From bd70e6ae6d5baa5f75e3c704ae25ff41a6a90047 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 13 Oct 2016 21:01:54 -0700 Subject: try to filter any path information from leaking through to zot_finger; and log the url wherever called to track down where it might be called with a malformed webbie or complete path instead of hostname. --- Zotlabs/Zot/Finger.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Zot/Finger.php') diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index e7603442f..210513e60 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -32,6 +32,8 @@ class Finger { } else { $address = substr($webbie,0,strpos($webbie,'@')); $host = substr($webbie,strpos($webbie,'@')+1); + if(strpos($host,'/')) + $host = substr($host,0,strpos($host,'/')); } $xchan_addr = $address . '@' . $host; @@ -58,7 +60,7 @@ class Finger { if ($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') { logger('zot_finger: alternate network: ' . $webbie); - logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG); + logger('url: ' . $url . ', net: ' . var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG); return $ret; } } -- cgit v1.2.3