diff options
author | zotlabs <mike@macgirvin.com> | 2016-10-13 21:01:54 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2016-10-13 21:01:54 -0700 |
commit | bd70e6ae6d5baa5f75e3c704ae25ff41a6a90047 (patch) | |
tree | 7a8c6cc7392e17ddeaa881ad82984f585ff28659 /include | |
parent | daaefed61bc6a38a102ce2c357278158535a2b27 (diff) | |
download | volse-hubzilla-bd70e6ae6d5baa5f75e3c704ae25ff41a6a90047.tar.gz volse-hubzilla-bd70e6ae6d5baa5f75e3c704ae25ff41a6a90047.tar.bz2 volse-hubzilla-bd70e6ae6d5baa5f75e3c704ae25ff41a6a90047.zip |
try to filter any path information from leaking through to zot_finger; and log the url wherever called to track down where it might be called with a malformed webbie or complete path instead of hostname.
Diffstat (limited to 'include')
-rw-r--r-- | include/zot.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/zot.php b/include/zot.php index 2e02b96e7..f6d6fe362 100644 --- a/include/zot.php +++ b/include/zot.php @@ -186,6 +186,8 @@ function zot_finger($webbie, $channel = null, $autofallback = true) { } else { $address = substr($webbie,0,strpos($webbie,'@')); $host = substr($webbie,strpos($webbie,'@')+1); + if(strpos($host,'/')) + $host = substr($host,0,strpos($host,'/')); } $xchan_addr = $address . '@' . $host; @@ -355,6 +357,8 @@ function zot_refresh($them, $channel = null, $force = false) { $rhs = '/.well-known/zot-info'; + logger('zot_refresh: ' . $url, LOGGER_DATA, LOG_INFO); + $result = z_post_url($url . $rhs,$postvars); logger('zot_refresh: zot-info: ' . print_r($result,true), LOGGER_DATA, LOG_DEBUG); |