GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Confirm there's actually user and domain portions of acct string before assigning things from output of explode(); avoids notice message when invalid input passed to main/xrd

This commit is contained in:
Brion Vibber 2010-03-22 11:27:39 -07:00
parent a20880ee1e
commit 3bb639699c
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/OStatus/actions/userxrd.php
View File

@ -35,9 +35,13 @@ class UserxrdAction extends XrdAction
$this->uri = Discovery::normalize($this->uri);
if (Discovery::isWebfinger($this->uri)) {
list($nick, $domain) = explode('@', substr(urldecode($this->uri), 5));
$nick = common_canonical_nickname($nick);
$this->user = User::staticGet('nickname', $nick);
$parts = explode('@', substr(urldecode($this->uri), 5));
if (count($parts) == 2) {
list($nick, $domain) = $parts;
// @fixme confirm the domain too
$nick = common_canonical_nickname($nick);
$this->user = User::staticGet('nickname', $nick);
}
} else {
$this->user = User::staticGet('uri', $this->uri);
}