From be001d171b385af3650cb8152542f3a60c645f63 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Tue, 15 Mar 2016 20:14:08 +0100 Subject: [PATCH] Values are sanitized, messages are not relayed when there is no signature --- include/diaspora.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/include/diaspora.php b/include/diaspora.php index d5f2a21d9e..f4e3132959 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -221,7 +221,9 @@ class diaspora { logger('Message verified.'); - return array('message' => $inner_decrypted, 'author' => $author_link, 'key' => $key); + return array('message' => (string)$inner_decrypted, + 'author' => unxmlify($author_link), + 'key' => (string)$key); } @@ -1801,7 +1803,8 @@ class diaspora { if ($data->photo) { foreach ($data->photo AS $photo) - $body = "[img]".$photo->remote_photo_path.$photo->remote_photo_name."[/img]\n".$body; + $body = "[img]".unxmlify($photo->remote_photo_path). + unxmlify($photo->remote_photo_name)."[/img]\n".$body; $datarray["object-type"] = ACTIVITY_OBJ_PHOTO; } else { @@ -2355,8 +2358,10 @@ class diaspora { $r = q("SELECT `signed_text`, `signature`, `signer` FROM `sign` WHERE `".$sql_sign_id."` = %d LIMIT 1", intval($item["id"])); - if (!$r) - return self::send_followup($item, $owner, $contact, $public_batch); + if (!$r) { + logger("Couldn't fetch signatur for contact ".$contact["addr"]." at item ".$item["guid"]." (".$item["id"].")", LOGGER_DEBUG); + return false; + } $signature = $r[0];