From 1a21f19f42619bd847c28790a266da6f31be8335 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 26 Mar 2023 18:30:31 -0400 Subject: [PATCH 1/4] Add exception throw when contact data isn't available in Factory/Api/Mastodon/Relationship - Address https://github.com/friendica/friendica/issues/12486#issuecomment-1445323023 - Remove default value to parameter which array keys are used in method body --- src/Factory/Api/Mastodon/Relationship.php | 9 ++++++++- src/Object/Api/Mastodon/Relationship.php | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/Factory/Api/Mastodon/Relationship.php b/src/Factory/Api/Mastodon/Relationship.php index f1ca4a1f9..8ae72ae9b 100644 --- a/src/Factory/Api/Mastodon/Relationship.php +++ b/src/Factory/Api/Mastodon/Relationship.php @@ -22,6 +22,7 @@ namespace Friendica\Factory\Api\Mastodon; use Exception; +use Friendica\Network\HTTPException; use Friendica\Object\Api\Mastodon\Relationship as RelationshipEntity; use Friendica\BaseFactory; use Friendica\Model\Contact; @@ -41,9 +42,15 @@ class Relationship extends BaseFactory $pcid = !empty($cdata['public']) ? $cdata['public'] : $contactId; $cid = !empty($cdata['user']) ? $cdata['user'] : $contactId; + $contact = Contact::getById($cid); + if (!$contact) { + $this->logger->warning('Target contact not found', ['contactId' => $contactId, 'uid' => $uid, 'pcid' => $pcid, 'cid' => $cid]); + throw new HTTPException\NotFoundException('Contact not found.'); + } + return new RelationshipEntity( $pcid, - Contact::getById($cid), + $contact, Contact\User::isBlocked($cid, $uid), Contact\User::isIgnored($cid, $uid) ); diff --git a/src/Object/Api/Mastodon/Relationship.php b/src/Object/Api/Mastodon/Relationship.php index 42d0e7311..c042e81b5 100644 --- a/src/Object/Api/Mastodon/Relationship.php +++ b/src/Object/Api/Mastodon/Relationship.php @@ -77,7 +77,7 @@ class Relationship extends BaseDataTransferObject * @param bool $blocked "true" if user is blocked * @param bool $muted "true" if user is muted */ - public function __construct(int $contactId, array $contactRecord = [], bool $blocked = false, bool $muted = false) + public function __construct(int $contactId, array $contactRecord, bool $blocked = false, bool $muted = false) { $this->id = (string)$contactId; $this->following = false; From 8ab5fddafd637aee39b3045af5f313ef333c4427 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 26 Mar 2023 18:46:16 -0400 Subject: [PATCH 2/4] Don't try to follow remote item from non-URI or scheme-less URI - Address https://github.com/friendica/friendica/issues/12486#issuecomment-1407679388 - Address https://github.com/friendica/friendica/issues/12486#issuecomment-1433112562 --- src/Module/Contact/Follow.php | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/src/Module/Contact/Follow.php b/src/Module/Contact/Follow.php index 57e9ff634..0199aca78 100644 --- a/src/Module/Contact/Follow.php +++ b/src/Module/Contact/Follow.php @@ -40,6 +40,7 @@ use Friendica\Network\HTTPException\ForbiddenException; use Friendica\Network\Probe; use Friendica\Util\Profiler; use Friendica\Util\Strings; +use GuzzleHttp\Psr7\Uri; use Psr\Log\LoggerInterface; class Follow extends BaseModule @@ -223,17 +224,26 @@ class Follow extends BaseModule protected function followRemoteItem(string $url) { - $itemId = Item::fetchByLink($url, $this->session->getLocalUserId()); - if (!$itemId) { - // If the user-specific search failed, we search and probe a public post - $itemId = Item::fetchByLink($url); - } - - if (!empty($itemId)) { - $item = Post::selectFirst(['guid'], ['id' => $itemId]); - if (!empty($item['guid'])) { - $this->baseUrl->redirect('display/' . $item['guid']); + try { + $uri = new Uri($url); + if (!$uri->getScheme()) { + return; } + + $itemId = Item::fetchByLink($url, $this->session->getLocalUserId()); + if (!$itemId) { + // If the user-specific search failed, we search and probe a public post + $itemId = Item::fetchByLink($url); + } + + if (!empty($itemId)) { + $item = Post::selectFirst(['guid'], ['id' => $itemId]); + if (!empty($item['guid'])) { + $this->baseUrl->redirect('display/' . $item['guid']); + } + } + } catch (\InvalidArgumentException $e) { + return; } } } From 2fdf39e8b88affd5fa537fef5d11d52a0bf13017 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 26 Mar 2023 18:49:42 -0400 Subject: [PATCH 3/4] Skip nonexistent contacts in Pofile/Contacts - Address part of https://github.com/friendica/friendica/issues/12486#issuecomment-1428489772 --- src/Module/Profile/Contacts.