X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fxrd.php;h=4b9b0ee8fb4e1931848b799cb07d5a86ec6b2dc7;hb=a8b0aa8c8d97a2d28b357fca17a63f2930c6b640;hp=bbfd7ce64a31687f5fc0a66e787c6c3c3e645e54;hpb=11cf36105ccd359c9d21a006e13b3767712196b6;p=friendica.git diff --git a/mod/xrd.php b/mod/xrd.php index bbfd7ce64a..4b9b0ee8fb 100644 --- a/mod/xrd.php +++ b/mod/xrd.php @@ -2,24 +2,35 @@ /** * @file mod/xrd.php */ + use Friendica\App; use Friendica\Core\Addon; +use Friendica\Core\Renderer; use Friendica\Core\System; -use Friendica\Database\DBM; +use Friendica\Database\DBA; use Friendica\Protocol\Salmon; +use Friendica\Util\Strings; function xrd_init(App $a) { if ($a->argv[0] == 'xrd') { - $uri = urldecode(notags(trim($_GET['uri']))); - if ($_SERVER['HTTP_ACCEPT'] == 'application/jrd+json') { + if (empty($_GET['uri'])) { + System::httpExit(404); + } + + $uri = urldecode(Strings::escapeTags(trim($_GET['uri']))); + if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/jrd+json') { $mode = 'json'; } else { $mode = 'xml'; } } else { - $uri = urldecode(notags(trim($_GET['resource']))); - if ($_SERVER['HTTP_ACCEPT'] == 'application/xrd+xml') { + if (empty($_GET['resource'])) { + System::httpExit(404); + } + + $uri = urldecode(Strings::escapeTags(trim($_GET['resource']))); + if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/xrd+xml') { $mode = 'xml'; } else { $mode = 'json'; @@ -37,18 +48,18 @@ function xrd_init(App $a) $name = substr($local, 0, strpos($local, '@')); } - $user = dba::selectFirst('user', [], ['nickname' => $name]); - if (!DBM::is_result($user)) { - killme(); + $user = DBA::selectFirst('user', [], ['nickname' => $name]); + if (!DBA::isResult($user)) { + System::httpExit(404); } $profile_url = System::baseUrl().'/profile/'.$user['nickname']; $alias = str_replace('/profile/', '/~', $profile_url); - $addr = 'acct:'.$user['nickname'].'@'.$a->get_hostname(); - if ($a->get_path()) { - $addr .= '/'.$a->get_path(); + $addr = 'acct:'.$user['nickname'].'@'.$a->getHostName(); + if ($a->getURLPath()) { + $addr .= '/'.$a->getURLPath(); } if ($mode == 'xml') { @@ -66,20 +77,25 @@ function xrd_json($a, $uri, $alias, $profile_url, $r) header("Content-type: application/json; charset=utf-8"); $json = ['subject' => $uri, - 'aliases' => [$alias, $profile_url], - 'links' => [['rel' => NAMESPACE_DFRN, 'href' => $profile_url], - ['rel' => NAMESPACE_FEED, 'type' => 'application/atom+xml', 'href' => System::baseUrl().'/dfrn_poll/'.$r['nickname']], - ['rel' => 'http://webfinger.net/rel/profile-page', 'type' => 'text/html', 'href' => $profile_url], - ['rel' => 'http://microformats.org/profile/hcard', 'type' => 'text/html', 'href' => System::baseUrl().'/hcard/'.$r['nickname']], - ['rel' => NAMESPACE_POCO, 'href' => System::baseUrl().'/poco/'.$r['nickname']], - ['rel' => 'http://webfinger.net/rel/avatar', 'type' => 'image/jpeg', 'href' => System::baseUrl().'/photo/profile/'.$r['uid'].'.jpg'], - ['rel' => 'http://joindiaspora.com/seed_location', 'type' => 'text/html', 'href' => System::baseUrl()], - ['rel' => 'salmon', 'href' => System::baseUrl().'