From 1910c49adaf2222432ca048f3faac4dedef052e2 Mon Sep 17 00:00:00 2001 From: nobody Date: Mon, 14 Dec 2020 15:03:28 -0800 Subject: [PATCH 1/2] For shared posts originating from ActivityPub, send back an Announce activity to the author. These have a number of serious issues on our own communication network related to a lack of comment permissions to third parties and the potential for frivolous copyright lawsuits. --- Zotlabs/Lib/Share.php | 118 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 108 insertions(+), 10 deletions(-) diff --git a/Zotlabs/Lib/Share.php b/Zotlabs/Lib/Share.php index 07ce11b81..5895bf9e5 100644 --- a/Zotlabs/Lib/Share.php +++ b/Zotlabs/Lib/Share.php @@ -2,6 +2,9 @@ namespace Zotlabs\Lib; +use App; +use Zotlabs\Daemon\Run; +use Zotlabs\Lib\Libsync; class Share { @@ -10,47 +13,142 @@ class Share { public function __construct($post_id) { - if(! $post_id) + if (! $post_id) { return; + } - if(is_array($post_id)) { + if (is_array($post_id)) { $this->item = $post_id; return; } - if(! (local_channel() || remote_channel())) + if (! (local_channel() || remote_channel())) { return; - + } + $r = q("SELECT * from item left join xchan on author_xchan = xchan_hash WHERE id = %d LIMIT 1", intval($post_id) ); - if(! $r) + if (! $r) { return; + } - if(($r[0]['item_private']) && ($r[0]['xchan_network'] !== 'rss')) + if (($r[0]['item_private']) && ($r[0]['xchan_network'] !== 'rss')) { return; + } $sql_extra = item_permissions_sql($r[0]['uid']); $r = q("select * from item where id = %d $sql_extra", intval($post_id) ); - if(! $r) + if (! $r) { return; + } - if($r[0]['mimetype'] !== 'text/bbcode') + if ($r[0]['mimetype'] !== 'text/bbcode') { return; + } /** @FIXME eventually we want to post remotely via rpost on your home site */ // When that works remove this next bit: - if(! local_channel()) + if (! local_channel()) { return; + } xchan_query($r); - $this->item = $r[0]; + $this->item = array_shift($r); + + $arr = []; + + $owner_uid = $this->item['uid']; + $owner_aid = $this->item['aid']; + + $channel = channelx_by_n($this->item['uid']); + $observer = App::get_observer(); + + $can_comment = false; + if ((array_key_exists('owner',$this->item)) && intval($this->item['owner']['abook_self'])) { + $can_comment = perm_is_allowed($this->item['uid'],$observer['xchan_hash'],'post_comments'); + } + else { + $can_comment = can_comment_on_post($observer['xchan_hash'],$this->item); + } + + if (! $can_comment) { + return; + } + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($this->item['owner_xchan']) + ); + + if ($r) { + $thread_owner = array_shift($r); + } + else { + return; + } + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($this->item['author_xchan']) + ); + if ($r) { + $item_author = array_shift($r); + } + else { + return; + } + + if ($item_author['network'] === 'activitypub') { + + // for Mastodon compatibility, send back an ActivityPub Announce activity. + // We don't need or want these on our own network as there is no mechanism for providing + // a fair-use defense to copyright claims and frivolous lawsuits. + + $arr['aid'] = $owner_aid; + $arr['uid'] = $owner_uid; + + $arr['item_origin'] = 1; + $arr['item_wall'] = $this->item['item_wall']; + $arr['uuid'] = new_uuid(); + $arr['mid'] = z_root() . '/item/' . $arr['uuid']; + $arr['mid'] = str_replace('/item/','/activity/',$arr['mid']); + $arr['parent_mid'] = $this->item['mid']; + + $mention = '@[zrl=' . $this->item['author']['xchan_url'] . ']' . $this->item['author']['xchan_name'] . '[/zrl]'; + $arr['body'] = sprintf( t('🔁 Repeated %1$s\'s %2$s'), $mention, $this->item['obj_type']); + + $arr['author_xchan'] = $observer['xchan_hash']; + $arr['owner_xchan'] = $this->item['author_xchan']; + $arr['obj'] = $this->item['obj']; + $arr['obj_type'] = $this->item['obj_type']; + $arr['verb'] = 'Announce'; + + $post = item_store($arr); + + $post_id = $post['item_id']; + + $arr['id'] = $post_id; + + call_hooks('post_local_end', $arr); + + $r = q("select * from item where id = %d", + intval($post_id) + ); + if ($r) { + xchan_query($r); + $sync_item = fetch_post_tags($r); + Libsync::build_sync_packet($channel['channel_id'], [ 'item' => [ encode_item($sync_item[0],true) ] ]); + } + + Run::Summon([ 'Notifier','like',$post_id ]); + } + return; + } public function obj() { From f424676d03e9a7b40265652b9ee74539b9e42257 Mon Sep 17 00:00:00 2001 From: nobody Date: Mon, 14 Dec 2020 17:53:18 -0800 Subject: [PATCH 2/2] revision --- Zotlabs/Access/PermissionLimits.php | 2 +- boot.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php index c03e79c5e..dfdb811ec 100644 --- a/Zotlabs/Access/PermissionLimits.php +++ b/Zotlabs/Access/PermissionLimits.php @@ -78,8 +78,8 @@ class PermissionLimits { * * \b array with all permission limits, if $perm is not set */ static public function Get($channel_id, $perm = '') { + if (! intval($channel_id)) { - btlogger('invalid channel'); return false; } diff --git a/boot.php b/boot.php index fbdf42ab6..bbb40eaad 100755 --- a/boot.php +++ b/boot.php @@ -16,7 +16,7 @@ use Zotlabs\Daemon\Run; * @brief This file defines some global constants and includes the central App class. */ -define ( 'STD_VERSION', '20.12.11' ); +define ( 'STD_VERSION', '20.12.15' ); define ( 'ZOT_REVISION', '6.0' ); define ( 'DB_UPDATE_VERSION', 1247 );