X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FXrd.php;h=6a4c0e860d31be4c12b07e005074a705d3647ba8;hb=c58dd5b471f9d2712893137308afa8436a19bd2f;hp=7b008549d6e73d51a26dfe994a0985bc5178989e;hpb=360614d2cf3aceeb763ef1281ad5236878f5d735;p=friendica.git

diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php
index 7b008549d6..6a4c0e860d 100644
--- a/src/Module/Xrd.php
+++ b/src/Module/Xrd.php
@@ -65,13 +65,19 @@ class Xrd extends BaseModule
 
 		if (substr($uri, 0, 4) === 'http') {
 			$name = ltrim(basename($uri), '~');
+			$host = parse_url($uri, PHP_URL_HOST);
 		} else {
 			$local = str_replace('acct:', '', $uri);
 			if (substr($local, 0, 2) == '//') {
 				$local = substr($local, 2);
 			}
 
-			$name = substr($local, 0, strpos($local, '@'));
+			list($name, $host) = explode('@', $local);
+		}
+
+		if (!empty($host) && $host !== DI::baseUrl()->getHost()) {
+			DI::logger()->notice('Invalid host name for xrd query',['host' => $host, 'uri' => $uri]);
+			throw new NotFoundException('Invalid host name for xrd query: ' . $host);
 		}
 
 		if ($name == User::getActorName()) {
@@ -105,7 +111,7 @@ class Xrd extends BaseModule
 
 	private function printSystemJSON(array $owner)
 	{
-		$baseURL = $this->baseUrl->get();
+		$baseURL = (string)$this->baseUrl;
 		$json = [
 			'subject' => 'acct:' . $owner['addr'],
 			'aliases' => [$owner['url']],
@@ -151,7 +157,7 @@ class Xrd extends BaseModule
 
 	private function printJSON(string $alias, array $owner, array $avatar)
 	{
-		$baseURL = $this->baseUrl->get();
+		$baseURL = (string)$this->baseUrl;
 
 		$json = [
 			'subject' => 'acct:' . $owner['addr'],
@@ -228,11 +234,9 @@ class Xrd extends BaseModule
 
 	private function printXML(string $alias, array $owner, array $avatar)
 	{
-		$baseURL = $this->baseUrl->get();
-
-		$xml = null;
+		$baseURL = (string)$this->baseUrl;
 
-		XML::fromArray([
+		$xmlString = XML::fromArray([
 			'XRD' => [
 				'@attributes' => [
 					'xmlns'    => 'http://docs.oasis-open.org/ns/xri/xrd-1.0',
@@ -319,10 +323,10 @@ class Xrd extends BaseModule
 					]
 				],
 			],
-		], $xml);
+		]);
 
 		header('Access-Control-Allow-Origin: *');
 
-		System::httpExit($xml->saveXML(), Response::TYPE_XML, 'application/xrd+xml');
+		System::httpExit($xmlString, Response::TYPE_XML, 'application/xrd+xml');
 	}
 }