'link' => $m[2]];
} else {
$info[$type][] = ['name' => $v];