diff options
| author | friendica <info@friendica.com> | 2014-08-30 17:03:26 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-08-30 17:03:26 -0700 |
| commit | e9bf742cc7c0d54dd48a4ba4e0eddd620d8b6857 (patch) | |
| tree | f618ea000ed334f147f20450c0f5c32e61903c6a /include | |
| parent | 88f8900ac52aa1b4bba90d000691dfa311ad2a92 (diff) | |
| download | volse-hubzilla-e9bf742cc7c0d54dd48a4ba4e0eddd620d8b6857.tar.gz volse-hubzilla-e9bf742cc7c0d54dd48a4ba4e0eddd620d8b6857.tar.bz2 volse-hubzilla-e9bf742cc7c0d54dd48a4ba4e0eddd620d8b6857.zip | |
insecure network filter
Diffstat (limited to 'include')
| -rwxr-xr-x | include/items.php | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/include/items.php b/include/items.php index c0ff2ac81..1a4363975 100755 --- a/include/items.php +++ b/include/items.php @@ -19,7 +19,9 @@ function collect_recipients($item,&$private_envelope) { // it is private $allow_people = expand_acl($item['allow_cid']); + $allow_groups = expand_groups(expand_acl($item['allow_gid'])); + $allow_groups = filter_insecure($item['uid'],$allow_groups); $recipients = array_unique(array_merge($allow_people,$allow_groups)); @@ -44,7 +46,13 @@ function collect_recipients($item,&$private_envelope) { $deny_groups = expand_groups(expand_acl($item['deny_gid'])); $deny = array_unique(array_merge($deny_people,$deny_groups)); - $recipients = array_diff($recipients,$deny); + + // Don't deny anybody if nobody was allowed (e.g. they were all filtered out) + // That would lead to array_diff doing the wrong thing. + // This will result in a private post that won't be delivered to anybody. + + if($recipients && $deny) + $recipients = array_diff($recipients,$deny); $private_envelope = true; } else { @@ -100,6 +108,37 @@ function collect_recipients($item,&$private_envelope) { } +/** + * If channel is configured to filter insecure members of privacy groups + * (those whose networks leak privacy via email notifications or other criteria) + * remove them from any privacy groups (collections) that were included in a post. + * They can still be addressed individually. + * Networks may need to be added or removed from this list as circumstances change. + */ + +function filter_insecure($channel_id,$arr) { + $insecure_nets = " and not xchan_network in ('diaspora', 'friendica-over-diaspora') "; + + $ret = array(); + + if((! intval(get_config($channel_id,'system','filter_insecure_collections'))) || (! $arr)) + return $arr; + + $str = ''; + foreach($arr as $rr) { + if(strlen($str)) + $str .= ','; + $str .= "'" . dbesc($rr) . "'"; + } + $r = q("select xchan_hash from xchan where xchan_hash in ($str) $insecure_nets "); + if($r) { + foreach($r as $rr) { + $ret[] = $rr['xchan_hash']; + } + } + return $ret; +} + function comments_are_now_closed($item) { if($item['comments_closed'] !== '0000-00-00 00:00:00') { |