From 5c75fe4c1440bcb1d7d6ec2e35e3abb116638e3a Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 9 Apr 2017 04:29:02 +0000 Subject: [PATCH] Avoid possible problems with numeric nicknames and GNU Social --- include/Probe.php | 42 +++++++++++++++++++++--------------------- mod/probe.php | 7 +++++++ mod/webfinger.php | 7 +++++++ 3 files changed, 35 insertions(+), 21 deletions(-) diff --git a/include/Probe.php b/include/Probe.php index c2136eec8b..f67a821f9d 100644 --- a/include/Probe.php +++ b/include/Probe.php @@ -364,9 +364,9 @@ class Probe { return self::mail($uri, $uid); } - if ($network == NETWORK_MAIL) + if ($network == NETWORK_MAIL) { return self::mail($uri, $uid); - + } // Remove "acct:" from the URI $uri = str_replace('acct:', '', $uri); @@ -391,37 +391,37 @@ class Probe { /// @todo Do we need the prefix "acct:" or "acct://"? foreach ($lrdd AS $key => $link) { - if ($webfinger) + if ($webfinger) { continue; - - if (!in_array($key, array("lrdd", "lrdd-xml", "lrdd-json"))) + } + if (!in_array($key, array("lrdd", "lrdd-xml", "lrdd-json"))) { continue; - - // Try webfinger with the address (user@domain.tld) - $path = str_replace('{uri}', urlencode($addr), $link); + } + // At first try it with the given uri + $path = str_replace('{uri}', urlencode($uri), $link); $webfinger = self::webfinger($path); - // Mastodon needs to have it with "acct:" + // We cannot be sure that the detected address was correct, so we don't use the values + if ($webfinger AND ($uri != $addr)) { + $nick = ""; + $addr = ""; + } + + // Try webfinger with the address (user@domain.tld) if (!$webfinger) { - $path = str_replace('{uri}', urlencode("acct:".$addr), $link); + $path = str_replace('{uri}', urlencode($addr), $link); $webfinger = self::webfinger($path); } - // If webfinger wasn't successful then try it with the URL - possibly in the format https://... - if (!$webfinger AND ($uri != $addr)) { - $path = str_replace('{uri}', urlencode($uri), $link); + // Mastodon needs to have it with "acct:" + if (!$webfinger) { + $path = str_replace('{uri}', urlencode("acct:".$addr), $link); $webfinger = self::webfinger($path); - - // Since the detection with the address wasn't successful, we delete it. - if ($webfinger) { - $nick = ""; - $addr = ""; - } } - } - if (!$webfinger) + if (!$webfinger) { return self::feed($uri); + } $result = false; diff --git a/mod/probe.php b/mod/probe.php index 95f856bfa1..8c951a7fcf 100644 --- a/mod/probe.php +++ b/mod/probe.php @@ -4,6 +4,13 @@ require_once('include/Scrape.php'); function probe_content(App $a) { + if (!local_user()) { + http_status_exit(403, + array("title" => t("Public access denied."), + "description" => t("Only logged in users are permitted to perform a probing."))); + killme(); + } + $o .= '

Probe Diagnostic

'; $o .= '
'; diff --git a/mod/webfinger.php b/mod/webfinger.php index eee0580e31..d823bd2dc2 100644 --- a/mod/webfinger.php +++ b/mod/webfinger.php @@ -3,6 +3,13 @@ require_once("include/Probe.php"); function webfinger_content(App $a) { + if (!local_user()) { + http_status_exit(403, + array("title" => t("Public access denied."), + "description" => t("Only logged in users are permitted to perform a probing."))); + killme(); + } + $o .= '

Webfinger Diagnostic

'; $o .= ''; -- 2.39.5