aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rwxr-xr-xinclude/plugin.php9
-rw-r--r--include/zot.php16
2 files changed, 25 insertions, 0 deletions
diff --git a/include/plugin.php b/include/plugin.php
index 1d4caac0f..1f4d60736 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -495,6 +495,15 @@ function format_css_if_exists($source) {
return '<link rel="stylesheet" href="' . script_path() . '/' . $path . '" type="text/css" media="' . $source[1] . '">' . "\r\n";
}
+/*
+ * This basically calculates the baseurl. We have other functions to do that, but
+ * there was an issue with script paths and mixed-content whose details are arcane
+ * and perhaps lost in the message archives. The short answer is that we're ignoring
+ * the URL which we are "supposed" to use, and generating script paths relative to
+ * the URL which we are currently using; in order to ensure they are found and aren't
+ * blocked due to mixed content issues.
+ */
+
function script_path() {
if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS'])
$scheme = 'https';
diff --git a/include/zot.php b/include/zot.php
index 6764072aa..d41d5e828 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1611,6 +1611,14 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
$channel = $r[0];
$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
+ /* blacklisted channels get a permission denied, no special message to tip them off */
+
+ if(! check_channelallowed($sender['hash'])) {
+ $DR->update('permission denied');
+ $result[] = $DR->get();
+ continue;
+ }
+
/**
* @FIXME: Somehow we need to block normal message delivery from our clones, as the delivered
* message doesn't have ACL information in it as the cloned copy does. That copy
@@ -2082,6 +2090,14 @@ function process_mail_delivery($sender, $arr, $deliveries) {
$channel = $r[0];
$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
+ /* blacklisted channels get a permission denied, no special message to tip them off */
+
+ if(! check_channelallowed($sender['hash'])) {
+ $DR->update('permission denied');
+ $result[] = $DR->get();
+ continue;
+ }
+
if(! perm_is_allowed($channel['channel_id'],$sender['hash'],'post_mail')) {
logger("permission denied for mail delivery {$channel['channel_id']}");
$DR->update('permission denied');