mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 06:55:19 +00:00
osada issue #6 - enforce Mastodon advisory privacy on hyper-drive imported items
This commit is contained in:
parent
b590ad1b3f
commit
b58c032b8f
5 changed files with 18 additions and 7 deletions
|
@ -97,7 +97,7 @@ class Channel extends Controller {
|
|||
'Content-Type' => 'application/x-zot+json',
|
||||
'Digest' => HTTPSig::generate_digest_header($data),
|
||||
'(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']
|
||||
];
|
||||
];
|
||||
$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel));
|
||||
HTTPSig::set_headers($h);
|
||||
echo $data;
|
||||
|
|
|
@ -147,7 +147,18 @@ class Item extends \Zotlabs\Web\Controller {
|
|||
xchan_query($r,true);
|
||||
$items = fetch_post_tags($r,true);
|
||||
|
||||
$chan = channelx_by_n($items[0]['uid']);
|
||||
$observer = App::get_observer();
|
||||
$parent = $items[0];
|
||||
$recips = (($parent['owner']['xchan_network'] === 'activitypub') ? get_iconfig($parent['id'],'activitypub','recips', []) : []);
|
||||
$to = (($recips && array_key_exists('to',$recips) && is_array($recips['to'])) ? $recips['to'] : null);
|
||||
$nitems = [];
|
||||
foreach($items as $i) {
|
||||
if(intval($i['item_private']) && $to && (! in_array($observer['xchan_url'],$to)))
|
||||
continue;
|
||||
$nitems[] = $i;
|
||||
}
|
||||
|
||||
$chan = channelx_by_n($nitems[0]['uid']);
|
||||
|
||||
if(! $chan)
|
||||
http_status_exit(404, 'Not found');
|
||||
|
@ -156,13 +167,13 @@ class Item extends \Zotlabs\Web\Controller {
|
|||
http_status_exit(403, 'Forbidden');
|
||||
|
||||
if($conversation) {
|
||||
$i = Activity::encode_item_collection($items,'conversation/' . $item_id,'OrderedCollection',false);
|
||||
$i = Activity::encode_item_collection($nitems,'conversation/' . $item_id,'OrderedCollection',false);
|
||||
if($portable_id) {
|
||||
ThreadListener::store(z_root() . '/item/' . $item_id,$portable_id);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$i = Activity::encode_item($items[0]);
|
||||
$i = Activity::encode_item($nitems[0]);
|
||||
}
|
||||
|
||||
if(! $i)
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
namespace Zotlabs\Module;
|
||||
|
||||
use Zotlabs\Lib\Zotfinger;
|
||||
use Zotlabs\Web\HTTPSig;
|
||||
use Zotlabs\Zot6\HTTPSig;
|
||||
|
||||
class Zot_probe extends \Zotlabs\Web\Controller {
|
||||
|
||||
|
|
|
@ -161,7 +161,7 @@ class HTTPSig {
|
|||
|
||||
if(! $x) {
|
||||
logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key'));
|
||||
$sig_block['signature'] = base64url_encode($sig_block['signature']);
|
||||
$sig_block['signature'] = base64_encode($sig_block['signature']);
|
||||
logger('affected sigblock: ' . print_r($sig_block,true));
|
||||
logger('headers: ' . print_r($headers,true));
|
||||
logger('server: ' . print_r($_SERVER,true));
|
||||
|
|
|
@ -231,7 +231,7 @@ class Zot6Handler implements IHandler {
|
|||
foreach ($recipients as $recip) {
|
||||
$r = q("select channel.*,xchan.* from channel
|
||||
left join xchan on channel_hash = xchan_hash
|
||||
where channel_hash = '%s' and channel_guid_sig = '%s' limit 1",
|
||||
where channel_hash = '%s' limit 1",
|
||||
dbesc($recip)
|
||||
);
|
||||
if ($r) {
|
||||
|
|
Loading…
Reference in a new issue