harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent zid's from reaching the DAV core code.

Browse Source
This commit is contained in:
friendica 2014-01-16 01:19:58 -08:00
parent ec6b8e5cda
commit 18a40d0c37
3 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/identity.php
View File

@ -1019,7 +1019,7 @@ function zid_init(&$a) {
call_hooks('zid_init',$arr); call_hooks('zid_init',$arr);
if((! local_user()) && (! remote_user())) { if((! local_user()) && (! remote_user())) {
logger('zid_init: not authenticated. Invoking reverse magic-auth for ' . $tmp_str); logger('zid_init: not authenticated. Invoking reverse magic-auth for ' . $tmp_str);
$r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_id desc limit 1", $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc limit 1",
dbesc($tmp_str) dbesc($tmp_str)
); );
// try to avoid recursion - but send them home to do a proper magic auth // try to avoid recursion - but send them home to do a proper magic auth

3
mod/cloud.php
View File

@ -82,6 +82,9 @@ function cloud_init(&$a) {
$auth->setBrowserPlugin($browser); $auth->setBrowserPlugin($browser);
$_SERVER['QUERY_STRING'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['QUERY_STRING']);
$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']);
$server->addPlugin($browser); $server->addPlugin($browser);

2
version.inc
View File

@ -1 +1 @@
2014-01-15.558 2014-01-16.559