From deb6f1153f2d4312485b5ffaf392949bc6e6c866 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Fri, 12 Feb 2021 21:44:06 -0700 Subject: [PATCH] Update FederationController, return 404 for invalid webfinger addresses. Fixes #2647 --- app/Http/Controllers/FederationController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php index f6d3df31f..3c5b93950 100644 --- a/app/Http/Controllers/FederationController.php +++ b/app/Http/Controllers/FederationController.php @@ -53,8 +53,8 @@ class FederationController extends Controller $resource = $request->input('resource'); $parsed = Nickname::normalizeProfileUrl($resource); - if($parsed['domain'] !== config('pixelfed.domain.app')) { - abort(400); + if(empty($parsed) || $parsed['domain'] !== config('pixelfed.domain.app')) { + abort(404); } $username = $parsed['username']; $profile = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();