bitPickups/friendica_2019-12_sharedHosting_hotFix
1
1
Fork 0
Code Pull requests Activity

don't allow followers to get a post through unless it's a tag deliver

Browse source
This commit is contained in:
friendica 2012-09-12 18:53:20 -07:00
parent 3d6c49d5b3
commit f4e3f335ef
1 changed files with 73 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
include/items.php
View file

@ -1256,6 +1256,59 @@ function tag_deliver($uid,$item_id) {
function tgroup_check($uid,$item) {
$a = get_app();
$mention = false;
// check that the message originated elsewhere and is a top-level post
if(($item['wall']) || ($item['origin']) || ($item['uri'] != $item['parent-uri']))
return false;
$u = q("select * from user where uid = %d limit 1",
intval($uid)
);
if(! count($u))
return false;
$community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
$prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false);
$link = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']);
// Diaspora uses their own hardwired link URL in @-tags
// instead of the one we supply with webfinger
$dlink = normalise_link($a->get_baseurl() . '/u/' . $u[0]['nickname']);
$cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER);
if($cnt) {
foreach($matches as $mtch) {
if(link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) {
$mention = true;
logger('tgroup_check: mention found: ' . $mtch[2]);
}
}
}
if(! $mention)
return false;
if((! $community_page) && (! $prvgroup))
return false;
return true;
}
@ -1812,6 +1865,12 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
if($pass == 1)
continue;
// not allowed to post
if($contact['rel'] == CONTACT_IS_FOLLOWER)
continue;
// Have we seen it? If not, import it.
$item_id = $item->get_id();
@ -2086,6 +2145,14 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
$datarray['owner-avatar'] = $contact['thumb'];
}
// We've allowed "followers" to reach this point so we can decide if they are
// posting an @-tag delivery, which followers are allowed to do for certain
// page types. Now that we've parsed the post, let's check if it is legit. Otherwise ignore it.
if(($contact['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['uid'],$datarray)))
continue;
$r = item_store($datarray);
continue;
@ -2708,15 +2775,6 @@ function local_delivery($importer,$data) {
}
// TODO: make this next part work against both delivery threads of a community post
// if((! link_compare($datarray['author-link'],$importer['url'])) && (! $community)) {
// logger('local_delivery: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] );
// they won't know what to do so don't report an error. Just quietly die.
// return 0;
// }
// our user with $importer['importer_uid'] is the owner
$own = q("select name,url,thumb from contact where uid = %d and self = 1 limit 1",
intval($importer['importer_uid'])
@ -2786,15 +2844,6 @@ function local_delivery($importer,$data) {
}
}
// if($community) {
// $newtag = '@[url=' . $a->get_baseurl() . '/profile/' . $importer['nickname'] . ']' . $importer['username'] . '[/url]';
// if(! stristr($datarray['tag'],$newtag)) {
// if(strlen($datarray['tag']))
// $datarray['tag'] .= ',';
// $datarray['tag'] .= $newtag;
// }
// }
$posted_id = item_store($datarray);
$parent = 0;
@ -2864,6 +2913,9 @@ function local_delivery($importer,$data) {
$item_id = $item->get_id();
$datarray = get_atom_elements($feed,$item);
if($importer['rel'] == CONTACT_IS_FOLLOWER)
continue;
$r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($item_id),
intval($importer['importer_uid'])
@ -3098,6 +3150,9 @@ function local_delivery($importer,$data) {
$datarray['owner-avatar'] = $importer['thumb'];
}
if(($importer['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['importer_uid'],$datarray)))
continue;
$posted_id = item_store($datarray);
if(stristr($datarray['verb'],ACTIVITY_POKE)) {