X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fdfrn_notify.php;h=745411a8ef89ec10f9f8263fda1db1a30f3355d0;hb=6c341962648b73c935c2de26996b07332b776a1f;hp=a0090f49211d8f1e90bc10e5bcd36bee782c1d04;hpb=14fde5dc9b1915392601fb94efc6224c01f2b216;p=friendica.git

diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index a0090f4921..745411a8ef 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -12,13 +12,13 @@ use Friendica\Core\Logger;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
+use Friendica\Model\User;
 use Friendica\Protocol\DFRN;
 use Friendica\Protocol\Diaspora;
-
-require_once 'include/items.php';
+use Friendica\Util\Strings;
 
 function dfrn_notify_post(App $a) {
-	Logger::log(__function__, LOGGER_TRACE);
+	Logger::log(__function__, Logger::TRACE);
 
 	$postdata = file_get_contents('php://input');
 
@@ -38,16 +38,16 @@ function dfrn_notify_post(App $a) {
 		}
 	}
 
-	$dfrn_id      = ((x($_POST,'dfrn_id'))      ? notags(trim($_POST['dfrn_id']))   : '');
-	$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version']    : 2.0);
-	$challenge    = ((x($_POST,'challenge'))    ? notags(trim($_POST['challenge'])) : '');
-	$data         = ((x($_POST,'data'))         ? $_POST['data']                    : '');
-	$key          = ((x($_POST,'key'))          ? $_POST['key']                     : '');
-	$rino_remote  = ((x($_POST,'rino'))         ? intval($_POST['rino'])            :  0);
-	$dissolve     = ((x($_POST,'dissolve'))     ? intval($_POST['dissolve'])        :  0);
-	$perm         = ((x($_POST,'perm'))         ? notags(trim($_POST['perm']))      : 'r');
-	$ssl_policy   = ((x($_POST,'ssl_policy'))   ? notags(trim($_POST['ssl_policy'])): 'none');
-	$page         = ((x($_POST,'page'))         ? intval($_POST['page'])            :  0);
+	$dfrn_id      = (!empty($_POST['dfrn_id'])      ? Strings::escapeTags(trim($_POST['dfrn_id']))   : '');
+	$dfrn_version = (!empty($_POST['dfrn_version']) ? (float) $_POST['dfrn_version']    : 2.0);
+	$challenge    = (!empty($_POST['challenge'])    ? Strings::escapeTags(trim($_POST['challenge'])) : '');
+	$data         = defaults($_POST, 'data', '');
+	$key          = defaults($_POST, 'key', '');
+	$rino_remote  = (!empty($_POST['rino'])         ? intval($_POST['rino'])            :  0);
+	$dissolve     = (!empty($_POST['dissolve'])     ? intval($_POST['dissolve'])        :  0);
+	$perm         = (!empty($_POST['perm'])         ? Strings::escapeTags(trim($_POST['perm']))      : 'r');
+	$ssl_policy   = (!empty($_POST['ssl_policy'])   ? Strings::escapeTags(trim($_POST['ssl_policy'])): 'none');
+	$page         = (!empty($_POST['page'])         ? intval($_POST['page'])            :  0);
 
 	$forum = (($page == 1) ? 1 : 0);
 	$prv   = (($page == 2) ? 1 : 0);
@@ -118,7 +118,7 @@ function dfrn_notify_post(App $a) {
 
 	$importer = Contact::updateSslPolicy($importer, $ssl_policy);
 
-	Logger::log('data: ' . $data, LOGGER_DATA);
+	Logger::log('data: ' . $data, Logger::DATA);
 
 	if ($dissolve == 1) {
 		// Relationship is dissolved permanently
@@ -140,7 +140,7 @@ function dfrn_notify_post(App $a) {
 		}
 
 		$rawkey = hex2bin(trim($key));
-		Logger::log('rino: md5 raw key: ' . md5($rawkey), LOGGER_DATA);
+		Logger::log('rino: md5 raw key: ' . md5($rawkey), Logger::DATA);
 
 		$final_key = '';
 
@@ -170,10 +170,10 @@ function dfrn_notify_post(App $a) {
 				System::xmlExit(0, "Invalid sent version '$rino_remote'");
 		}
 
-		Logger::log('rino: decrypted data: ' . $data, LOGGER_DATA);
+		Logger::log('rino: decrypted data: ' . $data, Logger::DATA);
 	}
 
-	Logger::log('Importing post from ' . $importer['addr'] . ' to ' . $importer['nickname'] . ' with the RINO ' . $rino_remote . ' encryption.', LOGGER_DEBUG);
+	Logger::log('Importing post from ' . $importer['addr'] . ' to ' . $importer['nickname'] . ' with the RINO ' . $rino_remote . ' encryption.', Logger::DEBUG);
 
 	$ret = DFRN::import($data, $importer);
 	System::xmlExit($ret, 'Processed');
@@ -204,7 +204,7 @@ function dfrn_dispatch_public($postdata)
 		System::xmlExit(3, 'Contact ' . $msg['author'] . ' not found');
 	}
 
