clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Tighten profile restriction feature

Browse Source 
- Prevent feed access to restricted profiles
- Rework display of restricted profiles with a redirect to the profile/restricted route
- Normalize permission checking with IHandleUserSession->isAuthenticated
- Remove unusable "nocache" parameter in feed module because session isn't initialized
- Reword setting name and description
This commit is contained in:
Hypolite Petovan
2022-11-30 13:50:52 -05:00
parent 0d53c69610
commit b83526ad0b
16 changed files with 135 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/Module/Profile/Profile.php
View File

@@ -76,21 +76,19 @@ class Profile extends BaseProfile
{
$a = DI::app();
$profile = ProfileModel::load($a, $this->parameters['nickname']);
$profile = ProfileModel::load($a, $this->parameters['nickname'] ?? '');
if (!$profile) {
throw new HTTPException\NotFoundException(DI::l10n()->t('Profile not found.'));
}
$remote_contact_id = DI::userSession()->getRemoteContactID($profile['uid']);
if (DI::config()->get('system', 'block_public') && !DI::userSession()->getLocalUserId() && !$remote_contact_id) {
if (DI::config()->get('system', 'block_public') && !DI::userSession()->isAuthenticated()) {
return Login::form();
}
$is_owner = DI::userSession()->getLocalUserId() == $profile['uid'];
if (!empty($profile['hidewall']) && !$is_owner && !$remote_contact_id) {
throw new HTTPException\ForbiddenException(DI::l10n()->t('Access to this profile has been restricted.'));
if (!empty($profile['hidewall']) && !DI::userSession()->isAuthenticated()) {
$this->baseUrl->redirect('profile/' . $profile['nickname'] . '/restricted');
}
if (!empty($profile['page-flags']) && $profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) {
@@ -104,11 +102,6 @@ class Profile extends BaseProfile
$is_owner = DI::userSession()->getLocalUserId() == $profile['uid'];
$o = self::getTabsHTML($a, 'profile', $is_owner, $profile['nickname'], $profile['hide-friends']);
if (!empty($profile['hidewall']) && !$is_owner && !$remote_contact_id) {
DI::sysmsg()->addNotice(DI::l10n()->t('Access to this profile has been restricted.'));
return '';
}
$view_as_contacts = [];
$view_as_contact_id = 0;
$view_as_contact_alert = '';
@@ -307,8 +300,8 @@ class Profile extends BaseProfile
}
// site block
$blocked = !DI::userSession()->getLocalUserId() && !$remote_contact_id && DI::config()->get('system', 'block_public');
$userblock = !DI::userSession()->getLocalUserId() && !$remote_contact_id && $profile['hidewall'];
$blocked = !DI::userSession()->isAuthenticated() && DI::config()->get('system', 'block_public');
$userblock = !DI::userSession()->isAuthenticated() && $profile['hidewall'];
if (!$blocked && !$userblock) {
$keywords = str_replace(['#', ',', ' ', ',,'], ['', ' ', ',', ','], $profile['pub_keywords'] ?? '');
if (strlen($keywords)) {