Browse Source

Issue 2367: The data for the gserver table is now sanitized.

pull/2372/head
Michael Vogel 5 years ago
parent
commit
8a3de7b186
1 changed files with 9 additions and 2 deletions
  1. +9
    -2
      include/socgraph.php

+ 9
- 2
include/socgraph.php View File

@ -722,7 +722,8 @@ function poco_check_server($server_url, $network = "", $force = false) {
// Will also return data for Friendica and GNU Social - but it will be overwritten later
// The "not implemented" is a special treatment for really, really old Friendica versions
$serverret = z_fetch_url($server_url."/api/statusnet/version.json");
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND ($serverret["body"] != '') AND (strlen($serverret["body"]) < 250)) {
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND
($serverret["body"] != '') AND (strlen($serverret["body"]) < 30)) {
$platform = "StatusNet";
$version = trim($serverret["body"], '"');
$network = NETWORK_OSTATUS;
@ -730,7 +731,8 @@ function poco_check_server($server_url, $network = "", $force = false) {
// Test for GNU Social
$serverret = z_fetch_url($server_url."/api/gnusocial/version.json");
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND ($serverret["body"] != '') AND (strlen($serverret["body"]) < 250)) {
if ($serverret["success"] AND ($serverret["body"] != '{"error":"not implemented"}') AND
($serverret["body"] != '') AND (strlen($serverret["body"]) < 30)) {
$platform = "GNU Social";
$version = trim($serverret["body"], '"');
$network = NETWORK_OSTATUS;
@ -857,6 +859,11 @@ function poco_check_server($server_url, $network = "", $force = false) {
// Check again if the server exists
$servers = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", dbesc(normalise_link($server_url)));
$version = strip_tags($version);
$site_name = strip_tags($site_name);
$info = strip_tags($info);
$platform = strip_tags($platform);
if ($servers)
q("UPDATE `gserver` SET `url` = '%s', `version` = '%s', `site_name` = '%s', `info` = '%s', `register_policy` = %d, `poco` = '%s', `noscrape` = '%s',
`network` = '%s', `platform` = '%s', `last_contact` = '%s', `last_failure` = '%s' WHERE `nurl` = '%s'",


Loading…
Cancel
Save