harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add some safety checks on the sending side of sync

Browse Source
This commit is contained in:
redmatrix 2015-09-27 16:47:25 -07:00
parent 8a94a4938f
commit aae51a9b23
3 changed files with 44 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
include/zot.php
View File

@ -395,12 +395,6 @@ function zot_refresh($them, $channel = null, $force = false) {
} }
} }
$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 limit 1",
dbesc($x['hash']),
intval($channel['channel_id']),
intval(ABOOK_FLAG_SELF)
);
if(array_key_exists('profile',$j) && array_key_exists('next_birthday',$j['profile'])) { if(array_key_exists('profile',$j) && array_key_exists('next_birthday',$j['profile'])) {
$next_birthday = datetime_convert('UTC','UTC',$j['profile']['next_birthday']); $next_birthday = datetime_convert('UTC','UTC',$j['profile']['next_birthday']);
} }
@ -408,8 +402,16 @@ function zot_refresh($them, $channel = null, $force = false) {
$next_birthday = NULL_DATE; $next_birthday = NULL_DATE;
} }
$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 limit 1",
dbesc($x['hash']),
intval($channel['channel_id']),
intval(ABOOK_FLAG_SELF)
);
if($r) { if($r) {
// connection exists
// if the dob is the same as what we have stored (disregarding the year), keep the one // if the dob is the same as what we have stored (disregarding the year), keep the one
// we have as we may have updated the year after sending a notification; and resetting // we have as we may have updated the year after sending a notification; and resetting
// to the one we just received would cause us to create duplicated events. // to the one we just received would cause us to create duplicated events.
@ -454,6 +456,9 @@ function zot_refresh($them, $channel = null, $force = false) {
} }
} }
else { else {
// new connection
$role = get_pconfig($channel['channel_id'],'system','permissions_role'); $role = get_pconfig($channel['channel_id'],'system','permissions_role');
if($role) { if($role) {
$xx = get_role_perms($role); $xx = get_role_perms($role);
@ -490,6 +495,7 @@ function zot_refresh($them, $channel = null, $force = false) {
$new_perms = get_all_perms($channel['channel_id'],$x['hash']); $new_perms = get_all_perms($channel['channel_id'],$x['hash']);
// Send a clone sync packet and a permissions update if permissions have changed // Send a clone sync packet and a permissions update if permissions have changed
$new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 order by abook_created desc limit 1", $new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 order by abook_created desc limit 1",
dbesc($x['hash']), dbesc($x['hash']),
intval($channel['channel_id']), intval($channel['channel_id']),
@ -2802,6 +2808,9 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) {
$channel = $r[0]; $channel = $r[0];
if(intval($channel['channel_pageflags']) & PAGE_REMOVED)
return;
$h = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d) > 0 and not (hubloc_status & %d) > 0", $h = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d) > 0 and not (hubloc_status & %d) > 0",
dbesc($channel['channel_hash']), dbesc($channel['channel_hash']),
intval(HUBLOC_FLAGS_DELETED), intval(HUBLOC_FLAGS_DELETED),
@ -2854,6 +2863,9 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) {
// don't pass these elements, they should not be synchronised // don't pass these elements, they should not be synchronised
if(($k === 'channel_pageflags') && ($v & PAGE_SYSTEM))
$v = (string) intval($v - PAGE_SYSTEM);
$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address'); $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address');
if(in_array($k,$disallowed)) if(in_array($k,$disallowed))
@ -2992,7 +3004,9 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
foreach($arr['abook'] as $abook) { foreach($arr['abook'] as $abook) {
if(array_key_exists('abook_blocked',$abook)) { if(array_key_exists('abook_blocked',$abook)) {
// convert from hubzilla // convert from hubzilla
$abook['abook_flags'] = 0; $abook['abook_flags'] = 0;
if(intval($abook['abook_blocked'])) if(intval($abook['abook_blocked']))
$abook['abook_flags'] |= ABOOK_FLAG_BLOCKED; $abook['abook_flags'] |= ABOOK_FLAG_BLOCKED;

