strk/friendica
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Reworked "remote" cookie handling

Browse source
This commit is contained in:
Michael 2019-09-25 22:24:17 +00:00
parent d5c37001cd
commit ec66553032
13 changed files with 106 additions and 192 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
boot.php
View file

@ -23,6 +23,7 @@ use Friendica\Core\Config;
use Friendica\Core\PConfig;
use Friendica\Core\Protocol;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Term;
@ -426,14 +427,8 @@ function remote_user($uid = null)
return false;
}
if (!is_null($uid) && !empty($_SESSION['remote'])) {
/// @todo replace it with this:
// if (!empty($_SESSION['remote'][$uid])) ...
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $uid) {
return $visitor['cid'];
}
}
if (!is_null($uid)) {
return Session::getVisitorContactIDForUserID($uid);
} elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) {
return intval($_SESSION['visitor_id']);
}

10
include/items.php
View file

@ -362,14 +362,8 @@ function drop_item($id, $return = '')
$contact_id = 0;
// check if logged in user is either the author or owner of this item
if (!empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
$contact_id = $visitor['cid'];
break;
}
}
if (remote_user($item['uid']) == $item['contact-id']) {
$contact_id = $item['contact-id'];
}
if ((local_user() == $item['uid']) || $contact_id) {

9
mod/cal.php
View file

@ -113,13 +113,8 @@ function cal_content(App $a)
$owner_uid = intval($a->data['user']['uid']);
$nick = $a->data['user']['nickname'];
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['profile_uid']) {
$contact_id = $v['cid'];
break;
}
}
if (!empty(remote_user($a->profile['profile_uid']))) {
$contact_id = remote_user($a->profile['profile_uid']);
}
$groups = [];

5
mod/dfrn_poll.php
View file

@ -114,7 +114,7 @@ function dfrn_poll_init(App $a)
$_SESSION['remote'] = [];
}
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
$_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
@ -521,7 +521,8 @@ function dfrn_poll_content(App $a)
$_SESSION['remote'] = [];
}
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
$_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_visiting'] = $r[0]['uid'];

14
mod/item.php
View file

@ -348,18 +348,8 @@ function item_post(App $a) {
if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
$self = true;
$author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]);
} elseif (remote_user()) {
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $profile_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$author = DBA::selectFirst('contact', [], ['id' => $contact_id]);
}
} elseif (!empty(remote_user($profile_uid))) {
$author = DBA::selectFirst('contact', [], ['id' => remote_user($profile_uid)]);
}
if (DBA::isResult($author)) {

57
mod/photos.php
View file

@ -154,14 +154,12 @@ function photos_post(App $a)
if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
} elseif ($community_page && remote_user($page_owner_uid)) {
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
$contact_id = remote_user($page_owner_uid);
if ($contact_id > 0) {
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
$can_post = true;
$visitor = $contact_id;
}
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
$can_post = true;
$visitor = $contact_id;
}
}
@ -883,50 +881,27 @@ function photos_content(App $a)
if (local_user() && (local_user() == $owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
} elseif ($community_page && !empty(remote_user($owner_uid))) {
$contact_id = remote_user($owner_uid);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
if ($contact_id) {
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
if (DBA::isResult($contact)) {
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
}
if (DBA::isResult($contact)) {
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
}
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = remote_user($owner_uid);
$groups = Group::getIdsByContactId($contact_id);
if ($contact_id) {
$groups = Group::getIdsByContactId($contact_id);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
$remote_contact = DBA::isResult($contact);
}
$remote_contact = DBA::isResult($contact);
}
if (!$remote_contact && local_user()) {

19
mod/redir.php
View file

@ -66,20 +66,11 @@ function redir_init(App $a) {
// with the local contact. Otherwise the local user would ask the local contact
// for authentification everytime he/she is visiting a profile page of the local
// contact.
if ($host == $remotehost
&& !empty($_SESSION['remote'])
&& is_array($_SESSION['remote']))
{
foreach ($_SESSION['remote'] as $v) {
if (!empty($v['uid']) && !empty($v['cid']) &&
$v['uid'] == Session::get('visitor_visiting') &&
$v['cid'] == Session::get('visitor_id')) {
// Remote user is already authenticated.
$target_url = defaults($url, $contact_url);
Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
$a->redirect($target_url);
}
}
if (($host == $remotehost) && (remote_user(Session::get('visitor_visiting')) == Session::get('visitor_id'))) {
// Remote user is already authenticated.
$target_url = defaults($url, $contact_url);
Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
$a->redirect($target_url);
}
}

