aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Channel.php33
1 files changed, 17 insertions, 16 deletions
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php
index 6fac610aa..d6daaa0ad 100644
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -107,13 +107,11 @@ class Channel extends Controller {
// Somebody may attempt an ActivityStreams fetch on one of our message permalinks
// Make it do the right thing.
- $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : '');
- if ($mid && strpos($mid, 'b64.') === 0) {
- $decoded = @base64url_decode(substr($mid, 4));
- if ($decoded) {
- $mid = $decoded;
- }
+ $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : '');
+ if ($mid === false) {
+ http_status_exit(404, 'Not found');
}
+
if ($mid) {
$obj = null;
if (strpos($mid, z_root() . '/item/') === 0) {
@@ -158,15 +156,19 @@ class Channel extends Controller {
profile_load($which, $profile);
// Add Opengraph markup
- $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : '');
- if (strpos($mid, 'b64.') === 0)
- $mid = @base64url_decode(substr($mid, 4));
+ $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : '');
- if ($mid)
+ if ($mid === false) {
+ notice(t('Malformed message id.') . EOL);
+ return;
+ }
+
+ if ($mid) {
$r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d AND item_private = 0 LIMIT 1",
dbesc($mid),
intval($channel['channel_id'])
);
+ }
opengraph_add_meta((isset($r) && count($r) ? $r[0] : []), $channel);
}
@@ -177,12 +179,11 @@ class Channel extends Controller {
$category = $datequery = $datequery2 = '';
- $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : '');
-
- if (strpos($mid, 'b64.') === 0)
- $decoded = @base64url_decode(substr($mid, 4));
- if (isset($decoded))
- $mid = $decoded;
+ $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : '');
+ if ($mid === false) {
+ notice(t('Malformed message id.') . EOL);
+ return;
+ }
$datequery = ((x($_GET, 'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : '');
$datequery2 = ((x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : '');