mirror of
https://github.com/friendica/friendica
synced 2024-12-21 15:04:54 +01:00
silence parse_url on hostile input, need to get_app() for proc_run php location
This commit is contained in:
parent
f6788dc5f6
commit
1207bb1b55
2 changed files with 10 additions and 7 deletions
15
boot.php
15
boot.php
|
@ -300,7 +300,7 @@ class App {
|
||||||
}
|
}
|
||||||
|
|
||||||
function set_baseurl($url) {
|
function set_baseurl($url) {
|
||||||
$parsed = parse_url($url);
|
$parsed = @parse_url($url);
|
||||||
|
|
||||||
$this->baseurl = $url;
|
$this->baseurl = $url;
|
||||||
|
|
||||||
|
@ -626,7 +626,7 @@ function fetch_url($url,$binary = false, &$redirects = 0) {
|
||||||
$matches = array();
|
$matches = array();
|
||||||
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
|
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
|
||||||
$url = trim(array_pop($matches));
|
$url = trim(array_pop($matches));
|
||||||
$url_parsed = parse_url($url);
|
$url_parsed = @parse_url($url);
|
||||||
if (isset($url_parsed)) {
|
if (isset($url_parsed)) {
|
||||||
$redirects++;
|
$redirects++;
|
||||||
return fetch_url($url,$binary,$redirects);
|
return fetch_url($url,$binary,$redirects);
|
||||||
|
@ -698,7 +698,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0) {
|
||||||
$matches = array();
|
$matches = array();
|
||||||
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
|
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
|
||||||
$url = trim(array_pop($matches));
|
$url = trim(array_pop($matches));
|
||||||
$url_parsed = parse_url($url);
|
$url_parsed = @parse_url($url);
|
||||||
if (isset($url_parsed)) {
|
if (isset($url_parsed)) {
|
||||||
$redirects++;
|
$redirects++;
|
||||||
return post_url($url,$binary,$headers,$redirects);
|
return post_url($url,$binary,$headers,$redirects);
|
||||||
|
@ -1423,7 +1423,7 @@ function lrdd($uri) {
|
||||||
|
|
||||||
// get the host meta file
|
// get the host meta file
|
||||||
|
|
||||||
$host = parse_url($uri);
|
$host = @parse_url($uri);
|
||||||
|
|
||||||
if($host) {
|
if($host) {
|
||||||
$url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://';
|
$url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://';
|
||||||
|
@ -1684,7 +1684,7 @@ if(! function_exists('validate_url')) {
|
||||||
function validate_url(&$url) {
|
function validate_url(&$url) {
|
||||||
if(substr($url,0,4) != 'http')
|
if(substr($url,0,4) != 'http')
|
||||||
$url = 'http://' . $url;
|
$url = 'http://' . $url;
|
||||||
$h = parse_url($url);
|
$h = @parse_url($url);
|
||||||
|
|
||||||
if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) {
|
if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -1715,7 +1715,7 @@ function validate_email($addr) {
|
||||||
if(! function_exists('allowed_url')) {
|
if(! function_exists('allowed_url')) {
|
||||||
function allowed_url($url) {
|
function allowed_url($url) {
|
||||||
|
|
||||||
$h = parse_url($url);
|
$h = @parse_url($url);
|
||||||
|
|
||||||
if(! $h) {
|
if(! $h) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -2438,6 +2438,9 @@ function prepare_body($item) {
|
||||||
|
|
||||||
if(! function_exists('proc_run')) {
|
if(! function_exists('proc_run')) {
|
||||||
function proc_run($cmd){
|
function proc_run($cmd){
|
||||||
|
|
||||||
|
$a = get_app();
|
||||||
|
|
||||||
$args = func_get_args();
|
$args = func_get_args();
|
||||||
call_hooks("proc_run", $args);
|
call_hooks("proc_run", $args);
|
||||||
|
|
||||||
|
|
|
@ -84,7 +84,7 @@ function follow_post(&$a) {
|
||||||
// Google doesn't use absolute url in profile photos
|
// Google doesn't use absolute url in profile photos
|
||||||
|
|
||||||
if((x($vcard,'photo')) && substr($vcard['photo'],0,1) == '/') {
|
if((x($vcard,'photo')) && substr($vcard['photo'],0,1) == '/') {
|
||||||
$h = parse_url($hcard);
|
$h = @parse_url($hcard);
|
||||||
if($h)
|
if($h)
|
||||||
$vcard['photo'] = $h['scheme'] . '://' . $h['host'] . $vcard['photo'];
|
$vcard['photo'] = $h['scheme'] . '://' . $h['host'] . $vcard['photo'];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue