diff options
| author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-08-06 13:56:32 +0200 |
|---|---|---|
| committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-08-06 13:56:32 +0200 |
| commit | 78b0bcc19ad3aba0e1e10d7441290a8af82e63bf (patch) | |
| tree | c46055c5d13bea272dcc162170e396c872954513 /db | |
| parent | 582dba7e944850d39316a15ef9e3297577fb936f (diff) | |
move sanitation of urls to the serverside code to also provide security for clients, fix #151
Diffstat (limited to 'db')
| -rw-r--r-- | db/feed.php | 17 | ||||
| -rw-r--r-- | db/item.php | 7 |
2 files changed, 24 insertions, 0 deletions
diff --git a/db/feed.php b/db/feed.php index 22fbc359b..2bf16fc3b 100644 --- a/db/feed.php +++ b/db/feed.php @@ -65,4 +65,21 @@ class Feed extends Entity implements IAPI { ); } + + public function setUrl($url) { + $url = trim($url); + if(strpos($url, 'http') === 0) { + parent::setUrl($url); + } + } + + + public function setLink($url) { + $url = trim($url); + if(strpos($url, 'http') === 0) { + parent::setLink($url); + } + } + + }
\ No newline at end of file diff --git a/db/item.php b/db/item.php index 332fd630e..1632d5438 100644 --- a/db/item.php +++ b/db/item.php @@ -119,5 +119,12 @@ class Item extends Entity implements IAPI { } + public function setUrl($url) { + $url = trim($url); + if(strpos($url, 'http') === 0) { + parent::setUrl($url); + } + } + } |