Merge pull request #2976 from rabuzarus/20161128_-_fix_posible_double_request
Bugfix: better detection dfrn_request of double connection requests
This commit is contained in:
commit
4ff49807ca
|
@ -1,12 +1,13 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
* @file mod/dfrn_request.php
|
||||||
* Module: dfrn_request
|
* @brief Module: dfrn_request
|
||||||
*
|
*
|
||||||
* Purpose: Handles communication associated with the issuance of
|
* Purpose: Handles communication associated with the issuance of
|
||||||
* friend requests.
|
* friend requests.
|
||||||
*
|
*
|
||||||
|
* @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf
|
||||||
*/
|
*/
|
||||||
|
|
||||||
require_once('include/enotify.php');
|
require_once('include/enotify.php');
|
||||||
|
@ -14,7 +15,6 @@ require_once('include/Scrape.php');
|
||||||
require_once('include/Probe.php');
|
require_once('include/Probe.php');
|
||||||
require_once('include/group.php');
|
require_once('include/group.php');
|
||||||
|
|
||||||
if(! function_exists('dfrn_request_init')) {
|
|
||||||
function dfrn_request_init(&$a) {
|
function dfrn_request_init(&$a) {
|
||||||
|
|
||||||
if($a->argc > 1)
|
if($a->argc > 1)
|
||||||
|
@ -22,7 +22,7 @@ function dfrn_request_init(&$a) {
|
||||||
|
|
||||||
profile_load($a,$which);
|
profile_load($a,$which);
|
||||||
return;
|
return;
|
||||||
}}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -40,8 +40,6 @@ function dfrn_request_init(&$a) {
|
||||||
* After logging in, we click 'submit' to approve the linkage.
|
* After logging in, we click 'submit' to approve the linkage.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if(! function_exists('dfrn_request_post')) {
|
|
||||||
function dfrn_request_post(&$a) {
|
function dfrn_request_post(&$a) {
|
||||||
|
|
||||||
if(($a->argc != 2) || (! count($a->profile))) {
|
if(($a->argc != 2) || (! count($a->profile))) {
|
||||||
|
@ -55,7 +53,7 @@ function dfrn_request_post(&$a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/*
|
||||||
*
|
*
|
||||||
* Scenario 2: We've introduced ourself to another cell, then have been returned to our own cell
|
* Scenario 2: We've introduced ourself to another cell, then have been returned to our own cell
|
||||||
* to confirm the request, and then we've clicked submit (perhaps after logging in).
|
* to confirm the request, and then we've clicked submit (perhaps after logging in).
|
||||||
|
@ -65,7 +63,7 @@ function dfrn_request_post(&$a) {
|
||||||
|
|
||||||
if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1)) {
|
if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1)) {
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* Ensure this is a valid request
|
* Ensure this is a valid request
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -80,20 +78,19 @@ function dfrn_request_post(&$a) {
|
||||||
|
|
||||||
if(x($dfrn_url)) {
|
if(x($dfrn_url)) {
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* Lookup the contact based on their URL (which is the only unique thing we have at the moment)
|
* Lookup the contact based on their URL (which is the only unique thing we have at the moment)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1",
|
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1",
|
||||||
intval(local_user()),
|
intval(local_user()),
|
||||||
dbesc($dfrn_url),
|
|
||||||
dbesc(normalise_link($dfrn_url))
|
dbesc(normalise_link($dfrn_url))
|
||||||
);
|
);
|
||||||
|
|
||||||
if(count($r)) {
|
if(count($r)) {
|
||||||
if(strlen($r[0]['dfrn-id'])) {
|
if(strlen($r[0]['dfrn-id'])) {
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* We don't need to be here. It has already happened.
