aboutsummaryrefslogtreecommitdiffstats
path: root/include/zot.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-10-10 00:13:46 -0700
committerfriendica <info@friendica.com>2014-10-10 00:13:46 -0700
commitcde244ef74eba47749f910b09b23f92862907eda (patch)
treef368fc7fd5b0d500ede2cb7478d8d6e225787944 /include/zot.php
parent8e7e488ffe92030707a792584adecc93cd9a3708 (diff)
downloadvolse-hubzilla-cde244ef74eba47749f910b09b23f92862907eda.tar.gz
volse-hubzilla-cde244ef74eba47749f910b09b23f92862907eda.tar.bz2
volse-hubzilla-cde244ef74eba47749f910b09b23f92862907eda.zip
improvement in source route checking when handling complex *upstream* delivery chains, which were not adequately accounted for in the earlier checkin.
Diffstat (limited to 'include/zot.php')
-rw-r--r--include/zot.php25
1 files changed, 19 insertions, 6 deletions
diff --git a/include/zot.php b/include/zot.php
index 63a5645d3..1706153dd 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1420,8 +1420,8 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) {
$result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
continue;
}
-
- if(($arr['mid'] != $arr['parent_mid']) && (! $relay)) {
+
+ if($arr['mid'] != $arr['parent_mid']) {
// check source route.
// We are only going to accept comments from this sender if the comment has the same route as the top-level-post,
@@ -1437,11 +1437,24 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) {
$result[] = array($d['hash'],'comment parent not found',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
continue;
}
- $current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender['hash'];
+ if($relay) {
+ // reset the route in case it travelled a great distance upstream
+ // use our parent's route so when we go back downstream we'll match
+ // with whatever route our parent has.
+ $arr['route'] = $r[0]['route'];
+ }
+ else {
- if($r[0]['route'] != $current_route) {
- $result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
- continue;
+ // going downstream check that we have the same upstream provider that
+ // sent it to us originally. Ignore it if it came from another source
+ // (with potentially different permissions)
+
+ $current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender['hash'];
+
+ if($r[0]['route'] != $current_route) {
+ $result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']);
+ continue;
+ }
}
}