From 3a2d11bde1581b8ee1e2a07c04370ce9eae9ea55 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 12 Sep 2013 20:11:56 -0700 Subject: so public_recips and allowed_public_recips is working so much better than before, but was still not quite right. We seem to be getting all the right results for top-level posts now, but comments aren't getting through on channels for which we've allowed them to send us their stream, but not comment on our posts. The reason is we were seeing if they could comment - and we only need to do that if we own the post. If they own the post, we only need to check if they can send us their stream. --- include/zot.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index cdbfd2185..e395e88f6 100644 --- a/include/zot.php +++ b/include/zot.php @@ -926,14 +926,22 @@ function public_recips($msg) { $check_mentions = false; if($msg['message']['type'] === 'activity') { + $col = 'channel_w_stream'; + $field = PERMS_W_STREAM; if(array_key_exists('flags',$msg['message']) && in_array('thread_parent', $msg['message']['flags'])) { - $col = 'channel_w_stream'; - $field = PERMS_W_STREAM; + // check mention recipient permissions on top level posts only $check_mentions = true; } else { - $col = 'channel_w_comment'; - $field = PERMS_W_COMMENT; + // if this is a comment and it wasn't sent by the post owner, check to see who is allowing them to comment. + // We should have one specific recipient and this step shouldn't be needed unless somebody stuffed up their software. + // We may need this step to protect us from bad guys intentionally stuffing up their software. + // If it is sent by the post owner, we don't need to do this. We only need to see who is receiving the + // owner's stream (which was already set above) - as they control the comment permissions + if($msg['notify']['sender']['guid_sig'] != $msg['message']['owner']['guid_sig']) { + $col = 'channel_w_comment'; + $field = PERMS_W_COMMENT; + } } } elseif($msg['message']['type'] === 'mail') { -- cgit v1.2.3