From d768074afd844788e958f0afbd0040cb3243be83 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Thu, 21 Jan 2016 13:21:47 +0100 Subject: [PATCH] Comments from Hubzilla weren't federated properly --- include/diaspora.php | 64 +++++++++++++++++++++++++++++--------------- include/threads.php | 1 + 2 files changed, 44 insertions(+), 21 deletions(-) diff --git a/include/diaspora.php b/include/diaspora.php index 4673cdaf4..584ec92a4 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -826,6 +826,19 @@ function diaspora_plink($addr, $guid) { return 'https://'.substr($addr,strpos($addr,'@')+1).'/posts/'.$guid; } +function diaspora_repair_signature($signature, $handle = "", $level = 1) { + if (base64_encode(base64_decode(base64_decode($signature))) == base64_decode($signature)) { + $signature = base64_decode($signature); + logger("Repaired double encoded signature from Diaspora/Hubzilla handle ".$handle." - level ".$level, LOGGER_DEBUG); + + // Do a recursive call to be able to fix even multiple levels + if ($level < 10) + $signature = diaspora_repair_signature($signature, $handle, ++$level); + } + + return($signature); +} + function diaspora_post($importer,$xml,$msg) { $a = get_app(); @@ -1475,8 +1488,7 @@ function diaspora_comment($importer,$xml,$msg) { logger('diaspora_comment: top-level owner verification failed.'); return; } - } - else { + } elseif($author_signature) { // If there's no parent_author_signature, then we've received the comment // from the comment creator. In that case, the person is commenting on // our post, so he/she must be a contact of ours and his/her public key @@ -1490,6 +1502,11 @@ function diaspora_comment($importer,$xml,$msg) { } } + if (!$parent_author_signature AND !$author_signature) { + logger("No signature in comment. Comment will be rejected."); + return; + } + // Phew! Everything checks out. Now create an item. // Find the original comment author information. @@ -1565,18 +1582,19 @@ function diaspora_comment($importer,$xml,$msg) { //); //} - if(($parent_item['origin']) && (! $parent_author_signature)) { + // If we are the origin of the parent we store the original signature and notify our followers + if($parent_item['origin']) { + $author_signature_base64 = base64_encode($author_signature); + $author_signature_base64 = diaspora_repair_signature($author_signature_base64, $diaspora_handle); + q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($message_id), dbesc($signed_data), - dbesc(base64_encode($author_signature)), + dbesc($author_signature_base64), dbesc($diaspora_handle) ); - // if the message isn't already being relayed, notify others - // the existence of parent_author_signature means the parent_author or owner - // is already relaying. - + // notify others proc_run('php','include/notifier.php','comment-import',$message_id); } @@ -2113,7 +2131,7 @@ function diaspora_like($importer,$xml,$msg) { logger('diaspora_like: top-level owner verification failed.'); return; } - } else { + } elseif($author_signature) { // If there's no parent_author_signature, then we've received the like // from the like creator. In that case, the person is "like"ing // our post, so he/she must be a contact of ours and his/her public key @@ -2129,6 +2147,11 @@ function diaspora_like($importer,$xml,$msg) { } } + if (!$parent_author_signature AND !$author_signature) { + logger("No signature in like. Like will be rejected."); + return; + } + // Phew! Everything checks out. Now create an item. // Find the original comment author information. @@ -2226,21 +2249,21 @@ EOT; // ); //} - if(! $parent_author_signature) { + // If we are the origin of the parent we store the original signature and notify our followers + if($parent_item['origin']) { + $author_signature_base64 = base64_encode($author_signature); + $author_signature_base64 = diaspora_repair_signature($author_signature_base64, $diaspora_handle); + q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($message_id), dbesc($signed_data), - dbesc(base64_encode($author_signature)), + dbesc($author_signature_base64), dbesc($diaspora_handle) ); - } - // if the message isn't already being relayed, notify others - // the existence of parent_author_signature means the parent_author or owner - // is already relaying. The parent_item['origin'] indicates the message was created on our system - - if(($parent_item['origin']) && (! $parent_author_signature)) + // notify others proc_run('php','include/notifier.php','comment-import',$message_id); + } return; } @@ -2336,8 +2359,7 @@ function diaspora_signed_retraction($importer,$xml,$msg) { return; } - } - else { + } else { $sig_decode = base64_decode($sig); @@ -2371,7 +2393,7 @@ function diaspora_signed_retraction($importer,$xml,$msg) { intval($r[0]['parent']) ); if(count($p)) { - if(($p[0]['origin']) && (! $parent_author_signature)) { + if($p[0]['origin']) { q("insert into sign (`retract_iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", $r[0]['id'], dbesc($signed_data), @@ -2961,7 +2983,7 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { '$handle' => xmlify($handle) )); - logger('diaspora_send_relay: base message: ' . $msg, LOGGER_DATA); + logger('diaspora_send_relay: base message: ' . $msg, LOGGER_DEBUG); logger('send guid '.$item['guid'], LOGGER_DEBUG); $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch))); diff --git a/include/threads.php b/include/threads.php index e542295d7..0320eaa01 100644 --- a/include/threads.php +++ b/include/threads.php @@ -66,6 +66,7 @@ function add_thread($itemid, $onlyshadow = false) { unset($item[0]['id']); $item[0]['uid'] = 0; + $item[0]['origin'] = 0; $item[0]['contact-id'] = get_contact($item[0]['author-link'], 0); $public_shadow = item_store($item[0], false, false, true);