diff options
| author | Mario <mario@mariovavti.com> | 2025-01-22 11:22:15 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2025-01-22 11:22:15 +0000 |
| commit | 6f027544d6551eb395a6e4e551f9146c89cb526e (patch) | |
| tree | db08a03a33652748c13878d77dab64c1f32134b2 | |
| parent | ebab5ff2819c854acb12341ce80e4232b90602d3 (diff) | |
| download | volse-hubzilla-6f027544d6551eb395a6e4e551f9146c89cb526e.tar.gz volse-hubzilla-6f027544d6551eb395a6e4e551f9146c89cb526e.tar.bz2 volse-hubzilla-6f027544d6551eb395a6e4e551f9146c89cb526e.zip | |
make sure to provide uid to drop_item() where applicable and check ownership when imporing feed items
(cherry picked from commit ccd52584a419dfe98e074546fc4df6b8c35285c7)
Co-authored-by: Mario Vavti <mario@mariovavti.com>
| -rw-r--r-- | include/connections.php | 2 | ||||
| -rw-r--r-- | include/feedutils.php | 25 |
2 files changed, 18 insertions, 9 deletions
diff --git a/include/connections.php b/include/connections.php index 7500647b4..b3e9ba89d 100644 --- a/include/connections.php +++ b/include/connections.php @@ -513,7 +513,7 @@ function remove_abook_items($channel_id, $xchan_hash) { continue; } - drop_item($rr['id']); + drop_item($rr['id'], uid: $channel_id); } } diff --git a/include/feedutils.php b/include/feedutils.php index 5894087b8..73a8999ae 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -1173,12 +1173,16 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { intval($importer['channel_id']) ); - // Update content if 'updated' changes - if($r) { - if(activity_match($datarray['verb'], ['Delete', ACTIVITY_DELETE]) - && $datarray['author_xchan'] === $r[0]['author_xchan']) { + if ($r) { + // Check ownership + if ($datarray['author_xchan'] !== $r[0]['author_xchan']) { + logger('stored item author is not imported item author', LOGGER_DEBUG); + continue; + } + + if (activity_match($datarray['verb'], ['Delete', ACTIVITY_DELETE])) { if(! intval($r[0]['item_deleted'])) { logger('deleting item ' . $r[0]['id'] . ' mid=' . $datarray['mid'], LOGGER_DEBUG); drop_item($r[0]['id']); @@ -1444,12 +1448,17 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { // Update content if 'updated' changes - if($r) { - if(isset($datarray['verb']) && activity_match($datarray['verb'], ['Delete', ACTIVITY_DELETE]) - && isset($datarray['author_xchan']) && $datarray['author_xchan'] === $r[0]['author_xchan']) { + if ($r) { + // Check ownership + if ($datarray['author_xchan'] !== $r[0]['author_xchan']) { + logger('stored item author is not imported item author', LOGGER_DEBUG); + continue; + } + + if (isset($datarray['verb']) && activity_match($datarray['verb'], ['Delete', ACTIVITY_DELETE])) { if(! intval($r[0]['item_deleted'])) { logger('deleting item ' . $r[0]['id'] . ' mid=' . $datarray['mid'], LOGGER_DEBUG); - drop_item($r[0]['id']); + drop_item($r[0]['id'], uid: $importer['channel_id']); } continue; } |