aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-07-18 18:22:08 -0700
committerfriendica <info@friendica.com>2013-07-18 18:22:08 -0700
commit4aff3d4217f72fe8e0903897951d3fd08637eb04 (patch)
tree7e88fc80dc5f8439d1989c303195cd93ac8c9410
parentc6c0a1caa92caa911ef3ccf7550145e303ccefa9 (diff)
downloadvolse-hubzilla-4aff3d4217f72fe8e0903897951d3fd08637eb04.tar.gz
volse-hubzilla-4aff3d4217f72fe8e0903897951d3fd08637eb04.tar.bz2
volse-hubzilla-4aff3d4217f72fe8e0903897951d3fd08637eb04.zip
validate input to import_xchan(), as we don't consistently check it prior to entering this function
-rw-r--r--include/zot.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/include/zot.php b/include/zot.php
index 22f84b454..6d68d9087 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -445,6 +445,13 @@ function import_xchan($arr) {
$ret = array('success' => false);
$changed = false;
+ if(! (is_array($arr) && array_key_exists('success',$arr) && $arr['success'])) {
+ logger('import_xchan: invalid data packet: ' . print_r($arr,true));
+ $ret['message'] = t('Invalid data packet');
+ return $ret;
+ }
+
+
$xchan_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
$import_photos = false;