harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try to filter any path information from leaking through to zot_finger; and log the url wherever called to track down where it might be called with a malformed webbie or complete path instead of hostname.

Browse Source
This commit is contained in:
zotlabs
2016-10-13 21:01:54 -07:00
parent daaefed61b
commit bd70e6ae6d
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Zotlabs/Zot/Finger.php
View File

@@ -32,6 +32,8 @@ class Finger {
} else {
$address = substr($webbie,0,strpos($webbie,'@'));
$host = substr($webbie,strpos($webbie,'@')+1);
if(strpos($host,'/'))
$host = substr($host,0,strpos($host,'/'));
}
$xchan_addr = $address . '@' . $host;
@@ -58,7 +60,7 @@ class Finger {
if ($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') {
logger('zot_finger: alternate network: ' . $webbie);
logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG);
logger('url: ' . $url . ', net: ' . var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG);
return $ret;
}
}