diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2013-05-04 14:47:10 +0400 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2013-05-04 14:47:10 +0400 |
commit | df54cd5d47951098aa208a01d884d79aa5c0e333 (patch) | |
tree | 718bfb28df448912460c0947248487bc9bb9f16a | |
parent | d38c7a1688b3e5cdca0e27effd9be493d1de3605 (diff) | |
parent | 8eef7919c1c65e16255f615b217f4ac8db2340af (diff) |
Merge pull request #3198 from owncloud/check-url
Bookmarks: Check if url is valid
-rw-r--r-- | apps/bookmarks/ajax/addBookmark.php | 9 | ||||
-rw-r--r-- | apps/bookmarks/ajax/editBookmark.php | 6 |
2 files changed, 14 insertions, 1 deletions
diff --git a/apps/bookmarks/ajax/addBookmark.php b/apps/bookmarks/ajax/addBookmark.php index b4d0f33d721..187cfe48dbc 100644 --- a/apps/bookmarks/ajax/addBookmark.php +++ b/apps/bookmarks/ajax/addBookmark.php @@ -31,6 +31,13 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('bookmarks'); OCP\JSON::callCheck(); +// Check if it is a valid URL +if (filter_var($_POST['url'], FILTER_VALIDATE_URL) === FALSE) { + OC_JSON::error(); + exit(); +} + + require_once(OC::$APPSROOT . '/apps/bookmarks/bookmarksHelper.php'); $id = addBookmark($_POST['url'], $_POST['title'], $_POST['tags']); -OCP\JSON::success(array('data' => $id));
\ No newline at end of file +OCP\JSON::success(array('data' => $id)); diff --git a/apps/bookmarks/ajax/editBookmark.php b/apps/bookmarks/ajax/editBookmark.php index 36258f70961..5521aab0ef1 100644 --- a/apps/bookmarks/ajax/editBookmark.php +++ b/apps/bookmarks/ajax/editBookmark.php @@ -31,6 +31,12 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('bookmarks'); OCP\JSON::callCheck(); +// Check if it is a valid URL +if (filter_var($_POST['url'], FILTER_VALIDATE_URL) === FALSE) { + OC_JSON::error(); + exit(); +} + $CONFIG_DBTYPE = OCP\Config::getSystemValue( "dbtype", "sqlite" ); if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){ $_ut = "strftime('%s','now')"; |