mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-19 21:35:13 +00:00
another attempt to block/filter Add activities from being sent to or fetched by hubzilla
This commit is contained in:
parent
26d82bc269
commit
5e642b04a6
1 changed files with 14 additions and 3 deletions
|
@ -46,7 +46,7 @@ class Conversation extends Controller
|
|||
}
|
||||
}
|
||||
// process an authenticated fetch
|
||||
|
||||
$zot6Hubloc = false;
|
||||
$sigdata = HTTPSig::verify(EMPTY_STR);
|
||||
if ($sigdata['portable_id'] && $sigdata['header_valid']) {
|
||||
$portable_id = $sigdata['portable_id'];
|
||||
|
@ -76,8 +76,17 @@ class Conversation extends Controller
|
|||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
$parsed = parse_url($sigdata['signer']);
|
||||
unset($parsed['fragment']);
|
||||
unset($parsed['query']);
|
||||
|
||||
$idUrl = unparse_url($parsed);
|
||||
$hublocs = q("select * from hubloc where hubloc_id_url = '%s'",
|
||||
dbesc($idUrl)
|
||||
);
|
||||
$zot6Hubloc = $hublocs && $hublocs[0]['hubloc_network'] === 'zot6';
|
||||
}
|
||||
|
||||
// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
|
||||
// with a bias towards those items owned by channels on this site (item_wall = 1)
|
||||
|
||||
|
@ -96,8 +105,10 @@ class Conversation extends Controller
|
|||
|
||||
$parents_str = ids_to_querystr($i, 'item_id');
|
||||
|
||||
$sql_noAdd = ($zot6Hubloc) ? " and verb not in ('Add', 'Remove') " : '';
|
||||
|
||||
$items = q(
|
||||
"SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal and item_private = %d and uid = %d",
|
||||
"SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal $sql_noAdd and item_private = %d and uid = %d",
|
||||
dbesc($parents_str),
|
||||
intval($i[0]['item_private']),
|
||||
intval($i[0]['uid'])
|
||||
|
|
Loading…
Reference in a new issue