csrf protection in userauthorization

[quix0rs-gnu-social.git] / lib / jabber.php

diff --git a/lib/jabber.php b/lib/jabber.php
index 415bb45d73b82af373ac10bcc2034a4c56d22c1f..1202aa32227505f4d0682389063c695728f6fa73 100644 (file)
--- a/lib/jabber.php
+++ b/lib/jabber.php
@@ -82,7 +82,8 @@ function jabber_connect($resource=NULL) {
                                                                XMPPHP_Log::LEVEL_VERBOSE :  NULL
                                                                );
                $conn->autoSubscribe();
-
+               $conn->useEncryption(common_config('xmpp', 'encryption'));
+               
                if (!$conn) {
                        return false;
                }
@@ -247,7 +248,7 @@ function jabber_broadcast_notice($notice) {
        if ($sub->find()) {
                while ($sub->fetch()) {
                        $user = User::staticGet($sub->subscriber);
-                       if ($user && $user->jabber && $user->jabbernotify && !$sent_to[$user->id]) {
+                       if ($user && $user->jabber && $user->jabbernotify && !array_key_exists($user->id,$sent_to)) {
                                common_log(LOG_INFO,
                                                   'Sending notice ' . $notice->id . ' to ' . $user->jabber,
                                                   __FILE__);
@@ -270,8 +271,9 @@ function jabber_broadcast_notice($notice) {
        $public = common_config('xmpp', 'public');
        
        # FIXME PRIV don't send out private messages here
+       # XXX: should we send out non-local messages if public,localonly = false? I think not
        
-       if ($public) {
+       if ($public && $notice->is_local) {
                foreach ($public as $address) {
                                common_log(LOG_INFO,
                                                   'Sending notice ' . $notice->id . ' to public listener ' . $address,