aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update FederationController

Browse Source
pull/682/head
Daniel Supernault 6 years ago
parent 55ca00ba30
commit fedcdb204d
No known key found for this signature in database
GPG Key ID: 0DEF1C662C9033F7
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File

8
app/Http/Controllers/FederationController.php
Unescape Escape View File

@ -191,6 +191,14 @@ XML;
$id = Helpers::validateUrl($bodyDecoded['id']); $id = Helpers::validateUrl($bodyDecoded['id']);
$keyDomain = parse_url($keyId, PHP_URL_HOST); $keyDomain = parse_url($keyId, PHP_URL_HOST);
$idDomain = parse_url($id, PHP_URL_HOST); $idDomain = parse_url($id, PHP_URL_HOST);
if(isset($bodyDecoded['object'])
&& is_array($bodyDecoded['object'])
&& isset($bodyDecoded['object']['attributedTo'])
) {
if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $idDomain) {
abort(400, 'Invalid request');
}
}
if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) { if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
abort(400, 'Invalid request'); abort(400, 'Invalid request');
} }

Write Preview
Loading…
Cancel
Save