check address of the account

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
author: Maxence Lange <maxence@artificial-owl.com> 2019-01-07 09:40:51 -0100
committer: Julius Härtl <jus@bitgrid.net> 2019-01-09 15:49:00 +0100
commit: 74ff20fa5ded56841376d70f41f49f61f7f2651a (patch)
tree: 1bada28678e3b5f88e0f426ecf510006ac0303c0
parent: 0507a30d9d1413883ced88e6d53dbcfdabda3dbc (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/webfinger.php b/lib/webfinger.php
index 70a6f0fc..7d8f1fe0 100644
--- a/lib/webfinger.php
+++ b/lib/webfinger.php
@@ -31,6 +31,7 @@ namespace OCA\Social;
 
 use Exception;
 use OCA\Social\Service\CacheActorService;
+use OCA\Social\Service\ConfigService;
 
 require_once(__DIR__ . '/../appinfo/autoload.php');
 
@@ -51,10 +52,16 @@ if ($type !== 'acct') {
 }
 
 
-$username = substr($account, 0, strrpos($account, '@'));
+list($username, $instance) = explode('@', $account);
 
 try {
 	$cacheActorService = \OC::$server->query(CacheActorService::class);
+	$configService = \OC::$server->query(ConfigService::class);
+
+	if ($configService->getCloudAddress(true) !== $instance) {
+		throw new Exception();
+	}
+
 	$cacheActorService->getFromLocalAccount($username);
 } catch (Exception $e) {
 	http_response_code(404);
author	Maxence Lange <maxence@artificial-owl.com>	2019-01-07 09:40:51 -0100
committer	Julius Härtl <jus@bitgrid.net>	2019-01-09 15:49:00 +0100
commit	74ff20fa5ded56841376d70f41f49f61f7f2651a (patch)
tree	1bada28678e3b5f88e0f426ecf510006ac0303c0
parent	0507a30d9d1413883ced88e6d53dbcfdabda3dbc (diff)