From ddbb2308a3302e2d2d6ff89f4dd3235f85d335e1 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Sat, 30 May 2015 18:11:00 +0200
Subject: check that URL are real ones before importing them (for instance,
 avoid bookmarklets)

---
 inc/poche/Poche.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/poche')

diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index d039de1f..4fb028ff 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -788,7 +788,7 @@ class Poche
             $urlsInserted = array(); //urls of articles inserted
             foreach($data as $record) {
                 $url = trim(isset($record['article__url']) ? $record['article__url'] : (isset($record['url']) ? $record['url'] : ''));
-                if ($url and !in_array($url, $urlsInserted)) {
+                if (filter_var($url, FILTER_VALIDATE_URL) and !in_array($url, $urlsInserted)) {
                     $title = (isset($record['title']) ? $record['title'] : _('Untitled - Import - ') . '</a> <a href="./?import">' . _('click to finish import') . '</a><a>');
                     $body = (isset($record['content']) ? $record['content'] : '');
                     $isRead = (isset($record['is_read']) ? intval($record['is_read']) : (isset($record['archive']) ? intval($record['archive']) : 0));
-- 
cgit v1.2.3