From bcb32ac1dd94fbcae4f584d4e23bd6388fae414b Mon Sep 17 00:00:00 2001
From: carrvo <carrvo@gmail.com>
Date: Thu, 28 Nov 2024 19:43:51 -0700
Subject: [PATCH 1/2] add a safety check for invalid request

IndieAuth\Client (https://github.com/indieweb/indieauth-client-php)
does not send 'me' in the query parameters.

This change should more gracefully handle that issue.
---
 endpoint.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/endpoint.php b/endpoint.php
index 5333fde..4e66ce5 100644
--- a/endpoint.php
+++ b/endpoint.php
@@ -262,6 +262,12 @@ function invalidRequest(): void
         header('HTTP/1.1 200 OK');
         exit();
     }
+    $me = filter_input_array(INPUT_GET, [
+        'me' => FILTER_VALIDATE_URL,
+    ])
+    if (!isset($me)) {
+        invalidRequest();
+    }
     $request = array_merge(
         filter_input_array(INPUT_POST, [
             'grant_type' => [
@@ -275,9 +281,7 @@ function invalidRequest(): void
             'client_id' => FILTER_VALIDATE_URL,
             'redirect_uri' => FILTER_VALIDATE_URL,
         ]),
-        filter_input_array(INPUT_GET, [
-            'me' => FILTER_VALIDATE_URL,
-        ])
+        $me
     );
     if (in_array(null, $request, true) || in_array(false, $request, true)) {
         invalidRequest();

From 4ae02d3dbad18cc7d232aa3f907e5cb88016588b Mon Sep 17 00:00:00 2001
From: carrvo <carrvo@gmail.com>
Date: Fri, 29 Nov 2024 11:04:03 -0700
Subject: [PATCH 2/2] missed ending ; in endpoint.php

---
 endpoint.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/endpoint.php b/endpoint.php
index 4e66ce5..87002bf 100644
--- a/endpoint.php
+++ b/endpoint.php
@@ -264,7 +264,7 @@ function invalidRequest(): void
     }
     $me = filter_input_array(INPUT_GET, [
         'me' => FILTER_VALIDATE_URL,
-    ])
+    ]);
     if (!isset($me)) {
         invalidRequest();
     }