From d1406200084b47deefe68637777e0b1851166cfe Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Thu, 13 Aug 2015 19:35:57 -0700
Subject: add item validation function

---
 include/items.php | 26 ++++++++++++++++++++++++++
 include/zot.php   | 27 ++++++++-------------------
 2 files changed, 34 insertions(+), 19 deletions(-)

diff --git a/include/items.php b/include/items.php
index ce4980c6a..d8c551cea 100755
--- a/include/items.php
+++ b/include/items.php
@@ -495,6 +495,32 @@ function post_activity_item($arr) {
 	return $ret;
 }
 
+
+function validate_item_elements($message,$arr) {
+
+	$result = array('success' => false);
+
+	if(! array_key_exists('created',$arr))
+		$result['message'] = 'missing created, possible author/owner lookup failure';
+
+	if((! $arr['mid']) || (! $arr['parent_mid'])) 
+		$result['message'] = 'missing message-id or parent message-id';
+
+	if(array_key_exists('flags',$message) && in_array('relay',$message['flags']) && $arr['mid'] === $arr['parent_mid'])
+		$result['message'] = 'relay set on top level post';
+
+	if(! $result['message'])
+		$result['success'] = true;
+
+	return $result;
+
+}
+
+
+
+
+
+
 /**
  * @brief Generate an Atom feed.
  *
diff --git a/include/zot.php b/include/zot.php
index 6d04bc024..a3e9bbf81 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1178,8 +1178,10 @@ function zot_import($arr, $sender_url) {
 				if($i['message']['type'] === 'activity') {
 					$arr = get_item_elements($i['message']);
 
-					if(! array_key_exists('created',$arr)) {
-						logger('Activity rejected: probable failure to lookup author/owner. ' . print_r($i['message'],true));
+					$v = validate_item_elements($i['message'],$arr);
+
+					if(! $v['success']) {
+						logger('Activity rejected: ' . $v['message'] . ' ' . print_r($i['message'],true));
 						continue;
 					}
 
@@ -1538,24 +1540,11 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 		$tag_delivery = tgroup_check($channel['channel_id'],$arr);
 
 
-		$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
-
-// checkin 36b5f6ac - multiple issues, not yet ready for prime time
-// currently this is mostly fixed except for what to do if the post is in a second delivery chain
-//		if ($arr['mid'] == $arr['parent_mid']){
-//			$perm = 'send_stream';
-//		}
-//		else{
-//			$perm = 'post_comments';
-//
-//			$r = q("select owner_xchan from item where item.mid = '%s' and uid = %d limit 1",
-//				dbesc($arr['parent_mid']),
-//				intval($channel['channel_id'])
-//			);
-//			if(($r) && $channel['channel_hash'] !== $r[0]['owner_xchan'])
-//				$perm = 'send_stream';
-//		}
+//		$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
 
+		$perm = 'send_stream';
+		if(($arr['mid'] !== $arr['parent_mid']) && ($relay))
+			$perm = 'post_comments';
 
 		// This is our own post, possibly coming from a channel clone
 
-- 
cgit v1.2.3