aboutsummaryrefslogtreecommitdiffstats
path: root/include/zot.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-10-09 18:12:53 -0700
committerfriendica <info@friendica.com>2014-10-09 18:12:53 -0700
commiteffc8960c3f55f687806b890fdf6252852b08011 (patch)
treeec760df3d1af8d1bde00a2e4fef588db98a767a7 /include/zot.php
parent9a7d1aa4887e515b2a6e8742904eebbf73bd71c9 (diff)
downloadvolse-hubzilla-effc8960c3f55f687806b890fdf6252852b08011.tar.gz
volse-hubzilla-effc8960c3f55f687806b890fdf6252852b08011.tar.bz2
volse-hubzilla-effc8960c3f55f687806b890fdf6252852b08011.zip
OK this is important. So read it carefully.
This checkin implements route matching of comments so that they are only accepted from the same route as the top-level post they are attached to. This way there should be no mis-match of permissions between any posts in the thread. It may not be completely compatible with comments posted in the past (though I've tried to be, there may be some minor issues). In addition it seems that relaying was invoked more often than necessary - especially when a duplicate post arrived which was not processed because the edited time hadn't changed - it still invoked relaying. This fix should improve site performance considerably for comments cross-posted to forums; which got bounced around a bit and delivered redundantly for no reason. Roll this back *only* if it causes a meltdown or comment loss is "serious" (as in OMG people are dying, make it stop!). If we can get past 24 hours without serious issue we need to get everybody onto this code. There may be some minor comment loss (mostly affecting new comments to older posts or likes of older comments) until the majority of sites have moved to the new code. It may be difficult or impossible to deliver comments to posts that pre-date the addition of source routes (April 1, 2014) to anybody but the top-level post author at his/her primary hub. We may wish to close comments on these posts, but let's see how we go before doing that.
Diffstat (limited to 'include/zot.php')
-rw-r--r--include/zot.php36
1 files changed, 33 insertions, 3 deletions
diff --git a/include/zot.php b/include/zot.php
index 3d59f00f3..9ea92aed8 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1402,6 +1402,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) {
$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
+
// This is our own post, possibly coming from a channel clone
if($arr['owner_xchan'] == $d['hash']) {
@@ -1420,6 +1421,30 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) {
continue;
}
+ if(($arr['mid'] != $arr['parent_mid']) && (! $relay)) {
+
+ // check source route.
+ // We are only going to accept comments from this sender if the comment has the same route as the top-level-post,
+ // this is so that permissions mismatches between senders apply to the entire conversation
+ // As a side effect we will also do a preliminary check that we have the top-level-post, otherwise
+ // processing it is pointless.
+
+ $r = q("select route from item where mid = '%s' and uid = %d limit 1",
+ dbesc($arr['parent_mid']),
+ intval($channel['channel_id'])
+ );
+ if(! $r) {
+ $result[] = array($d['hash'],'comment parent not found',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
+ continue;
+ }
+ $current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender['hash'];
+
+ if($r[0]['route'] != $current_route) {
+ $result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
+ continue;
+ }
+ }
+
if($arr['item_restrict'] & ITEM_DELETED) {
// remove_community_tag is a no-op if this isn't a community tag activity
@@ -1446,8 +1471,11 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) {
$arr['id'] = $r[0]['id'];
$arr['uid'] = $channel['channel_id'];
update_imported_item($sender,$arr,$channel['channel_id']);
- }
- $result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
+ $result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
+ }
+ else {
+ $result[] = array($d['hash'],'update ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
+ }
$item_id = $r[0]['id'];
}
else {
@@ -1459,7 +1487,9 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) {
$item_id = $item_result['item_id'];
$parr = array('item_id' => $item_id,'item' => $arr,'sender' => $sender,'channel' => $channel);
call_hooks('activity_received',$parr);
- add_source_route($item_id,$sender['hash']);
+ // don't add a source route if it's a relay or later recipients will get a route mismatch
+ if(! $relay)
+ add_source_route($item_id,$sender['hash']);
}
$result[] = array($d['hash'],(($item_id) ? 'posted' : 'storage failed:' . $item_result['message']),$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
}