ignore www subdomain when comparing hosts

fix #290
This commit is contained in:
Matthias Pfefferle 2023-04-25 20:44:54 +02:00
parent b2751b4721
commit ca646588d2

View file

@ -54,15 +54,16 @@ class Webfinger {
$resource = \str_replace( 'acct:', '', $resource );
$resource_identifier = \substr( $resource, 0, \strrpos( $resource, '@' ) );
$resource_host = \substr( \strrchr( $resource, '@' ), 1 );
$resource_host = \str_replace( 'www.', '', \substr( \strrchr( $resource, '@' ), 1 ) );
$blog_host = \str_replace( 'www.', '', \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) );
if ( \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) !== $resource_host ) {
if ( $blog_host !== $resource_host ) {
return new WP_Error( 'activitypub_wrong_host', \__( 'Resource host does not match blog host', 'activitypub' ), array( 'status' => 404 ) );
}
$user = \get_user_by( 'login', \esc_sql( $resource_identifier ) );
if ( ! $user || ! user_can( $user, 'publish_posts' ) ) {
if ( ! $user || ! \user_can( $user, 'publish_posts' ) ) {
return new WP_Error( 'activitypub_user_not_found', \__( 'User not found', 'activitypub' ), array( 'status' => 404 ) );
}