diff options
-rw-r--r-- | include/poller.php | 4 | ||||
-rw-r--r-- | mod/dfrn_notify.php | 23 | ||||
-rw-r--r-- | mod/dfrn_poll.php | 22 |
3 files changed, 30 insertions, 19 deletions
diff --git a/include/poller.php b/include/poller.php index e946dabf6..1a323971f 100644 --- a/include/poller.php +++ b/include/poller.php @@ -19,7 +19,9 @@ require_once('include/items.php'); $a->set_baseurl(get_config('system','url')); - $contacts = q("SELECT * FROM `contact` WHERE `dfrn-id` != '' AND `self` = 0 AND `blocked` = 0 AND `readonly` = 0 ORDER BY RAND()"); + $contacts = q("SELECT * FROM `contact` + WHERE `dfrn-id` != '' AND `self` = 0 AND `blocked` = 0 + AND `readonly` = 0 ORDER BY RAND()"); if(! count($contacts)) killme(); diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index be0de36e0..2ac98af59 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -26,19 +26,12 @@ function dfrn_notify_post(&$a) { $r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `issued-id` = '%s' LIMIT 1", dbesc($dfrn_id) ); + if(! count($r)) { xml_status(3); return; //NOTREACHED } - // We aren't really interested in anything this person has to say. But be polite and make them - // think we're listening intently by acknowledging receipt of their communications - which we quietly ignore. - - if($r[0]['readonly']) { - xml_status(0); - return; //NOTREACHED - } - $importer = $r[0]; $feed = new SimplePie(); @@ -50,6 +43,14 @@ function dfrn_notify_post(&$a) { $rawmail = $feed->get_feed_tags( NAMESPACE_DFRN, 'mail' ); if(isset($rawmail[0]['child'][NAMESPACE_DFRN])) { + + if($importer['readonly']) { + // We aren't receiving email from this person. But we will quietly ignore them + // rather than a blatant "go away" message. + xml_status(0); + return; //NOTREACHED + } + $ismail = true; $base = $rawmail[0]['child'][NAMESPACE_DFRN]; @@ -95,6 +96,12 @@ function dfrn_notify_post(&$a) { return; // NOTREACHED } + if($importer['readonly']) { + + xml_status(0); + return; // NOTREACHED + } + foreach($feed->get_items() as $item) { $deleted = false; diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index a4023d1c0..d0b915acf 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -167,20 +167,22 @@ function dfrn_poll_content(&$a) { $r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1", dbesc($_GET['dfrn_id'])); - if((! count($r)) || (! strlen($r[0]['prvkey']))) - $status = 1; + if((count($r)) && (strlen($r[0]['prvkey']))) { - $challenge = ''; + $challenge = ''; - openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); - $challenge = bin2hex($challenge); + openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); + $challenge = bin2hex($challenge); - $encrypted_id = ''; - $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); - - openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); - $encrypted_id = bin2hex($encrypted_id); + $encrypted_id = ''; + $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999); + openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + $encrypted_id = bin2hex($encrypted_id); + } + else { + $status = 1; // key not found + } echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ; |