Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-19 16:15:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

another attempt to block/filter Add activities from being sent to or fetched by hubzilla

Browse source
This commit is contained in:
Mike Macgirvin 2024-02-29 18:28:12 +11:00
parent 26d82bc269
commit 5e642b04a6
1 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Code/Module/Conversation.php
View file

@ -46,7 +46,7 @@ class Conversation extends Controller
}
}
// process an authenticated fetch
$zot6Hubloc = false;
$sigdata = HTTPSig::verify(EMPTY_STR);
if ($sigdata['portable_id'] && $sigdata['header_valid']) {
$portable_id = $sigdata['portable_id'];
@ -76,8 +76,17 @@ class Conversation extends Controller
);
}
}
}
$parsed = parse_url($sigdata['signer']);
unset($parsed['fragment']);
unset($parsed['query']);
$idUrl = unparse_url($parsed);
$hublocs = q("select * from hubloc where hubloc_id_url = '%s'",
dbesc($idUrl)
);
$zot6Hubloc = $hublocs && $hublocs[0]['hubloc_network'] === 'zot6';
}
// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
// with a bias towards those items owned by channels on this site (item_wall = 1)
@ -96,8 +105,10 @@ class Conversation extends Controller
$parents_str = ids_to_querystr($i, 'item_id');
$sql_noAdd = ($zot6Hubloc) ? " and verb not in ('Add', 'Remove') " : '';
$items = q(
"SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal and item_private = %d and uid = %d",
"SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal $sql_noAdd and item_private = %d and uid = %d",
dbesc($parents_str),
intval($i[0]['item_private']),
intval($i[0]['uid'])