diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/diaspora.php | 126 |
1 files changed, 44 insertions, 82 deletions
diff --git a/include/diaspora.php b/include/diaspora.php index 9cef21ceb..fe853b5df 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1096,7 +1096,7 @@ function diaspora_conversation($importer,$xml,$msg) { if(count($c)) $conversation = $c[0]; else { - $r = q("insert into conv (uid,guid,recips) values('%d, '%s', '%s') ", + $r = q("insert into conv (uid,guid,recips) values(%d, '%s', '%s') ", intval($importer['uid']), dbesc($guid), dbesc($participant_handles) @@ -1115,18 +1115,18 @@ function diaspora_conversation($importer,$xml,$msg) { } - foreach($messages as $msg) { + foreach($messages as $mesg) { $reply = 0; - $msg_guid = notags(unxmlify($msg->guid)); - $msg_parent_guid = notags(unxmlify($msg->parent_guid)); - $msg_parent_author_signature = notags(unxmlify($msg->parent_author_signature)); - $msg_author_signature = notags(unxmlify($msg->author_signature)); - $msg_text = unxmlify($msg->text); - $msg_created_at = datetime_convert('UTC','UTC',notags(unxmlify($msg->created_at))); - $msg_diaspora_handle = notags(unxmlify($msg->diaspora_handle)); - $msg_conversation_guid = notags(unxmlify($msg->conversation_guid)); + $msg_guid = notags(unxmlify($mesg->guid)); + $msg_parent_guid = notags(unxmlify($mesg->parent_guid)); + $msg_parent_author_signature = notags(unxmlify($mesg->parent_author_signature)); + $msg_author_signature = notags(unxmlify($mesg->author_signature)); + $msg_text = unxmlify($mesg->text); + $msg_created_at = datetime_convert('UTC','UTC',notags(unxmlify($mesg->created_at))); + $msg_diaspora_handle = notags(unxmlify($mesg->diaspora_handle)); + $msg_conversation_guid = notags(unxmlify($mesg->conversation_guid)); if($msg_conversation_guid != $guid) { logger('diaspora_conversation: message conversation guid does not belong to the current conversation. ' . $xml); continue; @@ -1140,14 +1140,44 @@ function diaspora_conversation($importer,$xml,$msg) { $body = diaspora2bb($msg_text); $message_id = $msg_diaspora_handle . ':' . $msg_guid; - $person = find_diaspora_person_by_handle($msg_diaspora_handle); - if(is_array($person) && x($person,'pubkey')) - $key = $person['pubkey']; + $author_signed_data = $msg_guid . ';' . $msg_parent_guid . ';' . $msg_text . ';' . unxmlify($mesg->created_at) . ';' . $msg_diaspora_handle . ';' . $msg_conversation_guid; +// $author_signed_data = $msg_guid . ';' . $msg_parent_guid . ';' . $msg_text . ';' . $msg_diaspora_handle; + + $author_signature = base64_decode($msg_author_signature); + + if(strcasecmp($msg_diaspora_handle,$msg['author']) == 0) { + $person = $contact; + $key = $msg['key']; + } else { - logger('diaspora_conversation: unable to find author details'); + $person = find_diaspora_person_by_handle($msg_diaspora_handle); + + if(is_array($person) && x($person,'pubkey')) + $key = $person['pubkey']; + else { + logger('diaspora_conversation: unable to find author details'); + continue; + } + } + + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha256')) { + logger('diaspora_conversation: verification failed.'); continue; } + if($msg_parent_author_signature) { + $owner_signed_data = $msg_guid . ';' . $msg_parent_guid . ';' . $msg_text . ';' . unxmlify($mesg->created_at) . ';' . $msg_diaspora_handle . ';' . $msg_conversation_guid; + + $parent_author_signature = base64_decode($msg_parent_author_signature); + + $key = $msg['key']; + + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha256')) { + logger('diaspora_conversation: owner verification failed.'); + continue; + } + } + $r = q("select id from mail where `uri` = '%s' limit 1", dbesc($message_id) ); @@ -1175,74 +1205,6 @@ function diaspora_conversation($importer,$xml,$msg) { } - -/* - $author_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle; - - $author_signature = base64_decode($author_signature); - - if(strcasecmp($diaspora_handle,$msg['author']) == 0) { - $person = $contact; - $key = $msg['key']; - } - else { - $person = find_diaspora_person_by_handle($diaspora_handle); - - if(is_array($person) && x($person,'pubkey')) - $key = $person['pubkey']; - else { - logger('diaspora_comment: unable to find author details'); - return; - } - } - - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha256')) { - logger('diaspora_comment: verification failed.'); - return; - } - - if($parent_author_signature) { - $owner_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle; - - $parent_author_signature = base64_decode($parent_author_signature); - - $key = $msg['key']; - - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha256')) { - logger('diaspora_comment: owner verification failed.'); - return; - } - } - - // Phew! Everything checks out. Now create an item. - - $body = diaspora2bb($text); - - $message_id = $diaspora_handle . ':' . $guid; - - $datarray = array(); - - $str_tags = ''; - - $tags = get_tags($body); - - if(count($tags)) { - foreach($tags as $tag) { - if(strpos($tag,'#') === 0) { - if(strpos($tag,'[url=')) - continue; - $basetag = str_replace('_',' ',substr($tag,1)); - $body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body); - if(strlen($str_tags)) - $str_tags .= ','; - $str_tags .= '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; - continue; - } - } - } - -*/ - return; } |