diff options
author | friendica <info@friendica.com> | 2013-07-18 18:22:08 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-07-18 18:22:08 -0700 |
commit | 4aff3d4217f72fe8e0903897951d3fd08637eb04 (patch) | |
tree | 7e88fc80dc5f8439d1989c303195cd93ac8c9410 /include/zot.php | |
parent | c6c0a1caa92caa911ef3ccf7550145e303ccefa9 (diff) | |
download | volse-hubzilla-4aff3d4217f72fe8e0903897951d3fd08637eb04.tar.gz volse-hubzilla-4aff3d4217f72fe8e0903897951d3fd08637eb04.tar.bz2 volse-hubzilla-4aff3d4217f72fe8e0903897951d3fd08637eb04.zip |
validate input to import_xchan(), as we don't consistently check it prior to entering this function
Diffstat (limited to 'include/zot.php')
-rw-r--r-- | include/zot.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/zot.php b/include/zot.php index 22f84b454..6d68d9087 100644 --- a/include/zot.php +++ b/include/zot.php @@ -445,6 +445,13 @@ function import_xchan($arr) { $ret = array('success' => false); $changed = false; + if(! (is_array($arr) && array_key_exists('success',$arr) && $arr['success'])) { + logger('import_xchan: invalid data packet: ' . print_r($arr,true)); + $ret['message'] = t('Invalid data packet'); + return $ret; + } + + $xchan_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); $import_photos = false; |