aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2016-10-13 21:01:54 -0700
committerzotlabs <mike@macgirvin.com>2016-10-13 21:01:54 -0700
commitbd70e6ae6d5baa5f75e3c704ae25ff41a6a90047 (patch)
tree7a8c6cc7392e17ddeaa881ad82984f585ff28659
parentdaaefed61bc6a38a102ce2c357278158535a2b27 (diff)
downloadvolse-hubzilla-bd70e6ae6d5baa5f75e3c704ae25ff41a6a90047.tar.gz
volse-hubzilla-bd70e6ae6d5baa5f75e3c704ae25ff41a6a90047.tar.bz2
volse-hubzilla-bd70e6ae6d5baa5f75e3c704ae25ff41a6a90047.zip
try to filter any path information from leaking through to zot_finger; and log the url wherever called to track down where it might be called with a malformed webbie or complete path instead of hostname.
-rw-r--r--Zotlabs/Zot/Finger.php4
-rw-r--r--include/zot.php4
2 files changed, 7 insertions, 1 deletions
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index e7603442f..210513e60 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -32,6 +32,8 @@ class Finger {
} else {
$address = substr($webbie,0,strpos($webbie,'@'));
$host = substr($webbie,strpos($webbie,'@')+1);
+ if(strpos($host,'/'))
+ $host = substr($host,0,strpos($host,'/'));
}
$xchan_addr = $address . '@' . $host;
@@ -58,7 +60,7 @@ class Finger {
if ($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') {
logger('zot_finger: alternate network: ' . $webbie);
- logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG);
+ logger('url: ' . $url . ', net: ' . var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG);
return $ret;
}
}
diff --git a/include/zot.php b/include/zot.php
index 2e02b96e7..f6d6fe362 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -186,6 +186,8 @@ function zot_finger($webbie, $channel = null, $autofallback = true) {
} else {
$address = substr($webbie,0,strpos($webbie,'@'));
$host = substr($webbie,strpos($webbie,'@')+1);
+ if(strpos($host,'/'))
+ $host = substr($host,0,strpos($host,'/'));
}
$xchan_addr = $address . '@' . $host;
@@ -355,6 +357,8 @@ function zot_refresh($them, $channel = null, $force = false) {
$rhs = '/.well-known/zot-info';
+ logger('zot_refresh: ' . $url, LOGGER_DATA, LOG_INFO);
+
$result = z_post_url($url . $rhs,$postvars);
logger('zot_refresh: zot-info: ' . print_r($result,true), LOGGER_DATA, LOG_DEBUG);