Merge pull request #12513 from MrPetovan/bug/12507-rel-meeee
Add call to HTML::checkRelMeLink in Worker\CheckRelMeProfileLink
This commit is contained in:
Philipp
GitHub
@@ -33,6 +33,7 @@ use Friendica\Util\Network;
|
||||
use Friendica\Util\Strings;
|
||||
use Friendica\Util\XML;
|
||||
use League\HTMLToMarkdown\HtmlConverter;
|
||||
use Psr\Http\Message\UriInterface;
|
||||
|
||||
class HTML
|
||||
{
|
||||
@@ -1007,4 +1008,51 @@ class HTML
|
||||
|
||||
return $text;
|
||||
}
|
||||
|
||||
/**
|
||||
* XPath arbitrary string quoting
|
||||
*
|
||||
* @see https://stackoverflow.com/a/45228168
|
||||
* @param string $value
|
||||
* @return string
|
||||
*/
|
||||
public static function xpathQuote(string $value): string
|
||||
{
|
||||
if (false === strpos($value, '"')) {
|
||||
return '"' . $value . '"';
|
||||
}
|
||||
|
||||
if (false === strpos($value, "'")) {
|
||||
return "'" . $value . "'";
|
||||
}
|
||||
|
||||
// if the value contains both single and double quotes, construct an
|
||||
// expression that concatenates all non-double-quote substrings with
|
||||
// the quotes, e.g.:
|
||||
//
|
||||
// concat("'foo'", '"', "bar")
|
||||
return 'concat(' . implode(', \'"\', ', array_map(['self', 'xpathQuote'], explode('"', $value))) . ')';
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the provided URL is present in the DOM document in an element with the rel="me" attribute
|
||||
*
|
||||
* XHTML Friends Network http://gmpg.org/xfn/
|
||||
*
|
||||
* @param DOMDocument $doc
|
||||
* @param UriInterface $meUrl
|
||||
* @return bool
|
||||
*/
|
||||
public static function checkRelMeLink(DOMDocument $doc, UriInterface $meUrl): bool
|
||||
{
|
||||
$xpath = new \DOMXpath($doc);
|
||||
|
||||
// This expression checks that "me" is among the space-delimited values of the "rel" attribute.
|
||||
// And that the href attribute contains exactly the provided URL
|
||||
$expression = "//*[contains(concat(' ', normalize-space(@rel), ' '), ' me ')][@href = " . self::xpathQuote($meUrl) . "]";
|
||||
|
||||
$result = $xpath->query($expression);
|
||||
|
||||
return $result !== false && $result->length > 0;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,14 +22,14 @@
|
||||
namespace Friendica\Worker;
|
||||
|
||||
use DOMDocument;
|
||||
use Friendica\DI;
|
||||
use Friendica\Content\Text\HTML;
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\DI;
|
||||
use Friendica\Model\Profile;
|
||||
use Friendica\Model\User;
|
||||
use Friendica\Network\HTTPClient\Client\HttpClientAccept;
|
||||
use Friendica\Network\HTTPClient\Client\HttpClientOptions;
|
||||
use Friendica\Util\Network;
|
||||
use Friendica\Util\Strings;
|
||||
use GuzzleHttp\Psr7\Uri;
|
||||
|
||||
/* This class is used to verify the homepage link of a user profile.
|
||||
* To do so, we look for rel="me" links in the given homepage, if one
|
||||
@@ -56,43 +56,37 @@ class CheckRelMeProfileLink
|
||||
{
|
||||
Logger::notice('Verifying the homepage', ['uid' => $uid]);
|
||||
Profile::update(['homepage_verified' => false], $uid);
|
||||
$homepageUrlVerified = false;
|
||||
$owner = User::getOwnerDataById($uid);
|
||||
if (!empty($owner['homepage'])) {
|
||||
$xrd_timeout = DI::config()->get('system', 'xrd_timeout');
|
||||
$curlResult = DI::httpClient()->get($owner['homepage'], $accept_content = HttpClientAccept::HTML, [HttpClientOptions::TIMEOUT => $xrd_timeout]);
|
||||
if ($curlResult->isSuccess()) {
|
||||
$content = $curlResult->getBody();
|
||||
if (!$content) {
|
||||
Logger::notice('Empty body of the fetched homepage link). Cannot verify the relation to profile of UID %s.', ['uid' => $uid, 'owner homepage' => $owner['homepage']]);
|
||||
} else {
|
||||
$doc = new DOMDocument();
|
||||
@$doc->loadHTML($content);
|
||||
if (!$doc) {
|
||||
Logger::notice('Could not parse the content');
|
||||
} else {
|
||||
foreach ($doc->getElementsByTagName('a') as $link) {
|
||||
$rel = $link->getAttribute('rel');
|
||||
if ($rel == 'me') {
|
||||
$href = $link->getAttribute('href');
|
||||
if (!$homepageUrlVerified && Network::isValidHttpUrl($href)) {
|
||||
$homepageUrlVerified = Strings::compareLink($owner['url'], $href);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($homepageUrlVerified) {
|
||||
Profile::update(['homepage_verified' => true], $uid);
|
||||
Logger::notice('Homepage URL verified', ['uid' => $uid, 'owner homepage' => $owner['homepage']]);
|
||||
} else {
|
||||
Logger::notice('Homepage URL could not be verified', ['uid' => $uid, 'owner homepage' => $owner['homepage']]);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Logger::notice('Could not cURL the homepage URL', ['owner homepage' => $owner['homepage']]);
|
||||
}
|
||||
} else {
|
||||
|
||||
$owner = User::getOwnerDataById($uid);
|
||||
if (empty($owner['homepage'])) {
|
||||
Logger::notice('The user has no homepage link.', ['uid' => $uid]);
|
||||
return;
|
||||
}
|
||||
|
||||
$xrd_timeout = DI::config()->get('system', 'xrd_timeout');
|
||||
$curlResult = DI::httpClient()->get($owner['homepage'], HttpClientAccept::HTML, [HttpClientOptions::TIMEOUT => $xrd_timeout]);
|
||||
if (!$curlResult->isSuccess()) {
|
||||
Logger::notice('Could not cURL the homepage URL', ['owner homepage' => $owner['homepage']]);
|
||||
return;
|
||||
}
|
||||
|
||||
$content = $curlResult->getBody();
|
||||
if (!$content) {
|
||||
Logger::notice('Empty body of the fetched homepage link). Cannot verify the relation to profile of UID %s.', ['uid' => $uid, 'owner homepage' => $owner['homepage']]);
|
||||
return;
|
||||
}
|
||||
|
||||
$doc = new DOMDocument();
|
||||
if (!@$doc->loadHTML($content)) {
|
||||
Logger::notice('Could not parse the content');
|
||||
return;
|
||||
}
|
||||
|
||||
if (HTML::checkRelMeLink($doc, new Uri($owner['url']))) {
|
||||
Profile::update(['homepage_verified' => true], $uid);
|
||||
Logger::notice('Homepage URL verified', ['uid' => $uid, 'owner homepage' => $owner['homepage']]);
|
||||
} else {
|
||||
Logger::notice('Homepage URL could not be verified', ['uid' => $uid, 'owner homepage' => $owner['homepage']]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user