if (substr($uri, 0, 4) === 'http') {
$name = ltrim(basename($uri), '~');
+ $host = parse_url($uri, PHP_URL_HOST);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
- $name = substr($local, 0, strpos($local, '@'));
+ list($name, $host) = explode('@', $local);
+ }
+
+ if (!empty($host) && $host !== DI::baseUrl()->getHost()) {
+ DI::logger()->notice('Invalid host name for xrd query',['host' => $host, 'uri' => $uri]);
+ throw new NotFoundException('Invalid host name for xrd query: ' . $host);
}
if ($name == User::getActorName()) {
private function printSystemJSON(array $owner)
{
- $baseURL = $this->baseUrl->get();
+ $baseURL = (string)$this->baseUrl;
$json = [
'subject' => 'acct:' . $owner['addr'],
'aliases' => [$owner['url']],
private function printJSON(string $alias, array $owner, array $avatar)
{
- $baseURL = $this->baseUrl->get();
+ $baseURL = (string)$this->baseUrl;
$json = [
'subject' => 'acct:' . $owner['addr'],
private function printXML(string $alias, array $owner, array $avatar)
{
- $baseURL = $this->baseUrl->get();
-
- $xml = null;
+ $baseURL = (string)$this->baseUrl;
- XML::fromArray([
+ $xmlString = XML::fromArray([
'XRD' => [
'@attributes' => [
'xmlns' => 'http://docs.oasis-open.org/ns/xri/xrd-1.0',
]
],
],
- ], $xml);
+ ]);
header('Access-Control-Allow-Origin: *');
- System::httpExit($xml->saveXML(), Response::TYPE_XML, 'application/xrd+xml');
+ System::httpExit($xmlString, Response::TYPE_XML, 'application/xrd+xml');
}
}
projects / friendica.git / blobdiff