From 36b5f6acfed95b6af5474e391d024d2e1eb968ac Mon Sep 17 00:00:00 2001 From: Alexandre Hannud Abdo <abdo@member.fsf.org> Date: Fri, 17 Jul 2015 18:36:44 -0300 Subject: Require comment perms only for own posts, allow senders to deliver comments using stream perms. --- include/zot.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index a677da808..b88bf72c3 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1560,7 +1560,17 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $tag_delivery = tgroup_check($channel['channel_id'],$arr); - $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); + if ($arr['mid'] == $arr['parent_mid']){ + $perm = 'send_stream'; + } + else{ + $r = q("select item_owner from item where item.mid == '%s' limit 1", + dbesc($arr['parent_mid'])); + if($channel['channel_hash'] == $r[0]['item_owner']) + $perm = 'post_comments'; + else + $perm = 'send_stream'; + } // This is our own post, possibly coming from a channel clone -- cgit v1.2.3 From 0b7365e2db5fea2f2aaa312087caeeb495d0e289 Mon Sep 17 00:00:00 2001 From: redmatrix <redmatrix@redmatrix.me> Date: Wed, 12 Aug 2015 22:37:24 -0700 Subject: revert 36b5f6ac --- include/zot.php | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index b88bf72c3..17554a490 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1560,18 +1560,20 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $tag_delivery = tgroup_check($channel['channel_id'],$arr); - if ($arr['mid'] == $arr['parent_mid']){ - $perm = 'send_stream'; - } - else{ - $r = q("select item_owner from item where item.mid == '%s' limit 1", - dbesc($arr['parent_mid'])); - if($channel['channel_hash'] == $r[0]['item_owner']) - $perm = 'post_comments'; - else - $perm = 'send_stream'; - } - + $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); + +// if ($arr['mid'] == $arr['parent_mid']){ +// $perm = 'send_stream'; +// } +// else{ +// $r = q("select item_owner from item where item.mid = '%s' limit 1", +// dbesc($arr['parent_mid'])); +// if($channel['channel_hash'] == $r[0]['item_owner']) +// $perm = 'post_comments'; +// else +// $perm = 'send_stream'; +// } +// // This is our own post, possibly coming from a channel clone -- cgit v1.2.3 From ef73880459e43cd976bfa4fd11f8a595a0b81d77 Mon Sep 17 00:00:00 2001 From: redmatrix <redmatrix@redmatrix.me> Date: Wed, 12 Aug 2015 22:48:08 -0700 Subject: reverting 36b5f6ac --- include/zot.php | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index bb1ccc46a..6d04bc024 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1537,17 +1537,24 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $tag_delivery = tgroup_check($channel['channel_id'],$arr); - if ($arr['mid'] == $arr['parent_mid']){ - $perm = 'send_stream'; - } - else{ - $r = q("select item_owner from item where item.mid == '%s' limit 1", - dbesc($arr['parent_mid'])); - if($channel['channel_hash'] == $r[0]['item_owner']) - $perm = 'post_comments'; - else - $perm = 'send_stream'; - } + + $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); + +// checkin 36b5f6ac - multiple issues, not yet ready for prime time +// currently this is mostly fixed except for what to do if the post is in a second delivery chain +// if ($arr['mid'] == $arr['parent_mid']){ +// $perm = 'send_stream'; +// } +// else{ +// $perm = 'post_comments'; +// +// $r = q("select owner_xchan from item where item.mid = '%s' and uid = %d limit 1", +// dbesc($arr['parent_mid']), +// intval($channel['channel_id']) +// ); +// if(($r) && $channel['channel_hash'] !== $r[0]['owner_xchan']) +// $perm = 'send_stream'; +// } // This is our own post, possibly coming from a channel clone -- cgit v1.2.3 From d1406200084b47deefe68637777e0b1851166cfe Mon Sep 17 00:00:00 2001 From: redmatrix <redmatrix@redmatrix.me> Date: Thu, 13 Aug 2015 19:35:57 -0700 Subject: add item validation function --- include/zot.php | 27 ++++++++------------------- 1 file changed, 8 insertions(+), 19 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 6d04bc024..a3e9bbf81 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1178,8 +1178,10 @@ function zot_import($arr, $sender_url) { if($i['message']['type'] === 'activity') { $arr = get_item_elements($i['message']); - if(! array_key_exists('created',$arr)) { - logger('Activity rejected: probable failure to lookup author/owner. ' . print_r($i['message'],true)); + $v = validate_item_elements($i['message'],$arr); + + if(! $v['success']) { + logger('Activity rejected: ' . $v['message'] . ' ' . print_r($i['message'],true)); continue; } @@ -1538,24 +1540,11 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $tag_delivery = tgroup_check($channel['channel_id'],$arr); - $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); - -// checkin 36b5f6ac - multiple issues, not yet ready for prime time -// currently this is mostly fixed except for what to do if the post is in a second delivery chain -// if ($arr['mid'] == $arr['parent_mid']){ -// $perm = 'send_stream'; -// } -// else{ -// $perm = 'post_comments'; -// -// $r = q("select owner_xchan from item where item.mid = '%s' and uid = %d limit 1", -// dbesc($arr['parent_mid']), -// intval($channel['channel_id']) -// ); -// if(($r) && $channel['channel_hash'] !== $r[0]['owner_xchan']) -// $perm = 'send_stream'; -// } +// $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); + $perm = 'send_stream'; + if(($arr['mid'] !== $arr['parent_mid']) && ($relay)) + $perm = 'post_comments'; // This is our own post, possibly coming from a channel clone -- cgit v1.2.3 From 73b30de9cb22732f51ccca26695eced54683a895 Mon Sep 17 00:00:00 2001 From: Alexandre Hannud Abdo <abdo@member.fsf.org> Date: Fri, 14 Aug 2015 12:21:05 -0300 Subject: Properly fix which perms get checked for comments, Mike's solution --- include/zot.php | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) (limited to 'include/zot.php') diff --git a/include/zot.php b/include/zot.php index 17554a490..19bacfa4f 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1560,20 +1560,9 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $tag_delivery = tgroup_check($channel['channel_id'],$arr); - $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); - -// if ($arr['mid'] == $arr['parent_mid']){ -// $perm = 'send_stream'; -// } -// else{ -// $r = q("select item_owner from item where item.mid = '%s' limit 1", -// dbesc($arr['parent_mid'])); -// if($channel['channel_hash'] == $r[0]['item_owner']) -// $perm = 'post_comments'; -// else -// $perm = 'send_stream'; -// } -// + $perm = 'send_stream'; + if(($arr['mid'] !== $arr['parent_mid']) && ($relay)) + $perm = 'post_comments'; // This is our own post, possibly coming from a channel clone -- cgit v1.2.3