Révision 2c8c2b87
Ajouté par Assos Assos il y a presque 9 ans
drupal7/sites/all/modules/feeds/libraries/PuSHSubscriber.inc | ||
---|---|---|
161 | 161 |
if (isset($_SERVER['HTTP_X_HUB_SIGNATURE']) && ($sub = $this->subscription())) { |
162 | 162 |
$result = array(); |
163 | 163 |
parse_str($_SERVER['HTTP_X_HUB_SIGNATURE'], $result); |
164 |
if (isset($result['sha1']) && $result['sha1'] == hash_hmac('sha1', $raw, $sub->secret)) { |
|
164 |
if (isset($result['sha1']) && $result['sha1'] === hash_hmac('sha1', $raw, $sub->secret)) {
|
|
165 | 165 |
return $raw; |
166 | 166 |
} |
167 | 167 |
else { |
... | ... | |
183 | 183 |
* method handles the challenge. |
184 | 184 |
*/ |
185 | 185 |
public function verifyRequest() { |
186 |
if (isset($_GET['hub_challenge'])) { |
|
187 |
/** |
|
188 |
* If a subscription is present, compare the verify token. If the token |
|
189 |
* matches, set the status on the subscription record and confirm |
|
190 |
* positive. |
|
191 |
* |
|
192 |
* If we cannot find a matching subscription and the hub checks on |
|
193 |
* 'unsubscribe' confirm positive. |
|
194 |
* |
|
195 |
* In all other cases confirm negative. |
|
196 |
*/ |
|
197 |
if ($sub = $this->subscription()) { |
|
198 |
if ($_GET['hub_verify_token'] == $sub->post_fields['hub.verify_token']) { |
|
199 |
if ($_GET['hub_mode'] == 'subscribe' && $sub->status == 'subscribe') { |
|
200 |
$sub->status = 'subscribed'; |
|
201 |
$sub->post_fields = array(); |
|
202 |
$sub->save(); |
|
203 |
$this->log('Verified "subscribe" request.'); |
|
204 |
$verify = TRUE; |
|
205 |
} |
|
206 |
elseif ($_GET['hub_mode'] == 'unsubscribe' && $sub->status == 'unsubscribe') { |
|
207 |
$sub->status = 'unsubscribed'; |
|
208 |
$sub->post_fields = array(); |
|
209 |
$sub->save(); |
|
210 |
$this->log('Verified "unsubscribe" request.'); |
|
211 |
$verify = TRUE; |
|
212 |
} |
|
213 |
} |
|
214 |
} |
|
215 |
elseif ($_GET['hub_mode'] == 'unsubscribe') { |
|
216 |
$this->log('Verified "unsubscribe" request.'); |
|
217 |
$verify = TRUE; |
|
218 |
} |
|
219 |
if ($verify) { |
|
220 |
header('HTTP/1.1 200 "Found"', NULL, 200); |
|
221 |
print $_GET['hub_challenge']; |
|
222 |
drupal_exit(); |
|
223 |
} |
|
186 |
if (!isset($_GET['hub_challenge'])) { |
|
187 |
return $this->rejectRequest(); |
|
224 | 188 |
} |
225 |
header('HTTP/1.1 404 "Not Found"', NULL, 404); |
|
226 |
$this->log('Could not verify subscription.', 'error'); |
|
189 |
|
|
190 |
// Don't accept modes of 'subscribed' or 'unsubscribed'. |
|
191 |
if ($_GET['hub_mode'] !== 'subscribe' && $_GET['hub_mode'] !== 'unsubscribe') { |
|
192 |
return $this->rejectRequest(); |
|
193 |
} |
|
194 |
|
|
195 |
// No available subscription. |
|
196 |
if (!$sub = $this->subscription()) { |
|
197 |
return $this->rejectRequest(); |
|
198 |
} |
|
199 |
|
|
200 |
// Not what we asked for. |
|
201 |
if ($_GET['hub_mode'] !== $sub->status) { |
|
202 |
return $this->rejectRequest(); |
|
203 |
} |
|
204 |
|
|
205 |
// Wrong URL. |
|
206 |
if ($_GET['hub_topic'] !== $sub->topic) { |
|
207 |
return $this->rejectRequest(); |
|
208 |
} |
|
209 |
|
|
210 |
if ($sub->status === 'subscribe') { |
|
211 |
$sub->status = 'subscribed'; |
|
212 |
$this->log('Verified "subscribe" request.'); |
|
213 |
} |
|
214 |
else { |
|
215 |
$sub->status = 'unsubscribed'; |
|
216 |
$this->log('Verified "unsubscribe" request.'); |
|
217 |
} |
|
218 |
|
|
219 |
$sub->post_fields = array(); |
|
220 |
$sub->save(); |
|
221 |
|
|
222 |
header('HTTP/1.1 200 "Found"', NULL, 200); |
|
223 |
print check_plain($_GET['hub_challenge']); |
|
227 | 224 |
drupal_exit(); |
228 | 225 |
} |
229 | 226 |
|
... | ... | |
244 | 241 |
* @todo Make concurrency safe. |
245 | 242 |
*/ |
246 | 243 |
protected function request($hub, $topic, $mode, $callback_url) { |
247 |
$secret = hash('sha1', uniqid(rand(), TRUE));
|
|
244 |
$secret = drupal_random_key(40);
|
|
248 | 245 |
$post_fields = array( |
249 | 246 |
'hub.callback' => $callback_url, |
250 | 247 |
'hub.mode' => $mode, |
... | ... | |
252 | 249 |
'hub.verify' => 'sync', |
253 | 250 |
'hub.lease_seconds' => '', // Permanent subscription. |
254 | 251 |
'hub.secret' => $secret, |
255 |
'hub.verify_token' => md5(session_id() . rand()), |
|
256 | 252 |
); |
257 | 253 |
$sub = new $this->subscription_class($this->domain, $this->subscriber_id, $hub, $topic, $secret, $mode, $post_fields); |
258 | 254 |
$sub->save(); |
... | ... | |
310 | 306 |
protected function log($msg, $level = 'status') { |
311 | 307 |
$this->env->log("{$this->domain}:{$this->subscriber_id}\t$msg", $level); |
312 | 308 |
} |
309 |
|
|
310 |
/** |
|
311 |
* Rejects a request subscription request. |
|
312 |
*/ |
|
313 |
protected function rejectRequest() { |
|
314 |
header('HTTP/1.1 404 "Not Found"', NULL, 404); |
|
315 |
$this->log('Could not verify subscription.', 'error'); |
|
316 |
drupal_exit(); |
|
317 |
} |
|
318 |
|
|
313 | 319 |
} |
314 | 320 |
|
315 | 321 |
/** |
Formats disponibles : Unified diff
Weekly update of contrib modules