aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-01-22 02:56:32 -0800
committerfriendica <info@friendica.com>2013-01-22 02:56:32 -0800
commitbeb3301d43c0d532bd6984ee745074479babdabb (patch)
treee1fb9a4ad9ef56456f6e06049053f2234ce79c63 /include
parentbda4ca4c0d9f247675f4c241ecb0d402bb380d8f (diff)
downloadvolse-hubzilla-beb3301d43c0d532bd6984ee745074479babdabb.tar.gz
volse-hubzilla-beb3301d43c0d532bd6984ee745074479babdabb.tar.bz2
volse-hubzilla-beb3301d43c0d532bd6984ee745074479babdabb.zip
security fixes related to directory access and sites that are off the grid
Diffstat (limited to 'include')
-rw-r--r--include/zot.php15
1 files changed, 14 insertions, 1 deletions
diff --git a/include/zot.php b/include/zot.php
index 2623d68c4..f35c6f93e 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -536,11 +536,24 @@ function import_xchan($arr) {
if($r[0]['xchan_photo_date'] != $arr['photo_updated'])
$import_photos = true;
+ // if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry.
+ // TODO: check if we're the same directory realm, which would mean we are allowed to see it
+
+ $dirmode = get_config('system','directory_mode');
+
+ if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE))
+&& ($arr['site']['url'] != z_root()))
+ $arr['searchable'] = false;
+
+
+
+ // Be careful - XCHAN_FLAGS_HIDDEN should evaluate to 1
if(($r[0]['xchan_flags'] & XCHAN_FLAGS_HIDDEN) != $arr['searchable'])
$new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_HIDDEN;
else
$new_flags = $r[0]['xchan_flags'];
-
+
+
if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags)) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_flags = %d where xchan_hash = '%s' limit 1",
dbesc($arr['name']),