1 files changed, 34 insertions, 14 deletions

diff --git a/include/zot.php b/include/zot.php
index 7707f34fc..942490551 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -11,6 +11,7 @@
 require_once('include/crypto.php');
 require_once('include/items.php');
 require_once('include/hubloc.php');
+require_once('include/DReport.php');
 
 
 /**
@@ -1556,7 +1557,6 @@ function allowed_public_recips($msg) {
 function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $request = false) {
 
 	$result = array();
-	require_once('include/DReport.php');
 
 	$result['site'] = z_root();
 
@@ -1569,6 +1569,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 		}
 	}
 
+
 	foreach($deliveries as $d) {
 		$local_public = $public;
 
@@ -1587,11 +1588,21 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 		$channel = $r[0];
 		$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
 
-		if($d['hash'] === $sender['hash']) {
-			$DR->update('self delivery ignored');
-			$result[] = $DR->get();
-			continue;
-		}
+		/**
+		 * @FIXME: Somehow we need to block normal message delivery from our clones, as the delivered
+		 * message doesn't have ACL information in it as the cloned copy does. That copy 
+		 * will normally arrive first via sync delivery, but this isn't guaranteed. 
+		 * There's a chance the current delivery could take place before the cloned copy arrives
+		 * hence the item could have the wrong ACL and *could* be used in subsequent deliveries or
+		 * access checks. So far all attempts at identifying this situation precisely
+		 * have caused issues with delivery of relayed comments. 
+		 */
+
+//		if(($d['hash'] === $sender['hash']) && ($sender['url'] !== z_root()) && (! $relay)) {
+//			$DR->update('self delivery ignored');
+//			$result[] = $DR->get();
+//			continue;
+//		}
 
 		// allow public postings to the sys channel regardless of permissions, but not
 		// for comments travelling upstream. Wait and catch them on the way down.
@@ -1949,8 +1960,7 @@ function delete_imported_item($sender, $item, $uid, $relay) {
 	$item_found = false;
 	$post_id = 0;
 
-
-	$r = q("select id, item_deleted from item where ( author_xchan = '%s' or owner_xchan = '%s' or source_xchan = '%s' )
+	$r = q("select id, author_xchan, owner_xchan, source_xchan, item_deleted from item where ( author_xchan = '%s' or owner_xchan = '%s' or source_xchan = '%s' )
 		and mid = '%s' and uid = %d limit 1",
 		dbesc($sender['hash']),
 		dbesc($sender['hash']),
@@ -1958,6 +1968,7 @@ function delete_imported_item($sender, $item, $uid, $relay) {
 		dbesc($item['mid']),
 		intval($uid)
 	);
+
 	if ($r) {
 		if ($r[0]['author_xchan'] === $sender['hash'] || $r[0]['owner_xchan'] === $sender['hash'] || $r[0]['source_xchan'] === $sender['hash'])
 			$ownership_valid = true;
@@ -2031,20 +2042,26 @@ function process_mail_delivery($sender, $arr, $deliveries) {
 	}
 
 	foreach($deliveries as $d) {
+
+		$DR = new DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']);
+
 		$r = q("select * from channel where channel_hash = '%s' limit 1",
 			dbesc($d['hash'])
 		);
 
 		if(! $r) {
-			$result[] = array($d['hash'],'not found');
+			$DR->update('recipient not found');
+			$result[] = $DR->get();
 			continue;
 		}
 
 		$channel = $r[0];
+		$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
 
 		if(! perm_is_allowed($channel['channel_id'],$sender['hash'],'post_mail')) {
 			logger("permission denied for mail delivery {$channel['channel_id']}");
-			$result[] = array($d['hash'],'permission denied',$channel['channel_name'],$arr['mid']);
+			$DR->update('permission denied');
+			$result[] = $DR->get();
 			continue;
 		}
 
@@ -2058,11 +2075,13 @@ function process_mail_delivery($sender, $arr, $deliveries) {
 					intval($r[0]['id']),
 					intval($channel['channel_id'])
 				);
-				$result[] = array($d['hash'],'mail recalled',$channel['channel_name'],$arr['mid']);
+				$DR->update('mail recalled');
+				$result[] = $DR->get();
 				logger('mail_recalled');
 			}
 			else {
-				$result[] = array($d['hash'],'duplicate mail received',$channel['channel_name'],$arr['mid']);
+				$DR->update('duplicate mail received');
+				$result[] = $DR->get();
 				logger('duplicate mail received');
 			}
 			continue;
@@ -2071,7 +2090,8 @@ function process_mail_delivery($sender, $arr, $deliveries) {
 			$arr['account_id'] = $channel['channel_account_id'];
 			$arr['channel_id'] = $channel['channel_id'];
 			$item_id = mail_store($arr);
-			$result[] = array($d['hash'],'mail delivered',$channel['channel_name'],$arr['mid']);
+			$DR->update('mail delivered');
+			$result[] = $DR->get();
 		}
 	}
 
@@ -3855,4 +3875,4 @@ function check_zotinfo($channel,$locations,&$ret) {
 			}
 		}
 	}
-}
\ No newline at end of file
+}