From 3daeacc2089386e651d4523d4187d6b688d9c513 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pierre=20Mazi=C3=A8re?= <pierre.maziere@gmx.com>
Date: Sun, 4 Sep 2016 14:40:38 +0200
Subject: [PATCH] [VkBridge] use 'Group or user name' parameter instead of full
 URI

This breaks compatibility with previous versions of VkBridge (which
seems broken anyway).
Bridges should never use full URIs as inputs since their validation will
always be more complicated, hence prone to security issues,
than rebuilding a clean URI from simple validated inputs.
---
 bridges/VkBridge.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/bridges/VkBridge.php b/bridges/VkBridge.php
index feaafa48..54895996 100644
--- a/bridges/VkBridge.php
+++ b/bridges/VkBridge.php
@@ -6,18 +6,21 @@ class VkBridge extends BridgeAbstract {
     const NAME = "VK.com";
     const URI = "http://vk.com/";
     const DESCRIPTION = "Working with open pages";
-    const PARAMETERS=array(
-        'Url on page group or user' => array(
+    const PARAMETERS=array( array(
             'u'=>array(
-                'name'=>'Url',
+                'name'=>'Group or user name',
                 'required'=>true
             )
         )
     );
 
+    public function getURI(){
+      return static::URI.urlencode($this->getInput('u'));
+    }
     public function collectData(){
-        $text_html = $this->getContents(urldecode($this->getInput('u')))
-            or $this->returnServerError('No results for this query.');
+        $text_html = $this->getContents($this->getURI())
+          or $this->returnServerError('No results for group or user name "'.$this->getInput('u').'".');
+
         $text_html = iconv('windows-1251', 'utf-8', $text_html);
         $html = str_get_html($text_html);
         foreach ($html->find('div.post_table') as $post) {