secure profile redirect failed with duplex relationship

This commit is contained in:
Friendika 2010-12-25 13:51:39 -08:00
parent 7b51713ba3
commit d6a75a0391
2 changed files with 8 additions and 7 deletions

View file

@ -99,18 +99,18 @@ function dfrn_poll_init(&$a) {
dbesc($sec) dbesc($sec)
); );
if(! count($r)) { if(! count($r)) {
xml_status(3); xml_status(3, 'No ticket');
// NOTREACHED // NOTREACHED
} }
$orig_id = $r[0]['dfrn_id']; $orig_id = $r[0]['dfrn_id'];
if(strpos(':',$orig_id)) if(strpos($orig_id, ':'))
$orig_id = substr($orig_id,2); $orig_id = substr($orig_id,2);
$c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
intval($r[0]['cid']) intval($r[0]['cid'])
); );
if(! count($c)) { if(! count($c)) {
xml_status(3); xml_status(3, 'No profile');
} }
$contact = $c[0]; $contact = $c[0];
@ -134,9 +134,9 @@ function dfrn_poll_init(&$a) {
$final_dfrn_id = substr($final_dfrn_id,2); $final_dfrn_id = substr($final_dfrn_id,2);
if($final_dfrn_id != $orig_id) { if($final_dfrn_id != $orig_id) {
logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
// did not decode properly - cannot trust this site // did not decode properly - cannot trust this site
xml_status(3); xml_status(3, 'Bad decryption');
} }
header("Content-type: text/xml"); header("Content-type: text/xml");

View file

@ -6,7 +6,7 @@ function redir_init(&$a) {
goaway($a->get_baseurl()); goaway($a->get_baseurl());
$cid = $a->argv[1]; $cid = $a->argv[1];
$r = q("SELECT `network`, `issued-id`, `dfrn-id`, `duplex`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($cid), intval($cid),
intval(local_user()) intval(local_user())
); );
@ -36,8 +36,9 @@ function redir_init(&$a) {
intval(time() + 45) intval(time() + 45)
); );
logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG);
goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id
// . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile');
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec); . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec);
} }