summaryrefslogtreecommitdiff
path: root/plugins/OStatus/classes
diff options
context:
space:
mode:
authorBrion Vibber <brion@pobox.com>2010-03-10 17:00:05 -0800
committerBrion Vibber <brion@pobox.com>2010-03-10 17:00:05 -0800
commit66518df4356ea878bfd8693191f0354caebfb549 (patch)
tree1d281cf5ec0dba7ec28da10b61538fd1bfb8a523 /plugins/OStatus/classes
parent5cd020bf299619ca2844f4d14418891a59a0dd22 (diff)
OStatus: reject attempts to create a remote profile for a local user or group.
Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
Diffstat (limited to 'plugins/OStatus/classes')
-rw-r--r--plugins/OStatus/classes/Ostatus_profile.php19
1 files changed, 12 insertions, 7 deletions
diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php
index abc8100ce..6ae8e4fd5 100644
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -675,13 +675,10 @@ class Ostatus_profile extends Memcached_DataObject
}
// Is the recipient a local group?
- // @fixme we need a uri on user_group
+ // @fixme uri on user_group isn't reliable yet
// $group = User_group::staticGet('uri', $recipient);
- $template = common_local_url('groupbyid', array('id' => '31337'));
- $template = preg_quote($template, '/');
- $template = str_replace('31337', '(\d+)', $template);
- if (preg_match("/$template/", $recipient, $matches)) {
- $id = $matches[1];
+ $id = OStatusPlugin::localGroupFromUrl($recipient);
+ if ($id) {
$group = User_group::staticGet('id', $id);
if ($group) {
// Deliver to all members of this local group if allowed.
@@ -992,7 +989,15 @@ class Ostatus_profile extends Memcached_DataObject
if (!$homeuri) {
common_log(LOG_DEBUG, __METHOD__ . " empty actor profile URI: " . var_export($activity, true));
- throw new ServerException("No profile URI");
+ throw new Exception("No profile URI");
+ }
+
+ if (OStatusPlugin::localProfileFromUrl($homeuri)) {
+ throw new Exception("Local user can't be referenced as remote.");
+ }
+
+ if (OStatusPlugin::localGroupFromUrl($homeuri)) {
+ throw new Exception("Local group can't be referenced as remote.");
}
if (array_key_exists('feedurl', $hints)) {