diff options
author | Friendika <info@friendika.com> | 2010-12-25 13:51:39 -0800 |
---|---|---|
committer | Friendika <info@friendika.com> | 2010-12-25 13:51:39 -0800 |
commit | d6a75a0391bfe2021cca0bba9f054044ef79cab7 (patch) | |
tree | b2ecf90284c3406b18b9fba04d042a3ff969a611 | |
parent | 7b51713ba33e442c57e3e4b242a48cf2bdb32f75 (diff) | |
download | volse-hubzilla-d6a75a0391bfe2021cca0bba9f054044ef79cab7.tar.gz volse-hubzilla-d6a75a0391bfe2021cca0bba9f054044ef79cab7.tar.bz2 volse-hubzilla-d6a75a0391bfe2021cca0bba9f054044ef79cab7.zip |
secure profile redirect failed with duplex relationship
-rw-r--r-- | mod/dfrn_poll.php | 10 | ||||
-rw-r--r-- | mod/redir.php | 5 |
2 files changed, 8 insertions, 7 deletions
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index 22d2ee40f..52272efad 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -99,18 +99,18 @@ function dfrn_poll_init(&$a) { dbesc($sec) ); if(! count($r)) { - xml_status(3); + xml_status(3, 'No ticket'); // NOTREACHED } $orig_id = $r[0]['dfrn_id']; - if(strpos(':',$orig_id)) + if(strpos($orig_id, ':')) $orig_id = substr($orig_id,2); $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($r[0]['cid']) ); if(! count($c)) { - xml_status(3); + xml_status(3, 'No profile'); } $contact = $c[0]; @@ -134,9 +134,9 @@ function dfrn_poll_init(&$a) { $final_dfrn_id = substr($final_dfrn_id,2); if($final_dfrn_id != $orig_id) { - + logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG); // did not decode properly - cannot trust this site - xml_status(3); + xml_status(3, 'Bad decryption'); } header("Content-type: text/xml"); diff --git a/mod/redir.php b/mod/redir.php index cc58b9cd1..ac21aa17e 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -6,7 +6,7 @@ function redir_init(&$a) { goaway($a->get_baseurl()); $cid = $a->argv[1]; - $r = q("SELECT `network`, `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval(local_user()) ); @@ -36,8 +36,9 @@ function redir_init(&$a) { intval(time() + 45) ); + logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); + goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id -// . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile'); . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec); } |