From e232c50c9e429b53005873a28ddeb549a7bcf959 Mon Sep 17 00:00:00 2001
From: Friendika <info@friendika.com>
Date: Thu, 6 Oct 2011 00:26:25 -0700
Subject: [PATCH] check author url to see if it matches current contact before
 relay is accepted

---
 mod/dfrn_notify.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 01bb9119ed..19a2fa61ca 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -462,10 +462,18 @@ function dfrn_notify_post(&$a) {
 			);
 			if($r && count($r)) {	
 
+
 				logger('dfrn_notify: received remote comment');
 				$is_like = false;
 				// remote reply to our post. Import and then notify everybody else.
 				$datarray = get_atom_elements($feed,$item);
+
+				if(! link_compare($datarray['author-link'],$importer['url'])) {
+					logger('dfrn_notify: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] ); 
+					// they won't know what to do so don't report an error. Just quietly die.
+					xml_status(0);
+				}					
+
 				$datarray['type'] = 'remote-comment';
 				$datarray['wall'] = 1;
 				$datarray['parent-uri'] = $parent_uri;