aboutsummaryrefslogtreecommitdiffstats
path: root/include/zot.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/zot.php')
-rw-r--r--include/zot.php44
1 files changed, 34 insertions, 10 deletions
diff --git a/include/zot.php b/include/zot.php
index 5faabd5ec..7e9a6ee54 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1084,6 +1084,11 @@ function zot_import($arr, $sender_url) {
if(is_array($incoming)) {
foreach($incoming as $i) {
+ if(! is_array($i)) {
+ logger('incoming is not an array');
+ continue;
+ }
+
$result = null;
if(array_key_exists('iv',$i['notify'])) {
@@ -1108,7 +1113,8 @@ function zot_import($arr, $sender_url) {
if(array_key_exists('message',$i) && array_key_exists('type',$i['message']) && $i['message']['type'] === 'rating') {
// rating messages are processed only by directory servers
logger('Rating received: ' . print_r($arr,true), LOGGER_DATA);
- $result = process_rating_delivery($i['notify']['sender'],$arr);
+ $result = process_rating_delivery($i['notify']['sender'],$i['message']);
+ continue;
}
if(array_key_exists('recipients',$i['notify']) && count($i['notify']['recipients'])) {
@@ -1813,34 +1819,52 @@ function process_mail_delivery($sender,$arr,$deliveries) {
function process_rating_delivery($sender,$arr) {
- $dirmode = intval(get_config('system','directory_mode'));
- if($dirmode == DIRECTORY_MODE_NORMAL)
- return;
+ logger('process_rating_delivery: ' . print_r($arr,true));
if(! $arr['target'])
return;
- $r = q("select * from xlink where xlink_xchan = '%s' and xlink_target = '%s' limit 1",
+ $z = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
+ dbesc($sender['hash'])
+ );
+
+
+ if((! $z) || (! rsa_verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) {
+ logger('failed to verify rating');
+ return;
+ }
+
+ $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1",
dbesc($sender['hash']),
dbesc($arr['target'])
- );
+ );
+
if($r) {
- $x = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_updated = '%s' where xlink_id = %d",
+ if($r[0]['xlink_updated'] >= $arr['edited']) {
+ logger('rating message duplicate');
+ return;
+ }
+
+ $x = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' where xlink_id = %d",
intval($arr['rating']),
- intval($arr['rating_text']),
+ dbesc($arr['rating_text']),
+ dbesc($arr['signature']),
dbesc(datetime_convert()),
intval($r[0]['xlink_id'])
);
+ logger('rating updated');
}
else {
- $x = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_updated, xlink_static )
+ $x = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static )
values( '%s', '%s', %d, '%s', '%s', 1 ) ",
dbesc($sender['hash']),
dbesc($arr['target']),
intval($arr['rating']),
- intval($arr['rating_text']),
+ dbesc($arr['rating_text']),
+ dbesc($arr['signature']),
dbesc(datetime_convert())
);
+ logger('rating created');
}
return;
}