diff options
author | Mike Macgirvin <mike@macgirvin.com> | 2010-09-08 20:14:17 -0700 |
---|---|---|
committer | Mike Macgirvin <mike@macgirvin.com> | 2010-09-08 20:14:17 -0700 |
commit | ffb1997902facb36b78a7cfa522f41f2b3d71cda (patch) | |
tree | e9fe47acf26c5fd2c742677f2610b60d3008eb26 /include | |
parent | b49858b038a0a05bbe7685929e88071d0e125538 (diff) | |
download | volse-hubzilla-ffb1997902facb36b78a7cfa522f41f2b3d71cda.tar.gz volse-hubzilla-ffb1997902facb36b78a7cfa522f41f2b3d71cda.tar.bz2 volse-hubzilla-ffb1997902facb36b78a7cfa522f41f2b3d71cda.zip |
mistpark 2.0 infrasturcture lands
Diffstat (limited to 'include')
-rw-r--r-- | include/Contact.php | 54 | ||||
-rw-r--r-- | include/auth.php | 2 | ||||
-rw-r--r-- | include/bbcode.php | 2 | ||||
-rw-r--r-- | include/datetime.php | 17 | ||||
-rw-r--r-- | include/html2bbcode.php | 50 | ||||
-rw-r--r-- | include/items.php | 160 | ||||
-rw-r--r-- | include/notifier.php | 21 | ||||
-rw-r--r-- | include/poller.php | 17 |
8 files changed, 279 insertions, 44 deletions
diff --git a/include/Contact.php b/include/Contact.php new file mode 100644 index 000000000..3c41f7650 --- /dev/null +++ b/include/Contact.php @@ -0,0 +1,54 @@ +<?php + + + + +function contact_remove($id) { + q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1", + intval($id) + ); + q("DELETE FROM `item` WHERE `contact-id` = %d ", + intval($id) + ); + q("DELETE FROM `photo` WHERE `contact-id` = %d ", + intval($id) + ); +} + + +// Contact has refused to recognise us as a friend. We will start a countdown. +// If they still don't recognise us in 32 days, the relationship is over, +// and we won't waste any more time trying to communicate with them. +// This provides for the possibility that their database is temporarily messed +// up or some other transient event and that there's a possibility we could recover from it. + +if(! function_exists('mark_for_death')) { +function mark_for_death($contact) { + if($contact['term-date'] == '0000-00-00 00:00:00') { + q("UPDATE `contact` SET `term-date` = '%s' WHERE `id` = %d LIMIT 1", + dbesc(datetime_convert()), + intval($contact['id']) + ); + } + else { + $expiry = $contact['term-date'] . ' + 32 days '; + if(datetime_convert() > datetime_convert('UTC','UTC',$expiry)) { + + // relationship is really truly dead. + + contact_remove($contact['id']); + + } + } + +}} + +if(! function_exists('unmark_for_death')) { +function unmark_for_death($contact) { + // It's a miracle. Our dead contact has inexplicably come back to life. + q("UPDATE `contact` SET `term-date = '%s' WHERE `id` = %d LIMIT 1", + dbesc('0000-00-00 00:00:00'), + intval($contact['id']) + ); +}} + diff --git a/include/auth.php b/include/auth.php index 745285ef0..78e2bb8e0 100644 --- a/include/auth.php +++ b/include/auth.php @@ -7,7 +7,6 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] == 'login'))) { unset($_SESSION['authenticated']); unset($_SESSION['uid']); unset($_SESSION['visitor_id']); - unset($_SESSION['is_visitor']); unset($_SESSION['administrator']); unset($_SESSION['cid']); unset($_SESSION['theme']); @@ -41,7 +40,6 @@ else { unset($_SESSION['authenticated']); unset($_SESSION['uid']); unset($_SESSION['visitor_id']); - unset($_SESSION['is_visitor']); unset($_SESSION['administrator']); unset($_SESSION['cid']); $encrypted = hash('whirlpool',trim($_POST['password'])); diff --git a/include/bbcode.php b/include/bbcode.php index f1eb47bd3..1522ea374 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -76,7 +76,7 @@ function bbcode($Text) { // Youtube extensions $Text = preg_replace("/\[youtube\]http:\/\/www.youtube.com\/watch\?v\=(.+?)\[\/youtube\]/",'[youtube]$1[/youtube]',$Text); - $Text = preg_replace("/\[youtube\](.+?)\[\/youtube\]/", '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" width="425" height="350"></embed></object>', $Text); + $Text = preg_replace("/\[youtube\](.+?)\[\/youtube\]/", '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><!--[if IE]><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" width="425" height="350" /><![endif]--></object>', $Text); return $Text; } diff --git a/include/datetime.php b/include/datetime.php index 15d688530..d241f779e 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -55,9 +55,20 @@ function select_timezone($current = 'America/Los_Angeles') { if(! function_exists('datetime_convert')) { function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d H:i:s") { - $d = new DateTime($s, new DateTimeZone($from)); - $d->setTimeZone(new DateTimeZone($to)); - return($d->format($fmt)); + + // Slight hackish adjustment so that 'zero' datetime actually returns what is intended + // otherwise we end up with -0001-11-30 ... + // add 32 days so that we at least get year 00, and then hack around the fact that + // months and days always start with 1. + + if(substr($s,0,10) == '0000-00-00') { + $d = new DateTime($s . ' + 32 days', new DateTimeZone('UTC')); + return str_replace('1','0',$d->format($fmt)); + } + + $d = new DateTime($s, new DateTimeZone($from)); + $d->setTimeZone(new DateTimeZone($to)); + return($d->format($fmt)); }} function dob($dob) { diff --git a/include/html2bbcode.php b/include/html2bbcode.php new file mode 100644 index 000000000..0236c8374 --- /dev/null +++ b/include/html2bbcode.php @@ -0,0 +1,50 @@ +<?php + + +function html2bbcode($s) { + + +// Tags to Find +$htmltags = array( + '/\<b\>(.