Fix: Prevent an endless loop when fetching quoted content

[friendica.git] / src / Security / ExAuth.php

diff --git a/src/Security/ExAuth.php b/src/Security/ExAuth.php
index a402218f5662890c5bea84cbd9907695254b29d9..cc1f03f8cc45ed9bde7b5b7e0aafb92ba86cbb45 100644 (file)
--- a/src/Security/ExAuth.php
+++ b/src/Security/ExAuth.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2010-2022, the Friendica project
+ * @copyright Copyright (C) 2010-2023, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -57,6 +57,7 @@ use Friendica\Core\PConfig\Capability\IManagePersonalConfigValues;
 use Friendica\Database\Database;
 use Friendica\DI;
 use Friendica\Model\User;
+use Friendica\Network\HTTPClient\Client\HttpClientAccept;
 use Friendica\Network\HTTPException;
 use Friendica\Util\PidFile;
 
@@ -152,11 +153,11 @@ class ExAuth
                        if (is_array($aCommand)) {
                                switch ($aCommand[0]) {
                                        case 'isuser':
-                                               // Check the existance of a given username
+                                               // Check the existence of a given username
                                                $this->isUser($aCommand);
                                                break;
                                        case 'auth':
-                                               // Check if the givven password is correct
+                                               // Check if the given password is correct
                                                $this->auth($aCommand);
                                                break;
                                        case 'setpass':
@@ -200,7 +201,7 @@ class ExAuth
                $sUser = str_replace(['%20', '(a)'], [' ', '@'], $aCommand[1]);
 
                // Does the hostname match? So we try directly
-               if ($this->baseURL->getHostname() == $aCommand[2]) {
+               if ($this->baseURL->getHost() == $aCommand[2]) {
                        $this->writeLog(LOG_INFO, 'internal user check for ' . $sUser . '@' . $aCommand[2]);
                        $found = $this->dba->exists('user', ['nickname' => $sUser]);
                } else {
@@ -224,7 +225,7 @@ class ExAuth
        }
 
        /**
-        * Check remote user existance via HTTP(S)
+        * Check remote user existence via HTTP(S)
         *
         * @param string  $host The hostname
         * @param string  $user Username
@@ -239,7 +240,7 @@ class ExAuth
 
                $url = ($ssl ? 'https' : 'http') . '://' . $host . '/noscrape/' . $user;
 
-               $curlResult = DI::httpClient()->get($url);
+               $curlResult = DI::httpClient()->get($url, HttpClientAccept::JSON);
 
                if (!$curlResult->isSuccess()) {
                        return false;
@@ -281,7 +282,7 @@ class ExAuth
 
                $Error = false;
                // Does the hostname match? So we try directly
-               if ($this->baseURL->getHostname() == $aCommand[2]) {
+               if ($this->baseURL->getHost() == $aCommand[2]) {
                        try {
                                $this->writeLog(LOG_INFO, 'internal auth for ' . $sUser . '@' . $aCommand[2]);
                                User::getIdFromPasswordAuthentication($sUser, $aCommand[3], true);
@@ -302,10 +303,10 @@ class ExAuth
 
                // If the hostnames doesn't match or there is some failure, we try to check remotely
                if ($Error && !$this->checkCredentials($aCommand[2], $aCommand[1], $aCommand[3], true)) {
-                       $this->writeLog(LOG_WARNING, 'authentification failed for user ' . $sUser . '@' . $aCommand[2]);
+                       $this->writeLog(LOG_WARNING, 'authentication failed for user ' . $sUser . '@' . $aCommand[2]);
                        fwrite(STDOUT, pack('nn', 2, 0));
                } else {
-                       $this->writeLog(LOG_NOTICE, 'authentificated user ' . $sUser . '@' . $aCommand[2]);
+                       $this->writeLog(LOG_NOTICE, 'authenticated user ' . $sUser . '@' . $aCommand[2]);
                        fwrite(STDOUT, pack('nn', 2, 1));
                }
        }