mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 09:15:19 +00:00
osada issue #6 - enforce Mastodon advisory privacy on hyper-drive imported items
This commit is contained in:
parent
b590ad1b3f
commit
b58c032b8f
5 changed files with 18 additions and 7 deletions
|
@ -97,7 +97,7 @@ class Channel extends Controller {
|
||||||
'Content-Type' => 'application/x-zot+json',
|
'Content-Type' => 'application/x-zot+json',
|
||||||
'Digest' => HTTPSig::generate_digest_header($data),
|
'Digest' => HTTPSig::generate_digest_header($data),
|
||||||
'(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']
|
'(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']
|
||||||
];
|
];
|
||||||
$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel));
|
$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel));
|
||||||
HTTPSig::set_headers($h);
|
HTTPSig::set_headers($h);
|
||||||
echo $data;
|
echo $data;
|
||||||
|
|
|
@ -147,7 +147,18 @@ class Item extends \Zotlabs\Web\Controller {
|
||||||
xchan_query($r,true);
|
xchan_query($r,true);
|
||||||
$items = fetch_post_tags($r,true);
|
$items = fetch_post_tags($r,true);
|
||||||
|
|
||||||
$chan = channelx_by_n($items[0]['uid']);
|
$observer = App::get_observer();
|
||||||
|
$parent = $items[0];
|
||||||
|
$recips = (($parent['owner']['xchan_network'] === 'activitypub') ? get_iconfig($parent['id'],'activitypub','recips', []) : []);
|
||||||
|
$to = (($recips && array_key_exists('to',$recips) && is_array($recips['to'])) ? $recips['to'] : null);
|
||||||
|
$nitems = [];
|
||||||
|
foreach($items as $i) {
|
||||||
|
if(intval($i['item_private']) && $to && (! in_array($observer['xchan_url'],$to)))
|
||||||
|
continue;
|
||||||
|
$nitems[] = $i;
|
||||||
|
}
|
||||||
|
|
||||||
|
$chan = channelx_by_n($nitems[0]['uid']);
|
||||||
|
|
||||||
if(! $chan)
|
if(! $chan)
|
||||||
http_status_exit(404, 'Not found');
|
http_status_exit(404, 'Not found');
|
||||||
|
@ -156,13 +167,13 @@ class Item extends \Zotlabs\Web\Controller {
|
||||||
http_status_exit(403, 'Forbidden');
|
http_status_exit(403, 'Forbidden');
|
||||||
|
|
||||||
if($conversation) {
|
if($conversation) {
|
||||||
$i = Activity::encode_item_collection($items,'conversation/' . $item_id,'OrderedCollection',false);
|
$i = Activity::encode_item_collection($nitems,'conversation/' . $item_id,'OrderedCollection',false);
|
||||||
if($portable_id) {
|
if($portable_id) {
|
||||||
ThreadListener::store(z_root() . '/item/' . $item_id,$portable_id);
|
ThreadListener::store(z_root() . '/item/' . $item_id,$portable_id);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$i = Activity::encode_item($items[0]);
|
$i = Activity::encode_item($nitems[0]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(! $i)
|
if(! $i)
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
namespace Zotlabs\Module;
|
namespace Zotlabs\Module;
|
||||||
|
|
||||||
use Zotlabs\Lib\Zotfinger;
|
use Zotlabs\Lib\Zotfinger;
|
||||||
use Zotlabs\Web\HTTPSig;
|
use Zotlabs\Zot6\HTTPSig;
|
||||||
|
|
||||||
class Zot_probe extends \Zotlabs\Web\Controller {
|
class Zot_probe extends \Zotlabs\Web\Controller {
|
||||||
|
|
||||||
|
|
|
@ -161,7 +161,7 @@ class HTTPSig {
|
||||||
|
|
||||||
if(! $x) {
|
if(! $x) {
|
||||||
logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key'));
|
logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key'));
|
||||||
$sig_block['signature'] = base64url_encode($sig_block['signature']);
|
$sig_block['signature'] = base64_encode($sig_block['signature']);
|
||||||
logger('affected sigblock: ' . print_r($sig_block,true));
|
logger('affected sigblock: ' . print_r($sig_block,true));
|
||||||
logger('headers: ' . print_r($headers,true));
|
logger('headers: ' . print_r($headers,true));
|
||||||
logger('server: ' . print_r($_SERVER,true));
|
logger('server: ' . print_r($_SERVER,true));
|
||||||
|
|
|
@ -231,7 +231,7 @@ class Zot6Handler implements IHandler {
|
||||||
foreach ($recipients as $recip) {
|
foreach ($recipients as $recip) {
|
||||||
$r = q("select channel.*,xchan.* from channel
|
$r = q("select channel.*,xchan.* from channel
|
||||||
left join xchan on channel_hash = xchan_hash
|
left join xchan on channel_hash = xchan_hash
|
||||||
where channel_hash = '%s' and channel_guid_sig = '%s' limit 1",
|
where channel_hash = '%s' limit 1",
|
||||||
dbesc($recip)
|
dbesc($recip)
|
||||||
);
|
);
|
||||||
if ($r) {
|
if ($r) {
|
||||||
|
|
Loading…
Reference in a new issue