From 4aff3d4217f72fe8e0903897951d3fd08637eb04 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 18 Jul 2013 18:22:08 -0700
Subject: validate input to import_xchan(), as we don't consistently check it
 prior to entering this function

---
 include/zot.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'include/zot.php')

diff --git a/include/zot.php b/include/zot.php
index 22f84b454..6d68d9087 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -445,6 +445,13 @@ function import_xchan($arr) {
 	$ret = array('success' => false);
 	$changed = false;
 
+	if(! (is_array($arr) && array_key_exists('success',$arr) && $arr['success'])) {
+		logger('import_xchan: invalid data packet: ' . print_r($arr,true));
+		$ret['message'] = t('Invalid data packet');
+		return $ret;
+	}
+
+
 	$xchan_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
 	$import_photos = false;
 
-- 
cgit v1.2.3