/salmon/'.$r['nickname']], - ['rel' => 'http://salmon-protocol.org/ns/salmon-replies', 'href' => System::baseUrl().'/salmon/'.$r['nickname']], - ['rel' => 'http://salmon-protocol.org/ns/salmon-mention', 'href' => System::baseUrl().'/salmon/'.$r['nickname'].'/mention'], - ['rel' => 'http://ostatus.org/schema/1.0/subscribe', 'template' => System::baseUrl().'/follow?url={uri}'], - ['rel' => 'magic-public-key', 'href' => 'data:application/magic-public-key,'.$salmon_key] - ]]; + 'aliases' => [$alias, $profile_url], + 'links' => [ + ['rel' => NAMESPACE_DFRN, 'href' => $profile_url], + ['rel' => NAMESPACE_FEED, 'type' => 'application/atom+xml', 'href' => System::baseUrl().'/dfrn_poll/'.$r['nickname']], + ['rel' => 'http://webfinger.net/rel/profile-page', 'type' => 'text/html', 'href' => $profile_url], + ['rel' => 'self', 'type' => 'application/activity+json', 'href' => $profile_url], + ['rel' => 'http://microformats.org/profile/hcard', 'type' => 'text/html', 'href' => System::baseUrl().'/hcard/'.$r['nickname']], + ['rel' => NAMESPACE_POCO, 'href' => System::baseUrl().'/poco/'.$r['nickname']], + ['rel' => 'http://webfinger.net/rel/avatar', 'type' => 'image/jpeg', 'href' => System::baseUrl().'/photo/profile/'.$r['uid'].'.jpg'], + ['rel' => 'http://joindiaspora.com/seed_location', 'type' => 'text/html', 'href' => System::baseUrl()], + ['rel' => 'salmon', 'href' => System::baseUrl().'/salmon/'.$r['nickname']], + ['rel' => 'http://salmon-protocol.org/ns/salmon-replies', 'href' => System::baseUrl().'/salmon/'.$r['nickname']], + ['rel' => 'http://salmon-protocol.org/ns/salmon-mention', 'href' => System::baseUrl().'/salmon/'.$r['nickname'].'/mention'], + ['rel' => 'http://ostatus.org/schema/1.0/subscribe', 'template' => System::baseUrl().'/follow?url={uri}'], + ['rel' => 'magic-public-key', 'href' => 'data:application/magic-public-key,'.$salmon_key], + ['rel' => 'http://purl.org/openwebauth/v1', 'type' => 'application/x-dfrn+json', 'href' => System::baseUrl().'/owa'] + ] + ]; + echo json_encode($json); killme(); } @@ -91,9 +107,9 @@ function xrd_xml($a, $uri, $alias, $profile_url, $r) header('Access-Control-Allow-Origin: *'); header("Content-type: text/xml"); - $tpl = get_markup_template('xrd_person.tpl'); + $tpl = Renderer::getMarkupTemplate('xrd_person.tpl'); - $o = replace_macros($tpl, [ + $o = Renderer::replaceMacros($tpl, [ '$nick' => $r['nickname'], '$accturi' => $uri, '$alias' => $alias, @@ -102,10 +118,11 @@ function xrd_xml($a, $uri, $alias, $profile_url, $r) '$atom' => System::baseUrl() . '/dfrn_poll/' . $r['nickname'], '$poco_url' => System::baseUrl() . '/poco/' . $r['nickname'], '$photo' => System::baseUrl() . '/photo/profile/' . $r['uid'] . '.jpg', - '$baseurl' => System::baseUrl(), + '$baseurl' => System::baseUrl(), '$salmon' => System::baseUrl() . '/salmon/' . $r['nickname'], '$salmen' => System::baseUrl() . '/salmon/' . $r['nickname'] . '/mention', '$subscribe' => System::baseUrl() . '/follow?url={uri}', + '$openwebauth' => System::baseUrl() . '/owa', '$modexp' => 'data:application/magic-public-key,' . $salmon_key] );