Merge pull request #8648 from annando/annando/issue8565
Issue 8565: Sanitize input data
This commit is contained in:
commit
8a96fe6d7f
1 changed files with 9 additions and 0 deletions
|
@ -353,6 +353,15 @@ class GServer
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Sanitize incoming data, see https://github.com/friendica/friendica/issues/8565
|
||||||
|
$data['subscribe'] = (bool)$data['subscribe'] ?? false;
|
||||||
|
|
||||||
|
if (!$data['subscribe'] || empty($data['scope']) || !in_array(strtolower($data['scope']), ['all', 'tags'])) {
|
||||||
|
$data['scope'] = '';
|
||||||
|
$data['subscribe'] = false;
|
||||||
|
$data['tags'] = [];
|
||||||
|
}
|
||||||
|
|
||||||
$gserver = DBA::selectFirst('gserver', ['id', 'relay-subscribe', 'relay-scope'], ['nurl' => Strings::normaliseLink($server_url)]);
|
$gserver = DBA::selectFirst('gserver', ['id', 'relay-subscribe', 'relay-scope'], ['nurl' => Strings::normaliseLink($server_url)]);
|
||||||
if (!DBA::isResult($gserver)) {
|
if (!DBA::isResult($gserver)) {
|
||||||
return;
|
return;
|
||||||
|
|
Loading…
Reference in a new issue