From 2d11317cebc36eda469167dc50befa6467e1ee6f Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Wed, 3 Feb 2021 20:55:49 -0700 Subject: [PATCH] Update webfinger util, fail on invalid webfinger url --- app/Http/Controllers/FederationController.php | 2 +- app/Util/Lexer/Nickname.php | 19 ++++++++++++++++--- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php index a2f5d583..f6d3df31 100644 --- a/app/Http/Controllers/FederationController.php +++ b/app/Http/Controllers/FederationController.php @@ -63,7 +63,7 @@ class FederationController extends Controller } $webfinger = (new Webfinger($profile))->generate(); - return response()->json($webfinger, 200, [], JSON_PRETTY_PRINT) + return response()->json($webfinger, 200, [], JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES) ->header('Access-Control-Allow-Origin','*'); } diff --git a/app/Util/Lexer/Nickname.php b/app/Util/Lexer/Nickname.php index 00a9b23d..a8a1d019 100644 --- a/app/Util/Lexer/Nickname.php +++ b/app/Util/Lexer/Nickname.php @@ -2,22 +2,35 @@ namespace App\Util\Lexer; +use Illuminate\Support\Str; + class Nickname { public static function normalizeProfileUrl($url) { - if (starts_with($url, 'acct:')) { + if(!Str::of($url)->contains('@')) { + return; + } + + if(Str::startsWith($url, 'acct:')) { $url = str_replace('acct:', '', $url); } - if(starts_with($url, '@')) { + if(Str::startsWith($url, '@')) { $url = substr($url, 1); + + if(!Str::of($url)->contains('@')) { + return; + } } $parts = explode('@', $url); $username = $parts[0]; $domain = $parts[1]; - return ['domain' => $domain, 'username' => $username]; + return [ + 'domain' => $domain, + 'username' => $username + ]; } }