Merge branch 'hotfix_diaspora' into develop

This commit is contained in:
Fabrixxm 2016-01-20 08:50:18 +01:00
commit 7e83ba090f
4 changed files with 41 additions and 48 deletions

View file

@ -2852,9 +2852,6 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) {
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
// $theiraddr = $contact['addr']; // $theiraddr = $contact['addr'];
$body = $item['body'];
$text = html_entity_decode(bb2diaspora($body));
// Diaspora doesn't support threaded comments, but some // Diaspora doesn't support threaded comments, but some
// versions of Diaspora (i.e. Diaspora-pistos) support // versions of Diaspora (i.e. Diaspora-pistos) support
// likes on comments // likes on comments
@ -2905,61 +2902,57 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) {
// fetch the original signature if the relayable was created by a Diaspora // fetch the original signature if the relayable was created by a Diaspora
// or DFRN user. Relayables for other networks are not supported. // or DFRN user. Relayables for other networks are not supported.
/* $r = q("select * from sign where " . $sql_sign_id . " = %d limit 1", $r = q("SELECT `signed_text`, `signature`, `signer` FROM `sign` WHERE " . $sql_sign_id . " = %d LIMIT 1",
intval($item['id']) intval($item['id'])
); );
if(count($r)) { if(count($r)) {
$orig_sign = $r[0]; $orig_sign = $r[0];
$signed_text = $orig_sign['signed_text']; $signed_text = $orig_sign['signed_text'];
$authorsig = $orig_sign['signature']; $authorsig = $orig_sign['signature'];
$handle = $orig_sign['signer']; $handle = $orig_sign['signer'];
// Friendica servers lower than 3.5 had double encoded the signature ...
if (substr($authorsig, -1, 1) != "=")
$authorsig = base64_decode($authorsig);
// Split the signed text
$signed_parts = explode(";", $signed_text);
// Remove the parent guid
array_shift($signed_parts);
// Remove the comment guid
array_shift($signed_parts);
// Remove the handle
array_pop($signed_parts);
// Glue the parts together
$text = implode(";", $signed_parts);
} }
else { else {
// This part is meant for cases where we don't have the signatur. (Which shouldn't happen with posts from Diaspora and Friendica)
// This means that the comment won't be accepted by newer Diaspora servers
// Author signature information (for likes, comments, and retractions of likes or comments, $body = $item['body'];
// whether from Diaspora or Friendica) must be placed in the `sign` table before this $text = html_entity_decode(bb2diaspora($body));
// function is called
logger('diaspora_send_relay: original author signature not found, cannot send relayable');
return;
}*/
/* Since the author signature is only checked by the parent, not by the relay recipients, $handle = diaspora_handle_from_contact($item['contact-id']);
* I think it may not be necessary for us to do so much work to preserve all the original if(! $handle)
* signatures. The important thing that Diaspora DOES need is the original creator's handle. return;
* Let's just generate that and forget about all the original author signature stuff.
*
* Note: this might be more of an problem if we want to support likes on comments for older
* versions of Diaspora (diaspora-pistos), but since there are a number of problems with
* doing that, let's ignore it for now.
*
* Currently, only DFRN contacts are supported. StatusNet shouldn't be hard, but it hasn't
* been done yet
*/
$handle = diaspora_handle_from_contact($item['contact-id']); if($relay_retract)
if(! $handle) $signed_text = $item['guid'] . ';' . $target_type;
return; elseif($like)
$signed_text = $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $positive . ';' . $handle;
else
$signed_text = $item['guid'] . ';' . $parent['guid'] . ';' . $text . ';' . $handle;
$authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256'));
if($relay_retract) }
$sender_signed_text = $item['guid'] . ';' . $target_type;
elseif($like)
$sender_signed_text = $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $positive . ';' . $handle;
else
$sender_signed_text = $item['guid'] . ';' . $parent['guid'] . ';' . $text . ';' . $handle;
// Sign the relayable with the top-level owner's signature // Sign the relayable with the top-level owner's signature
// $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256'));
// We'll use the $sender_signed_text that we just created, instead of the $signed_text
// stored in the database, because that provides the best chance that Diaspora will
// be able to reconstruct the signed text the same way we did. This is particularly a
// concern for the comment, whose signed text includes the text of the comment. The
// smallest change in the text of the comment, including removing whitespace, will
// make the signature verification fail. Since we translate from BB code to Diaspora's
// markup at the top of this function, which is AFTER we placed the original $signed_text
// in the database, it's hazardous to trust the original $signed_text.
$parentauthorsig = base64_encode(rsa_sign($sender_signed_text,$owner['uprvkey'],'sha256'));
$msg = replace_macros($tpl,array( $msg = replace_macros($tpl,array(
'$guid' => xmlify($item['guid']), '$guid' => xmlify($item['guid']),

View file

@ -2643,7 +2643,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
logger('consume_feed: feed item count = ' . $feed->get_item_quantity()); logger('consume_feed: feed item count = ' . $feed->get_item_quantity());
// in inverse date order // in inverse date order
if ($datedir) if ($datedir)
$items = array_reverse($feed->get_items()); $items = array_reverse($feed->get_items());
else else

View file

@ -535,7 +535,7 @@ function notifier_run(&$argv, &$argc){
if($public_message) { if($public_message) {
if (!$followup) if (!$followup AND $top_level)
$r0 = diaspora_fetch_relay(); $r0 = diaspora_fetch_relay();
else else
$r0 = array(); $r0 = array();

View file

@ -900,7 +900,7 @@ function item_post(&$a) {
// Store the comment signature information in case we need to relay to Diaspora // Store the comment signature information in case we need to relay to Diaspora
store_diaspora_comment_sig($datarray, $author, ($self ? $a->user['prvkey'] : false), $parent_item, $post_id); store_diaspora_comment_sig($datarray, $author, ($self ? $user['prvkey'] : false), $parent_item, $post_id);
} else { } else {
$parent = $post_id; $parent = $post_id;
@ -1271,7 +1271,7 @@ function store_diaspora_comment_sig($datarray, $author, $uprvkey, $parent_item,
$signed_text = $datarray['guid'] . ';' . $parent_item['guid'] . ';' . $signed_body . ';' . $diaspora_handle; $signed_text = $datarray['guid'] . ';' . $parent_item['guid'] . ';' . $signed_body . ';' . $diaspora_handle;
if( $uprvkey !== false ) if( $uprvkey !== false )
$authorsig = base64_encode(rsa_sign($signed_text,$uprvkey,'sha256')); $authorsig = rsa_sign($signed_text,$uprvkey,'sha256');
else else
$authorsig = ''; $authorsig = '';