Révision 2c8c2b87
Ajouté par Assos Assos il y a presque 9 ans
| drupal7/sites/all/modules/feeds/libraries/PuSHSubscriber.inc | ||
|---|---|---|
| 161 | 161 |
if (isset($_SERVER['HTTP_X_HUB_SIGNATURE']) && ($sub = $this->subscription())) {
|
| 162 | 162 |
$result = array(); |
| 163 | 163 |
parse_str($_SERVER['HTTP_X_HUB_SIGNATURE'], $result); |
| 164 |
if (isset($result['sha1']) && $result['sha1'] == hash_hmac('sha1', $raw, $sub->secret)) {
|
|
| 164 |
if (isset($result['sha1']) && $result['sha1'] === hash_hmac('sha1', $raw, $sub->secret)) {
|
|
| 165 | 165 |
return $raw; |
| 166 | 166 |
} |
| 167 | 167 |
else {
|
| ... | ... | |
| 183 | 183 |
* method handles the challenge. |
| 184 | 184 |
*/ |
| 185 | 185 |
public function verifyRequest() {
|
| 186 |
if (isset($_GET['hub_challenge'])) {
|
|
| 187 |
/** |
|
| 188 |
* If a subscription is present, compare the verify token. If the token |
|
| 189 |
* matches, set the status on the subscription record and confirm |
|
| 190 |
* positive. |
|
| 191 |
* |
|
| 192 |
* If we cannot find a matching subscription and the hub checks on |
|
| 193 |
* 'unsubscribe' confirm positive. |
|
| 194 |
* |
|
| 195 |
* In all other cases confirm negative. |
|
| 196 |
*/ |
|
| 197 |
if ($sub = $this->subscription()) {
|
|
| 198 |
if ($_GET['hub_verify_token'] == $sub->post_fields['hub.verify_token']) {
|
|
| 199 |
if ($_GET['hub_mode'] == 'subscribe' && $sub->status == 'subscribe') {
|
|
| 200 |
$sub->status = 'subscribed'; |
|
| 201 |
$sub->post_fields = array(); |
|
| 202 |
$sub->save(); |
|
| 203 |
$this->log('Verified "subscribe" request.');
|
|
| 204 |
$verify = TRUE; |
|
| 205 |
} |
|
| 206 |
elseif ($_GET['hub_mode'] == 'unsubscribe' && $sub->status == 'unsubscribe') {
|
|
| 207 |
$sub->status = 'unsubscribed'; |
|
| 208 |
$sub->post_fields = array(); |
|
| 209 |
$sub->save(); |
|
| 210 |
$this->log('Verified "unsubscribe" request.');
|
|
| 211 |
$verify = TRUE; |
|
| 212 |
} |
|
| 213 |
} |
|
| 214 |
} |
|
| 215 |
elseif ($_GET['hub_mode'] == 'unsubscribe') {
|
|
| 216 |
$this->log('Verified "unsubscribe" request.');
|
|
| 217 |
$verify = TRUE; |
|
| 218 |
} |
|
| 219 |
if ($verify) {
|
|
| 220 |
header('HTTP/1.1 200 "Found"', NULL, 200);
|
|
| 221 |
print $_GET['hub_challenge']; |
|
| 222 |
drupal_exit(); |
|
| 223 |
} |
|
| 186 |
if (!isset($_GET['hub_challenge'])) {
|
|
| 187 |
return $this->rejectRequest(); |
|
| 224 | 188 |
} |
| 225 |
header('HTTP/1.1 404 "Not Found"', NULL, 404);
|
|
| 226 |
$this->log('Could not verify subscription.', 'error');
|
|
| 189 |
|
|
| 190 |
// Don't accept modes of 'subscribed' or 'unsubscribed'. |
|
| 191 |
if ($_GET['hub_mode'] !== 'subscribe' && $_GET['hub_mode'] !== 'unsubscribe') {
|
|
| 192 |
return $this->rejectRequest(); |
|
| 193 |
} |
|
| 194 |
|
|
| 195 |
// No available subscription. |
|
| 196 |
if (!$sub = $this->subscription()) {
|
|
| 197 |
return $this->rejectRequest(); |
|
| 198 |
} |
|
| 199 |
|
|
| 200 |
// Not what we asked for. |
|
| 201 |
if ($_GET['hub_mode'] !== $sub->status) {
|
|
| 202 |
return $this->rejectRequest(); |
|
| 203 |
} |
|
| 204 |
|
|
| 205 |
// Wrong URL. |
|
| 206 |
if ($_GET['hub_topic'] !== $sub->topic) {
|
|
| 207 |
return $this->rejectRequest(); |
|
| 208 |
} |
|
| 209 |
|
|
| 210 |
if ($sub->status === 'subscribe') {
|
|
| 211 |
$sub->status = 'subscribed'; |
|
| 212 |
$this->log('Verified "subscribe" request.');
|
|
| 213 |
} |
|
| 214 |
else {
|
|
| 215 |
$sub->status = 'unsubscribed'; |
|
| 216 |
$this->log('Verified "unsubscribe" request.');
|
|
| 217 |
} |
|
| 218 |
|
|
| 219 |
$sub->post_fields = array(); |
|
| 220 |
$sub->save(); |
|
| 221 |
|
|
| 222 |
header('HTTP/1.1 200 "Found"', NULL, 200);
|
|
| 223 |
print check_plain($_GET['hub_challenge']); |
|
| 227 | 224 |
drupal_exit(); |
| 228 | 225 |
} |
| 229 | 226 |
|
| ... | ... | |
| 244 | 241 |
* @todo Make concurrency safe. |
| 245 | 242 |
*/ |
| 246 | 243 |
protected function request($hub, $topic, $mode, $callback_url) {
|
| 247 |
$secret = hash('sha1', uniqid(rand(), TRUE));
|
|
| 244 |
$secret = drupal_random_key(40);
|
|
| 248 | 245 |
$post_fields = array( |
| 249 | 246 |
'hub.callback' => $callback_url, |
| 250 | 247 |
'hub.mode' => $mode, |
| ... | ... | |
| 252 | 249 |
'hub.verify' => 'sync', |
| 253 | 250 |
'hub.lease_seconds' => '', // Permanent subscription. |
| 254 | 251 |
'hub.secret' => $secret, |
| 255 |
'hub.verify_token' => md5(session_id() . rand()), |
|
| 256 | 252 |
); |
| 257 | 253 |
$sub = new $this->subscription_class($this->domain, $this->subscriber_id, $hub, $topic, $secret, $mode, $post_fields); |
| 258 | 254 |
$sub->save(); |
| ... | ... | |
| 310 | 306 |
protected function log($msg, $level = 'status') {
|
| 311 | 307 |
$this->env->log("{$this->domain}:{$this->subscriber_id}\t$msg", $level);
|
| 312 | 308 |
} |
| 309 |
|
|
| 310 |
/** |
|
| 311 |
* Rejects a request subscription request. |
|
| 312 |
*/ |
|
| 313 |
protected function rejectRequest() {
|
|
| 314 |
header('HTTP/1.1 404 "Not Found"', NULL, 404);
|
|
| 315 |
$this->log('Could not verify subscription.', 'error');
|
|
| 316 |
drupal_exit(); |
|
| 317 |
} |
|
| 318 |
|
|
| 313 | 319 |
} |
| 314 | 320 |
|
| 315 | 321 |
/** |
Formats disponibles : Unified diff
Weekly update of contrib modules