From 36b5f6acfed95b6af5474e391d024d2e1eb968ac Mon Sep 17 00:00:00 2001
From: Alexandre Hannud Abdo <abdo@member.fsf.org>
Date: Fri, 17 Jul 2015 18:36:44 -0300
Subject: Require comment perms only for own posts, allow senders to deliver
 comments using stream perms.

---
 include/zot.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'include/zot.php')

diff --git a/include/zot.php b/include/zot.php
index a677da808..b88bf72c3 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1560,7 +1560,17 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 
 		$tag_delivery = tgroup_check($channel['channel_id'],$arr);
 
-		$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
+		if ($arr['mid'] == $arr['parent_mid']){
+			$perm = 'send_stream';
+		}
+		else{
+			$r = q("select item_owner from item where item.mid == '%s' limit 1",
+				dbesc($arr['parent_mid']));
+			if($channel['channel_hash'] == $r[0]['item_owner'])
+				$perm = 'post_comments';
+			else
+				$perm = 'send_stream';
+		}
 
 
 		// This is our own post, possibly coming from a channel clone
-- 
cgit v1.2.3


From 0b7365e2db5fea2f2aaa312087caeeb495d0e289 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Wed, 12 Aug 2015 22:37:24 -0700
Subject: revert 36b5f6ac

---
 include/zot.php | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

(limited to 'include/zot.php')

diff --git a/include/zot.php b/include/zot.php
index b88bf72c3..17554a490 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1560,18 +1560,20 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 
 		$tag_delivery = tgroup_check($channel['channel_id'],$arr);
 
-		if ($arr['mid'] == $arr['parent_mid']){
-			$perm = 'send_stream';
-		}
-		else{
-			$r = q("select item_owner from item where item.mid == '%s' limit 1",
-				dbesc($arr['parent_mid']));
-			if($channel['channel_hash'] == $r[0]['item_owner'])
-				$perm = 'post_comments';
-			else
-				$perm = 'send_stream';
-		}
-
+		$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
+
+//		if ($arr['mid'] == $arr['parent_mid']){
+//			$perm = 'send_stream';
+//		}
+//		else{
+//			$r = q("select item_owner from item where item.mid = '%s' limit 1",
+//				dbesc($arr['parent_mid']));
+//			if($channel['channel_hash'] == $r[0]['item_owner'])
+//				$perm = 'post_comments';
+//			else
+//				$perm = 'send_stream';
+//		}
+//
 
 		// This is our own post, possibly coming from a channel clone
 
-- 
cgit v1.2.3


From ef73880459e43cd976bfa4fd11f8a595a0b81d77 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Wed, 12 Aug 2015 22:48:08 -0700
Subject: reverting 36b5f6ac

---
 include/zot.php | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

(limited to 'include/zot.php')

diff --git a/include/zot.php b/include/zot.php
index bb1ccc46a..6d04bc024 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1537,17 +1537,24 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 
 		$tag_delivery = tgroup_check($channel['channel_id'],$arr);
 
-		if ($arr['mid'] == $arr['parent_mid']){
-			$perm = 'send_stream';
-		}
-		else{
-			$r = q("select item_owner from item where item.mid == '%s' limit 1",
-				dbesc($arr['parent_mid']));
-			if($channel['channel_hash'] == $r[0]['item_owner'])
-				$perm = 'post_comments';
-			else
-				$perm = 'send_stream';
-		}
+
+		$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
+
+// checkin 36b5f6ac - multiple issues, not yet ready for prime time
+// currently this is mostly fixed except for what to do if the post is in a second delivery chain
+//		if ($arr['mid'] == $arr['parent_mid']){
+//			$perm = 'send_stream';
+//		}
+//		else{
+//			$perm = 'post_comments';
+//
+//			$r = q("select owner_xchan from item where item.mid = '%s' and uid = %d limit 1",
+//				dbesc($arr['parent_mid']),
+//				intval($channel['channel_id'])
+//			);
+//			if(($r) && $channel['channel_hash'] !== $r[0]['owner_xchan'])
+//				$perm = 'send_stream';
+//		}
 
 
 		// This is our own post, possibly coming from a channel clone
-- 
cgit v1.2.3


From d1406200084b47deefe68637777e0b1851166cfe Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Thu, 13 Aug 2015 19:35:57 -0700
Subject: add item validation function

---
 include/zot.php | 27 ++++++++-------------------
 1 file changed, 8 insertions(+), 19 deletions(-)

(limited to 'include/zot.php')

diff --git a/include/zot.php b/include/zot.php
index 6d04bc024..a3e9bbf81 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1178,8 +1178,10 @@ function zot_import($arr, $sender_url) {
 				if($i['message']['type'] === 'activity') {
 					$arr = get_item_elements($i['message']);
 
-					if(! array_key_exists('created',$arr)) {
-						logger('Activity rejected: probable failure to lookup author/owner. ' . print_r($i['message'],true));
+					$v = validate_item_elements($i['message'],$arr);
+
+					if(! $v['success']) {
+						logger('Activity rejected: ' . $v['message'] . ' ' . print_r($i['message'],true));
 						continue;
 					}
 
@@ -1538,24 +1540,11 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 		$tag_delivery = tgroup_check($channel['channel_id'],$arr);
 
 
-		$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
-
-// checkin 36b5f6ac - multiple issues, not yet ready for prime time
-// currently this is mostly fixed except for what to do if the post is in a second delivery chain
-//		if ($arr['mid'] == $arr['parent_mid']){
-//			$perm = 'send_stream';
-//		}
-//		else{
-//			$perm = 'post_comments';
-//
-//			$r = q("select owner_xchan from item where item.mid = '%s' and uid = %d limit 1",
-//				dbesc($arr['parent_mid']),
-//				intval($channel['channel_id'])
-//			);
-//			if(($r) && $channel['channel_hash'] !== $r[0]['owner_xchan'])
-//				$perm = 'send_stream';
-//		}
+//		$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
 
+		$perm = 'send_stream';
+		if(($arr['mid'] !== $arr['parent_mid']) && ($relay))
+			$perm = 'post_comments';
 
 		// This is our own post, possibly coming from a channel clone
 
-- 
cgit v1.2.3


From 73b30de9cb22732f51ccca26695eced54683a895 Mon Sep 17 00:00:00 2001
From: Alexandre Hannud Abdo <abdo@member.fsf.org>
Date: Fri, 14 Aug 2015 12:21:05 -0300
Subject: Properly fix which perms get checked for comments, Mike's solution

---
 include/zot.php | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

(limited to 'include/zot.php')

diff --git a/include/zot.php b/include/zot.php
index 17554a490..19bacfa4f 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1560,20 +1560,9 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 
 		$tag_delivery = tgroup_check($channel['channel_id'],$arr);
 
-		$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
-
-//		if ($arr['mid'] == $arr['parent_mid']){
-//			$perm = 'send_stream';
-//		}
-//		else{
-//			$r = q("select item_owner from item where item.mid = '%s' limit 1",
-//				dbesc($arr['parent_mid']));
-//			if($channel['channel_hash'] == $r[0]['item_owner'])
-//				$perm = 'post_comments';
-//			else
-//				$perm = 'send_stream';
-//		}
-//
+		$perm = 'send_stream';
+		if(($arr['mid'] !== $arr['parent_mid']) && ($relay))
+			$perm = 'post_comments';
 
 		// This is our own post, possibly coming from a channel clone
 
-- 
cgit v1.2.3