diff options
author | friendica <info@friendica.com> | 2014-10-10 00:13:46 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-10-10 00:13:46 -0700 |
commit | cde244ef74eba47749f910b09b23f92862907eda (patch) | |
tree | f368fc7fd5b0d500ede2cb7478d8d6e225787944 /include/zot.php | |
parent | 8e7e488ffe92030707a792584adecc93cd9a3708 (diff) | |
download | volse-hubzilla-cde244ef74eba47749f910b09b23f92862907eda.tar.gz volse-hubzilla-cde244ef74eba47749f910b09b23f92862907eda.tar.bz2 volse-hubzilla-cde244ef74eba47749f910b09b23f92862907eda.zip |
improvement in source route checking when handling complex *upstream* delivery chains, which were not adequately accounted for in the earlier checkin.
Diffstat (limited to 'include/zot.php')
-rw-r--r-- | include/zot.php | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/include/zot.php b/include/zot.php index 63a5645d3..1706153dd 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1420,8 +1420,8 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); continue; } - - if(($arr['mid'] != $arr['parent_mid']) && (! $relay)) { + + if($arr['mid'] != $arr['parent_mid']) { // check source route. // We are only going to accept comments from this sender if the comment has the same route as the top-level-post, @@ -1437,11 +1437,24 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $result[] = array($d['hash'],'comment parent not found',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); continue; } - $current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender['hash']; + if($relay) { + // reset the route in case it travelled a great distance upstream + // use our parent's route so when we go back downstream we'll match + // with whatever route our parent has. + $arr['route'] = $r[0]['route']; + } + else { - if($r[0]['route'] != $current_route) { - $result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); - continue; + // going downstream check that we have the same upstream provider that + // sent it to us originally. Ignore it if it came from another source + // (with potentially different permissions) + + $current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender['hash']; + + if($r[0]['route'] != $current_route) { + $result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + continue; + } } } |