diff options
| author | Mario <mario@mariovavti.com> | 2021-09-06 19:22:39 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2021-09-06 19:22:39 +0000 |
| commit | c1ce211b566a68b02f1197ef1bd0fc79385c1c48 (patch) | |
| tree | 81d8b40691e73abcb5e988cd42d11d6a1e396c60 /Zotlabs/Module/Channel.php | |
| parent | 3d40ea7f4417a1134dc53cc2e804af13370cd57b (diff) | |
| parent | 1aa782633184f41733778ce75139f0d9a890e1e3 (diff) | |
| download | volse-hubzilla-c1ce211b566a68b02f1197ef1bd0fc79385c1c48.tar.gz volse-hubzilla-c1ce211b566a68b02f1197ef1bd0fc79385c1c48.tar.bz2 volse-hubzilla-c1ce211b566a68b02f1197ef1bd0fc79385c1c48.zip | |
Merge branch 'dev' into 6.2RC
Diffstat (limited to 'Zotlabs/Module/Channel.php')
| -rw-r--r-- | Zotlabs/Module/Channel.php | 37 |
1 files changed, 19 insertions, 18 deletions
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 6fac610aa..34e1ea666 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -107,13 +107,11 @@ class Channel extends Controller { // Somebody may attempt an ActivityStreams fetch on one of our message permalinks // Make it do the right thing. - $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : ''); - if ($mid && strpos($mid, 'b64.') === 0) { - $decoded = @base64url_decode(substr($mid, 4)); - if ($decoded) { - $mid = $decoded; - } + $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : ''); + if ($mid === false) { + http_status_exit(404, 'Not found'); } + if ($mid) { $obj = null; if (strpos($mid, z_root() . '/item/') === 0) { @@ -158,15 +156,19 @@ class Channel extends Controller { profile_load($which, $profile); // Add Opengraph markup - $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : ''); - if (strpos($mid, 'b64.') === 0) - $mid = @base64url_decode(substr($mid, 4)); + $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : ''); - if ($mid) + if ($mid === false) { + notice(t('Malformed message id.') . EOL); + return; + } + + if ($mid) { $r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d AND item_private = 0 LIMIT 1", dbesc($mid), intval($channel['channel_id']) ); + } opengraph_add_meta((isset($r) && count($r) ? $r[0] : []), $channel); } @@ -177,12 +179,11 @@ class Channel extends Controller { $category = $datequery = $datequery2 = ''; - $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : ''); - - if (strpos($mid, 'b64.') === 0) - $decoded = @base64url_decode(substr($mid, 4)); - if (isset($decoded)) - $mid = $decoded; + $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : ''); + if ($mid === false) { + notice(t('Malformed message id.') . EOL); + return; + } $datequery = ((x($_GET, 'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); $datequery2 = ((x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); @@ -433,8 +434,8 @@ class Channel extends Controller { if ((!$update) && (!$load)) { - if (isset($decoded)) - $mid = 'b64.' . base64url_encode($mid); + //if we got a decoded hash we must encode it again before handing to javascript + $mid = gen_link_id($mid); // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, // because browser prefetching might change it on us. We have to deliver it with the page. |