Skip to content
Permalink
Browse files

Merge pull request #1391 from emanwebdev/patch-26

Fix security issue with posted website URL
  • Loading branch information...
conejoninja committed Apr 6, 2014
2 parents 8a965e3 + 6ba274b commit bf4084b9e63111dfd10397072b2882a2c7ab3b28
Showing with 2 additions and 0 deletions.
  1. +2 −0 oc-includes/osclass/UserActions.php
@@ -265,6 +265,8 @@ function prepareData($is_add)
if(strtolower(substr($input['s_website'], 0, 4))!=='http') {
$input['s_website'] = 'http://'.$input['s_website'];
}
$input['s_website'] = osc_sanitize_url($input['s_website']);
if ( ! osc_validate_url($input['s_website'])) $input['s_website'] = '';
//locations...
$country = Country::newInstance()->findByCode( Params::getParam('countryId') );

0 comments on commit bf4084b

Please sign in to comment.
You can’t perform that action at this time.