Avoid beeing flooded by invalid requests

[friendica.git] / mod / xrd.php

diff --git a/mod/xrd.php b/mod/xrd.php
index 05b07dc162505a1bc76248a90ab686081f253123..921d48fe93708cddf1c66280207cadc5baf6734a 100644 (file)
--- a/mod/xrd.php
+++ b/mod/xrd.php
@@ -2,23 +2,33 @@
 /**
  * @file mod/xrd.php
  */
+
 use Friendica\App;
+use Friendica\Core\Addon;
 use Friendica\Core\System;
-use Friendica\Database\DBM;
+use Friendica\Database\DBA;
 use Friendica\Protocol\Salmon;
 
 function xrd_init(App $a)
 {
        if ($a->argv[0] == 'xrd') {
+               if (empty($_GET['uri'])) {
+                       System::httpExit(404);
+               }
+
                $uri = urldecode(notags(trim($_GET['uri'])));
-               if ($_SERVER['HTTP_ACCEPT'] == 'application/jrd+json') {
+               if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/jrd+json') {
                        $mode = 'json';
                } else {
                        $mode = 'xml';
                }
        } else {
+               if (empty($_GET['resource'])) {
+                       System::httpExit(404);
+               }
+
                $uri = urldecode(notags(trim($_GET['resource'])));
-               if ($_SERVER['HTTP_ACCEPT'] == 'application/xrd+xml') {
+               if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/xrd+xml') {
                        $mode = 'xml';
                } else {
                        $mode = 'json';
@@ -36,9 +46,9 @@ function xrd_init(App $a)
                $name = substr($local, 0, strpos($local, '@'));
        }
 
-       $user = dba::selectFirst('user', [], ['nickname' => $name]);
-       if (!DBM::is_result($user)) {
-               killme();
+       $user = DBA::selectFirst('user', [], ['nickname' => $name]);
+       if (!DBA::isResult($user)) {
+               System::httpExit(404);
        }
 
        $profile_url = System::baseUrl().'/profile/'.$user['nickname'];
@@ -64,21 +74,26 @@ function xrd_json($a, $uri, $alias, $profile_url, $r)
        header('Access-Control-Allow-Origin: *');
        header("Content-type: application/json; charset=utf-8");
 
