diff options
Diffstat (limited to 'mod/magic.php')
| -rw-r--r-- | mod/magic.php | 48 |
1 files changed, 34 insertions, 14 deletions
diff --git a/mod/magic.php b/mod/magic.php index ba9e69a49..09a2e8a51 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -7,17 +7,18 @@ function magic_init(&$a) { $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); $hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : ''); $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); + $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); if($hash) { $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where hubloc_hash = '%s' and (hubloc_flags & %d) limit 1", + where hubloc_hash = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1", dbesc($hash), intval(HUBLOC_FLAGS_PRIMARY) ); } elseif($addr) { $x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and (hubloc_flags & %d) limit 1", + where xchan_addr = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1", dbesc($addr), intval(HUBLOC_FLAGS_PRIMARY) ); @@ -25,17 +26,16 @@ function magic_init(&$a) { else { // See if we know anybody at the dest site that will unlock the door for us $b = explode('/',$dest); - if(count($b) >= 2) - $u = $b[0] . '//' . $b[2]; - - $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where hubloc_url = '%s' limit 1", - dbesc($u) - ); + if(count($b) >= 2) { + $u = $b[0] . '//' . $b[2]; + $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash + where hubloc_url = '%s' order by hubloc_id desc limit 1", + dbesc($u) + ); + } } - if(! $x) { // Finger them if they've never been seen here before @@ -47,7 +47,7 @@ function magic_init(&$a) { if($j) import_xchan($j); $x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and (hubloc_flags & %d) limit 1", + where xchan_addr = '%s' and (hubloc_flags & %d) order by hubloc_id desc limit 1", dbesc($addr), intval(HUBLOC_FLAGS_PRIMARY) ); @@ -56,10 +56,30 @@ function magic_init(&$a) { } if(! $x) { - notice( t('Channel not found.') . EOL); - return; + if($rev) + goaway($dest); + else { + logger('mod_magic: channel not found.' . print_r($_REQUEST,true)); + notice( t('Channel not found.') . EOL); + return; + } } + // This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. + // By default, we'll proceed without asking. + + $arr = array( + 'channel_id' => local_user(), + 'xchan' => $x[0], + 'destination' => $dest, + 'proceed' => true + ); + + call_hooks('magic_auth',$arr); + $dest = $arr['destination']; + if(! $arr['proceed']) + goaway($dest); + if($x[0]['hubloc_url'] === z_root()) { $webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr'])); switch($dest) { @@ -105,7 +125,7 @@ function magic_init(&$a) { goaway($x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@')) . '/?f=&auth=' . $channel['channel_address'] . '@' . $a->get_hostname() - . '&sec=' . $token . '&dest=' . $dest . '&version=' . ZOT_REVISION); + . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION); } if(strpos($dest,'/')) |