From: Mikael Nordfeldth <mmn@hethane.se>
Date: Sat, 13 Feb 2016 13:06:05 +0000 (+0100)
Subject: Might as well put a FILTER_SANITIZE_EMAIL there
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=c23c3a4f537a13b638dd77399063376b7b1386b8;p=quix0rs-gnu-social.git

Might as well put a FILTER_SANITIZE_EMAIL there

Not that I think we could break out of the directory since
we use basename, but you never know... maybe there's a unicode
bug in PHP or something.
---

diff --git a/socialfy-your-domain/dot-well-known/webfinger/index.php b/socialfy-your-domain/dot-well-known/webfinger/index.php
index 989b3203be..91071bc4c3 100644
--- a/socialfy-your-domain/dot-well-known/webfinger/index.php
+++ b/socialfy-your-domain/dot-well-known/webfinger/index.php
@@ -31,6 +31,9 @@ if (mb_strpos($u, 'acct:')===0) {
     $u = substr($u, 5);
 }
 
+// Just to be a little bit safer, you know, with all the unicode stuff going on
+$u = filter_var($u, FILTER_SANITIZE_EMAIL);
+
 $f = $u . ".xml";
 
 if (file_exists($f)) {