aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Macgirvin <mike@macgirvin.com>2010-09-01 17:26:02 -0700
committerMike Macgirvin <mike@macgirvin.com>2010-09-01 17:26:02 -0700
commit19a28434c46864f525f106bbe1ace933584290fb (patch)
treeace44ef6581377e708f0ceac671933443122b711
parent2c1a27b2ae49e03ef348510bcaa08eff509ca6c7 (diff)
downloadvolse-hubzilla-19a28434c46864f525f106bbe1ace933584290fb.tar.gz
volse-hubzilla-19a28434c46864f525f106bbe1ace933584290fb.tar.bz2
volse-hubzilla-19a28434c46864f525f106bbe1ace933584290fb.zip
potential xss exploit
-rw-r--r--mod/dfrn_request.php33
1 files changed, 8 insertions, 25 deletions
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 43a7fc389..0fb718ab6 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -158,7 +158,7 @@ function dfrn_request_post(&$a) {
// in $a->argv[1] and we should have their complete info in $a->profile.
if(! (is_array($a->profile) && count($a->profile))) {
- notice(t("Profile unavailable.") . EOL);
+ notice( t('Profile unavailable.') . EOL);
return;
}
@@ -179,29 +179,9 @@ function dfrn_request_post(&$a) {
return;
}
- // Is this an email-style DFRN locator?
+ // Canonicalise email-style profile locator
- if(strstr($url,'@')) {
- $username = substr($url,0,strpos($url,'@'));
- $hostname = substr($url,strpos($url,'@') + 1);
- require_once('Scrape.php');
-
-
- $parms = scrape_meta('https://' . $url);
- if((x($parms,'dfrn-template')) && strstr($parms['dfrn-template'],'%s')) {
- $url = sprintf($parms['dfrn-template'],$username);
- }
- else {
- $parms = scrape_meta('http://' . $url);
- if((x($parms,'dfrn-template')) && strstr($parms['dfrn-template'],'%s')) {
- $url = sprintf($parms['dfrn-template'],$username);
- }
- else {
- $url = '';
- }
- }
-
- }
+ $url = webfinger($url);
if(! strlen($url)) {
notice( t("Unable to resolve your name at the provided location.") . EOL);
@@ -306,7 +286,7 @@ function dfrn_request_post(&$a) {
intval($uid),
intval($contact_record['id']),
((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
- dbesc(trim($_POST['dfrn-request-message'])),
+ dbesc(notags(trim($_POST['dfrn-request-message']))),
dbesc($hash),
dbesc(datetime_convert())
);
@@ -404,7 +384,10 @@ function dfrn_request_content(&$a) {
'$siteurl' => $a->get_baseurl(),
'$sitename' => $a->config['sitename']
));
- $res = mail($r[0]['email'],t("Introduction received at ") . $a->config['sitename'],$email,t('From: Administrator@') . $_SERVER[SERVER_NAME] );
+ $res = mail($r[0]['email'],
+ t("Introduction received at ") . $a->config['sitename'],
+ $email,
+ t('From: Administrator@') . $_SERVER[SERVER_NAME] );
// This is a redundant notification - no point throwing errors if it fails.
}
}