diff options
| author | friendica <info@friendica.com> | 2014-01-16 01:19:58 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-01-16 01:19:58 -0800 |
| commit | 18a40d0c376c07a5686b1f023f53852911138a24 (patch) | |
| tree | 18837f441a32c4b99d307bfc1afa9bc0736ba1c3 | |
| parent | ec6b8e5cdaed1304c8740cbbd01153f4d9012568 (diff) | |
| download | volse-hubzilla-18a40d0c376c07a5686b1f023f53852911138a24.tar.gz volse-hubzilla-18a40d0c376c07a5686b1f023f53852911138a24.tar.bz2 volse-hubzilla-18a40d0c376c07a5686b1f023f53852911138a24.zip | |
prevent zid's from reaching the DAV core code.
| -rw-r--r-- | include/identity.php | 2 | ||||
| -rw-r--r-- | mod/cloud.php | 3 | ||||
| -rw-r--r-- | version.inc | 2 |
3 files changed, 5 insertions, 2 deletions
diff --git a/include/identity.php b/include/identity.php index 30b6e4b6b..40a38808b 100644 --- a/include/identity.php +++ b/include/identity.php @@ -1019,7 +1019,7 @@ function zid_init(&$a) { call_hooks('zid_init',$arr); if((! local_user()) && (! remote_user())) { logger('zid_init: not authenticated. Invoking reverse magic-auth for ' . $tmp_str); - $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_id desc limit 1", + $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc limit 1", dbesc($tmp_str) ); // try to avoid recursion - but send them home to do a proper magic auth diff --git a/mod/cloud.php b/mod/cloud.php index 2d8442807..82b570380 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -82,6 +82,9 @@ function cloud_init(&$a) { $auth->setBrowserPlugin($browser); + $_SERVER['QUERY_STRING'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']); + $server->addPlugin($browser); diff --git a/version.inc b/version.inc index 8bc3bd5a8..38e91cb92 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2014-01-15.558 +2014-01-16.559 |