Might as well put a FILTER_SANITIZE_EMAIL there

Not that I think we could break out of the directory since
we use basename, but you never know... maybe there's a unicode
bug in PHP or something.

diff --git a/socialfy-your-domain/dot-well-known/webfinger/index.php b/socialfy-your-domain/dot-well-known/webfinger/index.php
index 989b3203be0610fad443b273ed81520ba03c95ae..91071bc4c3b65cd2806d9c7f68d0e3980b3b1699 100644 (file)
--- a/socialfy-your-domain/dot-well-known/webfinger/index.php
+++ b/socialfy-your-domain/dot-well-known/webfinger/index.php
@@ -31,6 +31,9 @@ if (mb_strpos($u, 'acct:')===0) {
     $u = substr($u, 5);
 }
 
+// Just to be a little bit safer, you know, with all the unicode stuff going on
+$u = filter_var($u, FILTER_SANITIZE_EMAIL);
+
 $f = $u . ".xml";
 
 if (file_exists($f)) {