Merge pull request #6432 from annando/deleted-pending

[friendica.git] / mod / xrd.php

diff --git a/mod/xrd.php b/mod/xrd.php
index a1ae7350b1e1ca2e1ebfa4d4af68a20f2fb7a2d7..1611540a6c4955990beb48644f7c1851adb7abd2 100644 (file)
--- a/mod/xrd.php
+++ b/mod/xrd.php
@@ -9,6 +9,7 @@ use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Protocol\Salmon;
+use Friendica\Util\Strings;
 
 function xrd_init(App $a)
 {
@@ -17,7 +18,7 @@ function xrd_init(App $a)
                        System::httpExit(404);
                }
 
-               $uri = urldecode(notags(trim($_GET['uri'])));
+               $uri = urldecode(Strings::escapeTags(trim($_GET['uri'])));
                if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/jrd+json') {
                        $mode = 'json';
                } else {
@@ -28,7 +29,7 @@ function xrd_init(App $a)
                        System::httpExit(404);
                }
 
-               $uri = urldecode(notags(trim($_GET['resource'])));
+               $uri = urldecode(Strings::escapeTags(trim($_GET['resource'])));
                if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/xrd+xml') {
                        $mode = 'xml';
                } else {
@@ -91,7 +92,7 @@ function xrd_json($a, $uri, $alias, $profile_url, $r)
                        ['rel' => 'http://salmon-protocol.org/ns/salmon-mention', 'href' => System::baseUrl().'/salmon/'.$r['nickname'].'/mention'],
                        ['rel' => 'http://ostatus.org/schema/1.0/subscribe', 'template' => System::baseUrl().'/follow?url={uri}'],
                        ['rel' => 'magic-public-key', 'href' => 'data:application/magic-public-key,'.$salmon_key],
-                       ['rel' => 'http://purl.org/openwebauth/v1', 'type' => 'application/x-dfrn+json', 'href' => System::baseUrl().'/owa']
+                       ['rel' => 'http://purl.org/openwebauth/v1', 'type' => 'application/x-zot+json', 'href' => System::baseUrl().'/owa']
                ]
        ];
 
@@ -106,7 +107,7 @@ function xrd_xml($a, $uri, $alias, $profile_url, $r)
        header('Access-Control-Allow-Origin: *');
        header("Content-type: text/xml");
 
-       $tpl = get_markup_template('xrd_person.tpl');
+       $tpl = Renderer::getMarkupTemplate('xrd_person.tpl');
 
        $o = Renderer::replaceMacros($tpl, [
                '$nick'        => $r['nickname'],