OStatus: reject attempts to create a remote profile for a local user or group.
Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
This commit is contained in:
Brion Vibber
parent
5cd020bf29
commit
66518df435
|
|
@ -929,4 +929,41 @@ class OStatusPlugin extends Plugin
|
|||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Utility function to check if the given URL is a canonical group profile
|
||||
* page, and if so return the ID number.
|
||||
*
|
||||
* @param string $url
|
||||
* @return mixed int or false
|
||||
*/
|
||||
public static function localGroupFromUrl($url)
|
||||
{
|
||||
$template = common_local_url('groupbyid', array('id' => '31337'));
|
||||
$template = preg_quote($template, '/');
|
||||
$template = str_replace('31337', '(\d+)', $template);
|
||||
if (preg_match("/$template/", $url, $matches)) {
|
||||
return intval($matches[1]);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Utility function to check if the given URL is a canonical user profile
|
||||
* page, and if so return the ID number.
|
||||
*
|
||||
* @param string $url
|
||||
* @return mixed int or false
|
||||
*/
|
||||
public static function localProfileFromUrl($url)
|
||||
{
|
||||
$template = common_local_url('userbyid', array('id' => '31337'));
|
||||
$template = preg_quote($template, '/');
|
||||
$template = str_replace('31337', '(\d+)', $template);
|
||||
if (preg_match("/$template/", $url, $matches)) {
|
||||
return intval($matches[1]);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -675,13 +675,10 @@ class Ostatus_profile extends Memcached_DataObject
|
|||
}
|
||||
|
||||
// Is the recipient a local group?
|
||||
// @fixme we need a uri on user_group
|
||||
// @fixme uri on user_group isn't reliable yet
|
||||
// $group = User_group::staticGet('uri', $recipient);
|
||||
$template = common_local_url('groupbyid', array('id' => '31337'));
|
||||
$template = preg_quote($template, '/');
|
||||
$template = str_replace('31337', '(\d+)', $template);
|
||||
if (preg_match("/$template/", $recipient, $matches)) {
|
||||
$id = $matches[1];
|
||||
$id = OStatusPlugin::localGroupFromUrl($recipient);
|
||||
if ($id) {
|
||||
$group = User_group::staticGet('id', $id);
|
||||
if ($group) {
|
||||
// Deliver to all members of this local group if allowed.
|
||||
|
|
@ -992,7 +989,15 @@ class Ostatus_profile extends Memcached_DataObject
|
|||
|
||||
if (!$homeuri) {
|
||||
common_log(LOG_DEBUG, __METHOD__ . " empty actor profile URI: " . var_export($activity, true));
|
||||
throw new ServerException("No profile URI");
|
||||
throw new Exception("No profile URI");
|
||||
}
|
||||
|
||||
if (OStatusPlugin::localProfileFromUrl($homeuri)) {
|
||||
throw new Exception("Local user can't be referenced as remote.");
|
||||
}
|
||||
|
||||
if (OStatusPlugin::localGroupFromUrl($homeuri)) {
|
||||
throw new Exception("Local group can't be referenced as remote.");
|
||||
}
|
||||
|
||||
if (array_key_exists('feedurl', $hints)) {
|
||||
|
|
|
|||
69
plugins/OStatus/scripts/fixup-shadow.php
Normal file
69
plugins/OStatus/scripts/fixup-shadow.php
Normal file
|
|
@ -0,0 +1,69 @@
|
|||
#!/usr/bin/env php
|
||||
<?php
|
||||
/*
|
||||
* StatusNet - a distributed open-source microblogging tool
|
||||
* Copyright (C) 2010 StatusNet, Inc.
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
define('INSTALLDIR', realpath(dirname(__FILE__) . '/../../..'));
|
||||
|
||||
$longoptions = array('dry-run');
|
||||
|
||||
$helptext = <<<END_OF_USERROLE_HELP
|
||||
fixup_shadow.php [options]
|
||||
Patches up stray ostatus_profile entries with corrupted shadow entries
|
||||
for local users and groups.
|
||||
|
||||
--dry-run look but don't touch
|
||||
|
||||
END_OF_USERROLE_HELP;
|
||||
|
||||
require_once INSTALLDIR.'/scripts/commandline.inc';
|
||||
|
||||
$dry = have_option('dry-run');
|
||||
|
||||
$oprofile = new Ostatus_profile();
|
||||
|
||||
$marker = mt_rand(31337, 31337000);
|
||||
|
||||
$profileTemplate = common_local_url('userbyid', array('id' => $marker));
|
||||
$encProfile = $oprofile->escape($profileTemplate, true);
|
||||
$encProfile = str_replace($marker, '%', $encProfile);
|
||||
|
||||
$groupTemplate = common_local_url('groupbyid', array('id' => $marker));
|
||||
$encGroup = $oprofile->escape($groupTemplate, true);
|
||||
$encGroup = str_replace($marker, '%', $encGroup);
|
||||
|
||||
$sql = "SELECT * FROM ostatus_profile WHERE uri LIKE '%s' OR uri LIKE '%s'";
|
||||
$oprofile->query(sprintf($sql, $encProfile, $encGroup));
|
||||
|
||||
echo "Found $oprofile->N bogus ostatus_profile entries:\n";
|
||||
|
||||
while ($oprofile->fetch()) {
|
||||
echo "$oprofile->uri";
|
||||
|
||||
if ($dry) {
|
||||
echo " (unchanged)\n";
|
||||
} else {
|
||||
echo " deleting...";
|
||||
$evil = clone($oprofile);
|
||||
$evil->delete();
|
||||
echo " ok\n";
|
||||
}
|
||||
}
|
||||
|
||||
echo "done.\n";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user