From d7b56db99680e4397f571bb19447039d0c0a2b15 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Wed, 3 May 2017 19:28:51 +0000
Subject: [PATCH] Diaspora: Better handling for unrelayed comments and likes

---
 include/diaspora.php | 39 ++++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/include/diaspora.php b/include/diaspora.php
index 8640e2d6a7..121357829a 100644
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -333,19 +333,20 @@ class Diaspora {
 			return false;
 		}
 
-		if (!self::valid_posting($msg, $fields)) {
+		if (!($postdata = self::valid_posting($msg))) {
 			logger("Invalid posting");
 			return false;
 		}
 
-		// Is it a an action (comment, like, ...) for our own post?
-		if (isset($fields->parent_guid)) {
-			$guid = notags(unxmlify($fields->parent_guid));
+		$fields = $postdata['fields'];
 
+		// Is it a an action (comment, like, ...) for our own post?
+		if (isset($fields->parent_guid) AND !$postdata["relayed"]) {
+			$guid = notags(unxmlify($fields->parent_guid));
 			$importer = self::importer_for_guid($guid);
 			if (is_array($importer)) {
 				logger("delivering to origin: ".$importer["name"]);
-				$message_id = self::dispatch($importer, $msg);
+				$message_id = self::dispatch($importer, $msg, $fields);
 				return $message_id;
 			}
 		}
@@ -361,14 +362,14 @@ class Diaspora {
 		if (dbm::is_result($r)) {
 			foreach ($r as $rr) {
 				logger("delivering to: ".$rr["username"]);
-				self::dispatch($rr, $msg);
+				self::dispatch($rr, $msg, $fields);
 			}
 		} elseif (!Config::get('system', 'relay_subscribe', false)) {
-			logger("Unwanted message from ".$sender." send by ".$_SERVER["REMOTE_ADDR"]." with ".$_SERVER["HTTP_USER_AGENT"].": ".print_r($msg, true), LOGGER_DEBUG);
+			logger("Unwanted message from ".$msg["author"]." send by ".$_SERVER["REMOTE_ADDR"]." with ".$_SERVER["HTTP_USER_AGENT"].": ".print_r($msg, true), LOGGER_DEBUG);
 		} else {
 			// Use a dummy importer to import the data for the public copy
 			$importer = array("uid" => 0, "page-flags" => PAGE_FREELOVE);
-			$message_id = self::dispatch($importer, $msg);
+			$message_id = self::dispatch($importer, $msg, $fields);
 		}
 
 		return $message_id;
@@ -382,15 +383,19 @@ class Diaspora {
 	 *
 	 * @return int The message id of the generated message, "true" or "false" if there was an error
 	 */
-	public static function dispatch($importer, $msg) {
+	public static function dispatch($importer, $msg, $fields = null) {
 
 		// The sender is the handle of the contact that sent the message.
 		// This will often be different with relayed messages (for example "like" and "comment")
 		$sender = $msg["author"];
 
-		if (!self::valid_posting($msg, $fields)) {
-			logger("Invalid posting");
-			return false;
+		// This is only needed for private postings since this is already done for public ones before
+		if (is_null($fields)) {
+			if (!($postdata = self::valid_posting($msg))) {
+				logger("Invalid posting");
+				return false;
+			}
+			$fields = $postdata['fields'];
 		}
 
 		$type = $fields->getName();
@@ -456,7 +461,7 @@ class Diaspora {
 	 *
 	 * @return bool Is the posting valid?
 	 */
-	private static function valid_posting($msg, &$fields) {
+	private static function valid_posting($msg) {
 
 		$data = parse_xml_string($msg["message"], false);
 
@@ -552,7 +557,7 @@ class Diaspora {
 
 		// Only some message types have signatures. So we quit here for the other types.
 		if (!in_array($type, array("comment", "message", "like")))
-			return true;
+			return array("fields" => $fields, "relayed" => false);
 
 		// No author_signature? This is a must, so we quit.
 		if (!isset($author_signature)) {
@@ -561,12 +566,16 @@ class Diaspora {
 		}
 
 		if (isset($parent_author_signature)) {
+			$relayed = true;
+
 			$key = self::key($msg["author"]);
 
 			if (!rsa_verify($signed_data, $parent_author_signature, $key, "sha256")) {
 				logger("No valid parent author signature for parent author ".$msg["author"]. " in type ".$type." - signed data: ".$signed_data." - Message: ".$msg["message"]." - Signature ".$parent_author_signature, LOGGER_DEBUG);
 				return false;
 			}
+		} else {
+			$relayed = false;
 		}
 
 		$key = self::key($fields->author);
@@ -575,7 +584,7 @@ class Diaspora {
 			logger("No valid author signature for author ".$fields->author. " in type ".$type." - signed data: ".$signed_data." - Message: ".$msg["message"]." - Signature ".$author_signature, LOGGER_DEBUG);
 			return false;
 		} else
-			return true;
+			return array("fields" => $fields, "relayed" => $relayed);
 	}
 
 	/**