friend acceptance sets up lots of important stuff, so we

need to be absolutely bulletproof when (not if) things go wrong.
This commit is contained in:
Mike Macgirvin 2010-10-05 19:56:09 -07:00
parent 1b35018992
commit 036964de4d
2 changed files with 28 additions and 9 deletions

View file

@ -248,7 +248,9 @@ function check_config(&$a) {
// $s is the string requiring macro substitution. // $s is the string requiring macro substitution.
// $r is an array of key value pairs (search => replace) // $r is an array of key value pairs (search => replace)
// returns substituted string. // returns substituted string.
// WARNING: this is pretty basic, and doesn't properly handle search strings that are substrings of each other.
// For instance if 'test' => "foo" and 'testing' => "bar", testing could become either bar or fooing,
// depending on the order in which they were declared in the array.
if(! function_exists('replace_macros')) { if(! function_exists('replace_macros')) {
function replace_macros($s,$r) { function replace_macros($s,$r) {

View file

@ -270,12 +270,30 @@ function dfrn_confirm_post(&$a) {
$res = post_url($dfrn_confirm,$params); $res = post_url($dfrn_confirm,$params);
// uncomment the following two lines and comment the following xml/status lines // Try to be robust if the remote site is having difficulty and throwing up
// to debug the remote confirmation section (when both confirmations // errors of some kind.
// and responses originate on this system)
// echo $res; $leading_junk = substr($res,0,strpos($res,'<?xml'));
// $status = 0;
$res = substr($res,strpos($res,'<?xml'));
if(! strlen($res)) {
// No XML at all, this exchange is messed up really bad.
// We shouldn't proceed, because the xml parser might choke,
// and $status is going to be zero, which indicates success.
// We can hardly call this a success.
notice( t('Response from remote site was not understood.') . EOL);
return;
}
if(strlen($leading_junk) && get_config('system','debugging')) {
// This might be more common. Mixed error text and some XML.
// If we're configured for debugging, show the text. Proceed in either case.
notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
}
$xml = simplexml_load_string($res); $xml = simplexml_load_string($res);
$status = (int) $xml->status; $status = (int) $xml->status;
@ -284,9 +302,7 @@ function dfrn_confirm_post(&$a) {
notice( t("Confirmation completed successfully") . EOL); notice( t("Confirmation completed successfully") . EOL);
break; break;
case 1: case 1:
// birthday paradox - generate new dfrn-id and fall through. // birthday paradox - generate new dfrn-id and fall through.
$new_dfrn_id = random_string(); $new_dfrn_id = random_string();
$r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", $r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($new_dfrn_id), dbesc($new_dfrn_id),
@ -314,6 +330,7 @@ function dfrn_confirm_post(&$a) {
); );
} }
if($status != 0) if($status != 0)
return; return;