Burn notices, burn

diff --git a/mod/bookmarklet.php b/mod/bookmarklet.php
index 21b2039c5891c97260aae78c34a91c8a84716540..e1ae9aa64ce60dd94119865d570d8962e773e169 100644 (file)
--- a/mod/bookmarklet.php
+++ b/mod/bookmarklet.php
@@ -30,6 +30,10 @@ function bookmarklet_content(App $a)
        $page = normalise_link(System::baseUrl() . "/bookmarklet");
 
        if (!strstr($referer, $page)) {
+               if (empty($_REQUEST["url"])) {
+                       System::httpExit(400, ["title" => L10n::t('Bad Request')]);
+               }
+
                $content = add_page_info($_REQUEST["url"]);
 
                $x = [

diff --git a/mod/photos.php b/mod/photos.php
index 16af455997ddf6d2ec1a76e6acde8ee64d4e365c..e205d72c6d93114d13b2c10708f4b80bcdefe684 100644 (file)
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -212,7 +212,7 @@ function photos_post(App $a)
                }
 
                // Check if the user has responded to a delete confirmation query
-               if ($_REQUEST['canceled']) {
+               if (!empty($_REQUEST['canceled'])) {
                        goaway($_SESSION['photo_return']);
                }
 
@@ -762,12 +762,14 @@ function photos_post(App $a)
                $filesize = $ret['filesize'];
                $type     = $ret['type'];
                $error    = UPLOAD_ERR_OK;
-       } else {
+       } elseif (!empty($_FILES['userfile'])) {
                $src      = $_FILES['userfile']['tmp_name'];
                $filename = basename($_FILES['userfile']['name']);
                $filesize = intval($_FILES['userfile']['size']);
                $type     = $_FILES['userfile']['type'];
                $error    = $_FILES['userfile']['error'];
+       } else {
+               $error    = UPLOAD_ERR_NO_FILE;
        }
 
        if ($error !== UPLOAD_ERR_OK) {

diff --git a/mod/salmon.php b/mod/salmon.php
index d07b06004d130f863cae45daec499fc2c95f3b53..bd4b3773cb7a4de2a81d1618115f9f885d177226 100644 (file)
--- a/mod/salmon.php
+++ b/mod/salmon.php
@@ -41,14 +41,14 @@ function salmon_post(App $a, $xml = '') {
        $base = null;
 
        // figure out where in the DOM tree our data is hiding
-       if($dom->provenance->data)
+       if (!empty($dom->provenance->data))
                $base = $dom->provenance;
-       elseif($dom->env->data)
+       elseif (!empty($dom->env->data))
                $base = $dom->env;
-       elseif($dom->data)
+       elseif (!empty($dom->data))
                $base = $dom;
 
-       if(! $base) {
+       if (empty($base)) {
                logger('unable to locate salmon data in xml ');
                System::httpExit(400);
        }

diff --git a/mod/webfinger.php b/mod/webfinger.php
index 6f49a8f28c44ebf9ea33ca2a1f3aa9778a50e7e0..4f23db6d8f300bd8e42732cee9df1cc44594a261 100644 (file)
--- a/mod/webfinger.php
+++ b/mod/webfinger.php
@@ -23,7 +23,7 @@ function webfinger_content(App $a)
        $o  = '<h3>Webfinger Diagnostic</h3>';
 
        $o .= '<form action="webfinger" method="get">';
-       $o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" />';
+       $o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . defaults($_GET, 'addr', '') .'" />';
        $o .= '<input type="submit" name="submit" value="Submit" /></form>';
 
        $o .= '<br /><br />';

diff --git a/src/Model/Profile.php b/src/Model/Profile.php
index 29bc7e680d1bbd3d7240c1af30de1997d6271575..3a014517da9b158875c176c4654c0428e3686f95 100644 (file)
--- a/src/Model/Profile.php
+++ b/src/Model/Profile.php
@@ -361,7 +361,7 @@ class Profile
                        if ($r) {
                                $remote_url = $r[0]['url'];
                                $message_path = preg_replace('=(.*)/profile/(.*)=ism', '$1/message/new/', $remote_url);
-                               $wallmessage_link = $message_path . base64_encode($profile['addr']);
+                               $wallmessage_link = $message_path . base64_encode(defaults($profile, 'addr', ''));
                        } else if (!empty($profile['nickname'])) {
                                $wallmessage_link = 'wallmessage/' . $profile['nickname'];
                        }

