harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try to filter any path information from leaking through to zot_finger; and log the url wherever called to track down where it might be called with a malformed webbie or complete path instead of hostname.

Browse Source
This commit is contained in:
zotlabs 2016-10-13 21:01:54 -07:00
parent daaefed61b
commit bd70e6ae6d
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Zotlabs/Zot/Finger.php
View File

@ -32,6 +32,8 @@ class Finger {
} else { } else {
$address = substr($webbie,0,strpos($webbie,'@')); $address = substr($webbie,0,strpos($webbie,'@'));
$host = substr($webbie,strpos($webbie,'@')+1); $host = substr($webbie,strpos($webbie,'@')+1);
if(strpos($host,'/'))
$host = substr($host,0,strpos($host,'/'));
} }
$xchan_addr = $address . '@' . $host; $xchan_addr = $address . '@' . $host;

4
include/zot.php
View File

@ -186,6 +186,8 @@ function zot_finger($webbie, $channel = null, $autofallback = true) {
} else { } else {
$address = substr($webbie,0,strpos($webbie,'@')); $address = substr($webbie,0,strpos($webbie,'@'));
$host = substr($webbie,strpos($webbie,'@')+1); $host = substr($webbie,strpos($webbie,'@')+1);
if(strpos($host,'/'))
$host = substr($host,0,strpos($host,'/'));
} }
$xchan_addr = $address . '@' . $host; $xchan_addr = $address . '@' . $host;
@ -355,6 +357,8 @@ function zot_refresh($them, $channel = null, $force = false) {
$rhs = '/.well-known/zot-info'; $rhs = '/.well-known/zot-info';
logger('zot_refresh: ' . $url, LOGGER_DATA, LOG_INFO);
$result = z_post_url($url . $rhs,$postvars); $result = z_post_url($url . $rhs,$postvars);
logger('zot_refresh: zot-info: ' . print_r($result,true), LOGGER_DATA, LOG_DEBUG); logger('zot_refresh: zot-info: ' . print_r($result,true), LOGGER_DATA, LOG_DEBUG);