bitPickups/friendica_2020-09-1_sharedHosting
1
0
Fork 0
Code Pull requests Activity

Salmon: Don't store contact data before the message was authenticated.

Browse source
This commit is contained in:
Michael Vogel 2015-07-13 14:34:28 +02:00
parent 0398bb67be
commit 3457f85833
2 changed files with 16 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
include/ostatus.php
View file

@ -12,7 +12,7 @@ define('OSTATUS_DEFAULT_POLL_INTERVAL', 30); // given in minutes
define('OSTATUS_DEFAULT_POLL_TIMEFRAME', 1440); // given in minutes define('OSTATUS_DEFAULT_POLL_TIMEFRAME', 1440); // given in minutes
define('OSTATUS_DEFAULT_POLL_TIMEFRAME_MENTIONS', 14400); // given in minutes define('OSTATUS_DEFAULT_POLL_TIMEFRAME_MENTIONS', 14400); // given in minutes
function ostatus_fetchauthor($xpath, $context, $importer, &$contact) { function ostatus_fetchauthor($xpath, $context, $importer, &$contact, $onlyfetch) {
$author = array(); $author = array();
$author["author-link"] = $xpath->evaluate('atom:author/atom:uri/text()', $context)->item(0)->nodeValue; $author["author-link"] = $xpath->evaluate('atom:author/atom:uri/text()', $context)->item(0)->nodeValue;
@ -63,7 +63,7 @@ function ostatus_fetchauthor($xpath, $context, $importer, &$contact) {
$author["owner-link"] = $author["author-link"]; $author["owner-link"] = $author["author-link"];
$author["owner-avatar"] = $author["author-avatar"]; $author["owner-avatar"] = $author["author-avatar"];
if ($r) { if ($r AND !$onlyfetch) {
// Update contact data // Update contact data
$update_contact = ($r[0]['name-date'] < datetime_convert('','','now -12 hours')); $update_contact = ($r[0]['name-date'] < datetime_convert('','','now -12 hours'));
if ($update_contact) { if ($update_contact) {
@ -132,7 +132,7 @@ function ostatus_salmon_author($xml, $importer) {
foreach ($entries AS $entry) { foreach ($entries AS $entry) {
// fetch the author // fetch the author
$author = ostatus_fetchauthor($xpath, $entry, $importer, $contact); $author = ostatus_fetchauthor($xpath, $entry, $importer, $contact, true);
return $author; return $author;
} }
} }
@ -201,9 +201,9 @@ function ostatus_import($xml,$importer,&$contact, &$hub) {
// fetch the author // fetch the author
if ($first_child == "feed") if ($first_child == "feed")
$author = ostatus_fetchauthor($xpath, $doc->firstChild, $importer, $contact); $author = ostatus_fetchauthor($xpath, $doc->firstChild, $importer, $contact, false);
else else
$author = ostatus_fetchauthor($xpath, $entry, $importer, $contact); $author = ostatus_fetchauthor($xpath, $entry, $importer, $contact, false);
$item = array_merge($header, $author); $item = array_merge($header, $author);
@ -243,11 +243,13 @@ function ostatus_import($xml,$importer,&$contact, &$hub) {
if ($item["verb"] == ACTIVITY_FOLLOW) { if ($item["verb"] == ACTIVITY_FOLLOW) {
// ignore "Follow" messages // ignore "Follow" messages
// new_follower($importer,$contact,$datarray,$item);
continue; continue;
} }
if ($item["verb"] == NAMESPACE_OSTATUS."/unfollow") { if ($item["verb"] == NAMESPACE_OSTATUS."/unfollow") {
// ignore "Unfollow" messages // ignore "Unfollow" messages
// lose_follower($importer,$contact,$datarray,$item);
continue; continue;
} }
@ -399,7 +401,7 @@ function ostatus_import($xml,$importer,&$contact, &$hub) {
$orig_created = $xpath->query('atom:published/text()', $activityobjects)->item(0)->nodeValue; $orig_created = $xpath->query('atom:published/text()', $activityobjects)->item(0)->nodeValue;
$orig_contact = $contact; $orig_contact = $contact;
$orig_author = ostatus_fetchauthor($xpath, $activityobjects, $importer, $orig_contact); $orig_author = ostatus_fetchauthor($xpath, $activityobjects, $importer, $orig_contact, false);
//if (!intval(get_config('system','wall-to-wall_share'))) { //if (!intval(get_config('system','wall-to-wall_share'))) {
// $prefix = share_header($orig_author['author-name'], $orig_author['author-link'], $orig_author['author-avatar'], "", $orig_created, $orig_link); // $prefix = share_header($orig_author['author-name'], $orig_author['author-link'], $orig_author['author-avatar'], "", $orig_created, $orig_link);

