don't allow followers to get a post through unless it's a tag deliver
This commit is contained in:
parent
3d6c49d5b3
commit
f4e3f335ef
1 changed files with 73 additions and 18 deletions
|
@ -1256,6 +1256,59 @@ function tag_deliver($uid,$item_id) {
|
|||
|
||||
|
||||
|
||||
function tgroup_check($uid,$item) {
|
||||
|
||||
$a = get_app();
|
||||
|
||||
$mention = false;
|
||||
|
||||
// check that the message originated elsewhere and is a top-level post
|
||||
|
||||
if(($item['wall']) || ($item['origin']) || ($item['uri'] != $item['parent-uri']))
|
||||
return false;
|
||||
|
||||
|
||||
$u = q("select * from user where uid = %d limit 1",
|
||||
intval($uid)
|
||||
);
|
||||
if(! count($u))
|
||||
return false;
|
||||
|
||||
$community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
|
||||
$prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false);
|
||||
|
||||
|
||||
$link = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']);
|
||||
|
||||
// Diaspora uses their own hardwired link URL in @-tags
|
||||
// instead of the one we supply with webfinger
|
||||
|
||||
$dlink = normalise_link($a->get_baseurl() . '/u/' . $u[0]['nickname']);
|
||||
|
||||
$cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER);
|
||||
if($cnt) {
|
||||
foreach($matches as $mtch) {
|
||||
if(link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) {
|
||||
$mention = true;
|
||||
logger('tgroup_check: mention found: ' . $mtch[2]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(! $mention)
|
||||
return false;
|
||||
|
||||
if((! $community_page) && (! $prvgroup))
|
||||
return false;
|
||||
|
||||
|
||||
|
||||
return true;
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -1812,6 +1865,12 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
|
|||
if($pass == 1)
|
||||
continue;
|
||||
|
||||
// not allowed to post
|
||||
|
||||
if($contact['rel'] == CONTACT_IS_FOLLOWER)
|
||||
continue;
|
||||
|
||||
|
||||
// Have we seen it? If not, import it.
|
||||
|
||||
$item_id = $item->get_id();
|
||||
|
@ -2086,6 +2145,14 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
|
|||
$datarray['owner-avatar'] = $contact['thumb'];
|
||||
}
|
||||
|
||||
// We've allowed "followers" to reach this point so we can decide if they are
|
||||
// posting an @-tag delivery, which followers are allowed to do for certain
|
||||
// page types. Now that we've parsed the post, let's check if it is legit. Otherwise ignore it.
|
||||
|
||||
if(($contact['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['uid'],$datarray)))
|
||||
continue;
|
||||
|
||||
|
||||
$r = item_store($datarray);
|
||||
continue;
|
||||
|
||||
|
@ -2708,15 +2775,6 @@ function local_delivery($importer,$data) {
|
|||
}
|
||||
|
||||
|
||||
// TODO: make this next part work against both delivery threads of a community post
|
||||
|
||||
// if((! link_compare($datarray['author-link'],$importer['url'])) && (! $community)) {
|
||||
// logger('local_delivery: received relay claiming to be from ' . $importer['url'] . ' however comment author url is ' . $datarray['author-link'] );
|
||||
// they won't know what to do so don't report an error. Just quietly die.
|
||||
// return 0;
|
||||
// }
|
||||
|
||||
// our user with $importer['importer_uid'] is the owner
|
||||
|
||||
$own = q("select name,url,thumb from contact where uid = %d and self = 1 limit 1",
|
||||
intval($importer['importer_uid'])
|
||||
|
@ -2786,15 +2844,6 @@ function local_delivery($importer,$data) {
|
|||
}
|
||||
}
|
||||
|
||||
// if($community) {
|
||||
// $newtag = '@[url=' . $a->get_baseurl() . '/profile/' . $importer['nickname'] . ']' . $importer['username'] . '[/url]';
|
||||
// if(! stristr($datarray['tag'],$newtag)) {
|
||||
// if(strlen($datarray['tag']))
|
||||
// $datarray['tag'] .= ',';
|
||||
// $datarray['tag'] .= $newtag;
|
||||
// }
|
||||
// }
|
||||
|
||||
|
||||
$posted_id = item_store($datarray);
|
||||
$parent = 0;
|
||||
|
@ -2864,6 +2913,9 @@ function local_delivery($importer,$data) {
|
|||
$item_id = $item->get_id();
|
||||
$datarray = get_atom_elements($feed,$item);
|
||||
|
||||
if($importer['rel'] == CONTACT_IS_FOLLOWER)
|
||||
continue;
|
||||
|
||||
$r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($item_id),
|
||||
intval($importer['importer_uid'])
|
||||
|
@ -3098,6 +3150,9 @@ function local_delivery($importer,$data) {
|
|||
$datarray['owner-avatar'] = $importer['thumb'];
|
||||
}
|
||||
|
||||
if(($importer['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['importer_uid'],$datarray)))
|
||||
continue;
|
||||
|
||||
$posted_id = item_store($datarray);
|
||||
|
||||
if(stristr($datarray['verb'],ACTIVITY_POKE)) {
|
||||
|
|
Loading…
Reference in a new issue