From bd70e6ae6d5baa5f75e3c704ae25ff41a6a90047 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Thu, 13 Oct 2016 21:01:54 -0700
Subject: try to filter any path information from leaking through to
 zot_finger; and log the url wherever called to track down where it might be
 called with a malformed webbie or complete path instead of hostname.

---
 Zotlabs/Zot/Finger.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index e7603442f..210513e60 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -32,6 +32,8 @@ class Finger {
 		} else {
 			$address = substr($webbie,0,strpos($webbie,'@'));
 			$host = substr($webbie,strpos($webbie,'@')+1);
+			if(strpos($host,'/'))
+				$host = substr($host,0,strpos($host,'/'));
 		}
 
 		$xchan_addr = $address . '@' . $host;
@@ -58,7 +60,7 @@ class Finger {
 
 			if ($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') {
 				logger('zot_finger: alternate network: ' . $webbie);
-				logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG);
+				logger('url: ' . $url . ', net: ' . var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG);
 				return $ret;
 			}
 		} 
-- 
cgit v1.2.3