aboutsummaryrefslogtreecommitdiffstats
path: root/mod/dfrn_request.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/dfrn_request.php')
-rw-r--r--mod/dfrn_request.php19
1 files changed, 12 insertions, 7 deletions
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index 0fb718ab6..617d4b2d8 100644
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -45,7 +45,7 @@ function dfrn_request_post(&$a) {
if(x($dfrn_url)) {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' LIMIT 1",
- intval($_SESSION['uid']),
+ intval(get_uid()),
dbesc($dfrn_url)
);
@@ -99,7 +99,7 @@ function dfrn_request_post(&$a) {
$r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `name`, `photo`, `site-pubkey`,
`request`, `confirm`, `notify`, `poll`, `aes_allow`)
VALUES ( %d, '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', %d)",
- intval($_SESSION['uid']),
+ intval(get_uid()),
datetime_convert(),
dbesc($dfrn_url),
$parms['fn'],
@@ -214,14 +214,19 @@ function dfrn_request_post(&$a) {
);
}
else {
-
+ if(! validate_url($url)) {
+ notice( t('Invalid profile URL.') . EOL);
+ goaway($a->get_baseurl() . '/' . $a->cmd);
+ return; // NOTREACHED
+ }
+
require_once('Scrape.php');
$parms = scrape_dfrn($url);
if(! count($parms)) {
notice( t('Profile location is not valid or does not contain profile information.') . EOL );
- killme();
+ goaway($a->get_baseurl() . '/' . $a->cmd);
}
else {
if(! x($parms,'fn'))
@@ -274,7 +279,7 @@ function dfrn_request_post(&$a) {
}
if($r === false) {
- notice( 'Failed to update contact record.' . EOL );
+ notice( t('Failed to update contact record.') . EOL );
return;
}
@@ -300,7 +305,7 @@ function dfrn_request_post(&$a) {
// "Homecoming" - send the requestor back to their site to record the introduction.
- $dfrn_url = bin2hex($a->get_baseurl() . "/profile/$nickname");
+ $dfrn_url = bin2hex($a->get_baseurl() . '/profile/' . $nickname);
$aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0);
goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" . '&confirm_key=' . $hash . (($aes_allow) ? "&aes_allow=1" : ""));
@@ -387,7 +392,7 @@ function dfrn_request_content(&$a) {
$res = mail($r[0]['email'],
t("Introduction received at ") . $a->config['sitename'],
$email,
- t('From: Administrator@') . $_SERVER[SERVER_NAME] );
+ 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] );
// This is a redundant notification - no point throwing errors if it fails.
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 06:12:34 +0000