$ret = diaspora_request($importer,$xmlbase->request);
}
elseif($xmlbase->status_message) {
- $ret = diaspora_post($importer,$xmlbase->status_message);
+ $ret = diaspora_post($importer,$xmlbase->status_message,$msg);
}
elseif($xmlbase->profile) {
- $ret = diaspora_profile($importer,$xmlbase->profile);
+ $ret = diaspora_profile($importer,$xmlbase->profile,$msg);
}
elseif($xmlbase->comment) {
$ret = diaspora_comment($importer,$xmlbase->comment,$msg);
$ret = diaspora_like($importer,$xmlbase->like,$msg);
}
elseif($xmlbase->asphoto) {
- $ret = diaspora_asphoto($importer,$xmlbase->asphoto);
+ $ret = diaspora_asphoto($importer,$xmlbase->asphoto,$msg);
}
elseif($xmlbase->reshare) {
- $ret = diaspora_reshare($importer,$xmlbase->reshare);
+ $ret = diaspora_reshare($importer,$xmlbase->reshare,$msg);
}
elseif($xmlbase->retraction) {
$ret = diaspora_retraction($importer,$xmlbase->retraction,$msg);
}
-function diaspora_post($importer,$xml) {
+function diaspora_post($importer,$xml,$msg) {
$a = get_app();
$guid = notags(unxmlify($xml->guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
+ if($diaspora_handle != $msg['author']) {
+ logger('diaspora_post: Potential forgery. Message handle is not the same as envelope sender.');
+ return 202;
+ }
+
$contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle);
if(! $contact)
return;
}
-function diaspora_reshare($importer,$xml) {
+function diaspora_reshare($importer,$xml,$msg) {
logger('diaspora_reshare: init: ' . print_r($xml,true));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
+ if($diaspora_handle != $msg['author']) {
+ logger('diaspora_post: Potential forgery. Message handle is not the same as envelope sender.');
+ return 202;
+ }
+
$contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle);
if(! $contact)
return;
}
-function diaspora_asphoto($importer,$xml) {
+function diaspora_asphoto($importer,$xml,$msg) {
logger('diaspora_asphoto called');
$a = get_app();
$guid = notags(unxmlify($xml->guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
+ if($diaspora_handle != $msg['author']) {
+ logger('diaspora_post: Potential forgery. Message handle is not the same as envelope sender.');
+ return 202;
+ }
+
$contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle);
if(! $contact)
return;
$datarray['uid'] = $importer['uid'];
$datarray['contact-id'] = $contact['id'];
+ $datarray['type'] = 'remote-comment';
$datarray['wall'] = $parent_item['wall'];
$datarray['gravity'] = GRAVITY_COMMENT;
$datarray['guid'] = $guid;
if(($parent_item['origin']) && (! $parent_author_signature)) {
q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
intval($message_id),
- dbesc($author_signed_data),
+ dbesc($signed_data),
dbesc(base64_encode($author_signature)),
dbesc($diaspora_handle)
);
// likes on comments not supported here and likes on photos not supported by Diaspora
- if($target_type !== 'Post')
- return;
+// if($target_type !== 'Post')
+// return;
$contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']);
if(! $contact) {
if(! $parent_author_signature) {
q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
intval($message_id),
- dbesc($author_signed_data),
+ dbesc($signed_data),
dbesc(base64_encode($author_signature)),
dbesc($diaspora_handle)
);
// NOTREACHED
}
-function diaspora_profile($importer,$xml) {
+function diaspora_profile($importer,$xml,$msg) {
$a = get_app();
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
+
+ if($diaspora_handle != $msg['author']) {
+ logger('diaspora_post: Potential forgery. Message handle is not the same as envelope sender.');
+ return 202;
+ }
+
$contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle);
if(! $contact)
return;
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
// $theiraddr = $contact['addr'];
- // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always
- // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent.
- // The only item with `parent` and `id` as the parent id is the parent item.
- $p = q("select guid from item where parent = %d and id = %d limit 1",
- intval($item['parent']),
- intval($item['parent'])
- );
+ if($item['thr-parent']) {
+ $p = q("select guid, type, uri, `parent-uri` from item where uri = '%s' limit 1",
+ dbesc($item['thr-parent'])
+ );
+ }
+ else {
+ // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always
+ // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent.
