1
0
Fork 1
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-12-24 00:35:59 +00:00

Update FederationController, return 404 for invalid webfinger addresses. Fixes #2647

This commit is contained in:
Daniel Supernault 2021-02-12 21:44:06 -07:00
parent 723eb00039
commit deb6f1153f
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7

View file

@ -53,8 +53,8 @@ class FederationController extends Controller
$resource = $request->input('resource'); $resource = $request->input('resource');
$parsed = Nickname::normalizeProfileUrl($resource); $parsed = Nickname::normalizeProfileUrl($resource);
if($parsed['domain'] !== config('pixelfed.domain.app')) { if(empty($parsed) || $parsed['domain'] !== config('pixelfed.domain.app')) {
abort(400); abort(404);
} }
$username = $parsed['username']; $username = $parsed['username'];
$profile = Profile::whereNull('domain')->whereUsername($username)->firstOrFail(); $profile = Profile::whereNull('domain')->whereUsername($username)->firstOrFail();