]> git.mxchange.org Git - friendica.git/commitdiff
don't allow followers to get a post through unless it's a tag deliver
authorfriendica <info@friendica.com>
Thu, 13 Sep 2012 01:53:20 +0000 (18:53 -0700)
committerfriendica <info@friendica.com>
Thu, 13 Sep 2012 01:53:20 +0000 (18:53 -0700)
include/items.php

index 2f5b5f1f790d94d5fb8619a231aab44035e840d9..f70e96fcbe8a08dcbf89197f19373f1dd1dc2e11 100755 (executable)
@@ -1256,6 +1256,59 @@ function tag_deliver($uid,$item_id) {
 
 
 
+function tgroup_check($uid,$item) {
+
+       $a = get_app();
+
+       $mention = false;
+
+       // check that the message originated elsewhere and is a top-level post
+
+       if(($item['wall']) || ($item['origin']) || ($item['uri'] != $item['parent-uri']))
+               return false;
+
+
+       $u = q("select * from user where uid = %d limit 1",
+               intval($uid)
+       );
+       if(! count($u))
+               return false;
+
+       $community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
+       $prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false);
+
+
+       $link = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']);
+
+       // Diaspora uses their own hardwired link URL in @-tags
+       // instead of the one we supply with webfinger
+
+       $dlink = normalise_link($a->get_baseurl() . '/u/' . $u[0]['nickname']);
+
+       $cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER);
+       if($cnt) {
+               foreach($matches as $mtch) {
+                       if(link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) {
+                               $mention = true;
+                               logger('tgroup_check: mention found: ' . $mtch[2]);
+                       }
+               }
+       }
+
+       if(! $mention)
+               return false;
+
+       if((! $community_page) && (! $prvgroup))
+               return false;
+
+
+
+       return true;
+
+}
+
+
+
 
 
 
@@ -1812,6 +1865,12 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
                                if($pass == 1)
                                        continue;
 
+                               // not allowed to post
+
+                               if($contact['rel'] == CONTACT_IS_FOLLOWER)
+                                       continue;
+
+
                                // Have we seen it? If not, import it.
 
                                $item_id  = $item->get_id();
@@ -2086,6 +2145,14 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
                                        $datarray['owner-avatar'] = $contact['thumb'];
                                }
 
+                               // We've allowed "followers" to reach this point so we can decide if they are 
+                               // posting an @-tag delivery, which followers are allowed to do for certain
+                               // page types. Now that we've parsed the post, let's check if it is legit. Otherwise ignore it. 
+
+                               if(($contact['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['uid'],$datarray)))
+                                       continue;
+
+
                                $r = item_store($datarray);
                                continue;
 
@@ -2708,15 +2775,6 @@ function local_delivery($importer,$data) {
                                }
 
 
-                               // TODO: make this next part work against both delivery threads of a community post
-
-//                             if((! link_compare($datarray['author-link'],$importer['url'])) && (! $community)) {
-//                                     logger('local_delivery: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] ); 
-                                       // they won't know what to do so don't report an error. Just quietly die.
-//                                     return 0;
-//                             }                                       
-
-                               // our user with $importer['importer_uid'] is the owner
 
                                $own = q("select name,url,thumb from contact where uid = %d and self = 1 limit 1",
                                        intval($importer['importer_uid'])
@@ -2786,15 +2844,6 @@ function local_delivery($importer,$data) {
                                        }
                                }
 
-//                             if($community) {
-//                                     $newtag = '@[url=' . $a->get_baseurl() . '/profile/' . $importer['nickname'] . ']' . $importer['username'] . '[/url]';
-//                                     if(! stristr($datarray['tag'],$newtag)) {
-//                                             if(strlen($datarray['tag']))
-//                                                     $datarray['tag'] .= ',';
-//                                             $datarray['tag'] .= $newtag;
-//                                     }
-//                             }
-
 
                                $posted_id = item_store($datarray);
                                $parent = 0;
@@ -2864,6 +2913,9 @@ function local_delivery($importer,$data) {
                                $item_id  = $item->get_id();
                                $datarray = get_atom_elements($feed,$item);
 
+                               if($importer['rel'] == CONTACT_IS_FOLLOWER)
+                                       continue;
+
                                $r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
                                        dbesc($item_id),
                                        intval($importer['importer_uid'])
@@ -3098,6 +3150,9 @@ function local_delivery($importer,$data) {
                                $datarray['owner-avatar'] = $importer['thumb'];
                        }
 
+                       if(($importer['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['importer_uid'],$datarray)))
+                               continue;
+
                        $posted_id = item_store($datarray);
 
                        if(stristr($datarray['verb'],ACTIVITY_POKE)) {