diff --git a/include/diaspora.php b/include/diaspora.php index f03486fc21..d61ec016c7 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -2852,9 +2852,6 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); // $theiraddr = $contact['addr']; - $body = $item['body']; - $text = html_entity_decode(bb2diaspora($body)); - // Diaspora doesn't support threaded comments, but some // versions of Diaspora (i.e. Diaspora-pistos) support // likes on comments @@ -2905,61 +2902,57 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { // fetch the original signature if the relayable was created by a Diaspora // or DFRN user. Relayables for other networks are not supported. -/* $r = q("select * from sign where " . $sql_sign_id . " = %d limit 1", + $r = q("SELECT `signed_text`, `signature`, `signer` FROM `sign` WHERE " . $sql_sign_id . " = %d LIMIT 1", intval($item['id']) ); - if(count($r)) { + if(count($r)) { $orig_sign = $r[0]; $signed_text = $orig_sign['signed_text']; $authorsig = $orig_sign['signature']; $handle = $orig_sign['signer']; + + // Friendica servers lower than 3.5 had double encoded the signature ... + if (substr($authorsig, -1, 1) != "=") + $authorsig = base64_decode($authorsig); + + // Split the signed text + $signed_parts = explode(";", $signed_text); + + // Remove the parent guid + array_shift($signed_parts); + + // Remove the comment guid + array_shift($signed_parts); + + // Remove the handle + array_pop($signed_parts); + + // Glue the parts together + $text = implode(";", $signed_parts); } else { + // This part is meant for cases where we don't have the signatur. (Which shouldn't happen with posts from Diaspora and Friendica) + // This means that the comment won't be accepted by newer Diaspora servers - // Author signature information (for likes, comments, and retractions of likes or comments, - // whether from Diaspora or Friendica) must be placed in the `sign` table before this - // function is called - logger('diaspora_send_relay: original author signature not found, cannot send relayable'); - return; - }*/ + $body = $item['body']; + $text = html_entity_decode(bb2diaspora($body)); - /* Since the author signature is only checked by the parent, not by the relay recipients, - * I think it may not be necessary for us to do so much work to preserve all the original - * signatures. The important thing that Diaspora DOES need is the original creator's handle. - * Let's just generate that and forget about all the original author signature stuff. - * - * Note: this might be more of an problem if we want to support likes on comments for older - * versions of Diaspora (diaspora-pistos), but since there are a number of problems with - * doing that, let's ignore it for now. - * - * Currently, only DFRN contacts are supported. StatusNet shouldn't be hard, but it hasn't - * been done yet - */ + $handle = diaspora_handle_from_contact($item['contact-id']); + if(! $handle) + return; - $handle = diaspora_handle_from_contact($item['contact-id']); - if(! $handle) - return; + if($relay_retract) + $signed_text = $item['guid'] . ';' . $target_type; + elseif($like) + $signed_text = $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $positive . ';' . $handle; + else + $signed_text = $item['guid'] . ';' . $parent['guid'] . ';' . $text . ';' . $handle; - - if($relay_retract) - $sender_signed_text = $item['guid'] . ';' . $target_type; - elseif($like) - $sender_signed_text = $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $positive . ';' . $handle; - else - $sender_signed_text = $item['guid'] . ';' . $parent['guid'] . ';' . $text . ';' . $handle; + $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); + } // Sign the relayable with the top-level owner's signature - // - // We'll use the $sender_signed_text that we just created, instead of the $signed_text - // stored in the database, because that provides the best chance that Diaspora will - // be able to reconstruct the signed text the same way we did. This is particularly a - // concern for the comment, whose signed text includes the text of the comment. The - // smallest change in the text of the comment, including removing whitespace, will - // make the signature verification fail. Since we translate from BB code to Diaspora's - // markup at the top of this function, which is AFTER we placed the original $signed_text - // in the database, it's hazardous to trust the original $signed_text. - - $parentauthorsig = base64_encode(rsa_sign($sender_signed_text,$owner['uprvkey'],'sha256')); + $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); $msg = replace_macros($tpl,array( '$guid' => xmlify($item['guid']), diff --git a/include/items.php b/include/items.php index a74ca3b360..b7a759a3b5 100644 --- a/include/items.php +++ b/include/items.php @@ -2643,7 +2643,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) logger('consume_feed: feed item count = ' . $feed->get_item_quantity()); - // in inverse date order + // in inverse date order if ($datedir) $items = array_reverse($feed->get_items()); else diff --git a/include/notifier.php b/include/notifier.php index 92e48c3554..6c42f19c6a 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -535,7 +535,7 @@ function notifier_run(&$argv, &$argc){ if($public_message) { - if (!$followup) + if (!$followup AND $top_level) $r0 = diaspora_fetch_relay(); else $r0 = array(); diff --git a/mod/item.php b/mod/item.php index 80a10179e8..8c5a479646 100644 --- a/mod/item.php +++ b/mod/item.php @@ -900,7 +900,7 @@ function item_post(&$a) { // Store the comment signature information in case we need to relay to Diaspora - store_diaspora_comment_sig($datarray, $author, ($self ? $a->user['prvkey'] : false), $parent_item, $post_id); + store_diaspora_comment_sig($datarray, $author, ($self ? $user['prvkey'] : false), $parent_item, $post_id); } else { $parent = $post_id; @@ -1271,7 +1271,7 @@ function store_diaspora_comment_sig($datarray, $author, $uprvkey, $parent_item, $signed_text = $datarray['guid'] . ';' . $parent_item['guid'] . ';' . $signed_body . ';' . $diaspora_handle; if( $uprvkey !== false ) - $authorsig = base64_encode(rsa_sign($signed_text,$uprvkey,'sha256')); + $authorsig = rsa_sign($signed_text,$uprvkey,'sha256'); else $authorsig = '';