aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2010-12-25 13:51:39 -0800
committerFriendika <info@friendika.com>2010-12-25 13:51:39 -0800
commitd6a75a0391bfe2021cca0bba9f054044ef79cab7 (patch)
treeb2ecf90284c3406b18b9fba04d042a3ff969a611
parent7b51713ba33e442c57e3e4b242a48cf2bdb32f75 (diff)
downloadvolse-hubzilla-d6a75a0391bfe2021cca0bba9f054044ef79cab7.tar.gz
volse-hubzilla-d6a75a0391bfe2021cca0bba9f054044ef79cab7.tar.bz2
volse-hubzilla-d6a75a0391bfe2021cca0bba9f054044ef79cab7.zip
secure profile redirect failed with duplex relationship
-rw-r--r--mod/dfrn_poll.php10
-rw-r--r--mod/redir.php5
2 files changed, 8 insertions, 7 deletions
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index 22d2ee40f..52272efad 100644
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -99,18 +99,18 @@ function dfrn_poll_init(&$a) {
dbesc($sec)
);
if(! count($r)) {
- xml_status(3);
+ xml_status(3, 'No ticket');
// NOTREACHED
}
$orig_id = $r[0]['dfrn_id'];
- if(strpos(':',$orig_id))
+ if(strpos($orig_id, ':'))
$orig_id = substr($orig_id,2);
$c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
intval($r[0]['cid'])
);
if(! count($c)) {
- xml_status(3);
+ xml_status(3, 'No profile');
}
$contact = $c[0];
@@ -134,9 +134,9 @@ function dfrn_poll_init(&$a) {
$final_dfrn_id = substr($final_dfrn_id,2);
if($final_dfrn_id != $orig_id) {
-
+ logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
// did not decode properly - cannot trust this site
- xml_status(3);
+ xml_status(3, 'Bad decryption');
}
header("Content-type: text/xml");
diff --git a/mod/redir.php b/mod/redir.php
index cc58b9cd1..ac21aa17e 100644
--- a/mod/redir.php
+++ b/mod/redir.php
@@ -6,7 +6,7 @@ function redir_init(&$a) {
goaway($a->get_baseurl());
$cid = $a->argv[1];
- $r = q("SELECT `network`, `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($cid),
intval(local_user())
);
@@ -36,8 +36,9 @@ function redir_init(&$a) {
intval(time() + 45)
);
+ logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG);
+
goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
-// . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile');
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec);
}