better invalid webfinger URI handling

author: Florian Hülsmann <fh@cbix.de> 2012-05-07 11:15:24 +0200
committer: Florian Hülsmann <fh@cbix.de> 2012-05-07 11:15:24 +0200
commit: 8534373f2fea5268112fb7dee0faa2caf1106d05 (patch)
tree: 1f7266f135e5fca13691c746ae948a3d9b1351fd /apps/user_webfinger
parent: 3a184e2e1d7ae49d596e06b724ffc36382d02596 (diff)
download: nextcloud-server-8534373f2fea5268112fb7dee0faa2caf1106d05.tar.gz
nextcloud-server-8534373f2fea5268112fb7dee0faa2caf1106d05.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/user_webfinger/webfinger.php b/apps/user_webfinger/webfinger.php
index bb7bb68f776..307a1630019 100755
--- a/apps/user_webfinger/webfinger.php
+++ b/apps/user_webfinger/webfinger.php
@@ -51,12 +51,16 @@ if(isset($_SERVER['HTTPS'])) {
 	$baseAddress = 'http://';
 }
 $baseAddress .= $_SERVER['SERVER_NAME'].OC::$WEBROOT;
+if(empty($id)) {
+	header("HTTP/1.0 400 Bad Request");
+}
 define('WF_USER', $userName);
 define('WF_ID', $id);
 define('WF_BASEURL', $baseAddress);
 echo "<";
 ?>
 ?xml version="1.0" encoding="UTF-8"?>
+<?php if(empty($id)) echo '<!-- Invalid URI: ' . str_replace('>', '/>', $request) . " -->\n"; ?>
 <XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0" xmlns:hm="http://host-meta.net/xrd/1.0">
     <hm:Host xmlns="http://host-meta.net/xrd/1.0"><?php echo $_SERVER['SERVER_NAME']; ?></hm:Host>
     <Subject>acct:<?php echo $id ?></Subject>
author	Florian Hülsmann <fh@cbix.de>	2012-05-07 11:15:24 +0200
committer	Florian Hülsmann <fh@cbix.de>	2012-05-07 11:15:24 +0200
commit	8534373f2fea5268112fb7dee0faa2caf1106d05 (patch)
tree	1f7266f135e5fca13691c746ae948a3d9b1351fd /apps/user_webfinger
parent	3a184e2e1d7ae49d596e06b724ffc36382d02596 (diff)
download	nextcloud-server-8534373f2fea5268112fb7dee0faa2caf1106d05.tar.gz nextcloud-server-8534373f2fea5268112fb7dee0faa2caf1106d05.zip