diff options
| author | friendica <info@friendica.com> | 2013-08-25 20:11:49 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-08-25 20:11:49 -0700 |
| commit | 754611738865eacba7f4acc235c03bad85dfa2c3 (patch) | |
| tree | 5530216b5ac1598c0888993f617fb2292386a776 | |
| parent | df3cf811f044fe49173ea4b1b9d19bcdff76bc26 (diff) | |
| download | volse-hubzilla-754611738865eacba7f4acc235c03bad85dfa2c3.tar.gz volse-hubzilla-754611738865eacba7f4acc235c03bad85dfa2c3.tar.bz2 volse-hubzilla-754611738865eacba7f4acc235c03bad85dfa2c3.zip | |
Try to ensure full paths don't leak into xchan_addr and hubloc_addr
| -rwxr-xr-x | boot.php | 5 | ||||
| -rw-r--r-- | include/zot.php | 2 |
2 files changed, 6 insertions, 1 deletions
@@ -1316,6 +1316,11 @@ function fix_system_urls($oldurl,$newurl) { if(! $parsed) continue; $newhost = $parsed['host']; + // sometimes parse_url returns unexpected results. + + if(strpos($newhost,'/') !== false) + $newhost = substr($newhost,0,strpos($newhost,'/')); + $rhs = $newhost . (($parsed['port']) ? ':' . $parsed['port'] : '') . (($parsed['path']) ? $parsed['path'] : ''); $x = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_connurl = '%s', xchan_follow = '%s', xchan_connpage = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s' where xchan_hash = '%s' limit 1", diff --git a/include/zot.php b/include/zot.php index c7049dee6..051fa5078 100644 --- a/include/zot.php +++ b/include/zot.php @@ -138,7 +138,7 @@ function zot_finger($webbie,$channel) { $r = q("select xchan.*, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_addr = '%s' and (hubloc_flags & %d) limit 1", - dbesc($xchan_address), + dbesc($xchan_addr), intval(HUBLOC_FLAGS_PRIMARY) ); |