From 8b96a53fba794bfd11738772b51015a0390c056b Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 Sep 2018 04:10:11 +0000 Subject: [PATCH 1/2] Burn notices, burn --- mod/bookmarklet.php | 4 ++++ mod/photos.php | 6 ++++-- mod/salmon.php | 8 ++++---- mod/webfinger.php | 2 +- src/Model/Profile.php | 2 +- src/Network/Probe.php | 44 +++++++++++++++++++++---------------------- 6 files changed, 36 insertions(+), 30 deletions(-) diff --git a/mod/bookmarklet.php b/mod/bookmarklet.php index 21b2039c5..e1ae9aa64 100644 --- a/mod/bookmarklet.php +++ b/mod/bookmarklet.php @@ -30,6 +30,10 @@ function bookmarklet_content(App $a) $page = normalise_link(System::baseUrl() . "/bookmarklet"); if (!strstr($referer, $page)) { + if (empty($_REQUEST["url"])) { + System::httpExit(400, ["title" => L10n::t('Bad Request')]); + } + $content = add_page_info($_REQUEST["url"]); $x = [ diff --git a/mod/photos.php b/mod/photos.php index 16af45599..e205d72c6 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -212,7 +212,7 @@ function photos_post(App $a) } // Check if the user has responded to a delete confirmation query - if ($_REQUEST['canceled']) { + if (!empty($_REQUEST['canceled'])) { goaway($_SESSION['photo_return']); } @@ -762,12 +762,14 @@ function photos_post(App $a) $filesize = $ret['filesize']; $type = $ret['type']; $error = UPLOAD_ERR_OK; - } else { + } elseif (!empty($_FILES['userfile'])) { $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $type = $_FILES['userfile']['type']; $error = $_FILES['userfile']['error']; + } else { + $error = UPLOAD_ERR_NO_FILE; } if ($error !== UPLOAD_ERR_OK) { diff --git a/mod/salmon.php b/mod/salmon.php index d07b06004..bd4b3773c 100644 --- a/mod/salmon.php +++ b/mod/salmon.php @@ -41,14 +41,14 @@ function salmon_post(App $a, $xml = '') { $base = null; // figure out where in the DOM tree our data is hiding - if($dom->provenance->data) + if (!empty($dom->provenance->data)) $base = $dom->provenance; - elseif($dom->env->data) + elseif (!empty($dom->env->data)) $base = $dom->env; - elseif($dom->data) + elseif (!empty($dom->data)) $base = $dom; - if(! $base) { + if (empty($base)) { logger('unable to locate salmon data in xml '); System::httpExit(400); } diff --git a/mod/webfinger.php b/mod/webfinger.php index 6f49a8f28..4f23db6d8 100644 --- a/mod/webfinger.php +++ b/mod/webfinger.php @@ -23,7 +23,7 @@ function webfinger_content(App $a) $o = '

Webfinger Diagnostic

'; $o .= '
'; - $o .= 'Lookup address: '; + $o .= 'Lookup address: '; $o .= '
'; $o .= '

'; diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 29bc7e680..3a014517d 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -361,7 +361,7 @@ class Profile if ($r) { $remote_url = $r[0]['url']; $message_path = preg_replace('=(.*)/profile/(.*)=ism', '$1/message/new/', $remote_url); - $wallmessage_link = $message_path . base64_encode($profile['addr']); + $wallmessage_link = $message_path . base64_encode(defaults($profile, 'addr', '')); } else if (!empty($profile['nickname'])) { $wallmessage_link = 'wallmessage/' . $profile['nickname']; } diff --git a/src/Network/Probe.php b/src/Network/Probe.php index af2d1c9a1..75231f44f 100644 --- a/src/Network/Probe.php +++ b/src/Network/Probe.php @@ -967,23 +967,23 @@ class Probe $hcard_url = ""; $data = []; foreach ($webfinger["links"] as $link) { - if (($link["rel"] == NAMESPACE_DFRN) && ($link["href"] != "")) { + if (($link["rel"] == NAMESPACE_DFRN) && !empty($link["href"])) { $data["network"] = Protocol::DFRN; - } elseif (($link["rel"] == NAMESPACE_FEED) && ($link["href"] != "")) { + } elseif (($link["rel"] == NAMESPACE_FEED) && !empty($link["href"])) { $data["poll"] = $link["href"]; - } elseif (($link["rel"] == "http://webfinger.net/rel/profile-page") && ($link["type"] == "text/html") && ($link["href"] != "")) { + } elseif (($link["rel"] == "http://webfinger.net/rel/profile-page") && (defaults($link, "type", "") == "text/html") && !empty($link["href"])) { $data["url"] = $link["href"]; - } elseif (($link["rel"] == "http://microformats.org/profile/hcard") && ($link["href"] != "")) { + } elseif (($link["rel"] == "http://microformats.org/profile/hcard") && !empty($link["href"])) { $hcard_url = $link["href"]; - } elseif (($link["rel"] == NAMESPACE_POCO) && ($link["href"] != "")) { + } elseif (($link["rel"] == NAMESPACE_POCO) && !empty($link["href"])) { $data["poco"] = $link["href"]; - } elseif (($link["rel"] == "http://webfinger.net/rel/avatar") && ($link["href"] != "")) { + } elseif (($link["rel"] == "http://webfinger.net/rel/avatar") && !empty($link["href"])) { $data["photo"] = $link["href"]; - } elseif (($link["rel"] == "http://joindiaspora.com/seed_location") && ($link["href"] != "")) { + } elseif (($link["rel"] == "http://joindiaspora.com/seed_location") && !empty($link["href"])) { $data["baseurl"] = trim($link["href"], '/'); - } elseif (($link["rel"] == "http://joindiaspora.com/guid") && ($link["href"] != "")) { + } elseif (($link["rel"] == "http://joindiaspora.com/guid") && !empty($link["href"])) { $data["guid"] = $link["href"]; - } elseif (($link["rel"] == "diaspora-public-key") && ($link["href"] != "")) { + } elseif (($link["rel"] == "diaspora-public-key") && !empty($link["href"])) { $data["pubkey"] = base64_decode($link["href"]); //if (strstr($data["pubkey"], 'RSA ') || ($link["type"] == "RSA")) @@ -1170,21 +1170,21 @@ class Probe $hcard_url = ""; $data = []; foreach ($webfinger["links"] as $link) { - if (($link["rel"] == "http://microformats.org/profile/hcard") && ($link["href"] != "")) { + if (($link["rel"] == "http://microformats.org/profile/hcard") && !empty($link["href"])) { $hcard_url = $link["href"]; - } elseif (($link["rel"] == "http://joindiaspora.com/seed_location") && ($link["href"] != "")) { + } elseif (($link["rel"] == "http://joindiaspora.com/seed_location") && !empty($link["href"])) { $data["baseurl"] = trim($link["href"], '/'); - } elseif (($link["rel"] == "http://joindiaspora.com/guid") && ($link["href"] != "")) { + } elseif (($link["rel"] == "http://joindiaspora.com/guid") && !empty($link["href"])) { $data["guid"] = $link["href"]; - } elseif (($link["rel"] == "http://webfinger.net/rel/profile-page") && ($link["type"] == "text/html") && ($link["href"] != "")) { + } elseif (($link["rel"] == "http://webfinger.net/rel/profile-page") && (defaults($link, "type", "") == "text/html") && !empty($link["href"])) { $data["url"] = $link["href"]; - } elseif (($link["rel"] == NAMESPACE_FEED) && ($link["href"] != "")) { + } elseif (($link["rel"] == NAMESPACE_FEED) && !empty($link["href"])) { $data["poll"] = $link["href"]; - } elseif (($link["rel"] == NAMESPACE_POCO) && ($link["href"] != "")) { + } elseif (($link["rel"] == NAMESPACE_POCO) && !empty($link["href"])) { $data["poco"] = $link["href"]; - } elseif (($link["rel"] == "salmon") && ($link["href"] != "")) { + } elseif (($link["rel"] == "salmon") && !empty($link["href"])) { $data["notify"] = $link["href"]; - } elseif (($link["rel"] == "diaspora-public-key") && ($link["href"] != "")) { + } elseif (($link["rel"] == "diaspora-public-key") && !empty($link["href"])) { $data["pubkey"] = base64_decode($link["href"]); //if (strstr($data["pubkey"], 'RSA ') || ($link["type"] == "RSA")) @@ -1272,15 +1272,15 @@ class Probe if (is_array($webfinger["links"])) { foreach ($webfinger["links"] as $link) { if (($link["rel"] == "http://webfinger.net/rel/profile-page") - && ($link["type"] == "text/html") + && (defaults($link, "type", "") == "text/html") && ($link["href"] != "") ) { $data["url"] = $link["href"]; - } elseif (($link["rel"] == "salmon") && ($link["href"] != "")) { + } elseif (($link["rel"] == "salmon") && !empty($link["href"])) { $data["notify"] = $link["href"]; - } elseif (($link["rel"] == NAMESPACE_FEED) && ($link["href"] != "")) { + } elseif (($link["rel"] == NAMESPACE_FEED) && !empty($link["href"])) { $data["poll"] = $link["href"]; - } elseif (($link["rel"] == "magic-public-key") && ($link["href"] != "")) { + } elseif (($link["rel"] == "magic-public-key") && !empty($link["href"])) { $pubkey = $link["href"]; if (substr($pubkey, 0, 5) === 'data:') { @@ -1436,7 +1436,7 @@ class Probe $data = []; foreach ($webfinger["links"] as $link) { if (($link["rel"] == "http://webfinger.net/rel/profile-page") - && ($link["type"] == "text/html") + && (defaults($link, "type", "") == "text/html") && ($link["href"] != "") ) { $data["url"] = $link["href"]; From f566db52d3b915871fb7c639130daca1746d3eaa Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 Sep 2018 08:04:14 +0000 Subject: [PATCH 2/2] And more notices ... --- src/Protocol/PortableContact.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Protocol/PortableContact.php b/src/Protocol/PortableContact.php index 20ee77a07..2939f69e5 100644 --- a/src/Protocol/PortableContact.php +++ b/src/Protocol/PortableContact.php @@ -1157,9 +1157,9 @@ class PortableContact if (isset($data['version'])) { $platform = "Mastodon"; - $version = $data['version']; - $site_name = $data['title']; - $info = $data['description']; + $version = defaults($data, 'version', ''); + $site_name = defaults($data, 'title', ''); + $info = defaults($data, 'description', ''); $network = Protocol::OSTATUS; }