42
mod/videos.php
View file

@ -154,44 +154,26 @@ function videos_content(App $a)
if ((local_user()) && (local_user() == $owner_uid)) {
$can_post = true;
} elseif ($community_page && remote_user()) {
if (!empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
} elseif ($community_page && !empty(remote_user($owner_uid))) {
$contact_id = remote_user($owner_uid);
if ($contact_id > 0) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($owner_uid)
);
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
if (DBA::isResult($r)) {
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
}
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && (!$visitor)) {
$contact_id = 0;
if (!empty($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = remote_user($owner_uid);
if ($contact_id > 0) {
$groups = Group::getIdsByContactId($contact_id);

34
mod/wall_attach.php
View file

@ -43,35 +43,21 @@ function wall_attach_post(App $a) {
$page_owner_cid = $r[0]['id'];
$community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false);
if ((local_user()) && (local_user() == $page_owner_uid)) {
if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$contact_id = 0;
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
$contact_id = remote_user($page_owner_uid);
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id > 0) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
}
}
if (DBA::isResult($r)) {
$can_post = true;
}
}
if (! $can_post) {
if (!$can_post) {
if ($r_json) {
echo json_encode(['error' => L10n::t('Permission denied.')]);
exit();

35
mod/wall_upload.php
View file

@ -74,34 +74,21 @@ function wall_upload_post(App $a, $desktopmode = true)
if ((local_user()) && (local_user() == $page_owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
$contact_id = remote_user($page_owner_uid);
if ($contact_id) {
$r = q("SELECT `uid` FROM `contact`
WHERE `blocked` = 0 AND `pending` = 0
AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
$visitor = $contact_id;
}
}
$r = q("SELECT `uid` FROM `contact`
WHERE `blocked` = 0 AND `pending` = 0
AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
$visitor = $contact_id;
}
}
if (!$can_post) {
if ($r_json) {
echo json_encode(['error' => L10n::t('Permission denied.')]);

36
src/Core/Session.php
View file

@ -120,7 +120,7 @@ class Session
'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'],
'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3),
'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'),
'remote' => []
'remote' => [],
]);
$remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
@ -129,9 +129,7 @@ class Session
continue;
}
/// @todo Change it to this format to save space
// $_SESSION['remote'][$contact['uid']] = $contact['id'];
$_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']];
$_SESSION['remote'][$contact['uid']] = $contact['id'];
}
DBA::close($remote_contacts);
@ -216,4 +214,34 @@ class Session
}
}
}
/**
* Returns contact ID for given user ID
*
* @param integer $uid User ID
* @return integer Contact ID of visitor for given user ID
*/
public static function getVisitorContactIDForUserID($uid)
{
if (empty($_SESSION['remote'][$uid])) {
return false;
}
return $_SESSION['remote'][$uid];
}
/**
* Returns User ID for given contact ID of the visitor
*
* @param integer $cid Contact ID
* @return integer User ID for given contact ID of the visitor
*/
public static function getUserIDForVisitorContactID($cid)
{
if (empty($_SESSION['remote'])) {
return false;
}
return array_search($cid, $_SESSION['remote']);
}
}

15
src/Model/Profile.php
View file

@ -248,15 +248,10 @@ class Profile
*/
public static function getByNickname($nickname, $uid = 0, $profile_id = 0)
{
if (remote_user($uid) && !empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $uid) {
$contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]);
if (DBA::isResult($contact)) {
$profile_id = $contact['profile-id'];
}
break;
}
if (!empty(remote_user($uid))) {
$contact = DBA::selectFirst('contact', ['profile-id'], ['id' => remote_user($uid)]);
if (DBA::isResult($contact)) {
$profile_id = $contact['profile-id'];
}
}
@ -1130,7 +1125,7 @@ class Profile
continue;
}
$_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']];
$_SESSION['remote'][$contact['uid']] = $contact['id'];
}
$a->contact = $visitor;

11
src/Object/Post.php
View file

@ -14,8 +14,8 @@ use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\PConfig;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\Session;
use Friendica\Core\Renderer;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Item;
@ -71,13 +71,8 @@ class Post extends BaseObject
$this->setTemplate('wall');
$this->toplevel = $this->getId() == $this->getDataValue('parent');
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['cid'] == $this->getDataValue('contact-id')) {
$this->visiting = true;
break;
}
}
if (!empty(Session::getUserIDForVisitorContactID($this->getDataValue('contact-id')))) {
$this->visiting = true;
}
$this->writable = $this->getDataValue('writable') || $this->getDataValue('self');