diff options
-rw-r--r-- | src/mulk/benki/book_marx.clj | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/src/mulk/benki/book_marx.clj b/src/mulk/benki/book_marx.clj index 1ac7b8d..e1f0850 100644 --- a/src/mulk/benki/book_marx.clj +++ b/src/mulk/benki/book_marx.clj @@ -94,19 +94,22 @@ (catch java.lang.Exception e# nil))) -(defpage [:get "/marx/submit"] {uri :uri, description :description, origin :origin} +(defpage [:get "/marx/submit"] {uri :uri, description :description, origin :origin, title :title} (with-auth - (let [title (m/domonad m/maybe-m - ;; FIXME: Using slurp here is a potential security problem - ;; because it permits access to internal resources! - [:when uri - :when (or (.startsWith uri "http://") - (.startsWith uri "https://")) - soup (ignore-errors (slurp uri)) - page (org.jsoup.Jsoup/parse soup) - title (.select page "title")] - (.text title)) - origin (or origin (get-in (request/ring-request) [:headers "Referer"]))] + (let [title (or title + (m/domonad m/maybe-m + ;; FIXME: Using slurp here is a potential security problem + ;; because it permits access to internal resources! + [:when uri + :when (or (.startsWith uri "http://") + (.startsWith uri "https://")) + soup (ignore-errors (slurp uri)) + page (org.jsoup.Jsoup/parse soup) + title (.select page "title")] + (.text title))) + origin (or origin + (get-in (request/ring-request) [:headers "Referer"]) + uri)] (layout bookmarx-submission-page "Submit New Bookmark" [:form {:method "POST"} [:table |