Ensure that public contacts can't create toplevel posts
This commit is contained in:
parent
c9f02d534e
commit
1613f2a1c4
|
@ -55,7 +55,6 @@ function dfrn_notify_post(App $a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the user id. This is important if this is a public contact
|
// Set the user id. This is important if this is a public contact
|
||||||
$importer['uid'] = $user['uid'];
|
|
||||||
$importer['importer_uid'] = $user['uid'];
|
$importer['importer_uid'] = $user['uid'];
|
||||||
|
|
||||||
// Now we should be able to import it
|
// Now we should be able to import it
|
||||||
|
|
|
@ -1433,7 +1433,7 @@ class DFRN
|
||||||
$contact_old = dba::fetch_first("SELECT `id`, `uid`, `url`, `network`, `avatar-date`, `avatar`, `name-date`, `uri-date`, `addr`,
|
$contact_old = dba::fetch_first("SELECT `id`, `uid`, `url`, `network`, `avatar-date`, `avatar`, `name-date`, `uri-date`, `addr`,
|
||||||
`name`, `nick`, `about`, `location`, `keywords`, `xmpp`, `bdyear`, `bd`, `hidden`, `contact-type`
|
`name`, `nick`, `about`, `location`, `keywords`, `xmpp`, `bdyear`, `bd`, `hidden`, `contact-type`
|
||||||
FROM `contact` WHERE `uid` = ? AND `nurl` = ? AND `network` != ?",
|
FROM `contact` WHERE `uid` = ? AND `nurl` = ? AND `network` != ?",
|
||||||
$importer["uid"],
|
$importer["importer_uid"],
|
||||||
normalise_link($author["link"]),
|
normalise_link($author["link"]),
|
||||||
NETWORK_STATUSNET
|
NETWORK_STATUSNET
|
||||||
);
|
);
|
||||||
|
@ -1443,7 +1443,7 @@ class DFRN
|
||||||
$author["network"] = $contact_old["network"];
|
$author["network"] = $contact_old["network"];
|
||||||
} else {
|
} else {
|
||||||
if (!$onlyfetch) {
|
if (!$onlyfetch) {
|
||||||
logger("Contact ".$author["link"]." wasn't found for user ".$importer["uid"]." XML: ".$xml, LOGGER_DEBUG);
|
logger("Contact ".$author["link"]." wasn't found for user ".$importer["importer_uid"]." XML: ".$xml, LOGGER_DEBUG);
|
||||||
}
|
}
|
||||||
|
|
||||||
$author["contact-id"] = $importer["id"];
|
$author["contact-id"] = $importer["id"];
|
||||||
|
@ -1639,7 +1639,7 @@ class DFRN
|
||||||
|
|
||||||
Contact::updateAvatar(
|
Contact::updateAvatar(
|
||||||
$author['avatar'],
|
$author['avatar'],
|
||||||
$importer['uid'],
|
$importer['importer_uid'],
|
||||||
$contact['id'],
|
$contact['id'],
|
||||||
(strtotime($contact['avatar-date']) > strtotime($contact_old['avatar-date']) || ($author['avatar'] != $contact_old['avatar']))
|
(strtotime($contact['avatar-date']) > strtotime($contact_old['avatar-date']) || ($author['avatar'] != $contact_old['avatar']))
|
||||||
);
|
);
|
||||||
|
@ -1657,7 +1657,7 @@ class DFRN
|
||||||
$poco["contact-type"] = $contact["contact-type"];
|
$poco["contact-type"] = $contact["contact-type"];
|
||||||
$gcid = GContact::update($poco);
|
$gcid = GContact::update($poco);
|
||||||
|
|
||||||
GContact::link($gcid, $importer["uid"], $contact["id"]);
|
GContact::link($gcid, $importer["importer_uid"], $contact["id"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $author;
|
return $author;
|
||||||
|
@ -2617,7 +2617,7 @@ class DFRN
|
||||||
if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) {
|
if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) {
|
||||||
logger("Event in item ".$item["uri"]." was found.", LOGGER_DEBUG);
|
logger("Event in item ".$item["uri"]." was found.", LOGGER_DEBUG);
|
||||||
$ev["cid"] = $importer["id"];
|
$ev["cid"] = $importer["id"];
|
||||||
$ev["uid"] = $importer["uid"];
|
$ev["uid"] = $importer["importer_uid"];
|
||||||
$ev["uri"] = $item["uri"];
|
$ev["uri"] = $item["uri"];
|
||||||
$ev["edited"] = $item["edited"];
|
$ev["edited"] = $item["edited"];
|
||||||
$ev["private"] = $item["private"];
|
$ev["private"] = $item["private"];
