From 78c9e29aa87feff1cea5efe76c9d1291914b28ab Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Mon, 16 Jul 2018 05:48:51 +0000
Subject: [PATCH 1/2] Don't accept posts from unknown owners

---
 src/Protocol/DFRN.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php
index 60daa378c8..4c4f629d0d 100644
--- a/src/Protocol/DFRN.php
+++ b/src/Protocol/DFRN.php
@@ -1556,6 +1556,7 @@ class DFRN
 				logger("Contact ".$author["link"]." wasn't found for user ".$importer["importer_uid"]." XML: ".$xml, LOGGER_DEBUG);
 			}
 
+			$author["contact-unknown"] = true;
 			$author["contact-id"] = $importer["id"];
 			$author["network"] = $importer["network"];
 			$onlyfetch = true;
@@ -2431,6 +2432,8 @@ class DFRN
 		// Fetch the owner
 		$owner = self::fetchauthor($xpath, $entry, $importer, "dfrn:owner", true);
 
+		$owner_unknown = (isset($owner["contact-unknown"]) && $owner["contact-unknown"]);
+
 		$item["owner-link"] = $owner["link"];
 		$item["owner-id"] = Contact::getIdForURL($owner["link"], 0);
 
@@ -2621,6 +2624,11 @@ class DFRN
 			$item["type"] = "remote-comment";
 			$item["wall"] = 1;
 		} elseif ($entrytype == DFRN::TOP_LEVEL) {
+			if ($owner_unknown) {
+				logger("Item won't be stored because user " . $importer["importer_uid"] . " doesn't follow " . $item["owner-link"] . ".", LOGGER_DEBUG);
+				return;
+			}
+
 			if (!isset($item["object-type"])) {
 				$item["object-type"] = ACTIVITY_OBJ_NOTE;
 			}

From 95fe08e5b96738b216b1ee70e624d70f378316cf Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Mon, 16 Jul 2018 06:34:12 +0000
Subject: [PATCH 2/2] Ensure that "follow" requests can be processed

---
 src/Protocol/DFRN.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php
index 4c4f629d0d..79fa000f17 100644
--- a/src/Protocol/DFRN.php
+++ b/src/Protocol/DFRN.php
@@ -2624,17 +2624,12 @@ class DFRN
 			$item["type"] = "remote-comment";
 			$item["wall"] = 1;
 		} elseif ($entrytype == DFRN::TOP_LEVEL) {
-			if ($owner_unknown) {
-				logger("Item won't be stored because user " . $importer["importer_uid"] . " doesn't follow " . $item["owner-link"] . ".", LOGGER_DEBUG);
-				return;
-			}
-
 			if (!isset($item["object-type"])) {
 				$item["object-type"] = ACTIVITY_OBJ_NOTE;
 			}
 
 			// Is it an event?
-			if ($item["object-type"] == ACTIVITY_OBJ_EVENT) {
+			if (($item["object-type"] == ACTIVITY_OBJ_EVENT) && !$owner_unknown) {
 				logger("Item ".$item["uri"]." seems to contain an event.", LOGGER_DEBUG);
 				$ev = Event::fromBBCode($item["body"]);
 				if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) {
@@ -2667,6 +2662,13 @@ class DFRN
 			return;
 		}
 
+		// This check is done here to be able to receive connection requests in "processVerbs"
+		if (($entrytype == DFRN::TOP_LEVEL) && $owner_unknown) {
+			logger("Item won't be stored because user " . $importer["importer_uid"] . " doesn't follow " . $item["owner-link"] . ".", LOGGER_DEBUG);
+			return;
+		}
+
+
 		// Update content if 'updated' changes
 		if (DBM::is_result($current)) {
 			if (self::updateContent($current, $item, $importer, $entrytype)) {