diff --git a/src/Network/Probe.php b/src/Network/Probe.php
index af2d1c9a16ef6d8254dbc8ca7b803e338097d324..75231f44ff0bc9e2e1061704cdcbdecc1df1783a 100644 (file)
--- a/src/Network/Probe.php
+++ b/src/Network/Probe.php
@@ -967,23 +967,23 @@ class Probe
                $hcard_url = "";
                $data = [];
                foreach ($webfinger["links"] as $link) {
-                       if (($link["rel"] == NAMESPACE_DFRN) && ($link["href"] != "")) {
+                       if (($link["rel"] == NAMESPACE_DFRN) && !empty($link["href"])) {
                                $data["network"] = Protocol::DFRN;
-                       } elseif (($link["rel"] == NAMESPACE_FEED) && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == NAMESPACE_FEED) && !empty($link["href"])) {
                                $data["poll"] = $link["href"];
-                       } elseif (($link["rel"] == "http://webfinger.net/rel/profile-page") && ($link["type"] == "text/html") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "http://webfinger.net/rel/profile-page") && (defaults($link, "type", "") == "text/html") && !empty($link["href"])) {
                                $data["url"] = $link["href"];
-                       } elseif (($link["rel"] == "http://microformats.org/profile/hcard") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "http://microformats.org/profile/hcard") && !empty($link["href"])) {
                                $hcard_url = $link["href"];
-                       } elseif (($link["rel"] == NAMESPACE_POCO) && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == NAMESPACE_POCO) && !empty($link["href"])) {
                                $data["poco"] = $link["href"];
-                       } elseif (($link["rel"] == "http://webfinger.net/rel/avatar") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "http://webfinger.net/rel/avatar") && !empty($link["href"])) {
                                $data["photo"] = $link["href"];
-                       } elseif (($link["rel"] == "http://joindiaspora.com/seed_location") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "http://joindiaspora.com/seed_location") && !empty($link["href"])) {
                                $data["baseurl"] = trim($link["href"], '/');
-                       } elseif (($link["rel"] == "http://joindiaspora.com/guid") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "http://joindiaspora.com/guid") && !empty($link["href"])) {
                                $data["guid"] = $link["href"];
-                       } elseif (($link["rel"] == "diaspora-public-key") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "diaspora-public-key") && !empty($link["href"])) {
                                $data["pubkey"] = base64_decode($link["href"]);
 
                                //if (strstr($data["pubkey"], 'RSA ') || ($link["type"] == "RSA"))
@@ -1170,21 +1170,21 @@ class Probe
                $hcard_url = "";
                $data = [];
                foreach ($webfinger["links"] as $link) {
-                       if (($link["rel"] == "http://microformats.org/profile/hcard") && ($link["href"] != "")) {
+                       if (($link["rel"] == "http://microformats.org/profile/hcard") && !empty($link["href"])) {
                                $hcard_url = $link["href"];
-                       } elseif (($link["rel"] == "http://joindiaspora.com/seed_location") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "http://joindiaspora.com/seed_location") && !empty($link["href"])) {
                                $data["baseurl"] = trim($link["href"], '/');
-                       } elseif (($link["rel"] == "http://joindiaspora.com/guid") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "http://joindiaspora.com/guid") && !empty($link["href"])) {
                                $data["guid"] = $link["href"];
-                       } elseif (($link["rel"] == "http://webfinger.net/rel/profile-page") && ($link["type"] == "text/html") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "http://webfinger.net/rel/profile-page") && (defaults($link, "type", "") == "text/html") && !empty($link["href"])) {
                                $data["url"] = $link["href"];
-                       } elseif (($link["rel"] == NAMESPACE_FEED) && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == NAMESPACE_FEED) && !empty($link["href"])) {
                                $data["poll"] = $link["href"];
-                       } elseif (($link["rel"] == NAMESPACE_POCO) && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == NAMESPACE_POCO) && !empty($link["href"])) {
                                $data["poco"] = $link["href"];
-                       } elseif (($link["rel"] == "salmon") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "salmon") && !empty($link["href"])) {
                                $data["notify"] = $link["href"];
-                       } elseif (($link["rel"] == "diaspora-public-key") && ($link["href"] != "")) {
+                       } elseif (($link["rel"] == "diaspora-public-key") && !empty($link["href"])) {
                                $data["pubkey"] = base64_decode($link["href"]);
 
                                //if (strstr($data["pubkey"], 'RSA ') || ($link["type"] == "RSA"))
@@ -1272,15 +1272,15 @@ class Probe
                if (is_array($webfinger["links"])) {
                        foreach ($webfinger["links"] as $link) {
                                if (($link["rel"] == "http://webfinger.net/rel/profile-page")
-                                       && ($link["type"] == "text/html")
+                                       && (defaults($link, "type", "") == "text/html")
                                        && ($link["href"] != "")
                                ) {
                                        $data["url"] = $link["href"];
-                               } elseif (($link["rel"] == "salmon") && ($link["href"] != "")) {
+                               } elseif (($link["rel"] == "salmon") && !empty($link["href"])) {
                                        $data["notify"] = $link["href"];
-                               } elseif (($link["rel"] == NAMESPACE_FEED) && ($link["href"] != "")) {
+                               } elseif (($link["rel"] == NAMESPACE_FEED) && !empty($link["href"])) {
                                        $data["poll"] = $link["href"];
-                               } elseif (($link["rel"] == "magic-public-key") && ($link["href"] != "")) {
+                               } elseif (($link["rel"] == "magic-public-key") && !empty($link["href"])) {
                                        $pubkey = $link["href"];
 
                                        if (substr($pubkey, 0, 5) === 'data:') {
@@ -1436,7 +1436,7 @@ class Probe
                $data = [];
                foreach ($webfinger["links"] as $link) {
                        if (($link["rel"] == "http://webfinger.net/rel/profile-page")
-                               && ($link["type"] == "text/html")
+                               && (defaults($link, "type", "") == "text/html")
                                && ($link["href"] != "")
                        ) {
                                $data["url"] = $link["href"];