From d6a75a0391bfe2021cca0bba9f054044ef79cab7 Mon Sep 17 00:00:00 2001 From: Friendika Date: Sat, 25 Dec 2010 13:51:39 -0800 Subject: [PATCH] secure profile redirect failed with duplex relationship --- mod/dfrn_poll.php | 10 +++++----- mod/redir.php | 5 +++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index 22d2ee40fb..52272efade 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -99,18 +99,18 @@ function dfrn_poll_init(&$a) { dbesc($sec) ); if(! count($r)) { - xml_status(3); + xml_status(3, 'No ticket'); // NOTREACHED } $orig_id = $r[0]['dfrn_id']; - if(strpos(':',$orig_id)) + if(strpos($orig_id, ':')) $orig_id = substr($orig_id,2); $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($r[0]['cid']) ); if(! count($c)) { - xml_status(3); + xml_status(3, 'No profile'); } $contact = $c[0]; @@ -134,9 +134,9 @@ function dfrn_poll_init(&$a) { $final_dfrn_id = substr($final_dfrn_id,2); if($final_dfrn_id != $orig_id) { - + logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG); // did not decode properly - cannot trust this site - xml_status(3); + xml_status(3, 'Bad decryption'); } header("Content-type: text/xml"); diff --git a/mod/redir.php b/mod/redir.php index cc58b9cd12..ac21aa17eb 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -6,7 +6,7 @@ function redir_init(&$a) { goaway($a->get_baseurl()); $cid = $a->argv[1]; - $r = q("SELECT `network`, `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval(local_user()) ); @@ -36,8 +36,9 @@ function redir_init(&$a) { intval(time() + 45) ); + logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); + goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id -// . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile'); . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec); }