From 771163e86056b92713577e55d0b5a3de7299cca4 Mon Sep 17 00:00:00 2001 From: Adam Magness Date: Sat, 13 Jan 2018 09:36:21 -0500 Subject: [PATCH 1/3] Move auto_redir function move function into dfrn, rename and update a db insert --- src/Protocol/DFRN.php | 91 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 509d05e6c6..094c37717a 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -8,6 +8,7 @@ */ namespace Friendica\Protocol; +use Friendica\App; use Friendica\Content\OEmbed; use Friendica\Core\Config; use Friendica\Core\System; @@ -3080,4 +3081,94 @@ class DFRN logger("Import done for user " . $importer["uid"] . " from contact " . $importer["id"], LOGGER_DEBUG); return 200; } + + /** + * @param App $a App + * @param string $contact_nick contact nickname + */ + public static function autoRedir(App $a, $contact_nick) + { + // prevent looping + if (x($_REQUEST, 'redir') && intval($_REQUEST['redir'])) { + return; + } + + if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) { + return; + } + + if (local_user()) { + // We need to find out if $contact_nick is a user on this hub, and if so, if I + // am a contact of that user. However, that user may have other contacts with the + // same nickname as me on other hubs or other networks. Exclude these by requiring + // that the contact have a local URL. I will be the only person with my nickname at + // this URL, so if a result is found, then I am a contact of the $contact_nick user. + // + // We also have to make sure that I'm a legitimate contact--I'm not blocked or pending. + + $baseurl = System::baseUrl(); + $domain_st = strpos($baseurl, "://"); + if ($domain_st === false) { + return; + } + $baseurl = substr($baseurl, $domain_st + 3); + $nurl = normalise_link($baseurl); + + /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange. + $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1) + AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1", + dbesc($contact_nick), + dbesc($a->user['nickname']), + dbesc($baseurl), + dbesc($nurl) + ); + if ((! DBM::is_result($r)) || $r[0]['id'] == remote_user()) { + return; + } + + $r = q("SELECT * FROM contact WHERE nick = '%s' + AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1", + dbesc($contact_nick), + dbesc(NETWORK_DFRN), + intval(local_user()), + dbesc($baseurl) + ); + if (! DBM::is_result($r)) { + return; + } + + $cid = $r[0]['id']; + + $dfrn_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']); + + if ($r[0]['duplex'] && $r[0]['issued-id']) { + $orig_id = $r[0]['issued-id']; + $dfrn_id = '1:' . $orig_id; + } + if ($r[0]['duplex'] && $r[0]['dfrn-id']) { + $orig_id = $r[0]['dfrn-id']; + $dfrn_id = '0:' . $orig_id; + } + + // ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode + // that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues + + if (strlen($dfrn_id) < 3) { + return; + } + + $sec = random_string(); + + dba::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]); + + $url = curPageURL(); + + logger('auto_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); + $dest = (($url) ? '&destination_url=' . $url : ''); + goaway($r[0]['poll'] . '?dfrn_id=' . $dfrn_id + . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest); + } + + return; + } } From 7635421d78e1b856fd409d9d7ef0cca7343c4bbf Mon Sep 17 00:00:00 2001 From: Adam Magness Date: Sat, 13 Jan 2018 09:40:34 -0500 Subject: [PATCH 2/3] Update function calls update function calls and remove require_once --- mod/cal.php | 5 ++--- mod/photos.php | 4 ++-- mod/profile.php | 8 +++++--- mod/videos.php | 8 +++++--- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/mod/cal.php b/mod/cal.php index 51a66613ee..dece5ac188 100644 --- a/mod/cal.php +++ b/mod/cal.php @@ -1,5 +1,4 @@ argc > 1) { - auto_redir($a, $a->argv[1]); + DFRN::autoRedir($a, $a->argv[1]); } if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) { diff --git a/mod/photos.php b/mod/photos.php index ab0ad75013..bc87347986 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -13,19 +13,19 @@ use Friendica\Model\Group; use Friendica\Model\Photo; use Friendica\Network\Probe; use