aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2017-02-25 11:51:54 +0100
committerGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2017-02-25 11:51:54 +0100
commit8a6b38115456f592c8a246f9abbb84f4449721c0 (patch)
tree120cdc14b22d2798ce97f6f086b74becb42b5715
parentb8ac2b1d8ab47642018bd3f0fe6863b69a2743d6 (diff)
Sanitize Web site URL
https://github.com/FreshRSS/FreshRSS/issues/1434
Diffstat
-rw-r--r--app/Controllers/subscriptionController.php4
-rw-r--r--lib/lib_rss.php4
2 files changed, 4 insertions, 4 deletions
diff --git a/app/Controllers/subscriptionController.php b/app/Controllers/subscriptionController.php
index 03d3ee15e..aa9f18663 100644
--- a/app/Controllers/subscriptionController.php
+++ b/app/Controllers/subscriptionController.php
@@ -90,8 +90,8 @@ class FreshRSS_subscription_Controller extends Minz_ActionController {
$values = array(
'name' => Minz_Request::param('name', ''),
'description' => sanitizeHTML(Minz_Request::param('description', '', true)),
- 'website' => Minz_Request::param('website', ''),
- 'url' => Minz_Request::param('url', ''),
+ 'website' => checkUrl(Minz_Request::param('website', '')),
+ 'url' => checkUrl(Minz_Request::param('url', '')),
'category' => $cat,
'pathEntries' => Minz_Request::param('path_entries', ''),
'priority' => intval(Minz_Request::param('priority', 0)),
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 560e5b256..78c9cabea 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -69,10 +69,10 @@ function idn_to_puny($url) {
}
function checkUrl($url) {
- if (empty ($url)) {
+ if ($url == '') {
return '';
}
- if (!preg_match ('#^https?://#i', $url)) {
+ if (!preg_match('#^https?://#i', $url)) {
$url = 'http://' . $url;
}
$url = idn_to_puny($url); //PHP bug #53474 IDN
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-10 10:34:10 +0000