From 704cdf1b5a7f5f6f7c60c2d79792658de9cb6555 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 26 Sep 2019 04:47:42 +0000 Subject: [PATCH] New function to store the "remote" session value / making the changes work --- src/Core/Session.php | 33 ++++++++++++++++++++++----------- src/Model/Profile.php | 12 +----------- src/Module/Profile.php | 12 ++++++------ src/Protocol/DFRN.php | 8 +++----- src/Util/Security.php | 9 +-------- 5 files changed, 33 insertions(+), 41 deletions(-) diff --git a/src/Core/Session.php b/src/Core/Session.php index 8e6e4c457..55d8e550d 100644 --- a/src/Core/Session.php +++ b/src/Core/Session.php @@ -119,19 +119,10 @@ class Session 'page_flags' => $user_record['page-flags'], 'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'], 'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3), - 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'), - 'remote' => [], + 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0') ]); - $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]); - while ($contact = DBA::fetch($remote_contacts)) { - if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) { - continue; - } - - $_SESSION['remote'][$contact['uid']] = $contact['id']; - } - DBA::close($remote_contacts); + self::setVisitorsContacts(); $member_since = strtotime($user_record['register_date']); self::set('new_member', time() < ($member_since + ( 60 * 60 * 24 * 14))); @@ -244,4 +235,24 @@ class Session return array_search($cid, $_SESSION['remote']); } + + /** + * Set the session variable that contains the contact IDs for the visitor's contact URL + * + * @param string $url Contact URL + */ + public static function setVisitorsContacts() + { + $_SESSION['remote'] = []; + + $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]); + while ($contact = DBA::fetch($remote_contacts)) { + if (($contact['uid'] == 0) || Contact::isBlockedByUser($contact['id'], $contact['uid'])) { + continue; + } + + $_SESSION['remote'][$contact['uid']] = $contact['id']; + } + DBA::close($remote_contacts); + } } diff --git a/src/Model/Profile.php b/src/Model/Profile.php index 69e73fc80..1aaa1907c 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -1116,17 +1116,7 @@ class Profile $_SESSION['visitor_home'] = $visitor['url']; $_SESSION['my_url'] = $visitor['url']; - /// @todo replace this and the query for this variable with some cleaner functionality - $_SESSION['remote'] = []; - - $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => $visitor['nurl'], 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]); - while ($contact = DBA::fetch($remote_contacts)) { - if (($contact['uid'] == 0) || Contact::isBlockedByUser($visitor['id'], $contact['uid'])) { - continue; - } - - $_SESSION['remote'][$contact['uid']] = $contact['id']; - } + Session::setVisitorsContacts(); $a->contact = $visitor; diff --git a/src/Module/Profile.php b/src/Module/Profile.php index d103c614e..98c504425 100644 --- a/src/Module/Profile.php +++ b/src/Module/Profile.php @@ -86,8 +86,8 @@ class Profile extends BaseModule $a->page['htmlhead'] .= "\n"; - $blocked = !local_user() && !remote_user() && Config::get('system', 'block_public'); - $userblock = !local_user() && !remote_user() && $a->profile['hidewall']; + $blocked = !local_user() && !remote_user($a->profile['profile_uid']) && Config::get('system', 'block_public'); + $userblock = !local_user() && !remote_user($a->profile['profile_uid']) && $a->profile['hidewall']; if (!empty($a->profile['page-flags']) && $a->profile['page-flags'] == User::PAGE_FLAGS_COMMUNITY) { $a->page['htmlhead'] .= '' . "\n"; @@ -153,7 +153,7 @@ class Profile extends BaseModule $hashtags = defaults($_GET, 'tag', ''); - if (Config::get('system', 'block_public') && !local_user() && !remote_user()) { + if (Config::get('system', 'block_public') && !local_user() && !remote_user($a->profile['profile_uid'])) { return Login::form(); } @@ -169,12 +169,12 @@ class Profile extends BaseModule Nav::setSelected('home'); } - $remote_contact = ContactModel::isFollower(remote_user(), $a->profile['profile_uid']); + $remote_contact = remote_user($a->profile['profile_uid']); $is_owner = local_user() == $a->profile['profile_uid']; - $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user(); + $last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . $remote_contact; if ($remote_contact) { - $cdata = ContactModel::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']); + $cdata = ContactModel::getPublicAndUserContacID($remote_contact, $a->profile['profile_uid']); if (!empty($cdata['user'])) { $groups = Group::getIdsByContactId($cdata['user']); $remote_cid = $cdata['user']; diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index f55a80a6f..60f4b43c0 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -2863,7 +2863,7 @@ class DFRN // because browser may have multiple connections open and load an image on a connection // whose session wasn't updated when a previous redirect authenticated // Leaving commented in case looping reappears - //return; + // return; } if ((! $contact_nick) || ($contact_nick === $a->user['nickname'])) { @@ -2906,10 +2906,8 @@ class DFRN // and the sense in the $remote[]["cid"] in the session are opposite. // In the session variable the user currently fetching is the contact // while $contact_nick is the nick of tho user who owns the stuff being fetched. - foreach (Session::get('remote', []) as $visitor) { - if ($visitor['uid'] == $contact_uid && $visitor['cid'] == $r[0]['id']) { - return; - } + if (Session::getVisitorContactIDForUserID($contact_uid) == $r[0]['id']) { + return; } $r = q("SELECT * FROM contact WHERE nick = '%s' diff --git a/src/Util/Security.php b/src/Util/Security.php index 0c09b745d..5fc38c940 100644 --- a/src/Util/Security.php +++ b/src/Util/Security.php @@ -110,14 +110,7 @@ class Security extends BaseObject */ if (!$remote_verified) { - $cid = 0; - - foreach (\Friendica\Core\Session::get('remote', []) as $visitor) { - if ($visitor['uid'] == $owner_id) { - $cid = $visitor['cid']; - break; - } - } + $cid = \Friendica\Core\Session::getVisitorContactIDForUserID($owner_id); if ($cid && DBA::exists('contact', ['id' => $cid, 'uid' => $owner_id, 'blocked' => false])) { $remote_verified = true;