X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FXrd.php;h=af40bc3b026aaed3ebf73c2516965d44b1f424fe;hb=e1863951986ba5be173758324a00652bc5af870c;hp=21cff563468d5496f825b7adbf46d7080dac5786;hpb=5e8451c1a7c27ceb3ffb2f731f919f272583494e;p=friendica.git diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php index 21cff56346..af40bc3b02 100644 --- a/src/Module/Xrd.php +++ b/src/Module/Xrd.php @@ -38,6 +38,8 @@ class Xrd extends BaseModule { protected function rawContent(array $request = []) { + header('Vary: Accept', false); + // @TODO: Replace with parameter from router if (DI::args()->getArgv()[0] == 'xrd') { if (empty($_GET['uri'])) { @@ -65,15 +67,23 @@ class Xrd extends BaseModule if (substr($uri, 0, 4) === 'http') { $name = ltrim(basename($uri), '~'); + $host = parse_url($uri, PHP_URL_HOST); } else { $local = str_replace('acct:', '', $uri); if (substr($local, 0, 2) == '//') { $local = substr($local, 2); } - $name = substr($local, 0, strpos($local, '@')); + list($name, $host) = explode('@', $local); + } + + if (!empty($host) && $host !== DI::baseUrl()->getHost()) { + DI::logger()->notice('Invalid host name for xrd query',['host' => $host, 'uri' => $uri]); + throw new NotFoundException('Invalid host name for xrd query: ' . $host); } + header('Vary: Accept', false); + if ($name == User::getActorName()) { $owner = User::getSystemAccount(); if (empty($owner)) { @@ -320,7 +330,6 @@ class Xrd extends BaseModule ]); header('Access-Control-Allow-Origin: *'); - System::httpExit($xmlString, Response::TYPE_XML, 'application/xrd+xml'); } }