From 4cab74c18cf237eae6c57baea2b1d4fd260fe590 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Thu, 3 Dec 2015 21:05:48 -0800
Subject: use the channel blacklist for items and mail, still todo: directory
 and stuff

---
 include/plugin.php |  9 +++++++++
 include/zot.php    | 16 ++++++++++++++++
 2 files changed, 25 insertions(+)

(limited to 'include')

diff --git a/include/plugin.php b/include/plugin.php
index 1d4caac0f..1f4d60736 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -495,6 +495,15 @@ function format_css_if_exists($source) {
 		return '<link rel="stylesheet" href="' . script_path() . '/' . $path . '" type="text/css" media="' . $source[1] . '">' . "\r\n";
 }
 
+/*
+ * This basically calculates the baseurl. We have other functions to do that, but
+ * there was an issue with script paths and mixed-content whose details are arcane 
+ * and perhaps lost in the message archives. The short answer is that we're ignoring 
+ * the URL which we are "supposed" to use, and generating script paths relative to 
+ * the URL which we are currently using; in order to ensure they are found and aren't
+ * blocked due to mixed content issues. 
+ */
+
 function script_path() {
 	if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS'])
 		$scheme = 'https';
diff --git a/include/zot.php b/include/zot.php
index 6764072aa..d41d5e828 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1611,6 +1611,14 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 		$channel = $r[0];
 		$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
 
+		/* blacklisted channels get a permission denied, no special message to tip them off */
+
+		if(! check_channelallowed($sender['hash'])) {
+			$DR->update('permission denied');
+			$result[] = $DR->get();
+			continue;
+		}
+
 		/**
 		 * @FIXME: Somehow we need to block normal message delivery from our clones, as the delivered
 		 * message doesn't have ACL information in it as the cloned copy does. That copy 
@@ -2082,6 +2090,14 @@ function process_mail_delivery($sender, $arr, $deliveries) {
 		$channel = $r[0];
 		$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
 
+		/* blacklisted channels get a permission denied, no special message to tip them off */
+
+		if(! check_channelallowed($sender['hash'])) {
+			$DR->update('permission denied');
+			$result[] = $DR->get();
+			continue;
+		}
+
 		if(! perm_is_allowed($channel['channel_id'],$sender['hash'],'post_mail')) {
 			logger("permission denied for mail delivery {$channel['channel_id']}");
 			$DR->update('permission denied');
-- 
cgit v1.2.3