check that URL are real ones before importing them (for instance, avoid bookmarklets)

author: Thomas Citharel <tcit@tcit.fr> 2015-05-30 18:11:00 +0200
committer: Thomas Citharel <tcit@tcit.fr> 2015-05-30 18:11:00 +0200
commit: ddbb2308a3302e2d2d6ff89f4dd3235f85d335e1 (patch)
tree: 498db9dae01e84410267b83be82244fab9d2a331
parent: 3a690fad55cafb5b30debd1f3069e9c87b0a4b39 (diff)
download: wallabag-ddbb2308a3302e2d2d6ff89f4dd3235f85d335e1.tar.gz
wallabag-ddbb2308a3302e2d2d6ff89f4dd3235f85d335e1.tar.zst
wallabag-ddbb2308a3302e2d2d6ff89f4dd3235f85d335e1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index d039de1f..4fb028ff 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -788,7 +788,7 @@ class Poche
            $urlsInserted = array(); //urls of articles inserted
            foreach($data as $record) {
                $url = trim(isset($record['article__url']) ? $record['article__url'] : (isset($record['url']) ? $record['url'] : ''));
-                if ($url and !in_array($url, $urlsInserted)) {
+                if (filter_var($url, FILTER_VALIDATE_URL) and !in_array($url, $urlsInserted)) {
                    $title = (isset($record['title']) ? $record['title'] : _('Untitled - Import - ') . '</a> <a href="./?import">' . _('click to finish import') . '</a><a>');
                    $body = (isset($record['content']) ? $record['content'] : '');
                    $isRead = (isset($record['is_read']) ? intval($record['is_read']) : (isset($record['archive']) ? intval($record['archive']) : 0));
author	Thomas Citharel <tcit@tcit.fr>	2015-05-30 18:11:00 +0200
committer	Thomas Citharel <tcit@tcit.fr>	2015-05-30 18:11:00 +0200
commit	ddbb2308a3302e2d2d6ff89f4dd3235f85d335e1 (patch)
tree	498db9dae01e84410267b83be82244fab9d2a331
parent	3a690fad55cafb5b30debd1f3069e9c87b0a4b39 (diff)
download	wallabag-ddbb2308a3302e2d2d6ff89f4dd3235f85d335e1.tar.gz wallabag-ddbb2308a3302e2d2d6ff89f4dd3235f85d335e1.tar.zst wallabag-ddbb2308a3302e2d2d6ff89f4dd3235f85d335e1.zip

diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index d039de1f..4fb028ff 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php
@@ -788,7 +788,7 @@ class Poche
788	$urlsInserted = array(); //urls of articles inserted	788	$urlsInserted = array(); //urls of articles inserted
789	foreach($data as $record) {	789	foreach($data as $record) {
790	$url = trim(isset($record['article__url']) ? $record['article__url'] : (isset($record['url']) ? $record['url'] : ''));	790	$url = trim(isset($record['article__url']) ? $record['article__url'] : (isset($record['url']) ? $record['url'] : ''));
791	if ($url and !in_array($url, $urlsInserted)) {	791	if (filter_var($url, FILTER_VALIDATE_URL) and !in_array($url, $urlsInserted)) {
792	$title = (isset($record['title']) ? $record['title'] : _('Untitled - Import - ') . '</a> <a href="./?import">' . _('click to finish import') . '</a><a>');	792	$title = (isset($record['title']) ? $record['title'] : _('Untitled - Import - ') . '</a> <a href="./?import">' . _('click to finish import') . '</a><a>');
793	$body = (isset($record['content']) ? $record['content'] : '');	793	$body = (isset($record['content']) ? $record['content'] : '');
794	$isRead = (isset($record['is_read']) ? intval($record['is_read']) : (isset($record['archive']) ? intval($record['archive']) : 0));	794	$isRead = (isset($record['is_read']) ? intval($record['is_read']) : (isset($record['archive']) ? intval($record['archive']) : 0));