Friendica\Object\Image; +use Friendica\Protocol\DFRN; require_once 'include/items.php'; require_once 'include/acl_selectors.php'; require_once 'include/bbcode.php'; require_once 'include/security.php'; -require_once 'include/redir.php'; require_once 'include/tags.php'; require_once 'include/threads.php'; function photos_init(App $a) { if ($a->argc > 1) { - auto_redir($a, $a->argv[1]); + DFRN::autoRedir($a, $a->argv[1]); } if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { diff --git a/mod/profile.php b/mod/profile.php index ce2c5348d9..0dd723379c 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -1,5 +1,7 @@ user['nickname']; $profile = htmlspecialchars($a->argv[1]); } else { - auto_redir($a, $which); + DFRN::autoRedir($a, $which); } profile_load($a, $which, $profile); diff --git a/mod/videos.php b/mod/videos.php index a7759f7419..640c2a3b55 100644 --- a/mod/videos.php +++ b/mod/videos.php @@ -1,5 +1,7 @@ argc > 1) - auto_redir($a, $a->argv[1]); + DFRN::autoRedir($a, $a->argv[1]); if((Config::get('system','block_public')) && (! local_user()) && (! remote_user())) { return; From 4e7657da99f35451150dbec3aeb8d61804d1e691 Mon Sep 17 00:00:00 2001 From: Adam Magness Date: Sat, 13 Jan 2018 09:41:26 -0500 Subject: [PATCH 3/3] Remove redir.php remove old file --- include/redir.php | 100 ---------------------------------------------- 1 file changed, 100 deletions(-) delete mode 100644 include/redir.php diff --git a/include/redir.php b/include/redir.php deleted file mode 100644 index dac03f92c7..0000000000 --- a/include/redir.php +++ /dev/null @@ -1,100 +0,0 @@ -user['nickname'])) { - return; - } - - if (local_user()) { - // We need to find out if $contact_nick is a user on this hub, and if so, if I - // am a contact of that user. However, that user may have other contacts with the - // same nickname as me on other hubs or other networks. Exclude these by requiring - // that the contact have a local URL. I will be the only person with my nickname at - // this URL, so if a result is found, then I am a contact of the $contact_nick user. - // - // We also have to make sure that I'm a legitimate contact--I'm not blocked or pending. - - $baseurl = System::baseUrl(); - $domain_st = strpos($baseurl, "://"); - if ($domain_st === false) { - return; - } - $baseurl = substr($baseurl, $domain_st + 3); - $nurl = normalise_link($baseurl); - - /// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange. - $r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1) - AND `nick` = '%s' AND NOT `self` AND (`url` LIKE '%%%s%%' OR `nurl` LIKE '%%%s%%') AND NOT `blocked` AND NOT `pending` LIMIT 1", - dbesc($contact_nick), - dbesc($a->user['nickname']), - dbesc($baseurl), - dbesc($nurl) - ); - if ((! DBM::is_result($r)) || $r[0]['id'] == remote_user()) { - return; - } - - $r = q("SELECT * FROM contact WHERE nick = '%s' - AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1", - dbesc($contact_nick), - dbesc(NETWORK_DFRN), - intval(local_user()), - dbesc($baseurl) - ); - if (! DBM::is_result($r)) { - return; - } - - $cid = $r[0]['id']; - - $dfrn_id = (($r[0]['issued-id']) ? $r[0]['issued-id'] : $r[0]['dfrn-id']); - - if ($r[0]['duplex'] && $r[0]['issued-id']) { - $orig_id = $r[0]['issued-id']; - $dfrn_id = '1:' . $orig_id; - } - if ($r[0]['duplex'] && $r[0]['dfrn-id']) { - $orig_id = $r[0]['dfrn-id']; - $dfrn_id = '0:' . $orig_id; - } - - // ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode - // that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues - - if (strlen($dfrn_id) < 3) { - return; - } - - $sec = random_string(); - - q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`) - VALUES( %d, %s, '%s', '%s', %d )", - intval(local_user()), - intval($cid), - dbesc($dfrn_id), - dbesc($sec), - intval(time() + 45) - ); - - $url = curPageURL(); - - logger('auto_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); - $dest = (($url) ? '&destination_url=' . $url : ''); - goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id - . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest ); - } - - return; -} - -