-	Logger::log('Importing post from ' . $msg['author'] . ' with the public envelope.', LOGGER_DEBUG);
+	Logger::log('Importing post from ' . $msg['author'] . ' with the public envelope.', Logger::DEBUG);
 
 	// Now we should be able to import it
 	$ret = DFRN::import($msg['message'], $importer);
@@ -237,7 +237,7 @@ function dfrn_dispatch_private($user, $postdata)
 		System::xmlExit(3, 'Contact ' . $msg['author'] . ' not found');
 	}
 
-	Logger::log('Importing post from ' . $msg['author'] . ' to ' . $user['nickname'] . ' with the private envelope.', LOGGER_DEBUG);
+	Logger::log('Importing post from ' . $msg['author'] . ' to ' . $user['nickname'] . ' with the private envelope.', Logger::DEBUG);
 
 	// Now we should be able to import it
 	$ret = DFRN::import($msg['message'], $importer);
@@ -246,16 +246,15 @@ function dfrn_dispatch_private($user, $postdata)
 
 function dfrn_notify_content(App $a) {
 
-	if (x($_GET,'dfrn_id')) {
+	if (!empty($_GET['dfrn_id'])) {
 
 		/*
 		 * initial communication from external contact, $direction is their direction.
 		 * If this is a duplex communication, ours will be the opposite.
 		 */
 
-		$dfrn_id = notags(trim($_GET['dfrn_id']));
-		$dfrn_version = (float) $_GET['dfrn_version'];
-		$rino_remote = ((x($_GET,'rino')) ? intval($_GET['rino']) : 0);
+		$dfrn_id = Strings::escapeTags(trim($_GET['dfrn_id']));
+		$rino_remote = (!empty($_GET['rino']) ? intval($_GET['rino']) : 0);
 		$type = "";
 		$last_update = "";
 
@@ -267,7 +266,7 @@ function dfrn_notify_content(App $a) {
 			$dfrn_id = substr($dfrn_id,2);
 		}
 
-		$hash = random_string();
+		$hash = Strings::getRandomHex();
 
 		$status = 0;
 
@@ -277,12 +276,12 @@ function dfrn_notify_content(App $a) {
 			'type' => $type, 'last_update' => $last_update];
 		DBA::insert('challenge', $fields);
 
-		Logger::log('challenge=' . $hash, LOGGER_DATA);
+		Logger::log('challenge=' . $hash, Logger::DATA);
 
 		$user = DBA::selectFirst('user', ['uid'], ['nickname' => $a->argv[1]]);
 		if (!DBA::isResult($user)) {
 			Logger::log('User not found for nickname ' . $a->argv[1]);
-			killme();
+			exit();
 		}
 
 		$condition = [];
@@ -301,6 +300,7 @@ function dfrn_notify_content(App $a) {
 				break;
 			default:
 				$status = 1;
+				$my_id = '';
 				break;
 		}
 
@@ -314,10 +314,10 @@ function dfrn_notify_content(App $a) {
 		$importer = DFRN::getImporter($contact['id'], $user['uid']);
 		if (empty($importer)) {
 			Logger::log('No importer data found for user ' . $a->argv[1] . ' and contact ' . $dfrn_id);
-			killme();
+			exit();
 		}
 
-		Logger::log("Remote rino version: ".$rino_remote." for ".$importer["url"], LOGGER_DATA);
+		Logger::log("Remote rino version: ".$rino_remote." for ".$importer["url"], Logger::DATA);
 
 		$challenge    = '';
 		$encrypted_id = '';
@@ -345,7 +345,7 @@ function dfrn_notify_content(App $a) {
 		$rino = Config::get('system', 'rino_encrypt');
 		$rino = intval($rino);
 
-		Logger::log("Local rino version: ". $rino, LOGGER_DATA);
+		Logger::log("Local rino version: ". $rino, Logger::DATA);
 
 		// if requested rino is lower than enabled local rino, lower local rino version
 		// if requested rino is higher than enabled local rino, reply with local rino
@@ -353,7 +353,7 @@ function dfrn_notify_content(App $a) {
 			$rino = $rino_remote;
 		}
 
-		if (($importer['rel'] && ($importer['rel'] != Contact::SHARING)) || ($importer['page-flags'] == Contact::PAGE_COMMUNITY)) {
+		if (($importer['rel'] && ($importer['rel'] != Contact::SHARING)) || ($importer['page-flags'] == User::PAGE_FLAGS_COMMUNITY)) {
 			$perm = 'rw';
 		} else {
 			$perm = 'r';
@@ -369,8 +369,8 @@ function dfrn_notify_content(App $a) {
 			. "\t" . '<perm>' . $perm . '</perm>' . "\r\n"
 			. "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
 			. "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
-			. '</dfrn_notify>' . "\r\n" ;
+			. '</dfrn_notify>' . "\r\n";
 
-		killme();
+		exit();
 	}
 }