check author url to see if it matches current contact before relay is accepted

author Friendika <info@friendika.com>

Thu, 6 Oct 2011 07:26:25 +0000 (00:26 -0700)

committer Friendika <info@friendika.com>

Thu, 6 Oct 2011 07:26:25 +0000 (00:26 -0700)
author Friendika <info@friendika.com>
Thu, 6 Oct 2011 07:26:25 +0000 (00:26 -0700)
committer Friendika <info@friendika.com>
Thu, 6 Oct 2011 07:26:25 +0000 (00:26 -0700)
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php

index 01bb9119eddff58b87c9f5f4def07c17a123a7c6..19a2fa61ca125d33554016c353a058e8f1661941 100644 (file)
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -462,10 +462,18 @@ function dfrn_notify_post(&$a) {
                         );
                         if($r && count($r)) {   
  
+
                                 logger('dfrn_notify: received remote comment');
                                 $is_like = false;
                                 // remote reply to our post. Import and then notify everybody else.
                                 $datarray = get_atom_elements($feed,$item);
+
+                               if(! link_compare($datarray['author-link'],$importer['url'])) {
+                                       logger('dfrn_notify: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] ); 
+                                       // they won't know what to do so don't report an error. Just quietly die.
+                                       xml_status(0);
+                               }                                       
+
                                 $datarray['type'] = 'remote-comment';
                                 $datarray['wall'] = 1;
                                 $datarray['parent-uri'] = $parent_uri;
author	Friendika <info@friendika.com>
	Thu, 6 Oct 2011 07:26:25 +0000 (00:26 -0700)
committer	Friendika <info@friendika.com>
	Thu, 6 Oct 2011 07:26:25 +0000 (00:26 -0700)