diff options
author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-08-06 13:56:32 +0200 |
---|---|---|
committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-08-06 13:56:32 +0200 |
commit | 78b0bcc19ad3aba0e1e10d7441290a8af82e63bf (patch) | |
tree | c46055c5d13bea272dcc162170e396c872954513 /db/item.php | |
parent | 582dba7e944850d39316a15ef9e3297577fb936f (diff) |
move sanitation of urls to the serverside code to also provide security for clients, fix #151
Diffstat (limited to 'db/item.php')
-rw-r--r-- | db/item.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/db/item.php b/db/item.php index 332fd630e..1632d5438 100644 --- a/db/item.php +++ b/db/item.php @@ -119,5 +119,12 @@ class Item extends Entity implements IAPI { } + public function setUrl($url) { + $url = trim($url); + if(strpos($url, 'http') === 0) { + parent::setUrl($url); + } + } + } |