Fixes #2719: Addresses are checked and normalized (and checked again) for bookmarks.

author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Sun, 20 Feb 2011 01:07:44 +0000 (01:07 +0000)

committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Sun, 20 Feb 2011 01:07:44 +0000 (01:07 +0000)
author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sun, 20 Feb 2011 01:07:44 +0000 (01:07 +0000)
committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sun, 20 Feb 2011 01:07:44 +0000 (01:07 +0000)
diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php

index b0b9fc9c4234a237a0e8d47e934a371d78bcfaaf..b01f9b6d0172cbcb9b9fb5c173c516e768a37a6a 100644 (file)
--- a/mod/bookmarks/actions/bookmarks/save.php
+++ b/mod/bookmarks/actions/bookmarks/save.php
@@ -16,6 +16,19 @@ $guid = get_input('guid');
  $share = get_input('share');
  $container_guid = get_input('container_guid', elgg_get_logged_in_user_guid());
  
+$normalized = elgg_normalize_url($address);
+
+// slight hack.  If the original link wasn't to this site, they probably didn't mean to post
+// a relative link.  deny the action.
+$site_url = elgg_get_site_entity()->url;
+$test = str_replace($site_url, '', $normalized);
+
+if (trim($address, '/') == trim($test, '/')) {
+       $address = '';
+} else {
+       $address = $normalized;
+}
+
  if (!$title || !$address || !filter_var($address, FILTER_VALIDATE_URL)) {
         register_error(elgg_echo('bookmarks:save:failed'));
         forward(REFERER);
@@ -45,7 +58,7 @@ $bookmark->tags = $tagarray;
  if ($bookmark->save()) {
  
         elgg_clear_sticky_form();
-       
+
         // @todo
         if (is_array($shares) && sizeof($shares) > 0) {
                 foreach($shares as $share) {
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Sun, 20 Feb 2011 01:07:44 +0000 (01:07 +0000)
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Sun, 20 Feb 2011 01:07:44 +0000 (01:07 +0000)