aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2011-10-06 00:26:25 -0700
committerFriendika <info@friendika.com>2011-10-06 00:26:25 -0700
commite232c50c9e429b53005873a28ddeb549a7bcf959 (patch)
tree6abb8594d0c1c22eb12464f4c5bedc0fd6ada9ad
parentce11d231b8157568a48bf046ae28ef23e500887e (diff)
downloadvolse-hubzilla-e232c50c9e429b53005873a28ddeb549a7bcf959.tar.gz
volse-hubzilla-e232c50c9e429b53005873a28ddeb549a7bcf959.tar.bz2
volse-hubzilla-e232c50c9e429b53005873a28ddeb549a7bcf959.zip
check author url to see if it matches current contact before relay is accepted
-rw-r--r--mod/dfrn_notify.php8
1 files changed, 8 insertions, 0 deletions
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 01bb9119e..19a2fa61c 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -462,10 +462,18 @@ function dfrn_notify_post(&$a) {
);
if($r && count($r)) {
+
logger('dfrn_notify: received remote comment');
$is_like = false;
// remote reply to our post. Import and then notify everybody else.
$datarray = get_atom_elements($feed,$item);
+
+ if(! link_compare($datarray['author-link'],$importer['url'])) {
+ logger('dfrn_notify: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] );
+ // they won't know what to do so don't report an error. Just quietly die.
+ xml_status(0);
+ }
+
$datarray['type'] = 'remote-comment';
$datarray['wall'] = 1;
$datarray['parent-uri'] = $parent_uri;