From 1807db6cb0cc297aff32750b371a4e2e6539ad31 Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 2 Feb 2015 20:13:07 -0800 Subject: send rating information to directories --- include/zot.php | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 04b6806c2..1e9577dc6 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1108,7 +1108,8 @@ function zot_import($arr, $sender_url) { if(array_key_exists('message',$i) && array_key_exists('type',$i['message']) && $i['message']['type'] === 'rating') { // rating messages are processed only by directory servers logger('Rating received: ' . print_r($arr,true), LOGGER_DATA); - $result = process_rating_delivery($i['notify']['sender'],$arr); + $result = process_rating_delivery($i['notify']['sender'],$i['message']); + continue; } if(array_key_exists('recipients',$i['notify']) && count($i['notify']['recipients'])) { @@ -1813,34 +1814,52 @@ function process_mail_delivery($sender,$arr,$deliveries) { function process_rating_delivery($sender,$arr) { - $dirmode = intval(get_config('system','directory_mode')); - if($dirmode == DIRECTORY_MODE_NORMAL) - return; + logger('process_rating_delivery: ' . print_r($arr,true)); if(! $arr['target']) return; - $r = q("select * from xlink where xlink_xchan = '%s' and xlink_target = '%s' limit 1", + $z = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", + dbesc($sender['hash']) + ); + + + if((! $z) || (! rsa_verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) { + logger('failed to verify rating'); + return; + } + + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($sender['hash']), dbesc($arr['target']) - ); + ); + if($r) { - $x = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_updated = '%s' where xlink_id = %d", + if($r[0]['xlink_updated'] >= $arr['edited']) { + logger('rating message duplicate'); + return; + } + + $x = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' where xlink_id = %d", intval($arr['rating']), - intval($arr['rating_text']), + dbesc($arr['rating_text']), + dbesc($arr['signature']), dbesc(datetime_convert()), intval($r[0]['xlink_id']) ); + logger('rating updated'); } else { - $x = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_updated, xlink_static ) + $x = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values( '%s', '%s', %d, '%s', '%s', 1 ) ", dbesc($sender['hash']), dbesc($arr['target']), intval($arr['rating']), - intval($arr['rating_text']), + dbesc($arr['rating_text']), + dbesc($arr['signature']), dbesc(datetime_convert()) ); + logger('rating created'); } return; } -- cgit v1.2.3 From 3f50313862f5c2ca9d7118b234b2f154c7fb736a Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 3 Feb 2015 16:03:05 -0800 Subject: garbage in garbage out --- include/zot.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 04b6806c2..7002fee0a 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1084,6 +1084,11 @@ function zot_import($arr, $sender_url) { if(is_array($incoming)) { foreach($incoming as $i) { + if(! is_array($i)) { + logger('incoming is not an array'); + continue; + } + $result = null; if(array_key_exists('iv',$i['notify'])) { -- cgit v1.2.3 From 88488fdfbb58aa04b450af1691aba7cea1bce8ab Mon Sep 17 00:00:00 2001 From: Habeas Codice Date: Thu, 5 Feb 2015 09:15:26 -0800 Subject: escape dates --- include/zot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 04b6806c2..5faabd5ec 100644 --- a/include/zot.php +++ b/include/zot.php @@ -420,7 +420,7 @@ function zot_refresh($them,$channel = null, $force = false) { where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 ", intval($their_perms), - dbesc($next_birthday), + dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF) -- cgit v1.2.3