From 216f038456cae1016e030b33cac79f8ed690e366 Mon Sep 17 00:00:00 2001 From: Friendika Date: Fri, 4 Mar 2011 20:55:32 -0800 Subject: icon changes, feed security improvements --- mod/pubsub.php | 11 ++++++++--- mod/wall_upload.php | 4 ++-- 2 files changed, 10 insertions(+), 5 deletions(-) (limited to 'mod') diff --git a/mod/pubsub.php b/mod/pubsub.php index df27c6bc2..5d8ea2ed7 100644 --- a/mod/pubsub.php +++ b/mod/pubsub.php @@ -55,7 +55,8 @@ function pubsub_init(&$a) { $sql_extra = ((strlen($hub_verify)) ? sprintf(" AND `hub-verify` = '%s' ", dbesc($hub_verify)) : ''); - $r = q("SELECT * FROM `contact` WHERE `poll` = '%s' AND `id` = %d AND `uid` = %d AND `blocked` = 0 $sql_extra LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `poll` = '%s' AND `id` = %d AND `uid` = %d + AND `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1", dbesc($hub_topic), intval($contact_id), intval($owner['uid']) @@ -101,10 +102,14 @@ function pubsub_post(&$a) { $importer = $r[0]; - $r = q("SELECT * FROM `contact` WHERE `subhub` = 1 AND `id` = %d AND `uid` = %d AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `subhub` = 1 AND `id` = %d AND `uid` = %d + AND ( `rel` = %d OR `rel` = %d ) AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", intval($contact_id), - intval($importer['uid']) + intval($importer['uid']), + intval(REL_FAN), + intval(REL_BUD) ); + if(! count($r)) { logger('pubsub: no contact record - ignored'); hub_post_return(); diff --git a/mod/wall_upload.php b/mod/wall_upload.php index ab06b4b2d..b5725311d 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -101,5 +101,5 @@ function wall_upload_post(&$a) { echo '

\"$basename\"

"; killme(); - return; // NOTREACHED -} \ No newline at end of file + // NOTREACHED +} -- cgit v1.2.3