Merge pull request #2470 from annando/1604-gprobe
Some gcontact stuff and DDoS/Spam prevention
This commit is contained in:
commit
19a24d6ada
2 changed files with 31 additions and 8 deletions
|
@ -174,8 +174,6 @@ function poco_check($profile_url, $name, $network, $profile_photo, $about, $loca
|
||||||
|
|
||||||
$gcid = "";
|
$gcid = "";
|
||||||
|
|
||||||
$alternate = poco_alternate_ostatus_url($profile_url);
|
|
||||||
|
|
||||||
if ($profile_url == "")
|
if ($profile_url == "")
|
||||||
return $gcid;
|
return $gcid;
|
||||||
|
|
||||||
|
@ -187,13 +185,19 @@ function poco_check($profile_url, $name, $network, $profile_photo, $about, $loca
|
||||||
"identi.ca", "alpha.app.net")))
|
"identi.ca", "alpha.app.net")))
|
||||||
return $gcid;
|
return $gcid;
|
||||||
|
|
||||||
$orig_updated = $updated;
|
|
||||||
|
|
||||||
// Don't store the statusnet connector as network
|
// Don't store the statusnet connector as network
|
||||||
// We can't simply set this to NETWORK_OSTATUS since the connector could have fetched posts from friendica as well
|
// We can't simply set this to NETWORK_OSTATUS since the connector could have fetched posts from friendica as well
|
||||||
if ($network == NETWORK_STATUSNET)
|
if ($network == NETWORK_STATUSNET)
|
||||||
$network = "";
|
$network = "";
|
||||||
|
|
||||||
|
// Assure that there are no parameter fragments in the profile url
|
||||||
|
if (in_array($network, array(NETWORK_DFRN, NETWORK_DIASPORA, NETWORK_OSTATUS, "")))
|
||||||
|
$profile_url = clean_contact_url($profile_url);
|
||||||
|
|
||||||
|
$alternate = poco_alternate_ostatus_url($profile_url);
|
||||||
|
|
||||||
|
$orig_updated = $updated;
|
||||||
|
|
||||||
// The global contacts should contain the original picture, not the cached one
|
// The global contacts should contain the original picture, not the cached one
|
||||||
if (($generation != 1) AND stristr(normalise_link($profile_photo), normalise_link($a->get_baseurl()."/photo/")))
|
if (($generation != 1) AND stristr(normalise_link($profile_photo), normalise_link($a->get_baseurl()."/photo/")))
|
||||||
$profile_photo = "";
|
$profile_photo = "";
|
||||||
|
@ -1448,8 +1452,15 @@ function get_gcontact_id($contact) {
|
||||||
$r = q("SELECT `id` FROM `gcontact` WHERE `nurl` = '%s' ORDER BY `id` LIMIT 2",
|
$r = q("SELECT `id` FROM `gcontact` WHERE `nurl` = '%s' ORDER BY `id` LIMIT 2",
|
||||||
dbesc(normalise_link($contact["url"])));
|
dbesc(normalise_link($contact["url"])));
|
||||||
|
|
||||||
if ($r)
|
if ($r) {
|
||||||
$gcontact_id = $r[0]["id"];
|
$gcontact_id = $r[0]["id"];
|
||||||
|
|
||||||
|
// Complete newly added contacts from "probable" accounts
|
||||||
|
if (in_array($contact["network"], array(NETWORK_DFRN, NETWORK_OSTATUS, NETWORK_DIASPORA, NETWORK_FEED))) {
|
||||||
|
logger("Probing ".$contact["url"], LOGGER_DEBUG);
|
||||||
|
proc_run('php', 'include/gprobe.php', bin2hex($contact["url"]));
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((count($r) > 1) AND ($gcontact_id > 0) AND ($contact["url"] != ""))
|
if ((count($r) > 1) AND ($gcontact_id > 0) AND ($contact["url"] != ""))
|
||||||
|
|
12
index.php
12
index.php
|
@ -117,9 +117,21 @@ if((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if((x($_GET,'zrl')) && (!$install && !$maintenance)) {
|
if((x($_GET,'zrl')) && (!$install && !$maintenance)) {
|
||||||
|
// Only continue when the given profile link seems valid
|
||||||
|
// Valid profile links contain a path with "/profile/" and no query parameters
|
||||||
|
if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") AND
|
||||||
|
strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) {
|
||||||
$_SESSION['my_url'] = $_GET['zrl'];
|
$_SESSION['my_url'] = $_GET['zrl'];
|
||||||
$a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is','',$a->query_string);
|
$a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is','',$a->query_string);
|
||||||
zrl_init($a);
|
zrl_init($a);
|
||||||
|
} else {
|
||||||
|
// Someone came with an invalid parameter, maybe as a DDoS attempt
|
||||||
|
// We simply stop processing here
|
||||||
|
logger("Invalid ZRL parameter ".$_GET['zrl'], LOGGER_DEBUG);
|
||||||
|
header('HTTP/1.1 403 Forbidden');
|
||||||
|
echo "<h1>403 Forbidden</h1>";
|
||||||
|
killme();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in a new issue