X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fredir.php;h=ab4f3220cd7d1a1ace36ece544828db9ab96d0a6;hb=a770be3cb6fdc305712da58e188de4e82f3b7234;hp=42008ddd6b78d7ef289d48f6cb61ea04b3f4b86c;hpb=80513e4332cffb32cf7e4fa727075b6837393700;p=friendica.git diff --git a/include/redir.php b/include/redir.php index 42008ddd6b..ab4f3220cd 100644 --- a/include/redir.php +++ b/include/redir.php @@ -2,25 +2,50 @@ function auto_redir(&$a, $contact_nick) { + // prevent looping + + if(x($_REQUEST,'redir') && intval($_REQUEST['redir'])) + return; + if((! $contact_nick) || ($contact_nick === $a->user['nickname'])) return; if(local_user()) { - $r = q("SELECT id FROM contact WHERE uid = ( SELECT uid FROM user WHERE nickname = '%s' LIMIT 1 ) AND nick = '%s' AND network = '%s' and self = 0 LIMIT 1", + // We need to find out if $contact_nick is a user on this hub, and if so, if I + // am a contact of that user. However, that user may have other contacts with the + // same nickname as me on other hubs or other networks. Exclude these by requiring + // that the contact have a local URL. I will be the only person with my nickname at + // this URL, so if a result is found, then I am a contact of the $contact_nick user. + // + // We also have to make sure that I'm a legitimate contact--I'm not blocked or pending. + + $baseurl = $a->get_baseurl(); + $domain_st = strpos($baseurl, "://"); + if($domain_st === false) + return; + $baseurl = substr($baseurl, $domain_st + 3); + $nurl = normalise_link($baseurl); + + + $r = q("SELECT id FROM contact WHERE uid = ( SELECT uid FROM user WHERE nickname = '%s' LIMIT 1 ) + AND nick = '%s' AND self = 0 AND ( url LIKE '%%%s%%' or nurl LIKE '%%%s%%' ) AND blocked = 0 AND pending = 0 LIMIT 1", dbesc($contact_nick), dbesc($a->user['nickname']), - dbesc(NETWORK_DFRN) + dbesc($baseurl), + dbesc($nurl) ); if((!$r) || (! count($r)) || $r[0]['id'] == remote_user()) return; - $r = q("SELECT * FROM contact WHERE nick = '%s' AND network = '%s' AND uid = %d LIMIT 1", + $r = q("SELECT * FROM contact WHERE nick = '%s' + AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1", dbesc($contact_nick), dbesc(NETWORK_DFRN), - intval(local_user()) + intval(local_user()), + dbesc($baseurl) ); if(! ($r && count($r))) @@ -39,6 +64,12 @@ function auto_redir(&$a, $contact_nick) { $dfrn_id = '0:' . $orig_id; } + // ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode + // that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues + + if(strlen($dfrn_id) < 3) + return; + $sec = random_string(); q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`) @@ -52,7 +83,7 @@ function auto_redir(&$a, $contact_nick) { $url = curPageURL(); - logger('check_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); + logger('auto_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); $dest = (($url) ? '&destination_url=' . $url : ''); goaway ($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest );