Merge pull request #2976 from rabuzarus/20161128_-_fix_posible_double_request

Bugfix: better detection dfrn_request of double connection requests
This commit is contained in:
Michael Vogel 2016-11-28 18:19:20 +01:00 committed by GitHub
commit 4ff49807ca

View File

@ -1,12 +1,13 @@
<?php <?php
/** /**
* * @file mod/dfrn_request.php
* Module: dfrn_request * @brief Module: dfrn_request
* *
* Purpose: Handles communication associated with the issuance of * Purpose: Handles communication associated with the issuance of
* friend requests. * friend requests.
* *
* @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf
*/ */
require_once('include/enotify.php'); require_once('include/enotify.php');
@ -14,7 +15,6 @@ require_once('include/Scrape.php');
require_once('include/Probe.php'); require_once('include/Probe.php');
require_once('include/group.php'); require_once('include/group.php');
if(! function_exists('dfrn_request_init')) {
function dfrn_request_init(&$a) { function dfrn_request_init(&$a) {
if($a->argc > 1) if($a->argc > 1)
@ -22,7 +22,7 @@ function dfrn_request_init(&$a) {
profile_load($a,$which); profile_load($a,$which);
return; return;
}} }
/** /**
@ -40,8 +40,6 @@ function dfrn_request_init(&$a) {
* After logging in, we click 'submit' to approve the linkage. * After logging in, we click 'submit' to approve the linkage.
* *
*/ */
if(! function_exists('dfrn_request_post')) {
function dfrn_request_post(&$a) { function dfrn_request_post(&$a) {
if(($a->argc != 2) || (! count($a->profile))) { if(($a->argc != 2) || (! count($a->profile))) {
@ -55,7 +53,7 @@ function dfrn_request_post(&$a) {
} }
/** /*
* *
* Scenario 2: We've introduced ourself to another cell, then have been returned to our own cell * Scenario 2: We've introduced ourself to another cell, then have been returned to our own cell
* to confirm the request, and then we've clicked submit (perhaps after logging in). * to confirm the request, and then we've clicked submit (perhaps after logging in).
@ -65,7 +63,7 @@ function dfrn_request_post(&$a) {
if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1)) { if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1)) {
/** /*
* Ensure this is a valid request * Ensure this is a valid request
*/ */
@ -80,20 +78,19 @@ function dfrn_request_post(&$a) {
if(x($dfrn_url)) { if(x($dfrn_url)) {
/** /*
* Lookup the contact based on their URL (which is the only unique thing we have at the moment) * Lookup the contact based on their URL (which is the only unique thing we have at the moment)
*/ */
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1", $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1",
intval(local_user()), intval(local_user()),
dbesc($dfrn_url),
dbesc(normalise_link($dfrn_url)) dbesc(normalise_link($dfrn_url))
); );
if(count($r)) { if(count($r)) {
if(strlen($r[0]['dfrn-id'])) { if(strlen($r[0]['dfrn-id'])) {
/** /*
* We don't need to be here. It has already happened. * We don't need to be here. It has already happened.
*/ */
@ -113,7 +110,7 @@ function dfrn_request_post(&$a) {
} }
else { else {
/** /*
* Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo * Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo
*/ */
@ -141,13 +138,12 @@ function dfrn_request_post(&$a) {
$photo = $parms["photo"]; $photo = $parms["photo"];
/********* Escape the entire array ********/ // Escape the entire array
dbesc_array($parms); dbesc_array($parms);
/******************************************/
/** /*
* Create a contact record on our site for the other person * Create a contact record on our site for the other person
*/ */
@ -195,7 +191,7 @@ function dfrn_request_post(&$a) {
} else } else
$forwardurl = $a->get_baseurl()."/contacts"; $forwardurl = $a->get_baseurl()."/contacts";
/** /*
* Allow the blocked remote notification to complete * Allow the blocked remote notification to complete
*/ */
@ -222,7 +218,7 @@ function dfrn_request_post(&$a) {
return; // NOTREACHED return; // NOTREACHED
} }
/** /*
* Otherwise: * Otherwise:
* *
* Scenario 1: * Scenario 1:
@ -260,7 +256,7 @@ function dfrn_request_post(&$a) {
if( x($_POST,'dfrn_url')) { if( x($_POST,'dfrn_url')) {
/** /*
* Block friend request spam * Block friend request spam
*/ */
@ -277,7 +273,7 @@ function dfrn_request_post(&$a) {
} }
} }
/** /*
* *
* Cleanup old introductions that remain blocked. * Cleanup old introductions that remain blocked.
* Also remove the contact record, but only if there is no existing relationship * Also remove the contact record, but only if there is no existing relationship
@ -304,7 +300,7 @@ function dfrn_request_post(&$a) {
} }
} }
/** /*
* *
* Cleanup any old email intros - which will have a greater lifetime * Cleanup any old email intros - which will have a greater lifetime
*/ */
@ -613,7 +609,7 @@ function dfrn_request_post(&$a) {
// END $network === NETWORK_DFRN // END $network === NETWORK_DFRN
} elseif (($network != NETWORK_PHANTOM) AND ($url != "")) { } elseif (($network != NETWORK_PHANTOM) AND ($url != "")) {
/** /*
* *
* Substitute our user's feed URL into $url template * Substitute our user's feed URL into $url template
* Send the subscriber home to subscribe * Send the subscriber home to subscribe
@ -642,12 +638,9 @@ function dfrn_request_post(&$a) {
} }
} return; } return;
}} }
if(! function_exists('dfrn_request_content')) {
function dfrn_request_content(&$a) { function dfrn_request_content(&$a) {
if(($a->argc != 2) || (! count($a->profile))) if(($a->argc != 2) || (! count($a->profile)))
@ -781,7 +774,7 @@ function dfrn_request_content(&$a) {
} }
else { else {
/** /*
* Normal web request. Display our user's introduction form. * Normal web request. Display our user's introduction form.
*/ */
@ -793,7 +786,7 @@ function dfrn_request_content(&$a) {
} }
/** /*
* Try to auto-fill the profile address * Try to auto-fill the profile address
*/ */
@ -816,7 +809,7 @@ function dfrn_request_content(&$a) {
$target_addr = $a->profile['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 ); $target_addr = $a->profile['nickname'] . '@' . substr(z_root(), strpos(z_root(),'://') + 3 );
/** /*
* *
* The auto_request form only has the profile address * The auto_request form only has the profile address
* because nobody is going to read the comments and * because nobody is going to read the comments and
@ -881,4 +874,4 @@ function dfrn_request_content(&$a) {
} }
return; // Somebody is fishing. return; // Somebody is fishing.
}} }