harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more snakebite stuff

Browse Source
This commit is contained in:
friendica 2014-02-17 18:23:01 -08:00
parent 9b0ae023ff
commit d3120264cb
2 changed files with 41 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
include/permissions.php
View File

@ -89,7 +89,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
if($observer_xchan) { if($observer_xchan) {
if(! $abook_checked) { if(! $abook_checked) {
$x = q("select abook_my_perms, abook_flags from abook $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
intval($uid), intval($uid),
dbesc($observer_xchan), dbesc($observer_xchan),
@ -137,9 +137,9 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
continue; continue;
} }
// If we're still here, we have an observer, which means they're in the network. // If we're still here, we have an observer, check the network.
if($r[0][$channel_perm] & PERMS_NETWORK) { if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot')) {
$ret[$perm_name] = true; $ret[$perm_name] = true;
continue; continue;
} }
@ -240,7 +240,8 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return false; return false;
if($observer_xchan) { if($observer_xchan) {
$x = q("select abook_my_perms, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1", $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d ) limit 1",
intval($uid), intval($uid),
dbesc($observer_xchan), dbesc($observer_xchan),
intval(ABOOK_FLAG_SELF) intval(ABOOK_FLAG_SELF)
@ -272,9 +273,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
return false; return false;
} }
// If we're still here, we have an observer, which means they're in the network. // If we're still here, we have an observer, check the network.
if($r[0][$channel_perm] & PERMS_NETWORK) if(($r[0][$channel_perm] & PERMS_NETWORK) && ($x[0]['xchan_network'] === 'zot'))
return true; return true;

20
mod/rmagic.php
View File

@ -22,7 +22,22 @@ function rmagic_init(&$a) {
function rmagic_post(&$a) { function rmagic_post(&$a) {
$address = $_REQUEST['address']; $address = trim($_REQUEST['address']);
$other = intval($_REQUEST['other']);
if($other) {
$arr = array('address' => $address);
call_hooks('reverse_magic_auth', $arr);
// if they're still here...
notice( t('Authentication failed.') . EOL);
return;
}
else {
// Presumed Red identity. Perform reverse magic auth
if(strpos($address,'@') === false) { if(strpos($address,'@') === false) {
notice('Invalid address.'); notice('Invalid address.');
return; return;
@ -45,8 +60,7 @@ function rmagic_post(&$a) {
$dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string); $dest = z_root() . '/' . str_replace('zid=','zid_=',$a->query_string);
goaway($url . '/magic' . '?f=&dest=' . $dest); goaway($url . '/magic' . '?f=&dest=' . $dest);
} }
}
} }