]> git.mxchange.org Git - friendica.git/commitdiff
projects / friendica.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 491a5ca)
Return 400 error code on malformed request. Fixes #14281
authorMatthew Exon <git.mexon@spamgourmet.com>
Mon, 8 Jul 2024 17:23:20 +0000 (19:23 +0200)
committerMatthew Exon <git.mexon@spamgourmet.com>
Mon, 8 Jul 2024 17:23:20 +0000 (19:23 +0200)
src/Module/Xrd.php patch | blob | history

diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php
index e39b5d3af644ae8bd9902aaaaa92c73e9eee5c8f..1e247341a2bfece95dae48e6d0b0807be01ee71f 100644 (file)
--- a/src/Module/Xrd.php
+++ b/src/Module/Xrd.php
@@ -26,6 +26,7 @@ use Friendica\Core\System;
 use Friendica\DI;
 use Friendica\Model\Photo;
 use Friendica\Model\User;
+use Friendica\Network\HTTPException\BadRequestException;
 use Friendica\Network\HTTPException\NotFoundException;
 use Friendica\Protocol\ActivityNamespace;
 use Friendica\Protocol\Salmon;
@@ -68,13 +69,15 @@ class Xrd extends BaseModule
                if (substr($uri, 0, 4) === 'http') {
                        $name = ltrim(basename($uri), '~');
                        $host = parse_url($uri, PHP_URL_HOST);
-               } else {
+               } else if (substr($uri, 0, 4) === 'acct') {
                        $local = str_replace('acct:', '', $uri);
                        if (substr($local, 0, 2) == '//') {
                                $local = substr($local, 2);
                        }
 
                        list($name, $host) = explode('@', $local);
+               } else {
+                       throw new BadRequestException();
                }
 
                if (!empty($host) && $host !== DI::baseUrl()->getHost()) {
Unnamed repository; edit this file 'description' to name the repository.