46
util/messages.po
View File

@ -6,9 +6,9 @@
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: 2015-09-18.1159\n" "Project-Id-Version: 2015-09-25.1166\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2015-09-18 00:04-0700\n" "POT-Creation-Date: 2015-09-25 00:05-0700\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -3000,51 +3000,51 @@ msgstr[1] ""
msgid "Permission denied" msgid "Permission denied"
msgstr "" msgstr ""
#: ../../include/items.php:1038 ../../include/items.php:1084 #: ../../include/items.php:1101 ../../include/items.php:1147
msgid "(Unknown)" msgid "(Unknown)"
msgstr "" msgstr ""
#: ../../include/items.php:1310 #: ../../include/items.php:1373
msgid "Visible to anybody on the internet." msgid "Visible to anybody on the internet."
msgstr "" msgstr ""
#: ../../include/items.php:1312 #: ../../include/items.php:1375
msgid "Visible to you only." msgid "Visible to you only."
msgstr "" msgstr ""
#: ../../include/items.php:1314 #: ../../include/items.php:1377
msgid "Visible to anybody in this network." msgid "Visible to anybody in this network."
msgstr "" msgstr ""
#: ../../include/items.php:1316 #: ../../include/items.php:1379
msgid "Visible to anybody authenticated." msgid "Visible to anybody authenticated."
msgstr "" msgstr ""
#: ../../include/items.php:1318 #: ../../include/items.php:1381
#, php-format #, php-format
msgid "Visible to anybody on %s." msgid "Visible to anybody on %s."
msgstr "" msgstr ""
#: ../../include/items.php:1320 #: ../../include/items.php:1383
msgid "Visible to all connections." msgid "Visible to all connections."
msgstr "" msgstr ""
#: ../../include/items.php:1322 #: ../../include/items.php:1385
msgid "Visible to approved connections." msgid "Visible to approved connections."
msgstr "" msgstr ""
#: ../../include/items.php:1324 #: ../../include/items.php:1387
msgid "Visible to specific connections." msgid "Visible to specific connections."
msgstr "" msgstr ""
#: ../../include/items.php:4223 ../../mod/thing.php:74 #: ../../include/items.php:4286 ../../mod/thing.php:74
#: ../../mod/filestorage.php:27 ../../mod/viewsrc.php:20 #: ../../mod/filestorage.php:27 ../../mod/viewsrc.php:20
#: ../../mod/admin.php:167 ../../mod/admin.php:1025 ../../mod/admin.php:1225 #: ../../mod/admin.php:167 ../../mod/admin.php:1025 ../../mod/admin.php:1225
#: ../../mod/display.php:36 #: ../../mod/display.php:36
msgid "Item not found." msgid "Item not found."
msgstr "" msgstr ""
#: ../../include/items.php:4296 ../../include/attach.php:137 #: ../../include/items.php:4359 ../../include/attach.php:137
#: ../../include/attach.php:184 ../../include/attach.php:247 #: ../../include/attach.php:184 ../../include/attach.php:247
#: ../../include/attach.php:261 ../../include/attach.php:305 #: ../../include/attach.php:261 ../../include/attach.php:305
#: ../../include/attach.php:319 ../../include/attach.php:350 #: ../../include/attach.php:319 ../../include/attach.php:350
@ -3087,38 +3087,38 @@ msgstr ""
msgid "Permission denied." msgid "Permission denied."
msgstr "" msgstr ""
#: ../../include/items.php:4700 ../../mod/group.php:38 ../../mod/group.php:140 #: ../../include/items.php:4763 ../../mod/group.php:38 ../../mod/group.php:140
#: ../../mod/bulksetclose.php:51 #: ../../mod/bulksetclose.php:51
msgid "Collection not found." msgid "Collection not found."
msgstr "" msgstr ""
#: ../../include/items.php:4716 #: ../../include/items.php:4779
msgid "Collection is empty." msgid "Collection is empty."
msgstr "" msgstr ""
#: ../../include/items.php:4723 #: ../../include/items.php:4786
#, php-format #, php-format
msgid "Collection: %s" msgid "Collection: %s"
msgstr "" msgstr ""
#: ../../include/items.php:4733 ../../mod/connedit.php:674 #: ../../include/items.php:4796 ../../mod/connedit.php:674
#, php-format #, php-format
msgid "Connection: %s" msgid "Connection: %s"
msgstr "" msgstr ""
#: ../../include/items.php:4735 #: ../../include/items.php:4798
msgid "Connection not found." msgid "Connection not found."
msgstr "" msgstr ""
#: ../../include/zot.php:677 #: ../../include/zot.php:678
msgid "Invalid data packet" msgid "Invalid data packet"
msgstr "" msgstr ""
#: ../../include/zot.php:693 #: ../../include/zot.php:694
msgid "Unable to verify channel signature" msgid "Unable to verify channel signature"
msgstr "" msgstr ""
#: ../../include/zot.php:2161 #: ../../include/zot.php:2184
#, php-format #, php-format
msgid "Unable to verify site signature for %s" msgid "Unable to verify site signature for %s"
msgstr "" msgstr ""
@ -6511,7 +6511,7 @@ msgstr ""
msgid "OpenID protocol error. No ID returned." msgid "OpenID protocol error. No ID returned."
msgstr "" msgstr ""
#: ../../mod/openid.php:72 ../../mod/openid.php:180 ../../mod/post.php:286 #: ../../mod/openid.php:72 ../../mod/openid.php:180 ../../mod/post.php:287
#, php-format #, php-format
msgid "Welcome %s. Remote authentication successful." msgid "Welcome %s. Remote authentication successful."
msgstr "" msgstr ""
@ -8547,7 +8547,7 @@ msgstr ""
msgid "Please login." msgid "Please login."
msgstr "" msgstr ""
#: ../../mod/post.php:235 #: ../../mod/post.php:236
msgid "" msgid ""
"Remote authentication blocked. You are logged into this site locally. Please " "Remote authentication blocked. You are logged into this site locally. Please "
"logout and retry." "logout and retry."

2
version.inc
View File

@ -1 +1 @@
2015-09-23.1164 2015-09-27.1168