diff options
| -rw-r--r-- | include/channel.php | 4 | ||||
| -rw-r--r-- | include/zot.php | 7 |
2 files changed, 8 insertions, 3 deletions
diff --git a/include/channel.php b/include/channel.php index b9adc588b..625ce16c8 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2553,10 +2553,10 @@ function channel_remove($channel_id, $local = true, $unset_session = false) { q("DELETE FROM profile WHERE uid = %d", intval($channel_id)); q("DELETE FROM src WHERE src_channel_id = %d", intval($channel_id)); - $r = q("select resource_id FROM attach WHERE uid = %d", intval($channel_id)); + $r = q("select hash FROM attach WHERE uid = %d", intval($channel_id)); if($r) { foreach($r as $rv) { - attach_delete($channel_id,$rv['resource_id']); + attach_delete($channel_id,$rv['hash']); } } diff --git a/include/zot.php b/include/zot.php index 10550fd69..d28e584a1 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1152,7 +1152,12 @@ function zot_process_response($hub, $arr, $outq) { * @brief * * We received a notification packet (in mod_post) that a message is waiting for us, and we've verified the sender. - * Now send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site + * Check if the site is using zot6 delivery and includes a verified HTTP Signature, signed content, and a 'msg' field, + * and also that the signer and the sender match. + * If that happens, we do not need to fetch/pickup the message - we have it already and it is verified. + * Translate it into the form we need for zot_import() and import it. + * + * Otherwise send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site * private key. * The entire pickup message is encrypted with the remote site's public key. * If everything checks out on the remote end, we will receive back a packet containing one or more messages, |