check address of the account

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
author: Maxence Lange <maxence@artificial-owl.com> 2019-01-07 09:40:51 -0100
committer: Backportbot <backportbot-noreply@rullzer.com> 2019-01-09 15:09:09 +0000
commit: 9a8a736a49a0f1443c772c03a1b7e7499cb09408 (patch)
tree: 40d49b7d1ac20f8759f013e5925e0e11e80e00d3 /lib/webfinger.php
parent: f4bf12e61bf719a122a813832a5c13465b32c6e8 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/webfinger.php b/lib/webfinger.php
index 70a6f0fc..7d8f1fe0 100644
--- a/lib/webfinger.php
+++ b/lib/webfinger.php
@@ -31,6 +31,7 @@ namespace OCA\Social;
 
 use Exception;
 use OCA\Social\Service\CacheActorService;
+use OCA\Social\Service\ConfigService;
 
 require_once(__DIR__ . '/../appinfo/autoload.php');
 
@@ -51,10 +52,16 @@ if ($type !== 'acct') {
 }
 
 
-$username = substr($account, 0, strrpos($account, '@'));
+list($username, $instance) = explode('@', $account);
 
 try {
 	$cacheActorService = \OC::$server->query(CacheActorService::class);
+	$configService = \OC::$server->query(ConfigService::class);
+
+	if ($configService->getCloudAddress(true) !== $instance) {
+		throw new Exception();
+	}
+
 	$cacheActorService->getFromLocalAccount($username);
 } catch (Exception $e) {
 	http_response_code(404);
author	Maxence Lange <maxence@artificial-owl.com>	2019-01-07 09:40:51 -0100
committer	Backportbot <backportbot-noreply@rullzer.com>	2019-01-09 15:09:09 +0000
commit	9a8a736a49a0f1443c772c03a1b7e7499cb09408 (patch)
tree	40d49b7d1ac20f8759f013e5925e0e11e80e00d3 /lib/webfinger.php
parent	f4bf12e61bf719a122a813832a5c13465b32c6e8 (diff)