protected function prepare(array $args=array())
{
- StatusNet::setApi(true); // reduce exception reports to aid in debugging
+ GNUsocial::setApi(true); // reduce exception reports to aid in debugging
return parent::prepare($args);
}
{
$callback = $this->argUrl('hub.callback');
+ common_debug('New PuSH hub request ('._ve($mode).') for callback '._ve($callback));
$topic = $this->argUrl('hub.topic');
if (!$this->recognizedFeed($topic)) {
+ common_debug('PuSH hub request had unrecognized feed topic=='._ve($topic));
// TRANS: Client exception. %s is a topic.
throw new ClientException(sprintf(_m('Unsupported hub.topic %s this hub only serves local user and group Atom feeds.'),$topic));
}
$lease = $this->arg('hub.lease_seconds', null);
if ($mode == 'subscribe' && $lease != '' && !preg_match('/^\d+$/', $lease)) {
+ common_debug('PuSH hub request had invalid lease_seconds=='._ve($lease));
// TRANS: Client exception. %s is the invalid lease value.
throw new ClientException(sprintf(_m('Invalid hub.lease "%s". It must be empty or positive integer.'),$lease));
}
$secret = $this->arg('hub.secret', null);
if ($secret != '' && strlen($secret) >= 200) {
+ common_debug('PuSH hub request had invalid secret=='._ve($secret));
// TRANS: Client exception. %s is the invalid hub secret.
throw new ClientException(sprintf(_m('Invalid hub.secret "%s". It must be under 200 bytes.'),$secret));
}
$sub = HubSub::getByHashkey($topic, $callback);
if (!$sub instanceof HubSub) {
// Creating a new one!
+ common_debug('PuSH creating new HubSub entry for topic=='._ve($topic).' to remote callback '._ve($callback));
$sub = new HubSub();
$sub->topic = $topic;
$sub->callback = $callback;
$sub->setLease(intval($lease));
}
}
+ common_debug('PuSH hub request is now:'._ve($sub));
$verify = $this->arg('hub.verify'); // TODO: deprecated
$token = $this->arg('hub.verify_token', null); // TODO: deprecated
* user or group Atom feeds.
*
* @param string $feed URL
- * @return boolean true if it matches
+ * @return boolean true if it matches, false if not a recognized local feed
+ * @throws exception if local entity does not exist
*/
- function recognizedFeed($feed)
+ protected function recognizedFeed($feed)
{
$matches = array();
+ // Simple mapping to local ID for user or group
if (preg_match('!/(\d+)\.atom$!', $feed, $matches)) {
$id = $matches[1];
$params = array('id' => $id, 'format' => 'atom');
- $userFeed = common_local_url('ApiTimelineUser', $params);
- $groupFeed = common_local_url('ApiTimelineGroup', $params);
- if ($feed == $userFeed) {
+ // Double-check against locally generated URLs
+ switch ($feed) {
+ case common_local_url('ApiTimelineUser', $params):
$user = User::getKV('id', $id);
- if (!$user) {
+ if (!$user instanceof User) {
// TRANS: Client exception. %s is a feed URL.
- throw new ClientException(sprintt(_m('Invalid hub.topic "%s". User does not exist.'),$feed));
- } else {
- return true;
+ throw new ClientException(sprintf(_m('Invalid hub.topic "%s". User does not exist.'),$feed));
}
- }
- if ($feed == $groupFeed) {
- $user = User_group::getKV('id', $id);
- if (!$user) {
+ return true;
+
+ case common_local_url('ApiTimelineGroup', $params):
+ $group = Local_group::getKV('group_id', $id);
+ if (!$group instanceof Local_group) {
// TRANS: Client exception. %s is a feed URL.
- throw new ClientException(sprintf(_m('Invalid hub.topic "%s". Group does not exist.'),$feed));
- } else {
- return true;
+ throw new ClientException(sprintf(_m('Invalid hub.topic "%s". Local_group does not exist.'),$feed));
}
+ return true;
}
- } else if (preg_match('!/(\d+)/lists/(\d+)/statuses\.atom$!', $feed, $matches)) {
+ common_debug("Feed was not recognized by any local User or Group Atom feed URLs: {$feed}");
+ return false;
+ }
+
+ // Profile lists are unique per user, so we need both IDs
+ if (preg_match('!/(\d+)/lists/(\d+)/statuses\.atom$!', $feed, $matches)) {
$user = $matches[1];
$id = $matches[2];
$params = array('user' => $user, 'id' => $id, 'format' => 'atom');
- $listFeed = common_local_url('ApiTimelineList', $params);
- if ($feed == $listFeed) {
+ // Double-check against locally generated URLs
+ switch ($feed) {
+ case common_local_url('ApiTimelineList', $params):
$list = Profile_list::getKV('id', $id);
$user = User::getKV('id', $user);
- if (!$list || !$user || $list->tagger != $user->id) {
+ if (!$list instanceof Profile_list || !$user instanceof User || $list->tagger != $user->id) {
// TRANS: Client exception. %s is a feed URL.
throw new ClientException(sprintf(_m('Invalid hub.topic %s; list does not exist.'),$feed));
- } else {
- return true;
}
+ return true;
}
- common_log(LOG_DEBUG, "Not a user, group or people tag feed? $feed $userFeed $groupFeed $listFeed");
+ common_debug("Feed was not recognized by any local Profile_list Atom feed URL: {$feed}");
+ return false;
}
- common_log(LOG_DEBUG, "LOST $feed");
+
+ common_debug("Unknown feed URL structure, can't match against local user, group or profile_list: {$feed}");
return false;
}
/**
* Grab and validate a URL from POST parameters.
- * @throws ClientException for malformed or non-http/https URLs
+ * @throws ClientException for malformed or non-http/https or blacklisted URLs
*/
protected function argUrl($arg)
{
$url = $this->arg($arg);
$params = array('domain_check' => false, // otherwise breaks my local tests :P
'allowed_schemes' => array('http', 'https'));
- $validate = new Validate;
- if ($validate->uri($url, $params)) {
- return $url;
- } else {
+ $validate = new Validate();
+ if (!$validate->uri($url, $params)) {
// TRANS: Client exception.
// TRANS: %1$s is this argument to the method this exception occurs in, %2$s is a URL.
throw new ClientException(sprintf(_m('Invalid URL passed for %1$s: "%2$s"'),$arg,$url));
}
+
+ Event::handle('UrlBlacklistTest', array($url));
+ return $url;
}
/**
projects / quix0rs-gnu-social.git / blobdiff