diff options
author | Maxence Lange <maxence@artificial-owl.com> | 2019-01-09 14:08:55 -0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-09 14:08:55 -0100 |
commit | 95a087d860cb6ec181a4de1f9576f4c8ba39aeb8 (patch) | |
tree | 28534f030abb44e737a38e45ca86e96e25224aba | |
parent | 0507a30d9d1413883ced88e6d53dbcfdabda3dbc (diff) | |
parent | 55aa267c300223ec6f3347e6cdb9150c3142b415 (diff) |
Merge pull request #313 from nextcloud/bugfix/noid/check-instance-during-webfinger
check address of the account
-rw-r--r-- | .drone.yml | 2 | ||||
-rw-r--r-- | lib/webfinger.php | 9 |
2 files changed, 9 insertions, 2 deletions
@@ -97,4 +97,4 @@ matrix: - TESTS: vue-build -branches: [ master, stable* ] +branches: [ master, stable*, alpha1 ] diff --git a/lib/webfinger.php b/lib/webfinger.php index 70a6f0fc..7d8f1fe0 100644 --- a/lib/webfinger.php +++ b/lib/webfinger.php @@ -31,6 +31,7 @@ namespace OCA\Social; use Exception; use OCA\Social\Service\CacheActorService; +use OCA\Social\Service\ConfigService; require_once(__DIR__ . '/../appinfo/autoload.php'); @@ -51,10 +52,16 @@ if ($type !== 'acct') { } -$username = substr($account, 0, strrpos($account, '@')); +list($username, $instance) = explode('@', $account); try { $cacheActorService = \OC::$server->query(CacheActorService::class); + $configService = \OC::$server->query(ConfigService::class); + + if ($configService->getCloudAddress(true) !== $instance) { + throw new Exception(); + } + $cacheActorService->getFromLocalAccount($username); } catch (Exception $e) { http_response_code(404); |