workarounds for people that re-install and end up polluting everybody's databases with stale entries
This commit is contained in:
friendica
parent
98018f4969
commit
deedac6ae5
@ -321,8 +321,8 @@ function notifier_run($argv, $argc){
|
||||
|
||||
$sql_extra = (($private) ? "" : " or hubloc_url = '" . z_root() . "' ");
|
||||
|
||||
$r = q("select distinct(hubloc_callback),hubloc_host,hubloc_sitekey from hubloc
|
||||
where hubloc_hash in (" . implode(',',$recipients) . ") $sql_extra group by hubloc_callback");
|
||||
$r = q("select distinct hubloc_sitekey, hubloc_callback, hubloc_host from hubloc
|
||||
where hubloc_hash in (" . implode(',',$recipients) . ") $sql_extra group by hubloc_sitekey");
|
||||
if(! $r) {
|
||||
logger('notifier: no hubs');
|
||||
return;
|
||||
|
||||
@ -545,6 +545,8 @@ function item_post(&$a) {
|
||||
echo json_encode(array('preview' => $o));
|
||||
killme();
|
||||
}
|
||||
if($orig_post)
|
||||
$datarray['edit'] = true;
|
||||
|
||||
call_hooks('post_local',$datarray);
|
||||
|
||||
|
||||
29
mod/post.php
29
mod/post.php
@ -200,17 +200,36 @@ function post_post(&$a) {
|
||||
logger('mod_zot: pickup: ' . $ret['message']);
|
||||
json_return_and_die($ret);
|
||||
}
|
||||
// verify the url_sig
|
||||
$sitekey = $r[0]['hubloc_sitekey'];
|
||||
// logger('sitekey: ' . $sitekey);
|
||||
|
||||
if(! rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
|
||||
foreach ($r as $hubsite) {
|
||||
|
||||
// verify the url_sig
|
||||
// If the server was re-installed at some point, there could be multiple hubs with the same url and callback.
|
||||
// Only one will have a valid key.
|
||||
|
||||
$forgery = true;
|
||||
$secret_fail = true;
|
||||
|
||||
$sitekey = $hubsite['hubloc_sitekey'];
|
||||
|
||||
// logger('sitekey: ' . $sitekey);
|
||||
|
||||
if(rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
|
||||
$forgery = false;
|
||||
}
|
||||
if(rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
|
||||
$secret_fail = false;
|
||||
}
|
||||
if((! $forgery) && (! $secret_fail))
|
||||
break;
|
||||
}
|
||||
if($forgery) {
|
||||
$ret['message'] = 'possible site forgery';
|
||||
logger('mod_zot: pickup: ' . $ret['message']);
|
||||
json_return_and_die($ret);
|
||||
}
|
||||
|
||||
if(! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
|
||||
if($secret_fail) {
|
||||
$ret['message'] = 'secret validation failed';
|
||||
logger('mod_zot: pickup: ' . $ret['message']);
|
||||
json_return_and_die($ret);
|
||||
|
||||
Reference in New Issue
Block a user