*?)\<\/b\>/is', + '/\<i\>(.*?)\<\/i\>/is', + '/\<u\>(.*?)\<\/u\>/is', + '/\<ul\>(.*?)\<\/ul\>/is', + '/\<li\>(.*?)\<\/li\>/is', + '/\<img(.*?) src=\"(.*?)\" (.*?)\>/is', + '/\<div(.*?)\>(.*?)\<\/div\>/is', + '/\<br(.*?)\>/is', + '/\<strong\>(.*?)\<\/strong\>/is', + '/\<a href=\"(.*?)\"(.*?)\>(.*?)\<\/a\>/is', + '/\<code\>(.*?)\<\/code\>/is', + '/\<font color=(.*?)\>(.*?)\<\/font\>', + '/\<font color=\"(.*?)\"\>(.*?)\<\/font\>', + '/\<blockquote\>(.*?)\<\/blockquote\>/is', + + ); + +// Replace with +$bbtags = array( + '[b]$1[/b]', + '[i]$1[/i]', + '[u]$1[/u]', + '[list]$1[/list]', + '[*]$1', + '[img]$2[/img]', + '$2', + '\n', + '[b]$1[/b]', + '[url=$1]$3[/url]', + '[code]$1[/code], + '[color="$1"]$2[/color]', + '[color="$1"]$2[/color]', + '[quote]$1[/quote]', + ); + +// Replace $htmltags in $text with $bbtags +$text = preg_replace ($htmltags, $bbtags, $s); + +// Strip all other HTML tags +$text = strip_tags($text); +return $text; +}
\ No newline at end of file diff --git a/include/items.php b/include/items.php index 87e680e32..587207abf 100644 --- a/include/items.php +++ b/include/items.php @@ -1,18 +1,27 @@ <?php -function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { +function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update) { + + require_once('bbcode.php'); // default permissions - anonymous user - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; + $sql_extra = " + AND `allow_cid` = '' + AND `allow_gid` = '' + AND `deny_cid` = '' + AND `deny_gid` = '' + "; if(strlen($owner_id) && ! intval($owner_id)) { - $r = q("SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1", + $r = q("SELECT `uid`, `nickname` FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($owner_id) ); - if(count($r)) + if(count($r)) { $owner_id = $r[0]['uid']; + $owner_nick = $r[0]['nickname']; + } } $r = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1", @@ -42,12 +51,12 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { else $gs = '<<>>' ; // Impossible to match - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - + $sql_extra = sprintf(" + AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) + AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) + AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) + AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') + ", intval($contact['id']), intval($contact['id']), dbesc($gs), @@ -88,7 +97,7 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { $atom .= replace_macros($feed_template, array( - '$feed_id' => xmlify($a->get_baseurl()), + '$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', $updated . '+00:00' , 'Y-m-d\TH:i:s\Z')) , '$name' => xmlify($owner['name']), @@ -96,12 +105,24 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { '$photo' => xmlify($owner['photo']), '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) , - '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) , - '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) + '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) , + '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) )); + foreach($items as $item) { + + // public feeds get html, our own nodes use bbcode + + if($dfrn_id == '*') { + $item['body'] = bbcode($item['body']); + $type = 'html'; + } + else { + $type = 'text'; + } + if($item['deleted']) { $atom .= replace_macros($tomb_template, array( '$id' => xmlify($item['uri']), @@ -109,6 +130,9 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { )); } else { + $verb = construct_verb($item); + $actobj = construct_activity($item); + if($item['parent'] == $item['id']) { $atom .= replace_macros($item_template, array( '$name' => xmlify($item['name']), @@ -122,7 +146,10 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')), '$location' => xmlify($item['location']), + '$type' => $type, '$content' => xmlify($item['body']), + '$verb' => xmlify($verb), + '$actobj' => $actobj, // do not xmlify '$comment_allow' => (($item['last-child'] && strlen($contact['dfrn-id'])) ? 