aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-08-30 17:03:26 -0700
committerfriendica <info@friendica.com>2014-08-30 17:03:26 -0700
commite9bf742cc7c0d54dd48a4ba4e0eddd620d8b6857 (patch)
treef618ea000ed334f147f20450c0f5c32e61903c6a /include
parent88f8900ac52aa1b4bba90d000691dfa311ad2a92 (diff)
downloadvolse-hubzilla-e9bf742cc7c0d54dd48a4ba4e0eddd620d8b6857.tar.gz
volse-hubzilla-e9bf742cc7c0d54dd48a4ba4e0eddd620d8b6857.tar.bz2
volse-hubzilla-e9bf742cc7c0d54dd48a4ba4e0eddd620d8b6857.zip
insecure network filter
Diffstat (limited to 'include')
-rwxr-xr-xinclude/items.php41
1 files changed, 40 insertions, 1 deletions
diff --git a/include/items.php b/include/items.php
index c0ff2ac81..1a4363975 100755
--- a/include/items.php
+++ b/include/items.php
@@ -19,7 +19,9 @@ function collect_recipients($item,&$private_envelope) {
// it is private
$allow_people = expand_acl($item['allow_cid']);
+
$allow_groups = expand_groups(expand_acl($item['allow_gid']));
+ $allow_groups = filter_insecure($item['uid'],$allow_groups);
$recipients = array_unique(array_merge($allow_people,$allow_groups));
@@ -44,7 +46,13 @@ function collect_recipients($item,&$private_envelope) {
$deny_groups = expand_groups(expand_acl($item['deny_gid']));
$deny = array_unique(array_merge($deny_people,$deny_groups));
- $recipients = array_diff($recipients,$deny);
+
+ // Don't deny anybody if nobody was allowed (e.g. they were all filtered out)
+ // That would lead to array_diff doing the wrong thing.
+ // This will result in a private post that won't be delivered to anybody.
+
+ if($recipients && $deny)
+ $recipients = array_diff($recipients,$deny);
$private_envelope = true;
}
else {
@@ -100,6 +108,37 @@ function collect_recipients($item,&$private_envelope) {
}
+/**
+ * If channel is configured to filter insecure members of privacy groups
+ * (those whose networks leak privacy via email notifications or other criteria)
+ * remove them from any privacy groups (collections) that were included in a post.
+ * They can still be addressed individually.
+ * Networks may need to be added or removed from this list as circumstances change.
+ */
+
+function filter_insecure($channel_id,$arr) {
+ $insecure_nets = " and not xchan_network in ('diaspora', 'friendica-over-diaspora') ";
+
+ $ret = array();
+
+ if((! intval(get_config($channel_id,'system','filter_insecure_collections'))) || (! $arr))
+ return $arr;
+
+ $str = '';
+ foreach($arr as $rr) {
+ if(strlen($str))
+ $str .= ',';
+ $str .= "'" . dbesc($rr) . "'";
+ }
+ $r = q("select xchan_hash from xchan where xchan_hash in ($str) $insecure_nets ");
+ if($r) {
+ foreach($r as $rr) {
+ $ret[] = $rr['xchan_hash'];
+ }
+ }
+ return $ret;
+}
+
function comments_are_now_closed($item) {
if($item['comments_closed'] !== '0000-00-00 00:00:00') {