aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Macgirvin <mike@macgirvin.com>2010-10-05 19:56:09 -0700
committerMike Macgirvin <mike@macgirvin.com>2010-10-05 19:56:09 -0700
commit036964de4d86f0109ece00cc9394b2a044c06c1e (patch)
tree33984d7f196e3e2ca04feeee786e36338883b814
parent1b3501899289fc6cdbb04a0a0b918e151b4fe853 (diff)
downloadvolse-hubzilla-036964de4d86f0109ece00cc9394b2a044c06c1e.tar.gz
volse-hubzilla-036964de4d86f0109ece00cc9394b2a044c06c1e.tar.bz2
volse-hubzilla-036964de4d86f0109ece00cc9394b2a044c06c1e.zip
friend acceptance sets up lots of important stuff, so we
need to be absolutely bulletproof when (not if) things go wrong.
-rw-r--r--boot.php4
-rw-r--r--mod/dfrn_confirm.php33
2 files changed, 28 insertions, 9 deletions
diff --git a/boot.php b/boot.php
index 2e3480f40..7bf3e75a6 100644
--- a/boot.php
+++ b/boot.php
@@ -248,7 +248,9 @@ function check_config(&$a) {
// $s is the string requiring macro substitution.
// $r is an array of key value pairs (search => replace)
// returns substituted string.
-
+// WARNING: this is pretty basic, and doesn't properly handle search strings that are substrings of each other.
+// For instance if 'test' => "foo" and 'testing' => "bar", testing could become either bar or fooing,
+// depending on the order in which they were declared in the array.
if(! function_exists('replace_macros')) {
function replace_macros($s,$r) {
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 43e28aef8..5d551355b 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -270,12 +270,30 @@ function dfrn_confirm_post(&$a) {
$res = post_url($dfrn_confirm,$params);
-// uncomment the following two lines and comment the following xml/status lines
-// to debug the remote confirmation section (when both confirmations
-// and responses originate on this system)
+ // Try to be robust if the remote site is having difficulty and throwing up
+ // errors of some kind.
-// echo $res;
-// $status = 0;
+ $leading_junk = substr($res,0,strpos($res,'<?xml'));
+
+ $res = substr($res,strpos($res,'<?xml'));
+ if(! strlen($res)) {
+
+ // No XML at all, this exchange is messed up really bad.
+ // We shouldn't proceed, because the xml parser might choke,
+ // and $status is going to be zero, which indicates success.
+ // We can hardly call this a success.
+
+ notice( t('Response from remote site was not understood.') . EOL);
+ return;
+ }
+
+ if(strlen($leading_junk) && get_config('system','debugging')) {
+
+ // This might be more common. Mixed error text and some XML.
+ // If we're configured for debugging, show the text. Proceed in either case.
+
+ notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
+ }
$xml = simplexml_load_string($res);
$status = (int) $xml->status;
@@ -284,9 +302,7 @@ function dfrn_confirm_post(&$a) {
notice( t("Confirmation completed successfully") . EOL);
break;
case 1:
-
// birthday paradox - generate new dfrn-id and fall through.
-
$new_dfrn_id = random_string();
$r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($new_dfrn_id),
@@ -302,7 +318,7 @@ function dfrn_confirm_post(&$a) {
case 3:
notice( t("Introduction failed or was revoked. Cannot complete.") . EOL);
break;
- }
+ }
if(($status == 0 || $status == 3) && ($intro_id)) {
@@ -314,6 +330,7 @@ function dfrn_confirm_post(&$a) {
);
}
+
if($status != 0)
return;