Ensure that public contacts can't create toplevel posts

This commit is contained in:
Michael 2018-03-30 06:20:00 +00:00
parent c9f02d534e
commit 1613f2a1c4
2 changed files with 15 additions and 12 deletions

View file

@ -55,7 +55,6 @@ function dfrn_notify_post(App $a) {
}
// Set the user id. This is important if this is a public contact
$importer['uid'] = $user['uid'];
$importer['importer_uid'] = $user['uid'];
// Now we should be able to import it

View file

@ -1433,7 +1433,7 @@ class DFRN
$contact_old = dba::fetch_first("SELECT `id`, `uid`, `url`, `network`, `avatar-date`, `avatar`, `name-date`, `uri-date`, `addr`,
`name`, `nick`, `about`, `location`, `keywords`, `xmpp`, `bdyear`, `bd`, `hidden`, `contact-type`
FROM `contact` WHERE `uid` = ? AND `nurl` = ? AND `network` != ?",
$importer["uid"],
$importer["importer_uid"],
normalise_link($author["link"]),
NETWORK_STATUSNET
);
@ -1443,7 +1443,7 @@ class DFRN
$author["network"] = $contact_old["network"];
} else {
if (!$onlyfetch) {
logger("Contact ".$author["link"]." wasn't found for user ".$importer["uid"]." XML: ".$xml, LOGGER_DEBUG);
logger("Contact ".$author["link"]." wasn't found for user ".$importer["importer_uid"]." XML: ".$xml, LOGGER_DEBUG);
}
$author["contact-id"] = $importer["id"];
@ -1639,7 +1639,7 @@ class DFRN
Contact::updateAvatar(
$author['avatar'],
$importer['uid'],
$importer['importer_uid'],
$contact['id'],
(strtotime($contact['avatar-date']) > strtotime($contact_old['avatar-date']) || ($author['avatar'] != $contact_old['avatar']))
);
@ -1657,7 +1657,7 @@ class DFRN
$poco["contact-type"] = $contact["contact-type"];
$gcid = GContact::update($poco);
GContact::link($gcid, $importer["uid"], $contact["id"]);
GContact::link($gcid, $importer["importer_uid"], $contact["id"]);
}
return $author;
@ -2617,7 +2617,7 @@ class DFRN
if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) {
logger("Event in item ".$item["uri"]." was found.", LOGGER_DEBUG);
$ev["cid"] = $importer["id"];
$ev["uid"] = $importer["uid"];
$ev["uid"] = $importer["importer_uid"];
$ev["uri"] = $item["uri"];
$ev["edited"] = $item["edited"];
$ev["private"] = $item["private"];
@ -2626,7 +2626,7 @@ class DFRN
$r = q(
"SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($item["uri"]),
intval($importer["uid"])
intval($importer["importer_uid"])
);
if (DBM::is_result($r)) {
$ev["id"] = $r[0]["id"];
@ -2681,6 +2681,10 @@ class DFRN
return true;
}
} else { // $entrytype == DFRN_TOP_LEVEL
if ($importer["uid"] == 0) {
logger("Contact ".$importer["id"]." isn't known to user ".$importer["importer_uid"].". The post will be ignored.", LOGGER_DEBUG);
return;
}
if (!link_compare($item["owner-link"], $importer["url"])) {
/*
* The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
@ -2736,10 +2740,10 @@ class DFRN
return false;
}
$condition = ["`uri` = ? AND `uid` = ? AND NOT `file` LIKE '%[%'", $uri, $importer["uid"]];
$condition = ["`uri` = ? AND `uid` = ? AND NOT `file` LIKE '%[%'", $uri, $importer["importer_uid"]];
$item = dba::selectFirst('item', ['id', 'parent', 'contact-id'], $condition);
if (!DBM::is_result($item)) {
logger("Item with uri " . $uri . " for user " . $importer["uid"] . " wasn't found.", LOGGER_DEBUG);
logger("Item with uri " . $uri . " for user " . $importer["importer_uid"] . " wasn't found.", LOGGER_DEBUG);
return;
}
@ -2808,7 +2812,7 @@ class DFRN
$xpath->registerNamespace("statusnet", NAMESPACE_STATUSNET);
$header = [];
$header["uid"] = $importer["uid"];
$header["uid"] = $importer["importer_uid"];
$header["network"] = NETWORK_DFRN;
$header["type"] = "remote";
$header["wall"] = 0;
@ -2827,7 +2831,7 @@ class DFRN
self::fetchauthor($xpath, $doc->firstChild, $importer, "dfrn:owner", false, $xml);
}
logger("Import DFRN message for user " . $importer["uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
logger("Import DFRN message for user " . $importer["importer_uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
// The account type is new since 3.5.1
if ($xpath->query("/atom:feed/dfrn:account_type")->length > 0) {
@ -2895,7 +2899,7 @@ class DFRN
self::processEntry($header, $xpath, $entry, $importer, $xml);
}
}
logger("Import done for user " . $importer["uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
logger("Import done for user " . $importer["importer_uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
return 200;
}