From 9b040151e6ecc13a02c46384834cb238b7efbd37 Mon Sep 17 00:00:00 2001 From: Aaron Parecki Date: Fri, 30 May 2014 08:09:41 -0700 Subject: check for empty "me" parameter --- controllers/auth.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'controllers/auth.php') diff --git a/controllers/auth.php b/controllers/auth.php index 7caddd3..abbe3b9 100644 --- a/controllers/auth.php +++ b/controllers/auth.php @@ -27,6 +27,9 @@ function build_url($parsed_url) { function normalizeMeURL($url) { $me = parse_url($url); + if(array_key_exists('path', $me) && $me['path'] == '') + return false; + // parse_url returns just "path" for naked domains if(count($me) == 1 && array_key_exists('path', $me)) { $me['host'] = $me['path']; @@ -79,7 +82,7 @@ $app->get('/auth/start', function() use($app) { $html = render('auth_error', array( 'title' => 'Sign In', 'error' => 'Invalid "me" Parameter', - 'errorDescription' => 'The ID you entered, ' . $params['me'] . ' is not valid.' + 'errorDescription' => 'The URL you entered, "' . $params['me'] . '" is not valid.' )); $app->response()->body($html); return; -- cgit v1.2.3