1 : 0) )); } @@ -135,7 +162,10 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { '$title' => xmlify($item['title']), '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')), + '$type' => $type, '$content' =>xmlify($item['body']), + '$verb' => xmlify($verb), + '$actobj' => $actobj, // do not xmlify '$parent_id' => xmlify($item['parent-uri']), '$comment_allow' => (($item['last-child']) ? 1 : 0) )); @@ -145,6 +175,22 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { $atom .= '</feed>' . "\r\n"; return $atom; +} + + +function construct_verb($item) { + if($item['verb']) + return $item['verb']; + return ACTIVITY_POST; +} + +function construct_activity($item) { + + if($item['type'] == 'activity') { + + + } + return ''; } @@ -152,12 +198,22 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) { function get_atom_elements($item) { + require_once('library/HTMLPurifier.auto.php'); + require_once('include/html2bbcode.php'); + $res = array(); + $raw_author = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'author'); + if($raw_author) { + if($raw_author[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['rel'] == 'photo') + $res['author-avatar'] = unxmlify($raw_author[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['href']); + } + $author = $item->get_author(); $res['author-name'] = unxmlify($author->get_name()); $res['author-link'] = unxmlify($author->get_link()); - $res['author-avatar'] = unxmlify($author->get_avatar()); + if(! $res['author-avatar']) + $res['author-avatar'] = unxmlify($author->get_avatar()); $res['uri'] = unxmlify($item->get_id()); $res['title'] = unxmlify($item->get_title()); $res['body'] = unxmlify($item->get_content()); @@ -166,6 +222,36 @@ function get_atom_elements($item) { if($maxlen && (strlen($res['body']) > $maxlen)) $res['body'] = substr($res['body'],0, $maxlen); + // It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust + // the content type. Our own network only emits text normally, though it might have been converted to + // html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will + // have to assume it is all html and needs to be purified. + + // It doesn't matter all that much security wise - because before this content is used anywhere, we are + // going to escape any tags we find regardless, but this lets us import a limited subset of html from + // the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining + // html. + + + + if(strpos($res['body'],'<')) { + + $res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', + '[youtube]$1[/youtube]', $res['body']); + + $config = HTMLPurifier_Config::createDefault(); + $config->set('Core.DefinitionCache', null); + + // we shouldn't need a whitelist, because the bbcode converter + // will strip out any unsupported tags. + // $config->set('HTML.Allowed', 'p,b,a[href],i'); + + $purifier = new HTMLPurifier($config); + $res['body'] = $purifier->purify($res['body']); + } + + $res['body'] = html2bbcode($res['body']); + $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) $res['last-child'] = 1; @@ -186,18 +272,37 @@ function get_atom_elements($item) { $res['edited'] = unxmlify($rawcreated[0]['data']); $rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner'); - if($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']) + if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']) + $res['owner-name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']); + elseif($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']) $res['owner-name'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']); - if($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']) + if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']) + $res['owner-link'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']); + elseif($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']) $res['owner-link'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']); - if($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']) + + if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['rel'] == 'photo') + $res['owner-avatar'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['href']); + elseif($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']) $res['owner-avatar'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']); + $rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb'); + // select between supported verbs + if($rawverb) + $res['verb'] = unxmlify($rawverb[0]['data']); + + $rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'object'); + if($rawobj) { + $res['object-type'] = $rawobj[0]['object-type'][0]['data']; + $res['object'] = $rawobj[0]; + } + return $res; } function post_remote($a,$arr) { +//print_r($arr); if(! x($arr,'type')) $arr['type'] = 'remote'; @@ -218,8 +323,12 @@ function post_remote($a,$arr) { $arr['visible'] = 1; $arr['deleted'] = 0; $arr['parent-uri'] = notags(trim($arr['parent-uri'])); + $arr['verb'] = notags(trim($arr['verb'])); + $arr['object-type'] = notags(trim($arr['object-type'])); + $arr['object'] = trim($arr['object']); $parent_id = 0; + $parent_missing = false; dbesc_array($arr); @@ -237,15 +346,28 @@ function post_remote($a,$arr) { if(count($r)) $parent_id = $r[0]['id']; else { - // if parent is missing, what do we do? + $parent_missing = true; } $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", - $arr['uri'], + $arr['uri'], // already dbesc'd intval($arr['uid']) ); if(count($r)) $current_post = $r[0]['id']; + else + return 0; + + if($parent_missing) { + + // perhaps the parent was deleted, but in any case, this thread is dead + // and unfortunately our brand new item now has to be destroyed + + q("DELETE FROM `item` WHERE `id` = %d LIMIT 1", + intval($current_post) + ); + return 0; + } $r = q("UPDATE `item` SET `parent` = %d WHERE `id` = %d LIMIT 1", intval($parent_id), diff --git a/include/notifier.php b/include/notifier.php index 40fdbcc5f..b94c21e71 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -1,6 +1,6 @@ <?php - $debugging = false; + $debugging = true; require_once("boot.php"); @@ -19,9 +19,6 @@ $a->set_baseurl(get_config('system','url')); - $baseurl = $argv[1]; - $a->set_baseurl($argv[1]); - $cmd = $argv[1]; switch($cmd) { @@ -266,10 +263,10 @@ if($rr['self']) continue; - if((! strlen($rr['dfrn-id'])) || ($rr['duplex'] && ! strlen($rr['issued-id']))) + if((! strlen($rr['dfrn-id'])) && (! $rr['duplex'])) continue; - $idtosend = (($rr['duplex']) ? $rr['issued-id'] : $rr['dfrn-id']); + $idtosend = (($rr['dfrn-id']) ? $rr['dfrn-id'] : $rr['issued-id']); $url = $rr['notify'] . '?dfrn_id=' . $idtosend; @@ -291,7 +288,7 @@ $challenge = hex2bin($res->challenge); $final_dfrn_id = ''; - if($rr['duplex']) { + if($rr['duplex'] && strlen($rr['prvkey'])) { openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['prvkey']); openssl_private_decrypt($challenge,$postvars['challenge'],$rr['prvkey']); } @@ -301,18 +298,14 @@ } $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); - if(($final_dfrn_id != $rr['dfrn-id']) || (($rr['duplex']) && ($final_dfrn_id != $rr['issued-id']))) { + if($final_dfrn_id != $idtosend) { // did not decode properly - cannot trust this site continue; } - $postvars['dfrn_id'] = (($duplex) ? $rr['issued-id'] : $rr['dfrn-id']); + $postvars['dfrn_id'] = $idtosend; - if($cmd == 'mail') { - $postvars['data'] = $atom; - } - elseif(((strlen($rr['dfrn-id'])) || (($rr['duplex']) && (strlen($rr['issued-id'])))) - && (! ($rr['blocked']) || ($rr['readonly']))) { + if((($rr['rel'] == DIRECTION_OUT) || ($rr['rel'] == DIRECTION_BOTH)) && (! $rr['blocked']) && (! $rr['readonly'])) { $postvars['data'] = $atom; } else { diff --git a/include/poller.php b/include/poller.php index 96c647278..58189b2a8 100644 --- a/include/poller.php +++ b/include/poller.php @@ -15,6 +15,8 @@ require_once('simplepie/simplepie.inc'); require_once('include/items.php'); + require_once('include/Contact.php'); + $a->set_baseurl(get_config('system','url')); $contacts = q("SELECT * FROM `contact` @@ -73,7 +75,7 @@ ? datetime_convert('UTC','UTC','now - 30 days','Y-m-d\TH:i:s\Z') : datetime_convert('UTC','UTC',$contact['last-update'],'Y-m-d\TH:i:s\Z')); - $idtosend = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']); + $idtosend = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']); $url = $contact['poll'] . '?dfrn_id=' . $idtosend . '&type=data&last_update=' . $last_update ; @@ -87,9 +89,15 @@ echo "XML: " . $xml; $res = simplexml_load_string($xml); + if(intval($res->status) == 1) + mark_for_death($contact); + if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id))) continue; + if($contact['term-date'] != '0000-00-00 00:00:00') + unmark_for_death($contact); + $postvars = array(); $sent_dfrn_id = hex2bin($res->dfrn_id); @@ -97,7 +105,7 @@ echo "XML: " . $xml; $final_dfrn_id = ''; - if($contact['duplex']) { + if(($contact['duplex']) && strlen($contact['prvkey'])) { openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']); openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']); @@ -108,13 +116,12 @@ echo "XML: " . $xml; } $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); - if(($final_dfrn_id != $contact['dfrn-id']) - || (($contact['duplex']) && ($final_dfrn_id != $contact['issued-id']))) { + if($final_dfrn_id != $idtosend) // did not decode properly - cannot trust this site continue; } - $postvars['dfrn_id'] = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']); + $postvars['dfrn_id'] = $idtosend; $xml = post_url($contact['poll'],$postvars); |