diff --git a/include/items.php b/include/items.php index 2f5b5f1f7..f70e96fcb 100755 --- a/include/items.php +++ b/include/items.php @@ -1256,6 +1256,59 @@ function tag_deliver($uid,$item_id) { +function tgroup_check($uid,$item) { + + $a = get_app(); + + $mention = false; + + // check that the message originated elsewhere and is a top-level post + + if(($item['wall']) || ($item['origin']) || ($item['uri'] != $item['parent-uri'])) + return false; + + + $u = q("select * from user where uid = %d limit 1", + intval($uid) + ); + if(! count($u)) + return false; + + $community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false); + $prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false); + + + $link = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']); + + // Diaspora uses their own hardwired link URL in @-tags + // instead of the one we supply with webfinger + + $dlink = normalise_link($a->get_baseurl() . '/u/' . $u[0]['nickname']); + + $cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER); + if($cnt) { + foreach($matches as $mtch) { + if(link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) { + $mention = true; + logger('tgroup_check: mention found: ' . $mtch[2]); + } + } + } + + if(! $mention) + return false; + + if((! $community_page) && (! $prvgroup)) + return false; + + + + return true; + +} + + + @@ -1812,6 +1865,12 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) if($pass == 1) continue; + // not allowed to post + + if($contact['rel'] == CONTACT_IS_FOLLOWER) + continue; + + // Have we seen it? If not, import it. $item_id = $item->get_id(); @@ -2086,6 +2145,14 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) $datarray['owner-avatar'] = $contact['thumb']; } + // We've allowed "followers" to reach this point so we can decide if they are + // posting an @-tag delivery, which followers are allowed to do for certain + // page types. Now that we've parsed the post, let's check if it is legit. Otherwise ignore it. + + if(($contact['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['uid'],$datarray))) + continue; + + $r = item_store($datarray); continue; @@ -2708,15 +2775,6 @@ function local_delivery($importer,$data) { } - // TODO: make this next part work against both delivery threads of a community post - -// if((! link_compare($datarray['author-link'],$importer['url'])) && (! $community)) { -// logger('local_delivery: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] ); - // they won't know what to do so don't report an error. Just quietly die. -// return 0; -// } - - // our user with $importer['importer_uid'] is the owner $own = q("select name,url,thumb from contact where uid = %d and self = 1 limit 1", intval($importer['importer_uid']) @@ -2786,15 +2844,6 @@ function local_delivery($importer,$data) { } } -// if($community) { -// $newtag = '@[url=' . $a->get_baseurl() . '/profile/' . $importer['nickname'] . ']' . $importer['username'] . '[/url]'; -// if(! stristr($datarray['tag'],$newtag)) { -// if(strlen($datarray['tag'])) -// $datarray['tag'] .= ','; -// $datarray['tag'] .= $newtag; -// } -// } - $posted_id = item_store($datarray); $parent = 0; @@ -2864,6 +2913,9 @@ function local_delivery($importer,$data) { $item_id = $item->get_id(); $datarray = get_atom_elements($feed,$item); + if($importer['rel'] == CONTACT_IS_FOLLOWER) + continue; + $r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), intval($importer['importer_uid']) @@ -3098,6 +3150,9 @@ function local_delivery($importer,$data) { $datarray['owner-avatar'] = $importer['thumb']; } + if(($importer['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['importer_uid'],$datarray))) + continue; + $posted_id = item_store($datarray); if(stristr($datarray['verb'],ACTIVITY_POKE)) {