X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_notify.php;h=2e1f51a11c056344c20041035165554fe2875086;hb=8868b7f8d938463169e6bdf98cf7d60f38805b79;hp=b14c71fb862c27d3315531ef5c53c3a719b57377;hpb=2f28c2ebbfd8f66093d7081d40b1d48f65fcff20;p=friendica.git
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index b14c71fb86..2e1f51a11c 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -1,35 +1,52 @@
.
+ *
+ * The dfrn notify endpoint
+ *
* @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf
*/
use Friendica\App;
-use Friendica\Core\Config;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA;
+use Friendica\DI;
use Friendica\Model\Contact;
+use Friendica\Model\User;
use Friendica\Protocol\DFRN;
use Friendica\Protocol\Diaspora;
-
-require_once 'include/items.php';
+use Friendica\Util\Network;
+use Friendica\Util\Strings;
function dfrn_notify_post(App $a) {
Logger::log(__function__, Logger::TRACE);
- $postdata = file_get_contents('php://input');
+ $postdata = Network::postdata();
if (empty($_POST) || !empty($postdata)) {
$data = json_decode($postdata);
if (is_object($data)) {
- $nick = defaults($a->argv, 1, '');
+ $nick = $a->argv[1] ?? '';
$user = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
if (!DBA::isResult($user)) {
- System::httpExit(500);
+ throw new \Friendica\Network\HTTPException\InternalServerErrorException();
}
dfrn_dispatch_private($user, $postdata);
} elseif (!dfrn_dispatch_public($postdata)) {
@@ -38,16 +55,16 @@ function dfrn_notify_post(App $a) {
}
}
- $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : '');
- $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
- $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
- $data = ((x($_POST,'data')) ? $_POST['data'] : '');
- $key = ((x($_POST,'key')) ? $_POST['key'] : '');
- $rino_remote = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0);
- $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
- $perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
- $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
- $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0);
+ $dfrn_id = (!empty($_POST['dfrn_id']) ? Strings::escapeTags(trim($_POST['dfrn_id'])) : '');
+ $dfrn_version = (!empty($_POST['dfrn_version']) ? (float) $_POST['dfrn_version'] : 2.0);
+ $challenge = (!empty($_POST['challenge']) ? Strings::escapeTags(trim($_POST['challenge'])) : '');
+ $data = $_POST['data'] ?? '';
+ $key = $_POST['key'] ?? '';
+ $rino_remote = (!empty($_POST['rino']) ? intval($_POST['rino']) : 0);
+ $dissolve = (!empty($_POST['dissolve']) ? intval($_POST['dissolve']) : 0);
+ $perm = (!empty($_POST['perm']) ? Strings::escapeTags(trim($_POST['perm'])) : 'r');
+ $ssl_policy = (!empty($_POST['ssl_policy']) ? Strings::escapeTags(trim($_POST['ssl_policy'])): 'none');
+ $page = (!empty($_POST['page']) ? intval($_POST['page']) : 0);
$forum = (($page == 1) ? 1 : 0);
$prv = (($page == 2) ? 1 : 0);
@@ -127,7 +144,7 @@ function dfrn_notify_post(App $a) {
System::xmlExit(0, 'relationship dissolved');
}
- $rino = Config::get('system', 'rino_encrypt');
+ $rino = DI::config()->get('system', 'rino_encrypt');
$rino = intval($rino);
if (strlen($key)) {
@@ -183,20 +200,20 @@ function dfrn_notify_post(App $a) {
function dfrn_dispatch_public($postdata)
{
- $msg = Diaspora::decodeRaw([], $postdata, true);
+ $msg = Diaspora::decodeRaw($postdata, '', true);
if (!$msg) {
// We have to fail silently to be able to hand it over to the salmon parser
return false;
}
// Fetch the corresponding public contact
- $contact = Contact::getDetailsByAddr($msg['author'], 0);
- if (!$contact) {
+ $contact_id = Contact::getIdForURL($msg['author']);
+ if (empty($contact_id)) {
Logger::log('Contact not found for address ' . $msg['author']);
System::xmlExit(3, 'Contact ' . $msg['author'] . ' not found');
}
- $importer = DFRN::getImporter($contact['id']);
+ $importer = DFRN::getImporter($contact_id);
// This should never fail
if (empty($importer)) {
@@ -213,7 +230,7 @@ function dfrn_dispatch_public($postdata)
function dfrn_dispatch_private($user, $postdata)
{
- $msg = Diaspora::decodeRaw($user, $postdata);
+ $msg = Diaspora::decodeRaw($postdata, $user['prvkey'] ?? '');
if (!$msg) {
System::xmlExit(4, 'Unable to parse message');
}
@@ -246,16 +263,15 @@ function dfrn_dispatch_private($user, $postdata)
function dfrn_notify_content(App $a) {
- if (x($_GET,'dfrn_id')) {
+ if (!empty($_GET['dfrn_id'])) {
/*
* initial communication from external contact, $direction is their direction.
