diff options
author | Maxence Lange <maxence@artificial-owl.com> | 2019-01-07 09:40:51 -0100 |
---|---|---|
committer | Julius Härtl <jus@bitgrid.net> | 2019-01-09 15:49:00 +0100 |
commit | 74ff20fa5ded56841376d70f41f49f61f7f2651a (patch) | |
tree | 1bada28678e3b5f88e0f426ecf510006ac0303c0 | |
parent | 0507a30d9d1413883ced88e6d53dbcfdabda3dbc (diff) |
check address of the account
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
-rw-r--r-- | lib/webfinger.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/webfinger.php b/lib/webfinger.php index 70a6f0fc..7d8f1fe0 100644 --- a/lib/webfinger.php +++ b/lib/webfinger.php @@ -31,6 +31,7 @@ namespace OCA\Social; use Exception; use OCA\Social\Service\CacheActorService; +use OCA\Social\Service\ConfigService; require_once(__DIR__ . '/../appinfo/autoload.php'); @@ -51,10 +52,16 @@ if ($type !== 'acct') { } -$username = substr($account, 0, strrpos($account, '@')); +list($username, $instance) = explode('@', $account); try { $cacheActorService = \OC::$server->query(CacheActorService::class); + $configService = \OC::$server->query(ConfigService::class); + + if ($configService->getCloudAddress(true) !== $instance) { + throw new Exception(); + } + $cacheActorService->getFromLocalAccount($username); } catch (Exception $e) { http_response_code(404); |