|
||||||
|
@ -2626,7 +2626,7 @@ class DFRN
|
||||||
$r = q(
|
$r = q(
|
||||||
"SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
|
"SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
|
||||||
dbesc($item["uri"]),
|
dbesc($item["uri"]),
|
||||||
intval($importer["uid"])
|
intval($importer["importer_uid"])
|
||||||
);
|
);
|
||||||
if (DBM::is_result($r)) {
|
if (DBM::is_result($r)) {
|
||||||
$ev["id"] = $r[0]["id"];
|
$ev["id"] = $r[0]["id"];
|
||||||
|
@ -2681,6 +2681,10 @@ class DFRN
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
} else { // $entrytype == DFRN_TOP_LEVEL
|
} else { // $entrytype == DFRN_TOP_LEVEL
|
||||||
|
if ($importer["uid"] == 0) {
|
||||||
|
logger("Contact ".$importer["id"]." isn't known to user ".$importer["importer_uid"].". The post will be ignored.", LOGGER_DEBUG);
|
||||||
|
return;
|
||||||
|
}
|
||||||
if (!link_compare($item["owner-link"], $importer["url"])) {
|
if (!link_compare($item["owner-link"], $importer["url"])) {
|
||||||
/*
|
/*
|
||||||
* The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
|
* The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
|
||||||
|
@ -2736,10 +2740,10 @@ class DFRN
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$condition = ["`uri` = ? AND `uid` = ? AND NOT `file` LIKE '%[%'", $uri, $importer["uid"]];
|
$condition = ["`uri` = ? AND `uid` = ? AND NOT `file` LIKE '%[%'", $uri, $importer["importer_uid"]];
|
||||||
$item = dba::selectFirst('item', ['id', 'parent', 'contact-id'], $condition);
|
$item = dba::selectFirst('item', ['id', 'parent', 'contact-id'], $condition);
|
||||||
if (!DBM::is_result($item)) {
|
if (!DBM::is_result($item)) {
|
||||||
logger("Item with uri " . $uri . " for user " . $importer["uid"] . " wasn't found.", LOGGER_DEBUG);
|
logger("Item with uri " . $uri . " for user " . $importer["importer_uid"] . " wasn't found.", LOGGER_DEBUG);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2808,7 +2812,7 @@ class DFRN
|
||||||
$xpath->registerNamespace("statusnet", NAMESPACE_STATUSNET);
|
$xpath->registerNamespace("statusnet", NAMESPACE_STATUSNET);
|
||||||
|
|
||||||
$header = [];
|
$header = [];
|
||||||
$header["uid"] = $importer["uid"];
|
$header["uid"] = $importer["importer_uid"];
|
||||||
$header["network"] = NETWORK_DFRN;
|
$header["network"] = NETWORK_DFRN;
|
||||||
$header["type"] = "remote";
|
$header["type"] = "remote";
|
||||||
$header["wall"] = 0;
|
$header["wall"] = 0;
|
||||||
|
@ -2827,7 +2831,7 @@ class DFRN
|
||||||
self::fetchauthor($xpath, $doc->firstChild, $importer, "dfrn:owner", false, $xml);
|
self::fetchauthor($xpath, $doc->firstChild, $importer, "dfrn:owner", false, $xml);
|
||||||
}
|
}
|
||||||
|
|
||||||
logger("Import DFRN message for user " . $importer["uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
|
logger("Import DFRN message for user " . $importer["importer_uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
|
||||||
|
|
||||||
// The account type is new since 3.5.1
|
// The account type is new since 3.5.1
|
||||||
if ($xpath->query("/atom:feed/dfrn:account_type")->length > 0) {
|
if ($xpath->query("/atom:feed/dfrn:account_type")->length > 0) {
|
||||||
|
@ -2895,7 +2899,7 @@ class DFRN
|
||||||
self::processEntry($header, $xpath, $entry, $importer, $xml);
|
self::processEntry($header, $xpath, $entry, $importer, $xml);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
logger("Import done for user " . $importer["uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
|
logger("Import done for user " . $importer["importer_uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
|
||||||
return 200;
|
return 200;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue