harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

workarounds for people that re-install and end up polluting everybody's databases with stale entries

Browse Source
This commit is contained in:
friendica 2013-05-16 20:21:12 -07:00
parent 98018f4969
commit deedac6ae5
3 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/notifier.php
View File

@ -321,8 +321,8 @@ function notifier_run($argv, $argc){
$sql_extra = (($private) ? "" : " or hubloc_url = '" . z_root() . "' "); $sql_extra = (($private) ? "" : " or hubloc_url = '" . z_root() . "' ");
$r = q("select distinct(hubloc_callback),hubloc_host,hubloc_sitekey from hubloc $r = q("select distinct hubloc_sitekey, hubloc_callback, hubloc_host from hubloc
where hubloc_hash in (" . implode(',',$recipients) . ") $sql_extra group by hubloc_callback"); where hubloc_hash in (" . implode(',',$recipients) . ") $sql_extra group by hubloc_sitekey");
if(! $r) { if(! $r) {
logger('notifier: no hubs'); logger('notifier: no hubs');
return; return;

2
mod/item.php
View File

@ -545,6 +545,8 @@ function item_post(&$a) {
echo json_encode(array('preview' => $o)); echo json_encode(array('preview' => $o));
killme(); killme();
} }
if($orig_post)
$datarray['edit'] = true;
call_hooks('post_local',$datarray); call_hooks('post_local',$datarray);

29
mod/post.php
View File

@ -200,17 +200,36 @@ function post_post(&$a) {
logger('mod_zot: pickup: ' . $ret['message']); logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret); json_return_and_die($ret);
} }
// verify the url_sig
$sitekey = $r[0]['hubloc_sitekey'];
// logger('sitekey: ' . $sitekey);
if(! rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) { foreach ($r as $hubsite) {
// verify the url_sig
// If the server was re-installed at some point, there could be multiple hubs with the same url and callback.
// Only one will have a valid key.
$forgery = true;
$secret_fail = true;
$sitekey = $hubsite['hubloc_sitekey'];
// logger('sitekey: ' . $sitekey);
if(rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
$forgery = false;
}
if(rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
$secret_fail = false;
}
if((! $forgery) && (! $secret_fail))
break;
}
if($forgery) {
$ret['message'] = 'possible site forgery'; $ret['message'] = 'possible site forgery';
logger('mod_zot: pickup: ' . $ret['message']); logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret); json_return_and_die($ret);
} }
if(! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) { if($secret_fail) {
$ret['message'] = 'secret validation failed'; $ret['message'] = 'secret validation failed';
logger('mod_zot: pickup: ' . $ret['message']); logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret); json_return_and_die($ret);