-       $json = array('subject' => $uri,
-                       'aliases' => array($alias, $profile_url),
-                       'links' => array(array('rel' => NAMESPACE_DFRN, 'href' => $profile_url),
-                                       array('rel' => NAMESPACE_FEED, 'type' => 'application/atom+xml', 'href' => System::baseUrl().'/dfrn_poll/'.$r['nickname']),
-                                       array('rel' => 'http://webfinger.net/rel/profile-page', 'type' => 'text/html', 'href' => $profile_url),
-                                       array('rel' => 'http://microformats.org/profile/hcard', 'type' => 'text/html', 'href' => System::baseUrl().'/hcard/'.$r['nickname']),
-                                       array('rel' => NAMESPACE_POCO, 'href' => System::baseUrl().'/poco/'.$r['nickname']),
-                                       array('rel' => 'http://webfinger.net/rel/avatar', 'type' => 'image/jpeg', 'href' => System::baseUrl().'/photo/profile/'.$r['uid'].'.jpg'),
-                                       array('rel' => 'http://joindiaspora.com/seed_location', 'type' => 'text/html', 'href' => System::baseUrl()),
-                                       array('rel' => 'salmon', 'href' => System::baseUrl().'/salmon/'.$r['nickname']),
-                                       array('rel' => 'http://salmon-protocol.org/ns/salmon-replies', 'href' => System::baseUrl().'/salmon/'.$r['nickname']),
-                                       array('rel' => 'http://salmon-protocol.org/ns/salmon-mention', 'href' => System::baseUrl().'/salmon/'.$r['nickname'].'/mention'),
-                                       array('rel' => 'http://ostatus.org/schema/1.0/subscribe', 'template' => System::baseUrl().'/follow?url={uri}'),
-                                       array('rel' => 'magic-public-key', 'href' => 'data:application/magic-public-key,'.$salmon_key)
-       ));
+       $json = ['subject' => $uri,
+               'aliases' => [$alias, $profile_url],
+               'links' => [
+                       ['rel' => NAMESPACE_DFRN, 'href' => $profile_url],
+                       ['rel' => NAMESPACE_FEED, 'type' => 'application/atom+xml', 'href' => System::baseUrl().'/dfrn_poll/'.$r['nickname']],
+                       ['rel' => 'http://webfinger.net/rel/profile-page', 'type' => 'text/html', 'href' => $profile_url],
+                       ['rel' => 'self', 'type' => 'application/activity+json', 'href' => $profile_url],
+                       ['rel' => 'http://microformats.org/profile/hcard', 'type' => 'text/html', 'href' => System::baseUrl().'/hcard/'.$r['nickname']],
+                       ['rel' => NAMESPACE_POCO, 'href' => System::baseUrl().'/poco/'.$r['nickname']],
+                       ['rel' => 'http://webfinger.net/rel/avatar', 'type' => 'image/jpeg', 'href' => System::baseUrl().'/photo/profile/'.$r['uid'].'.jpg'],
+                       ['rel' => 'http://joindiaspora.com/seed_location', 'type' => 'text/html', 'href' => System::baseUrl()],
+                       ['rel' => 'salmon', 'href' => System::baseUrl().'/salmon/'.$r['nickname']],
+                       ['rel' => 'http://salmon-protocol.org/ns/salmon-replies', 'href' => System::baseUrl().'/salmon/'.$r['nickname']],
+                       ['rel' => 'http://salmon-protocol.org/ns/salmon-mention', 'href' => System::baseUrl().'/salmon/'.$r['nickname'].'/mention'],
+                       ['rel' => 'http://ostatus.org/schema/1.0/subscribe', 'template' => System::baseUrl().'/follow?url={uri}'],
+                       ['rel' => 'magic-public-key', 'href' => 'data:application/magic-public-key,'.$salmon_key],
+                       ['rel' => 'http://purl.org/openwebauth/v1', 'type' => 'application/x-dfrn+json', 'href' => System::baseUrl().'/owa']
+               ]
+       ];
+
        echo json_encode($json);
        killme();
 }
@@ -92,7 +107,7 @@ function xrd_xml($a, $uri, $alias, $profile_url, $r)
 
        $tpl = get_markup_template('xrd_person.tpl');
 
-       $o = replace_macros($tpl, array(
+       $o = replace_macros($tpl, [
                '$nick'        => $r['nickname'],
                '$accturi'     => $uri,
                '$alias'       => $alias,
@@ -101,15 +116,16 @@ function xrd_xml($a, $uri, $alias, $profile_url, $r)
                '$atom'        => System::baseUrl() . '/dfrn_poll/'     . $r['nickname'],
                '$poco_url'    => System::baseUrl() . '/poco/'          . $r['nickname'],
                '$photo'       => System::baseUrl() . '/photo/profile/' . $r['uid']      . '.jpg',
-               '$baseurl' => System::baseUrl(),
+               '$baseurl'     => System::baseUrl(),
                '$salmon'      => System::baseUrl() . '/salmon/'        . $r['nickname'],
                '$salmen'      => System::baseUrl() . '/salmon/'        . $r['nickname'] . '/mention',
                '$subscribe'   => System::baseUrl() . '/follow?url={uri}',
-               '$modexp'      => 'data:application/magic-public-key,'  . $salmon_key)
+               '$openwebauth' => System::baseUrl() . '/owa',
+               '$modexp'      => 'data:application/magic-public-key,'  . $salmon_key]
        );
 
-       $arr = array('user' => $r, 'xml' => $o);
-       call_hooks('personal_xrd', $arr);
+       $arr = ['user' => $r, 'xml' => $o];
+       Addon::callHooks('personal_xrd', $arr);
 
        echo $arr['xml'];
        killme();