From: Michael Date: Wed, 3 May 2017 19:28:51 +0000 (+0000) Subject: Diaspora: Better handling for unrelayed comments and likes X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=d7b56db99680e4397f571bb19447039d0c0a2b15;p=friendica.git Diaspora: Better handling for unrelayed comments and likes --- diff --git a/include/diaspora.php b/include/diaspora.php index 8640e2d6a7..121357829a 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -333,19 +333,20 @@ class Diaspora { return false; } - if (!self::valid_posting($msg, $fields)) { + if (!($postdata = self::valid_posting($msg))) { logger("Invalid posting"); return false; } + $fields = $postdata['fields']; + // Is it a an action (comment, like, ...) for our own post? - if (isset($fields->parent_guid)) { + if (isset($fields->parent_guid) AND !$postdata["relayed"]) { $guid = notags(unxmlify($fields->parent_guid)); - $importer = self::importer_for_guid($guid); if (is_array($importer)) { logger("delivering to origin: ".$importer["name"]); - $message_id = self::dispatch($importer, $msg); + $message_id = self::dispatch($importer, $msg, $fields); return $message_id; } } @@ -361,14 +362,14 @@ class Diaspora { if (dbm::is_result($r)) { foreach ($r as $rr) { logger("delivering to: ".$rr["username"]); - self::dispatch($rr, $msg); + self::dispatch($rr, $msg, $fields); } } elseif (!Config::get('system', 'relay_subscribe', false)) { - logger("Unwanted message from ".$sender." send by ".$_SERVER["REMOTE_ADDR"]." with ".$_SERVER["HTTP_USER_AGENT"].": ".print_r($msg, true), LOGGER_DEBUG); + logger("Unwanted message from ".$msg["author"]." send by ".$_SERVER["REMOTE_ADDR"]." with ".$_SERVER["HTTP_USER_AGENT"].": ".print_r($msg, true), LOGGER_DEBUG); } else { // Use a dummy importer to import the data for the public copy $importer = array("uid" => 0, "page-flags" => PAGE_FREELOVE); - $message_id = self::dispatch($importer, $msg); + $message_id = self::dispatch($importer, $msg, $fields); } return $message_id; @@ -382,15 +383,19 @@ class Diaspora { * * @return int The message id of the generated message, "true" or "false" if there was an error */ - public static function dispatch($importer, $msg) { + public static function dispatch($importer, $msg, $fields = null) { // The sender is the handle of the contact that sent the message. // This will often be different with relayed messages (for example "like" and "comment") $sender = $msg["author"]; - if (!self::valid_posting($msg, $fields)) { - logger("Invalid posting"); - return false; + // This is only needed for private postings since this is already done for public ones before + if (is_null($fields)) { + if (!($postdata = self::valid_posting($msg))) { + logger("Invalid posting"); + return false; + } + $fields = $postdata['fields']; } $type = $fields->getName(); @@ -456,7 +461,7 @@ class Diaspora { * * @return bool Is the posting valid? */ - private static function valid_posting($msg, &$fields) { + private static function valid_posting($msg) { $data = parse_xml_string($msg["message"], false); @@ -552,7 +557,7 @@ class Diaspora { // Only some message types have signatures. So we quit here for the other types. if (!in_array($type, array("comment", "message", "like"))) - return true; + return array("fields" => $fields, "relayed" => false); // No author_signature? This is a must, so we quit. if (!isset($author_signature)) { @@ -561,12 +566,16 @@ class Diaspora { } if (isset($parent_author_signature)) { + $relayed = true; + $key = self::key($msg["author"]); if (!rsa_verify($signed_data, $parent_author_signature, $key, "sha256")) { logger("No valid parent author signature for parent author ".$msg["author"]. " in type ".$type." - signed data: ".$signed_data." - Message: ".$msg["message"]." - Signature ".$parent_author_signature, LOGGER_DEBUG); return false; } + } else { + $relayed = false; } $key = self::key($fields->author); @@ -575,7 +584,7 @@ class Diaspora { logger("No valid author signature for author ".$fields->author. " in type ".$type." - signed data: ".$signed_data." - Message: ".$msg["message"]." - Signature ".$author_signature, LOGGER_DEBUG); return false; } else - return true; + return array("fields" => $fields, "relayed" => $relayed); } /**