use Friendica\App;
use Friendica\Core\Config;
+use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\PushSubscriber;
use Friendica\Util\Network;
+use Friendica\Util\Strings;
function post_var($name) {
- return (x($_POST, $name)) ? notags(trim($_POST[$name])) : '';
+ return !empty($_POST[$name]) ? Strings::escapeTags(trim($_POST[$name])) : '';
}
function pubsubhubbub_init(App $a) {
} elseif ($hub_mode === 'unsubscribe') {
$subscribe = 0;
} else {
- logger("Invalid hub_mode=$hub_mode, ignoring.");
+ Logger::log("Invalid hub_mode=$hub_mode, ignoring.");
System::httpExit(404);
}
- logger("$hub_mode request from " . $_SERVER['REMOTE_ADDR']);
+ Logger::log("$hub_mode request from " . $_SERVER['REMOTE_ADDR']);
- // get the nick name from the topic, a bit hacky but needed as a fallback
- $nick = substr(strrchr($hub_topic, "/"), 1);
-
- // Normally the url should now contain the nick name as last part of the url
if ($a->argc > 1) {
+ // Normally the url should now contain the nick name as last part of the url
$nick = $a->argv[1];
+ } else {
+ // Get the nick name from the topic as a fallback
+ $nick = $hub_topic;
}
+ // Extract nick name and strip any .atom extension
+ $nick = basename($nick, '.atom');
if (!$nick) {
- logger('Bad hub_topic=$hub_topic, ignoring.');
+ Logger::log('Bad hub_topic=$hub_topic, ignoring.');
System::httpExit(404);
}
// fetch user from database given the nickname
$condition = ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false];
- $owner = DBA::selectFirst('user', ['uid', 'hidewall'], $condition);
+ $owner = DBA::selectFirst('user', ['uid', 'hidewall', 'nickname'], $condition);
if (!DBA::isResult($owner)) {
- logger('Local account not found: ' . $nick . ' - topic: ' . $hub_topic . ' - callback: ' . $hub_callback);
+ Logger::log('Local account not found: ' . $nick . ' - topic: ' . $hub_topic . ' - callback: ' . $hub_callback);
System::httpExit(404);
}
// abort if user's wall is supposed to be private
if ($owner['hidewall']) {
- logger('Local user ' . $nick . 'has chosen to hide wall, ignoring.');
+ Logger::log('Local user ' . $nick . 'has chosen to hide wall, ignoring.');
System::httpExit(403);
}
'pending' => false, 'self' => true];
$contact = DBA::selectFirst('contact', ['poll'], $condition);
if (!DBA::isResult($contact)) {
- logger('Self contact for user ' . $owner['uid'] . ' not found.');
+ Logger::log('Self contact for user ' . $owner['uid'] . ' not found.');
System::httpExit(404);
}
// sanity check that topic URLs are the same
$hub_topic2 = str_replace('/feed/', '/dfrn_poll/', $hub_topic);
- if (!link_compare($hub_topic, $contact['poll']) && !link_compare($hub_topic2, $contact['poll'])) {
- logger('Hub topic ' . $hub_topic . ' != ' . $contact['poll']);
+ $self = System::baseUrl() . '/api/statuses/user_timeline/' . $owner['nickname'] . '.atom';
+
+ if (!Strings::compareLink($hub_topic, $contact['poll']) && !Strings::compareLink($hub_topic2, $contact['poll']) && !Strings::compareLink($hub_topic, $self)) {
+ Logger::log('Hub topic ' . $hub_topic . ' != ' . $contact['poll']);
System::httpExit(404);
}
// do subscriber verification according to the PuSH protocol
- $hub_challenge = random_string(40);
- $params = 'hub.mode=' .
- ($subscribe == 1 ? 'subscribe' : 'unsubscribe') .
- '&hub.topic=' . urlencode($hub_topic) .
- '&hub.challenge=' . $hub_challenge .
- '&hub.lease_seconds=604800' .
- '&hub.verify_token=' . $hub_verify_token;
+ $hub_challenge = Strings::getRandomHex(40);
+
+ $params = http_build_query([
+ 'hub.mode' => $subscribe == 1 ? 'subscribe' : 'unsubscribe',
+ 'hub.topic' => $hub_topic,
+ 'hub.challenge' => $hub_challenge,
+ 'hub.verify_token' => $hub_verify_token,
+
+ // lease time is hard coded to one week (in seconds)
+ // we don't actually enforce the lease time because GNU
+ // Social/StatusNet doesn't honour it (yet)
+ 'hub.lease_seconds' => 604800,
+ ]);
- // lease time is hard coded to one week (in seconds)
- // we don't actually enforce the lease time because GNU
- // Social/StatusNet doesn't honour it (yet)
+ $hub_callback = rtrim($hub_callback, ' ?&#');
+ $separator = parse_url($hub_callback, PHP_URL_QUERY) === null ? '?' : '&';
- $body = Network::fetchUrl($hub_callback . "?" . $params);
- $ret = Network::getCurl()->getCode();
+ $fetchResult = Network::fetchUrlFull($hub_callback . $separator . $params);
+ $body = $fetchResult->getBody();
+ $ret = $fetchResult->getReturnCode();
// give up if the HTTP return code wasn't a success (2xx)
if ($ret < 200 || $ret > 299) {
- logger("Subscriber verification for $hub_topic at $hub_callback returned $ret, ignoring.");
+ Logger::log("Subscriber verification for $hub_topic at $hub_callback returned $ret, ignoring.");
System::httpExit(404);
}
// check that the correct hub_challenge code was echoed back
if (trim($body) !== $hub_challenge) {
- logger("Subscriber did not echo back hub.challenge, ignoring.");
- logger("\"$hub_challenge\" != \"".trim($body)."\"");
+ Logger::log("Subscriber did not echo back hub.challenge, ignoring.");
+ Logger::log("\"$hub_challenge\" != \"".trim($body)."\"");
System::httpExit(404);
}