mirror of
https://github.com/friendica/friendica
synced 2024-10-12 09:04:34 +02:00
secure profile redirect failed with duplex relationship
This commit is contained in:
parent
7b51713ba3
commit
d6a75a0391
|
@ -99,18 +99,18 @@ function dfrn_poll_init(&$a) {
|
|||
dbesc($sec)
|
||||
);
|
||||
if(! count($r)) {
|
||||
xml_status(3);
|
||||
xml_status(3, 'No ticket');
|
||||
// NOTREACHED
|
||||
}
|
||||
$orig_id = $r[0]['dfrn_id'];
|
||||
if(strpos(':',$orig_id))
|
||||
if(strpos($orig_id, ':'))
|
||||
$orig_id = substr($orig_id,2);
|
||||
|
||||
$c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
|
||||
intval($r[0]['cid'])
|
||||
);
|
||||
if(! count($c)) {
|
||||
xml_status(3);
|
||||
xml_status(3, 'No profile');
|
||||
}
|
||||
$contact = $c[0];
|
||||
|
||||
|
@ -134,9 +134,9 @@ function dfrn_poll_init(&$a) {
|
|||
$final_dfrn_id = substr($final_dfrn_id,2);
|
||||
|
||||
if($final_dfrn_id != $orig_id) {
|
||||
|
||||
logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
|
||||
// did not decode properly - cannot trust this site
|
||||
xml_status(3);
|
||||
xml_status(3, 'Bad decryption');
|
||||
}
|
||||
|
||||
header("Content-type: text/xml");
|
||||
|
|
|
@ -6,7 +6,7 @@ function redir_init(&$a) {
|
|||
goaway($a->get_baseurl());
|
||||
$cid = $a->argv[1];
|
||||
|
||||
$r = q("SELECT `network`, `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
||||
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($cid),
|
||||
intval(local_user())
|
||||
);
|
||||
|
@ -36,8 +36,9 @@ function redir_init(&$a) {
|
|||
intval(time() + 45)
|
||||
);
|
||||
|
||||
logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG);
|
||||
|
||||
goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
|
||||
// . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile');
|
||||
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec);
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue