Improved the auth urls validation

This commit is contained in:
Claudio Sanches 2015-04-23 17:45:38 -03:00
parent d0d3aae8c1
commit e79dfec3b0
1 changed files with 8 additions and 6 deletions

View File

@ -123,17 +123,19 @@ class WC_Auth {
}
}
if ( false === filter_var( urldecode( $_REQUEST['return_url'] ), FILTER_VALIDATE_URL ) ) {
throw new Exception( __( 'The return_url is not a valid URL', 'woocommerce' ) );
if ( ! in_array( $_REQUEST['scope'], array( 'read', 'write', 'read_write' ) ) ) {
throw new Exception( sprintf( __( 'Invalid scope %s', 'woocommerce' ), wc_clean( $_REQUEST['scope'] ) ) );
}
foreach ( array( 'return_url', 'callback_url' ) as $param ) {
if ( false === filter_var( urldecode( $param ), FILTER_VALIDATE_URL ) ) {
throw new Exception( sprintf( __( 'The %s is not a valid URL', 'woocommerce' ), $param ) );
}
}
if ( 0 !== stripos( urldecode( $_REQUEST['callback_url'] ), 'https://' ) ) {
throw new Exception( __( 'The callback_url need to be over SSL', 'woocommerce' ) );
}
if ( ! in_array( $_REQUEST['scope'], array( 'read', 'write', 'read_write' ) ) ) {
throw new Exception( sprintf( __( 'Invalid scope %s', 'woocommerce' ), wc_clean( $_REQUEST['scope'] ) ) );
}
}
/**