Ensure that public contacts can't create toplevel posts
This commit is contained in:
Michael
parent
c9f02d534e
commit
1613f2a1c4
|
|
@ -55,7 +55,6 @@ function dfrn_notify_post(App $a) {
|
|||
}
|
||||
|
||||
// Set the user id. This is important if this is a public contact
|
||||
$importer['uid'] = $user['uid'];
|
||||
$importer['importer_uid'] = $user['uid'];
|
||||
|
||||
// Now we should be able to import it
|
||||
|
|
|
|||
|
|
@ -1433,7 +1433,7 @@ class DFRN
|
|||
$contact_old = dba::fetch_first("SELECT `id`, `uid`, `url`, `network`, `avatar-date`, `avatar`, `name-date`, `uri-date`, `addr`,
|
||||
`name`, `nick`, `about`, `location`, `keywords`, `xmpp`, `bdyear`, `bd`, `hidden`, `contact-type`
|
||||
FROM `contact` WHERE `uid` = ? AND `nurl` = ? AND `network` != ?",
|
||||
$importer["uid"],
|
||||
$importer["importer_uid"],
|
||||
normalise_link($author["link"]),
|
||||
NETWORK_STATUSNET
|
||||
);
|
||||
|
|
@ -1443,7 +1443,7 @@ class DFRN
|
|||
$author["network"] = $contact_old["network"];
|
||||
} else {
|
||||
if (!$onlyfetch) {
|
||||
logger("Contact ".$author["link"]." wasn't found for user ".$importer["uid"]." XML: ".$xml, LOGGER_DEBUG);
|
||||
logger("Contact ".$author["link"]." wasn't found for user ".$importer["importer_uid"]." XML: ".$xml, LOGGER_DEBUG);
|
||||
}
|
||||
|
||||
$author["contact-id"] = $importer["id"];
|
||||
|
|
@ -1639,7 +1639,7 @@ class DFRN
|
|||
|
||||
Contact::updateAvatar(
|
||||
$author['avatar'],
|
||||
$importer['uid'],
|
||||
$importer['importer_uid'],
|
||||
$contact['id'],
|
||||
(strtotime($contact['avatar-date']) > strtotime($contact_old['avatar-date']) || ($author['avatar'] != $contact_old['avatar']))
|
||||
);
|
||||
|
|
@ -1657,7 +1657,7 @@ class DFRN
|
|||
$poco["contact-type"] = $contact["contact-type"];
|
||||
$gcid = GContact::update($poco);
|
||||
|
||||
GContact::link($gcid, $importer["uid"], $contact["id"]);
|
||||
GContact::link($gcid, $importer["importer_uid"], $contact["id"]);
|
||||
}
|
||||
|
||||
return $author;
|
||||
|
|
@ -2617,7 +2617,7 @@ class DFRN
|
|||
if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) {
|
||||
logger("Event in item ".$item["uri"]." was found.", LOGGER_DEBUG);
|
||||
$ev["cid"] = $importer["id"];
|
||||
$ev["uid"] = $importer["uid"];
|
||||
$ev["uid"] = $importer["importer_uid"];
|
||||
$ev["uri"] = $item["uri"];
|
||||
$ev["edited"] = $item["edited"];
|
||||
$ev["private"] = $item["private"];
|
||||
|
|
@ -2626,7 +2626,7 @@ class DFRN
|
|||
$r = q(
|
||||
"SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($item["uri"]),
|
||||
intval($importer["uid"])
|
||||
intval($importer["importer_uid"])
|
||||
);
|
||||
if (DBM::is_result($r)) {
|
||||
$ev["id"] = $r[0]["id"];
|
||||
|
|
@ -2681,6 +2681,10 @@ class DFRN
|
|||
return true;
|
||||
}
|
||||
} else { // $entrytype == DFRN_TOP_LEVEL
|
||||
if ($importer["uid"] == 0) {
|
||||
logger("Contact ".$importer["id"]." isn't known to user ".$importer["importer_uid"].". The post will be ignored.", LOGGER_DEBUG);
|
||||
return;
|
||||
}
|
||||
if (!link_compare($item["owner-link"], $importer["url"])) {
|
||||
/*
|
||||
* The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
|
||||
|
|
@ -2736,10 +2740,10 @@ class DFRN
|
|||
return false;
|
||||
}
|
||||
|
||||
$condition = ["`uri` = ? AND `uid` = ? AND NOT `file` LIKE '%[%'", $uri, $importer["uid"]];
|
||||
$condition = ["`uri` = ? AND `uid` = ? AND NOT `file` LIKE '%[%'", $uri, $importer["importer_uid"]];
|
||||
$item = dba::selectFirst('item', ['id', 'parent', 'contact-id'], $condition);
|
||||
if (!DBM::is_result($item)) {
|
||||
logger("Item with uri " . $uri . " for user " . $importer["uid"] . " wasn't found.", LOGGER_DEBUG);
|
||||
logger("Item with uri " . $uri . " for user " . $importer["importer_uid"] . " wasn't found.", LOGGER_DEBUG);
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -2808,7 +2812,7 @@ class DFRN
|
|||
$xpath->registerNamespace("statusnet", NAMESPACE_STATUSNET);
|
||||
|
||||
$header = [];
|
||||
$header["uid"] = $importer["uid"];
|
||||
$header["uid"] = $importer["importer_uid"];
|
||||
$header["network"] = NETWORK_DFRN;
|
||||
$header["type"] = "remote";
|
||||
$header["wall"] = 0;
|
||||
|
|
@ -2827,7 +2831,7 @@ class DFRN
|
|||
self::fetchauthor($xpath, $doc->firstChild, $importer, "dfrn:owner", false, $xml);
|
||||
}
|
||||
|
||||
logger("Import DFRN message for user " . $importer["uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
|
||||
logger("Import DFRN message for user " . $importer["importer_uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
|
||||
|
||||
// The account type is new since 3.5.1
|
||||
if ($xpath->query("/atom:feed/dfrn:account_type")->length > 0) {
|
||||
|
|
@ -2895,7 +2899,7 @@ class DFRN
|
|||
self::processEntry($header, $xpath, $entry, $importer, $xml);
|
||||
}
|
||||
}
|
||||
logger("Import done for user " . $importer["uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
|
||||
logger("Import done for user " . $importer["importer_uid"] . " from contact " . $importer["id"], LOGGER_DEBUG);
|
||||
return 200;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user