Confirm there's actually user and domain portions of acct string before assigning things from output of explode(); avoids notice message when invalid input passed to main/xrd

This commit is contained in:
Brion Vibber 2010-03-22 11:27:39 -07:00
parent a20880ee1e
commit 3bb639699c

View File

@ -35,9 +35,13 @@ class UserxrdAction extends XrdAction
$this->uri = Discovery::normalize($this->uri); $this->uri = Discovery::normalize($this->uri);
if (Discovery::isWebfinger($this->uri)) { if (Discovery::isWebfinger($this->uri)) {
list($nick, $domain) = explode('@', substr(urldecode($this->uri), 5)); $parts = explode('@', substr(urldecode($this->uri), 5));
$nick = common_canonical_nickname($nick); if (count($parts) == 2) {
$this->user = User::staticGet('nickname', $nick); list($nick, $domain) = $parts;
// @fixme confirm the domain too
$nick = common_canonical_nickname($nick);
$this->user = User::staticGet('nickname', $nick);
}
} else { } else {
$this->user = User::staticGet('uri', $this->uri); $this->user = User::staticGet('uri', $this->uri);
} }