1
0
Fork 0

Merge pull request #5386 from annando/dfrn-unknown-owner

Don't accept posts from unknown owners
This commit is contained in:
Tobias Diekershoff 2018-07-16 08:50:55 +02:00 committed by GitHub
commit 19aecb952d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1556,6 +1556,7 @@ class DFRN
logger("Contact ".$author["link"]." wasn't found for user ".$importer["importer_uid"]." XML: ".$xml, LOGGER_DEBUG); logger("Contact ".$author["link"]." wasn't found for user ".$importer["importer_uid"]." XML: ".$xml, LOGGER_DEBUG);
} }
$author["contact-unknown"] = true;
$author["contact-id"] = $importer["id"]; $author["contact-id"] = $importer["id"];
$author["network"] = $importer["network"]; $author["network"] = $importer["network"];
$onlyfetch = true; $onlyfetch = true;
@ -2431,6 +2432,8 @@ class DFRN
// Fetch the owner // Fetch the owner
$owner = self::fetchauthor($xpath, $entry, $importer, "dfrn:owner", true); $owner = self::fetchauthor($xpath, $entry, $importer, "dfrn:owner", true);
$owner_unknown = (isset($owner["contact-unknown"]) && $owner["contact-unknown"]);
$item["owner-link"] = $owner["link"]; $item["owner-link"] = $owner["link"];
$item["owner-id"] = Contact::getIdForURL($owner["link"], 0); $item["owner-id"] = Contact::getIdForURL($owner["link"], 0);
@ -2626,7 +2629,7 @@ class DFRN
} }
// Is it an event? // Is it an event?
if ($item["object-type"] == ACTIVITY_OBJ_EVENT) { if (($item["object-type"] == ACTIVITY_OBJ_EVENT) && !$owner_unknown) {
logger("Item ".$item["uri"]." seems to contain an event.", LOGGER_DEBUG); logger("Item ".$item["uri"]." seems to contain an event.", LOGGER_DEBUG);
$ev = Event::fromBBCode($item["body"]); $ev = Event::fromBBCode($item["body"]);
if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) { if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) {
@ -2659,6 +2662,13 @@ class DFRN
return; return;
} }
// This check is done here to be able to receive connection requests in "processVerbs"
if (($entrytype == DFRN::TOP_LEVEL) && $owner_unknown) {
logger("Item won't be stored because user " . $importer["importer_uid"] . " doesn't follow " . $item["owner-link"] . ".", LOGGER_DEBUG);
return;
}
// Update content if 'updated' changes // Update content if 'updated' changes
if (DBM::is_result($current)) { if (DBM::is_result($current)) {
if (self::updateContent($current, $item, $importer, $entrytype)) { if (self::updateContent($current, $item, $importer, $entrytype)) {