]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
SalmonAction now updates remote URI if it was stale.
authorMikael Nordfeldth <mmn@hethane.se>
Tue, 17 Feb 2015 16:35:45 +0000 (17:35 +0100)
committerMikael Nordfeldth <mmn@hethane.se>
Tue, 17 Feb 2015 16:35:45 +0000 (17:35 +0100)
After doublechecking two identities so that they match (like one that was
previously http:// but now is https://) we update the URI in our database
to match.

This has to be verified so it's not easy to fool our script and thus make
us replace legitimate URIs with fake ones. I believe the callback method
is safe, but I'm not sure how well it handles HTTP MITM attacks etc.

plugins/OStatus/lib/salmonaction.php

index 5e7d8f35a34517a6ef1937094d373a3c0d497563..365f2c829c9ea2845467f4842c41142998d2a603 100644 (file)
@@ -245,7 +245,12 @@ class SalmonAction extends Action
                 // Step 4: Is the newly introduced https://example.com/user/1 URI in the list of aliases
                 //         presented by http://example.com/user/1 (i.e. do they both say they are the same identity?)
                 if (in_array($e->object_uri, $doublecheck_aliases)) {
-                    common_debug('These identities both say they are each other: "'.$aliased_uri.'" and "'.$e->object_uri);
+                    common_debug('URIFIX These identities both say they are each other: "'.$aliased_uri.'" and "'.$e->object_uri.'"');
+                    $orig = clone($oprofile);
+                    $oprofile->uri = $e->object_uri;
+                    common_debug('URIFIX Updating Ostatus_profile URI for '.$aliased_uri.' to '.$oprofile->uri);
+                    $oprofile->updateWithKeys($orig);
+                    unset($orig);
                     $this->oprofile = $oprofile;
                     break;  // don't iterate through aliases anymore
                 }