Merge pull request #2372 from annando/issue-2367

Issue 2367: The data for the gserver table is now sanitized.
This commit is contained in:
fabrixxm 2016-02-19 08:30:54 +01:00
commit 8c8ebb4adc

View file

@ -722,7 +722,8 @@ function poco_check_server($server_url, $network = "", $force = false) {
// Will also return data for Friendica and GNU Social - but it will be overwritten later
// The "not implemented" is a special treatment for really, really old Friendica versions
$serverret = z_fetch_url($server_url."/api/statusnet/version.json");
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND ($serverret["body"] != '') AND (strlen($serverret["body"]) < 250)) {
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND
($serverret["body"] != '') AND (strlen($serverret["body"]) < 30)) {
$platform = "StatusNet";
$version = trim($serverret["body"], '"');
$network = NETWORK_OSTATUS;
@ -730,7 +731,8 @@ function poco_check_server($server_url, $network = "", $force = false) {
// Test for GNU Social
$serverret = z_fetch_url($server_url."/api/gnusocial/version.json");
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND ($serverret["body"] != '') AND (strlen($serverret["body"]) < 250)) {
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND
($serverret["body"] != '') AND (strlen($serverret["body"]) < 30)) {
$platform = "GNU Social";
$version = trim($serverret["body"], '"');
$network = NETWORK_OSTATUS;
@ -857,6 +859,11 @@ function poco_check_server($server_url, $network = "", $force = false) {
// Check again if the server exists
$servers = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", dbesc(normalise_link($server_url)));
$version = strip_tags($version);
$site_name = strip_tags($site_name);
$info = strip_tags($info);
$platform = strip_tags($platform);
if ($servers)
q("UPDATE `gserver` SET `url` = '%s', `version` = '%s', `site_name` = '%s', `info` = '%s', `register_policy` = %d, `poco` = '%s', `noscrape` = '%s',
`network` = '%s', `platform` = '%s', `last_contact` = '%s', `last_failure` = '%s' WHERE `nurl` = '%s'",