diff options
-rw-r--r-- | mod/dfrn_request.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 7db61d35b..4b41c9c6c 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -33,7 +33,7 @@ function dfrn_request_post(&$a) { // callback to local site after remote request and local confirm if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1) - && local_user() && ($_SESSION['uid'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) { + && local_user() && ($a->user['nickname'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) { // We are the requestor, and we've been sent back to our own site // to confirm the request. We've done so and clicked submit, @@ -136,6 +136,9 @@ function dfrn_request_post(&$a) { notice( "Unrecoverable protocol error." . EOL ); goaway($a->get_baseurl()); } + // extra safety + if($_POST['localconfirm']) + return; // we are operating as a remote site and an introduction was requested of us. |