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Module/Profile/Contacts.php b/src/Module/Profile/Contacts.php index dde138d8c..3942ac5d8 100644 --- a/src/Module/Profile/Contacts.php +++ b/src/Module/Profile/Contacts.php @@ -121,11 +121,14 @@ class Contacts extends Module\BaseProfile ['uri-id' => $contact['uri-id'], 'uid' => [0, $this->userSession->getLocalUserId()]], ['order' => ['uid' => 'DESC']] ); - return Module\Contact::getContactTemplateVars($contact); + return $contact ? Module\Contact::getContactTemplateVars($contact) : null; }, Model\Contact::selectToArray(['uri-id'], $condition, $params) ); + // Remove nonexistent contacts + $contacts = array_filter($contacts); + $desc = ''; switch ($type) { case 'followers': From b268fa60e7c523672a64bbefede43ff89e651d5f Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sun, 26 Mar 2023 19:00:48 -0400 Subject: [PATCH 4/4] Add explicit parameter to IHandleUserSession->setvisitorContacts - Convert some remaining $_SESSION references to object calls - Address part of https://github.com/friendica/friendica/issues/12486#issuecomment-1428489772 --- .../Session/Capability/IHandleUserSessions.php | 4 +++- src/Core/Session/Model/UserSession.php | 4 ++-- src/Model/Profile.php | 16 +++++++++------- src/Security/Authentication.php | 6 ++++-- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/Core/Session/Capability/IHandleUserSessions.php b/src/Core/Session/Capability/IHandleUserSessions.php index 507b9e042..5734eafdf 100644 --- a/src/Core/Session/Capability/IHandleUserSessions.php +++ b/src/Core/Session/Capability/IHandleUserSessions.php @@ -109,6 +109,8 @@ interface IHandleUserSessions extends IHandleSessions /** * Set the session variable that contains the contact IDs for the visitor's contact URL + * + * @param string $my_url */ - public function setVisitorsContacts(); + public function setVisitorsContacts(string $my_url); } diff --git a/src/Core/Session/Model/UserSession.php b/src/Core/Session/Model/UserSession.php index a544487bd..8dfc3d832 100644 --- a/src/Core/Session/Model/UserSession.php +++ b/src/Core/Session/Model/UserSession.php @@ -140,9 +140,9 @@ class UserSession implements IHandleUserSessions } /** {@inheritDoc} */ - public function setVisitorsContacts() + public function setVisitorsContacts(string $my_url) { - $this->session->set('remote', Contact::getVisitorByUrl($this->session->get('my_url'))); + $this->session->set('remote', Contact::getVisitorByUrl($my_url)); } /** {@inheritDoc} */ diff --git a/src/Model/Profile.php b/src/Model/Profile.php index e2857947c..e6c8e4822 100644 --- a/src/Model/Profile.php +++ b/src/Model/Profile.php @@ -795,14 +795,16 @@ class Profile $visitor = Contact::getById($cid); // Authenticate the visitor. - $_SESSION['authenticated'] = 1; - $_SESSION['visitor_id'] = $visitor['id']; - $_SESSION['visitor_handle'] = $visitor['addr']; - $_SESSION['visitor_home'] = $visitor['url']; - $_SESSION['my_url'] = $visitor['url']; - $_SESSION['remote_comment'] = $visitor['subscribe']; + DI::userSession()->setMultiple([ + 'authenticated' => 1, + 'visitor_id' => $visitor['id'], + 'visitor_handle' => $visitor['addr'], + 'visitor_home' => $visitor['url'], + 'my_url' => $visitor['url'], + 'remote_comment' => $visitor['subscribe'], + ]); - DI::userSession()->setVisitorsContacts(); + DI::userSession()->setVisitorsContacts($visitor['url']); $a->setContactId($visitor['id']); diff --git a/src/Security/Authentication.php b/src/Security/Authentication.php index 4db5fdfed..91963ee39 100644 --- a/src/Security/Authentication.php +++ b/src/Security/Authentication.php @@ -323,19 +323,21 @@ class Authentication */ public function setForUser(App $a, array $user_record, bool $login_initial = false, bool $interactive = false, bool $login_refresh = false) { + $my_url = $this->baseUrl . '/profile/' . $user_record['nickname']; + $this->session->setMultiple([ 'uid' => $user_record['uid'], 'theme' => $user_record['theme'], 'mobile-theme' => $this->pConfig->get($user_record['uid'], 'system', 'mobile_theme'), 'authenticated' => 1, 'page_flags' => $user_record['page-flags'], - 'my_url' => $this->baseUrl . '/profile/' . $user_record['nickname'], + 'my_url' => $my_url, 'my_address' => $user_record['nickname'] . '@' . substr($this->baseUrl, strpos($this->baseUrl, '://') + 3), 'addr' => $this->remoteAddress, 'nickname' => $user_record['nickname'], ]); - $this->session->setVisitorsContacts(); + $this->session->setVisitorsContacts($my_url); $member_since = strtotime($user_record['register_date']); $this->session->set('new_member', time() < ($member_since + (60 * 60 * 24 * 14)));