aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/poller.php4
-rw-r--r--mod/dfrn_notify.php23
-rw-r--r--mod/dfrn_poll.php22
3 files changed, 30 insertions, 19 deletions
diff --git a/include/poller.php b/include/poller.php
index e946dabf6..1a323971f 100644
--- a/include/poller.php
+++ b/include/poller.php
@@ -19,7 +19,9 @@ require_once('include/items.php');
$a->set_baseurl(get_config('system','url'));
- $contacts = q("SELECT * FROM `contact` WHERE `dfrn-id` != '' AND `self` = 0 AND `blocked` = 0 AND `readonly` = 0 ORDER BY RAND()");
+ $contacts = q("SELECT * FROM `contact`
+ WHERE `dfrn-id` != '' AND `self` = 0 AND `blocked` = 0
+ AND `readonly` = 0 ORDER BY RAND()");
if(! count($contacts))
killme();
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index be0de36e0..2ac98af59 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -26,19 +26,12 @@ function dfrn_notify_post(&$a) {
$r = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `issued-id` = '%s' LIMIT 1",
dbesc($dfrn_id)
);
+
if(! count($r)) {
xml_status(3);
return; //NOTREACHED
}
- // We aren't really interested in anything this person has to say. But be polite and make them
- // think we're listening intently by acknowledging receipt of their communications - which we quietly ignore.
-
- if($r[0]['readonly']) {
- xml_status(0);
- return; //NOTREACHED
- }
-
$importer = $r[0];
$feed = new SimplePie();
@@ -50,6 +43,14 @@ function dfrn_notify_post(&$a) {
$rawmail = $feed->get_feed_tags( NAMESPACE_DFRN, 'mail' );
if(isset($rawmail[0]['child'][NAMESPACE_DFRN])) {
+
+ if($importer['readonly']) {
+ // We aren't receiving email from this person. But we will quietly ignore them
+ // rather than a blatant "go away" message.
+ xml_status(0);
+ return; //NOTREACHED
+ }
+
$ismail = true;
$base = $rawmail[0]['child'][NAMESPACE_DFRN];
@@ -95,6 +96,12 @@ function dfrn_notify_post(&$a) {
return; // NOTREACHED
}
+ if($importer['readonly']) {
+
+ xml_status(0);
+ return; // NOTREACHED
+ }
+
foreach($feed->get_items() as $item) {
$deleted = false;
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index a4023d1c0..d0b915acf 100644
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -167,20 +167,22 @@ function dfrn_poll_content(&$a) {
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `blocked` = 0 AND `pending` = 0 LIMIT 1",
dbesc($_GET['dfrn_id']));
- if((! count($r)) || (! strlen($r[0]['prvkey'])))
- $status = 1;
+ if((count($r)) && (strlen($r[0]['prvkey']))) {
- $challenge = '';
+ $challenge = '';
- openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
- $challenge = bin2hex($challenge);
+ openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
+ $challenge = bin2hex($challenge);
- $encrypted_id = '';
- $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
-
- openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
- $encrypted_id = bin2hex($encrypted_id);
+ $encrypted_id = '';
+ $id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
+ openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
+ $encrypted_id = bin2hex($encrypted_id);
+ }
+ else {
+ $status = 1; // key not found
+ }
echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>'
. '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;