perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

post.php: validate embed url

Browse source
This commit is contained in:
Zankaria 2025-03-17 15:10:19 +01:00
parent 01811cb50f
commit b71d53c1a8
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
post.php
View file

@ -953,7 +953,11 @@ function handle_post(Context $ctx)
// Check for an embed field // Check for an embed field
if ($config['enable_embedding'] && isset($_POST['embed']) && !empty($_POST['embed'])) { if ($config['enable_embedding'] && isset($_POST['embed']) && !empty($_POST['embed'])) {
// yep; validate it // yep; validate it
$value = $_POST['embed']; $value = \trim($_POST['embed']);
if (\filter_var($value, \FILTER_VALIDATE_URL) === false) {
error($config['error']['invalid_embed']);
}
foreach ($config['embedding'] as &$embed) { foreach ($config['embedding'] as &$embed) {
if (preg_match($embed[0], $value)) { if (preg_match($embed[0], $value)) {
// Valid link // Valid link