|
* We don't need to be here. It has already happened.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -113,7 +110,7 @@ function dfrn_request_post(&$a) {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo
|
* Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -141,13 +138,12 @@ function dfrn_request_post(&$a) {
|
||||||
|
|
||||||
$photo = $parms["photo"];
|
$photo = $parms["photo"];
|
||||||
|
|
||||||
/********* Escape the entire array ********/
|
// Escape the entire array
|
||||||
|
|
||||||
dbesc_array($parms);
|
dbesc_array($parms);
|
||||||
|
|
||||||
/******************************************/
|
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* Create a contact record on our site for the other person
|
* Create a contact record on our site for the other person
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -195,7 +191,7 @@ function dfrn_request_post(&$a) {
|
||||||
} else
|
} else
|
||||||
$forwardurl = $a->get_baseurl()."/contacts";
|
$forwardurl = $a->get_baseurl()."/contacts";
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* Allow the blocked remote notification to complete
|
* Allow the blocked remote notification to complete
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -222,7 +218,7 @@ function dfrn_request_post(&$a) {
|
||||||
return; // NOTREACHED
|
return; // NOTREACHED
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* Otherwise:
|
* Otherwise:
|
||||||
*
|
*
|
||||||
* Scenario 1:
|
* Scenario 1:
|
||||||
|
@ -260,7 +256,7 @@ function dfrn_request_post(&$a) {
|
||||||
|
|
||||||
if( x($_POST,'dfrn_url')) {
|
if( x($_POST,'dfrn_url')) {
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* Block friend request spam
|
* Block friend request spam
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -277,7 +273,7 @@ function dfrn_request_post(&$a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/*
|
||||||
*
|
*
|
||||||
* Cleanup old introductions that remain blocked.
|
* Cleanup old introductions that remain blocked.
|
||||||
* Also remove the contact record, but only if there is no existing relationship
|
* Also remove the contact record, but only if there is no existing relationship
|
||||||
|
@ -304,7 +300,7 @@ function dfrn_request_post(&$a) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/*
|
||||||
*
|
*
|
||||||
* Cleanup any old email intros - which will have a greater lifetime
|
* Cleanup any old email intros - which will have a greater lifetime
|
||||||
*/
|
*/
|
||||||
|
@ -613,7 +609,7 @@ function dfrn_request_post(&$a) {
|
||||||
// END $network === NETWORK_DFRN
|
// END $network === NETWORK_DFRN
|
||||||
} elseif (($network != NETWORK_PHANTOM) AND ($url != "")) {
|
} elseif (($network != NETWORK_PHANTOM) AND ($url != "")) {
|
||||||
|
|
||||||
/**
|
/*
|
||||||
*
|
*
|
||||||
* Substitute our user's feed URL into $url template
|
* Substitute our user's feed URL into $url template
|
||||||
* Send the subscriber home to subscribe
|
* Send the subscriber home to subscribe
|
||||||
|
@ -642,12 +638,9 @@ function dfrn_request_post(&$a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
} return;
|
} return;
|
||||||
}}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if(! function_exists('dfrn_request_content')) {
|
|
||||||
function dfrn_request_content(&$a) {
|
function dfrn_request_content(&$a) {
|
||||||
|
|
||||||
if(($a->argc != 2) || (! count($a->profile)))
|
if(($a->argc != 2) || (! count($a->profile)))
|
||||||
|
@ -781,7 +774,7 @@ function dfrn_request_content(&$a) {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* Normal web request. Display our user's introduction form.
|
* Normal web request. Display our user's introduction form.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -793,7 +786,7 @@ function dfrn_request_content(&$a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* Try to auto-fill the profile address
|
* Try to auto-fill the profile address
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -816,7 +809,7 @@ function dfrn_request_content(&$a) {
|
||||||
$target_addr = $a->profile['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 );
|
$target_addr = $a->profile['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 );
|
||||||
|
|
||||||
|
|
||||||
/**
|
/*
|
||||||
*
|
*
|
||||||
* The auto_request form only has the profile address
|
* The auto_request form only has the profile address
|
||||||
* because nobody is going to read the comments and
|
* because nobody is going to read the comments and
|
||||||
|
@ -881,4 +874,4 @@ function dfrn_request_content(&$a) {
|
||||||
}
|
}
|
||||||
|
|
||||||
return; // Somebody is fishing.
|
return; // Somebody is fishing.
|
||||||
}}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user