diff options
| -rw-r--r-- | Zotlabs/Module/Magic.php | 9 | ||||
| -rw-r--r-- | include/connections.php | 15 |
2 files changed, 16 insertions, 8 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 4b3a223ba..25c318f30 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -19,7 +19,11 @@ class Magic extends \Zotlabs\Web\Controller { $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); - + + // Apache(?) appears to perform an htmlentities() operation on this variable + + $dest = html_entity_decode($dest); + $parsed = parse_url($dest); if(! $parsed) { if($test) { @@ -139,6 +143,9 @@ class Magic extends \Zotlabs\Web\Controller { if($owa) { + $dest = strip_zids($dest); + $dest = strip_query_param($dest,'f'); + $headers = []; $headers['Accept'] = 'application/x-zot+json' ; $headers['X-Open-Web-Auth'] = random_string(); diff --git a/include/connections.php b/include/connections.php index 5a9e31950..20f7c24ff 100644 --- a/include/connections.php +++ b/include/connections.php @@ -373,23 +373,24 @@ function contact_remove($channel_id, $abook_id) { if(intval($abook['abook_self'])) return false; - $r = q("select id from item where (owner_xchan = '%s' or author_xchan = '%s') and uid = %d and item_retained = 0 and item_starred = 0", dbesc($abook['abook_xchan']), dbesc($abook['abook_xchan']), intval($channel_id) ); if($r) { - $r = fetch_post_tags($r,true); - foreach($r as $rr) { - $terms = get_terms_oftype($item['term'],TERM_FILE); - if(! $terms) { - drop_item($rr['id'],false); + $x = q("select uid from term where otype = %d and oid = %d ttype = %d limit 1", + intval(TERM_OBJ_POST), + intval($rr['id']), + intval(TERM_FILE) + ); + if($x) { + continue; } + drop_item($rr['id'],false); } } - q("delete from abook where abook_id = %d and abook_channel = %d", intval($abook['abook_id']), |