From fd290882fde0fe22471259771377ebabdb1b4492 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 30 Sep 2015 12:57:02 -0700 Subject: undo self-deliver check --- include/zot.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 635c36774..488c2772f 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1584,11 +1584,12 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $channel = $r[0]; $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); - if($d['hash'] === $sender['hash']) { - $DR->update('self delivery ignored'); - $result[] = $DR->get(); - continue; - } +// breaks comments? +// if($d['hash'] === $sender['hash']) { +// $DR->update('self delivery ignored'); +// $result[] = $DR->get(); +// continue; +// } // allow public postings to the sys channel regardless of permissions, but not -- cgit v1.2.3 From 5265c190d4011a7362774f86ad82a05f4f87f2b8 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 30 Sep 2015 16:27:24 -0700 Subject: document the issue with cloned delivery to self vs normal delivery to self --- include/zot.php | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 488c2772f..fe51d1a7c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1566,6 +1566,8 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ } } +logger('sender: ' . print_r($sender,true)); + foreach($deliveries as $d) { $local_public = $public; @@ -1584,8 +1586,17 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $channel = $r[0]; $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); -// breaks comments? -// if($d['hash'] === $sender['hash']) { + /** + * @FIXME: Somehow we need to block normal message delivery from our clones, as the delivered + * message doesn't have ACL information in it as the cloned copy does. That copy + * will normally arrive first via sync delivery, but this isn't guaranteed. + * There's a chance the current delivery could take place before the cloned copy arrives + * hence the item could have the wrong ACL and *could* be used in subsequent deliveries or + * access checks. So far all attempts at identifying this situation precisely + * have caused issues with delivery of relayed comments. + */ + +// if(($d['hash'] === $sender['hash']) && ($sender['url'] !== z_root()) && (! $relay)) { // $DR->update('self delivery ignored'); // $result[] = $DR->get(); // continue; -- cgit v1.2.3