From 3bb639699c7a5e7e96c0d048adbe48a3ed486fc9 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Mon, 22 Mar 2010 11:27:39 -0700
Subject: [PATCH] Confirm there's actually user and domain portions of acct
 string before assigning things from output of explode(); avoids notice
 message when invalid input passed to main/xrd

---
 plugins/OStatus/actions/userxrd.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/plugins/OStatus/actions/userxrd.php b/plugins/OStatus/actions/userxrd.php
index eb80a5ad46..6a6886eb8c 100644
--- a/plugins/OStatus/actions/userxrd.php
+++ b/plugins/OStatus/actions/userxrd.php
@@ -35,9 +35,13 @@ class UserxrdAction extends XrdAction
         $this->uri = Discovery::normalize($this->uri);
         
         if (Discovery::isWebfinger($this->uri)) {
-            list($nick, $domain) = explode('@', substr(urldecode($this->uri), 5));
-            $nick = common_canonical_nickname($nick);
-            $this->user = User::staticGet('nickname', $nick);
+            $parts = explode('@', substr(urldecode($this->uri), 5));
+            if (count($parts) == 2) {
+                list($nick, $domain) = $parts;
+                // @fixme confirm the domain too
+                $nick = common_canonical_nickname($nick);
+                $this->user = User::staticGet('nickname', $nick);
+            }
         } else {
             $this->user = User::staticGet('uri', $this->uri);
         }
-- 
2.39.2