diff options
| author | friendica <info@friendica.com> | 2013-01-22 02:56:32 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-01-22 02:56:32 -0800 |
| commit | beb3301d43c0d532bd6984ee745074479babdabb (patch) | |
| tree | e1fb9a4ad9ef56456f6e06049053f2234ce79c63 /include/zot.php | |
| parent | bda4ca4c0d9f247675f4c241ecb0d402bb380d8f (diff) | |
| download | volse-hubzilla-beb3301d43c0d532bd6984ee745074479babdabb.tar.gz volse-hubzilla-beb3301d43c0d532bd6984ee745074479babdabb.tar.bz2 volse-hubzilla-beb3301d43c0d532bd6984ee745074479babdabb.zip | |
security fixes related to directory access and sites that are off the grid
Diffstat (limited to 'include/zot.php')
| -rw-r--r-- | include/zot.php | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/include/zot.php b/include/zot.php index 2623d68c4..f35c6f93e 100644 --- a/include/zot.php +++ b/include/zot.php @@ -536,11 +536,24 @@ function import_xchan($arr) { if($r[0]['xchan_photo_date'] != $arr['photo_updated']) $import_photos = true; + // if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry. + // TODO: check if we're the same directory realm, which would mean we are allowed to see it + + $dirmode = get_config('system','directory_mode'); + + if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) +&& ($arr['site']['url'] != z_root())) + $arr['searchable'] = false; + + + + // Be careful - XCHAN_FLAGS_HIDDEN should evaluate to 1 if(($r[0]['xchan_flags'] & XCHAN_FLAGS_HIDDEN) != $arr['searchable']) $new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_HIDDEN; else $new_flags = $r[0]['xchan_flags']; - + + if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags)) { $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_flags = %d where xchan_hash = '%s' limit 1", dbesc($arr['name']), |