+ // The only item with `parent` and `id` as the parent id is the parent item.
+ $p = q("select guid, type, uri, `parent-uri` from item where parent = %d and id = %d limit 1",
+ intval($item['parent']),
+ intval($item['parent'])
+ );
+ }
if(count($p))
- $parent_guid = $p[0]['guid'];
+ $parent = $p[0];
else
return;
if($item['verb'] === ACTIVITY_LIKE) {
$tpl = get_markup_template('diaspora_like.tpl');
$like = true;
- $target_type = 'Post';
+ $target_type = ( $parent['uri'] === $parent['parent-uri'] ? 'Post' : 'Comment');
+// $target_type = (strpos($parent['type'], 'comment') ? 'Comment' : 'Post');
// $positive = (($item['deleted']) ? 'false' : 'true');
$positive = 'true';
// sign it
if($like)
- $signed_text = $item['guid'] . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $myaddr;
+ $signed_text = $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $positive . ';' . $myaddr;
else
- $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr;
+ $signed_text = $item['guid'] . ';' . $parent['guid'] . ';' . $text . ';' . $myaddr;
$authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256'));
$msg = replace_macros($tpl,array(
'$guid' => xmlify($item['guid']),
- '$parent_guid' => xmlify($parent_guid),
+ '$parent_guid' => xmlify($parent['guid']),
'$target_type' =>xmlify($target_type),
'$authorsig' => xmlify($authorsig),
'$body' => xmlify($text),
$text = html_entity_decode(bb2diaspora($body));
- // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always
- // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent.
- // The only item with `parent` and `id` as the parent id is the parent item.
- $p = q("select guid from item where parent = %d and id = %d limit 1",
- intval($item['parent']),
- intval($item['parent'])
- );
+ if($item['thr-parent']) {
+ $p = q("select guid, type, uri, `parent-uri` from item where uri = '%s' limit 1",
+ dbesc($item['thr-parent'])
+ );
+ }
+ else {
+ // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always
+ // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent.
+ // The only item with `parent` and `id` as the parent id is the parent item.
+ $p = q("select guid, type, uri, `parent-uri` from item where parent = %d and id = %d limit 1",
+ intval($item['parent']),
+ intval($item['parent'])
+ );
+ }
if(count($p))
- $parent_guid = $p[0]['guid'];
+ $parent = $p[0];
else
return;
elseif($item['verb'] === ACTIVITY_LIKE) {
$like = true;
- $target_type = 'Post';
+ $target_type = ( $parent['uri'] === $parent['parent-uri'] ? 'Post' : 'Comment');
+// $target_type = (strpos($parent['type'], 'comment') ? 'Comment' : 'Post');
// $positive = (($item['deleted']) ? 'false' : 'true');
$positive = 'true';
if($relay_retract)
$sender_signed_text = $item['guid'] . ';' . $target_type;
elseif($like)
- $sender_signed_text = $item['guid'] . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $handle;
+ $sender_signed_text = $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $positive . ';' . $handle;
else
- $sender_signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $handle;
+ $sender_signed_text = $item['guid'] . ';' . $parent['guid'] . ';' . $text . ';' . $handle;
// Sign the relayable with the top-level owner's signature
//
$msg = replace_macros($tpl,array(
'$guid' => xmlify($item['guid']),
- '$parent_guid' => xmlify($parent_guid),
+ '$parent_guid' => xmlify($parent['guid']),
'$target_type' =>xmlify($target_type),
'$authorsig' => xmlify($authorsig),
'$parentsig' => xmlify($parentauthorsig),
}
-function diaspora_transmit($owner,$contact,$slap,$public_batch) {
+function diaspora_transmit($owner,$contact,$slap,$public_batch,$queue_run=false) {
$enabled = intval(get_config('system','diaspora_enabled'));
if(! $enabled) {
logger('diaspora_transmit: ' . $logid . ' ' . $dest_url);
- if(was_recently_delayed($contact['id'])) {
+ if( (! $queue_run) && (was_recently_delayed($contact['id'])) ) {
$return_code = 0;
}
else {