diff --git a/actions/userauthorization.php b/actions/userauthorization.php index a6dc2a5b07..0d3b71ac98 100644 --- a/actions/userauthorization.php +++ b/actions/userauthorization.php @@ -365,6 +365,10 @@ class UserauthorizationAction extends Action { throw new OAuthException("Listener URI '$listener' not found here"); } $listenee = $req->get_parameter('omb_listenee'); + if (!Validate::uri($listenee) && + !common_valid_tag($listenee)) { + throw new OAuthException("Listenee URI '$listenee' not a recognizable URI"); + } if (strlen($listenee) > 255) { throw new OAuthException("Listenee URI '$listenee' too long"); } diff --git a/lib/util.php b/lib/util.php index 03b1e42a90..771a4880c6 100644 --- a/lib/util.php +++ b/lib/util.php @@ -598,3 +598,11 @@ function common_debug($msg, $filename=NULL) { function common_valid_http_url($url) { return Validate::uri($url, array('allowed_schemes' => array('http', 'https'))); } + +function common_valid_tag($tag) { + if (preg_match('/^tag:(.*?),(\d{4}(-\d{2}(-\d{2})?)?):(.*)$/', $tag, $matches)) { + return (Validate::email($matches[1]) || + preg_match('/^([\w-\.]+)$/', $matches[1])); + } + return false; +}