diff options
-rwxr-xr-x | include/items.php | 95 |
1 files changed, 82 insertions, 13 deletions
diff --git a/include/items.php b/include/items.php index af4168e8f..84c74fd83 100755 --- a/include/items.php +++ b/include/items.php @@ -479,28 +479,44 @@ function get_item_elements($x) { $arr['obj_type'] = (($x['object_type']) ? htmlentities($x['object_type'], ENT_COMPAT,'UTF-8') : ''); $arr['tgt_type'] = (($x['target_type']) ? htmlentities($x['target_type'], ENT_COMPAT,'UTF-8') : ''); - $arr['object'] = $x['object']; - $arr['target'] = $x['target']; + $arr['object'] = activity_sanitise($x['object']); + $arr['target'] = activity_sanitise($x['target']); - $arr['attach'] = $x['attach']; - $arr['tags'] = $x['tags']; + $arr['attach'] = activity_sanitise($x['attach']); + $arr['term'] = decode_tags($x['tags']); - // FIXME map the tag types to our symbolic constants - - $arr['author_xchan'] = base64url_encode(hash('whirlpool',$x['author']['guid'] . $x['author']['guid_sig'], true)); - $arr['owner_xchan'] = base64url_encode(hash('whirlpool',$x['owner']['guid'] . $x['owner']['guid_sig'], true)); - - // FIXME look up author and owner and verify them if we don't have an xchan and hubloc for them already - // FIXME map the flags and add our default flags + // Here's the deal - the site might be down or whatever but if there's a new person you've never + // seen before sending stuff to your stream, we MUST be able to look them up and import their data from their + // hub and verify that they are legit - or else we're going to toss the post. We only need to do this + // once, and after that your hub knows them. Sure some info is in the post, but it's only a transit identifier + // and not enough info to be able to look you up from your hash - which is the only thing stored with the post. + if(import_author_xchan($x['author'])) + $arr['author_xchan'] = base64url_encode(hash('whirlpool',$x['author']['guid'] . $x['author']['guid_sig'], true)); + else + return array(); - // $arr['flags'] = intval($j->flags); + if(import_author_xchan($x['owner'])) + $arr['owner_xchan'] = base64url_encode(hash('whirlpool',$x['owner']['guid'] . $x['owner']['guid_sig'], true)); + else + return array(); return $arr; } +function import_author_xchan($x) { + $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1", + dbesc($x['guid']), + dbesc($x['guid_sig']), + intval(HUBLOG_FLAGS_PRIMARY) + ); + if($r) + return true; + $them = array('hubloc_url' => $x['url'],'xchan_guid' => $x['guid'], 'xchan_guid_sig' => $x['guid_sig']); + return zot_refresh($them); +} function encode_item($item) { $x = array(); @@ -565,7 +581,7 @@ function encode_item_terms($terms) { if($terms) { foreach($terms as $term) { if(in_array($term['type'],$allowed_export_terms)) - $ret = array('tag' => $term['term'], 'url' => $term['url'], 'type' => termtype($term['type'])); + $ret[] = array('tag' => $term['term'], 'url' => $term['url'], 'type' => termtype($term['type'])); } } return $ret; @@ -576,6 +592,59 @@ function termtype($t) { return(($types[$t]) ? $types[$t] : 'unknown'); } +function decode_tags($t) { + + if($t) { + $ret = array(); + foreach($t as $x) { + $tag = array(); + $tag['term'] = htmlentities($x['term'], ENT_COMPAT,'UTF-8'); + $tag['url'] = htmlentities($x['url'], ENT_COMPAT,'UTF-8'); + switch($x['type']) { + case 'hashtag': + $tag['type'] = TERM_HASHTAG; + break; + case 'mention': + $tag['type'] = TERM_MENTION; + break; + case 'category': + $tag['type'] = TERM_CATEGORY; + break; + case 'private_category': + $tag['type'] = TERM_PCATEGORY; + break; + case 'file': + $tag['type'] = TERM_FILE; + break; + case 'search': + $tag['type'] = TERM_SEARCH; + break; + default: + case 'unknown': + $tag['type'] = TERM_UNKNOWN; + break; + } + $ret[] = $tag; + } + return $ret; + } + return ''; + +} + +function activity_sanitise($arr) { + if($arr) { + $ret = array(); + foreach($arr as $k => $x) { + if(is_array($x)) + $ret[$k] = activity_sanitise($x); + else + $ret[$k] = htmlentities($x, ENT_COMPAT,'UTF-8'); + } + return $ret; + } + return ''; +} function encode_item_flags($item) { |