From def10df816ec7ca25fe463bf029e84ba7dfdba61 Mon Sep 17 00:00:00 2001 From: Thomas Willingham Date: Mon, 1 Dec 2014 19:09:50 +0000 Subject: Somewhat subtle process_delivery() bug - $public was not being reset if a sys channel is reached but then the loop iterated over another channel. --- include/zot.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 3b8584509..a7c6e32ac 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1419,6 +1419,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque } foreach($deliveries as $d) { + $public = false; $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) ); -- cgit v1.2.3 From 8e4e56b56647351d12fe6853bc6c208fc2d018cd Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 1 Dec 2014 18:58:27 -0800 Subject: can't reset public to false because it may have been passed in as true and this would be wrong and cause even more subtle bugs. Reset to whatever value was passed in. --- include/zot.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index a7c6e32ac..44c36ebb4 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1417,9 +1417,9 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque return; } } - + foreach($deliveries as $d) { - $public = false; + $local_public = $public; $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) ); @@ -1434,7 +1434,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque // allow public postings to the sys channel regardless of permissions if(($channel['channel_pageflags'] & PAGE_SYSTEM) && (! $arr['item_private'])) - $public = true; + $local_public = true; $tag_delivery = tgroup_check($channel['channel_id'],$arr); @@ -1453,7 +1453,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque } } - if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $public)) { + if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $local_public)) { logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}"); $result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); continue; @@ -1488,7 +1488,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque // the top level post is unlikely to be imported and // this is just an exercise in futility. - if((! $relay) && (! $request) && (! $public) + if((! $relay) && (! $request) && (! $local_public) && perm_is_allowed($channel['channel_id'],$sender['hash'],'send_stream')) { proc_run('php', 'include/notifier.php', 'request', $channel['channel_id'], $sender['hash'], $arr['parent_mid']); } -- cgit v1.2.3 From 452d275b5ee4575e6c763076b397e1cd2320c4bc Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 12 Dec 2014 00:26:07 -0800 Subject: don't import to sys channel from self-censored authors --- include/zot.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 44c36ebb4..c88b2a369 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1433,9 +1433,19 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque $channel = $r[0]; // allow public postings to the sys channel regardless of permissions - if(($channel['channel_pageflags'] & PAGE_SYSTEM) && (! $arr['item_private'])) + if(($channel['channel_pageflags'] & PAGE_SYSTEM) && (! $arr['item_private'])) { $local_public = true; + $r = q("select xchan_flags from xchan where xchan_hash = '%s' limit 1", + dbesc($sender['hash']) + ); + // don't import sys channel posts from selfcensored authors + if($r && ($r[0]['xchan_flags'] & XCHAN_FLAGS_SELFCENSORED)) { + $local_public = false; + continue; + } + } + $tag_delivery = tgroup_check($channel['channel_id'],$arr); $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); -- cgit v1.2.3