31
mod/salmon.php
View file

@ -1,12 +1,10 @@
<?php <?php
// There is a lot of debug stuff in here because this is quite a
// complicated process to try and sort out.
require_once('include/salmon.php'); require_once('include/salmon.php');
require_once('include/ostatus.php'); require_once('include/ostatus.php');
require_once('include/crypto.php'); require_once('include/crypto.php');
require_once('include/items.php');
require_once('include/follow.php');
function salmon_return($val) { function salmon_return($val) {
@ -96,8 +94,7 @@ function salmon_post(&$a) {
// Once we have the author URI, go to the web and try to find their public key // Once we have the author URI, go to the web and try to find their public key
logger('mod-salmon: Fetching key for ' . $author_link ); logger('mod-salmon: Fetching key for ' . $author_link);
$key = get_salmon_key($author_link,$keyhash); $key = get_salmon_key($author_link,$keyhash);
@ -156,10 +153,9 @@ function salmon_post(&$a) {
if(! count($r)) { if(! count($r)) {
logger('mod-salmon: Author unknown to us.'); logger('mod-salmon: Author unknown to us.');
if(get_pconfig($importer['uid'],'system','ostatus_autofriend')) { if(get_pconfig($importer['uid'],'system','ostatus_autofriend')) {
require_once('include/follow.php');
$result = new_contact($importer['uid'],$author_link); $result = new_contact($importer['uid'],$author_link);
if($result['success']) { if($result['success']) {
$r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND ( `url` = '%s' OR `alias` = '%s' ) $r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND ( `url` = '%s' OR `alias` = '%s')
AND `uid` = %d LIMIT 1", AND `uid` = %d LIMIT 1",
dbesc(NETWORK_OSTATUS), dbesc(NETWORK_OSTATUS),
dbesc($author_link), dbesc($author_link),
@ -170,32 +166,21 @@ function salmon_post(&$a) {
} }
} }
// is this a follower? Or have we ignored the person? // Have we ignored the person?
// If so we can not accept this post. // If so we can not accept this post.
if((count($r)) && (($r[0]['readonly']) || ($r[0]['rel'] == CONTACT_IS_FOLLOWER) || ($r[0]['blocked']))) { //if((count($r)) && (($r[0]['readonly']) || ($r[0]['rel'] == CONTACT_IS_FOLLOWER) || ($r[0]['blocked']))) {
if(count($r) && $r[0]['blocked']) {
logger('mod-salmon: Ignoring this author.'); logger('mod-salmon: Ignoring this author.');
http_status_exit(202); http_status_exit(202);
// NOTREACHED // NOTREACHED
} }
require_once('include/items.php'); // Placeholder for hub discovery.
// Placeholder for hub discovery. We shouldn't find any hubs
// since we supplied the fake feed header - and it doesn't have any.
$hub = ''; $hub = '';
/**
*
* anti-spam measure: consume_feed will accept a follow activity from
* this person (and nothing else) if there is no existing contact record.
*
*/
$contact_rec = ((count($r)) ? $r[0] : null); $contact_rec = ((count($r)) ? $r[0] : null);
//consume_feed($feedxml,$importer,$contact_rec,$hub);
ostatus_import($data,$importer,$contact_rec, $hub); ostatus_import($data,$importer,$contact_rec, $hub);
http_status_exit(200); http_status_exit(200);