Merge pull request #8648 from annando/annando/issue8565

Issue 8565: Sanitize  input data
This commit is contained in:
Hypolite Petovan 2020-05-17 11:40:18 -04:00 committed by GitHub
commit 8a96fe6d7f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -353,6 +353,15 @@ class GServer
return; return;
} }
// Sanitize incoming data, see https://github.com/friendica/friendica/issues/8565
$data['subscribe'] = (bool)$data['subscribe'] ?? false;
if (!$data['subscribe'] || empty($data['scope']) || !in_array(strtolower($data['scope']), ['all', 'tags'])) {
$data['scope'] = '';
$data['subscribe'] = false;
$data['tags'] = [];
}
$gserver = DBA::selectFirst('gserver', ['id', 'relay-subscribe', 'relay-scope'], ['nurl' => Strings::normaliseLink($server_url)]); $gserver = DBA::selectFirst('gserver', ['id', 'relay-subscribe', 'relay-scope'], ['nurl' => Strings::normaliseLink($server_url)]);
if (!DBA::isResult($gserver)) { if (!DBA::isResult($gserver)) {
return; return;