From: Matthew Exon <git.mexon@spamgourmet.com>
Date: Mon, 8 Jul 2024 17:23:20 +0000 (+0200)
Subject: Return 400 error code on malformed request.  Fixes #14281
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=1701156a18f8003c6ce012a2598fd7d1dd183ac2;p=friendica.git

Return 400 error code on malformed request.  Fixes #14281
---

diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php
index e39b5d3af6..1e247341a2 100644
--- a/src/Module/Xrd.php
+++ b/src/Module/Xrd.php
@@ -26,6 +26,7 @@ use Friendica\Core\System;
 use Friendica\DI;
 use Friendica\Model\Photo;
 use Friendica\Model\User;
+use Friendica\Network\HTTPException\BadRequestException;
 use Friendica\Network\HTTPException\NotFoundException;
 use Friendica\Protocol\ActivityNamespace;
 use Friendica\Protocol\Salmon;
@@ -68,13 +69,15 @@ class Xrd extends BaseModule
 		if (substr($uri, 0, 4) === 'http') {
 			$name = ltrim(basename($uri), '~');
 			$host = parse_url($uri, PHP_URL_HOST);
-		} else {
+		} else if (substr($uri, 0, 4) === 'acct') {
 			$local = str_replace('acct:', '', $uri);
 			if (substr($local, 0, 2) == '//') {
 				$local = substr($local, 2);
 			}
 
 			list($name, $host) = explode('@', $local);
+		} else {
+			throw new BadRequestException();
 		}
 
 		if (!empty($host) && $host !== DI::baseUrl()->getHost()) {