* If this is a duplex communication, ours will be the opposite.
*/
- $dfrn_id = notags(trim($_GET['dfrn_id']));
- $dfrn_version = (float) $_GET['dfrn_version'];
- $rino_remote = ((x($_GET,'rino')) ? intval($_GET['rino']) : 0);
+ $dfrn_id = Strings::escapeTags(trim($_GET['dfrn_id']));
+ $rino_remote = (!empty($_GET['rino']) ? intval($_GET['rino']) : 0);
$type = "";
$last_update = "";
@@ -267,7 +283,7 @@ function dfrn_notify_content(App $a) {
$dfrn_id = substr($dfrn_id,2);
}
- $hash = random_string();
+ $hash = Strings::getRandomHex();
$status = 0;
@@ -282,7 +298,7 @@ function dfrn_notify_content(App $a) {
$user = DBA::selectFirst('user', ['uid'], ['nickname' => $a->argv[1]]);
if (!DBA::isResult($user)) {
Logger::log('User not found for nickname ' . $a->argv[1]);
- killme();
+ exit();
}
$condition = [];
@@ -301,6 +317,7 @@ function dfrn_notify_content(App $a) {
break;
default:
$status = 1;
+ $my_id = '';
break;
}
@@ -314,7 +331,7 @@ function dfrn_notify_content(App $a) {
$importer = DFRN::getImporter($contact['id'], $user['uid']);
if (empty($importer)) {
Logger::log('No importer data found for user ' . $a->argv[1] . ' and contact ' . $dfrn_id);
- killme();
+ exit();
}
Logger::log("Remote rino version: ".$rino_remote." for ".$importer["url"], Logger::DATA);
@@ -342,7 +359,7 @@ function dfrn_notify_content(App $a) {
$encrypted_id = bin2hex($encrypted_id);
- $rino = Config::get('system', 'rino_encrypt');
+ $rino = DI::config()->get('system', 'rino_encrypt');
$rino = intval($rino);
Logger::log("Local rino version: ". $rino, Logger::DATA);
@@ -353,7 +370,7 @@ function dfrn_notify_content(App $a) {
$rino = $rino_remote;
}
- if (($importer['rel'] && ($importer['rel'] != Contact::SHARING)) || ($importer['page-flags'] == Contact::PAGE_COMMUNITY)) {
+ if (($importer['rel'] && ($importer['rel'] != Contact::SHARING)) || ($importer['page-flags'] == User::PAGE_FLAGS_COMMUNITY)) {
$perm = 'rw';
} else {
$perm = 'r';
@@ -369,8 +386,8 @@ function dfrn_notify_content(App $a) {
. "\t" . '' . $perm . '' . "\r\n"
. "\t" . '' . $encrypted_id . '' . "\r\n"
. "\t" . '' . $challenge . '' . "\r\n"
- . '' . "\r\n" ;
+ . '' . "\r\n";
- killme();
+ exit();
}
}