aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-05-11 17:18:17 -0700
committerredmatrix <git@macgirvin.com>2016-05-11 17:18:17 -0700
commit32ad8bbaaca32679847931c7cbd6fa3fca67dcba (patch)
tree0f8b36dc7b46fba358f697caf1c973d383735f74
parent4dd3839c41e18d9724855e7955d8737b6f52dcd6 (diff)
downloadvolse-hubzilla-32ad8bbaaca32679847931c7cbd6fa3fca67dcba.tar.gz
volse-hubzilla-32ad8bbaaca32679847931c7cbd6fa3fca67dcba.tar.bz2
volse-hubzilla-32ad8bbaaca32679847931c7cbd6fa3fca67dcba.zip
Ensure that channels can't be created with DAV reserved paths as a redress. Sabre mentions in several places that trying to change these paths to other strings; while possible - is unsupported and likely to cause problems. So for now, we're stuck with 'principals', 'addressbooks', and 'calendars'. If you already have these redresses on your site, you're basically buggered.
-rw-r--r--include/import.php10
-rw-r--r--include/text.php16
2 files changed, 22 insertions, 4 deletions
diff --git a/include/import.php b/include/import.php
index 321f275b1..98c70fa19 100644
--- a/include/import.php
+++ b/include/import.php
@@ -9,15 +9,19 @@ function import_channel($channel, $account_id, $seize) {
$channel['channel_removed'] = (($channel['channel_pageflags'] & 0x8000) ? 1 : 0);
}
+ // Ignore the hash provided and re-calculate
+
+ $channel['channel_hash'] = make_xchan_hash($channel['channel_guid'],$channel['channel_guid_sig']);
+
+ // Check for duplicate channels
+
$r = q("select * from channel where (channel_guid = '%s' or channel_hash = '%s' or channel_address = '%s' ) limit 1",
dbesc($channel['channel_guid']),
dbesc($channel['channel_hash']),
dbesc($channel['channel_address'])
);
- // We should probably also verify the hash
-
- if($r) {
+ if(($r) || (check_webbie(array($channel['channel_hash'])) !== $channel['channel_hash'])) {
if($r[0]['channel_guid'] === $channel['channel_guid'] || $r[0]['channel_hash'] === $channel['channel_hash']) {
logger('mod_import: duplicate channel. ', print_r($channel,true));
notice( t('Cannot create a duplicate channel identifier on this system. Import failed.') . EOL);
diff --git a/include/text.php b/include/text.php
index a2c0a3209..3f2e85fc8 100644
--- a/include/text.php
+++ b/include/text.php
@@ -2025,7 +2025,7 @@ function check_webbie($arr) {
if(strlen($reservechan))
$taken = explode(',', $reservechan);
else
- $taken = array();
+ $taken = array('principals','addressbooks','calendars');
$str = '';
if(count($arr)) {
@@ -2057,6 +2057,20 @@ function check_webbie($arr) {
return '';
}
+function ids_to_array($arr,$idx = 'id') {
+ $t = array();
+ if($arr) {
+ foreach($arr as $x) {
+ if(! in_array($x[$idx],$t)) {
+ $t[] = $x[$idx];
+ }
+ }
+ }
+ return($t);
+}
+
+
+
function ids_to_querystr($arr,$idx = 'id') {
$t = array();