From 539988b62f20d73f097ee24d5a7fb6d23fa9fd4d Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 5 Dec 2013 15:55:14 -0800
Subject: couple of additional checks

---
 mod/post.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'mod/post.php')

diff --git a/mod/post.php b/mod/post.php
index 31f17a873..73345c4e9 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -172,19 +172,30 @@ function post_init(&$a) {
 
 			$result = zot_zot($x[0]['hubloc_callback'],$p);
 
-			$ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
 
 			if(! $result['success']) {
 				logger('mod_zot: auth_check callback failed.');
 				if($test) {
+					$ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
 					json_return_and_die($ret);
 				}
 
 				goaway($desturl);
 			}
 			$j = json_decode($result['body'],true);
+			if(! $j) {
+				logger('mod_zot: auth_check json data malformed.');
+				if($test) {
+					$ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
+					json_return_and_die($ret);
+				}
+			}				
 		}
 
+		if($test) {
+			$ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL;
+		}	
+
 		if($already_authed || $j['success']) {
 			if($j['success']) {
 				// legit response, but we do need to check that this wasn't answered by a man-in-middle
-- 
cgit v1.2.3