Project

General

Profile

Revision 2c8c2b87

Added by Assos Assos about 9 years ago

Weekly update of contrib modules

View differences:

drupal7/sites/all/modules/feeds/libraries/PuSHSubscriber.inc
161 161
        if (isset($_SERVER['HTTP_X_HUB_SIGNATURE']) && ($sub = $this->subscription())) {
162 162
          $result = array();
163 163
          parse_str($_SERVER['HTTP_X_HUB_SIGNATURE'], $result);
164
          if (isset($result['sha1']) && $result['sha1'] == hash_hmac('sha1', $raw, $sub->secret)) {
164
          if (isset($result['sha1']) && $result['sha1'] === hash_hmac('sha1', $raw, $sub->secret)) {
165 165
            return $raw;
166 166
          }
167 167
          else {
......
183 183
   * method handles the challenge.
184 184
   */
185 185
  public function verifyRequest() {
186
    if (isset($_GET['hub_challenge'])) {
187
      /**
188
       * If a subscription is present, compare the verify token. If the token
189
       * matches, set the status on the subscription record and confirm
190
       * positive.
191
       *
192
       * If we cannot find a matching subscription and the hub checks on
193
       * 'unsubscribe' confirm positive.
194
       *
195
       * In all other cases confirm negative.
196
       */
197
      if ($sub = $this->subscription()) {
198
        if ($_GET['hub_verify_token'] == $sub->post_fields['hub.verify_token']) {
199
          if ($_GET['hub_mode'] == 'subscribe' && $sub->status == 'subscribe') {
200
            $sub->status = 'subscribed';
201
            $sub->post_fields = array();
202
            $sub->save();
203
            $this->log('Verified "subscribe" request.');
204
            $verify = TRUE;
205
          }
206
          elseif ($_GET['hub_mode'] == 'unsubscribe' && $sub->status == 'unsubscribe') {
207
            $sub->status = 'unsubscribed';
208
            $sub->post_fields = array();
209
            $sub->save();
210
            $this->log('Verified "unsubscribe" request.');
211
            $verify = TRUE;
212
          }
213
        }
214
      }
215
      elseif ($_GET['hub_mode'] == 'unsubscribe') {
216
        $this->log('Verified "unsubscribe" request.');
217
        $verify = TRUE;
218
      }
219
      if ($verify) {
220
        header('HTTP/1.1 200 "Found"', NULL, 200);
221
        print $_GET['hub_challenge'];
222
        drupal_exit();
223
      }
186
    if (!isset($_GET['hub_challenge'])) {
187
      return $this->rejectRequest();
224 188
    }
225
    header('HTTP/1.1 404 "Not Found"', NULL, 404);
226
    $this->log('Could not verify subscription.', 'error');
189

  
190
    // Don't accept modes of 'subscribed' or 'unsubscribed'.
191
    if ($_GET['hub_mode'] !== 'subscribe' && $_GET['hub_mode'] !== 'unsubscribe') {
192
      return $this->rejectRequest();
193
    }
194

  
195
    // No available subscription.
196
    if (!$sub = $this->subscription()) {
197
      return $this->rejectRequest();
198
    }
199

  
200
    // Not what we asked for.
201
    if ($_GET['hub_mode'] !== $sub->status) {
202
      return $this->rejectRequest();
203
    }
204

  
205
    // Wrong URL.
206
    if ($_GET['hub_topic'] !== $sub->topic) {
207
      return $this->rejectRequest();
208
    }
209

  
210
    if ($sub->status === 'subscribe') {
211
      $sub->status = 'subscribed';
212
      $this->log('Verified "subscribe" request.');
213
    }
214
    else {
215
      $sub->status = 'unsubscribed';
216
      $this->log('Verified "unsubscribe" request.');
217
    }
218

  
219
    $sub->post_fields = array();
220
    $sub->save();
221

  
222
    header('HTTP/1.1 200 "Found"', NULL, 200);
223
    print check_plain($_GET['hub_challenge']);
227 224
    drupal_exit();
228 225
  }
229 226

  
......
244 241
   * @todo Make concurrency safe.
245 242
   */
246 243
  protected function request($hub, $topic, $mode, $callback_url) {
247
    $secret = hash('sha1', uniqid(rand(), TRUE));
244
    $secret = drupal_random_key(40);
248 245
    $post_fields = array(
249 246
      'hub.callback' => $callback_url,
250 247
      'hub.mode' => $mode,
......
252 249
      'hub.verify' => 'sync',
253 250
      'hub.lease_seconds' => '', // Permanent subscription.
254 251
      'hub.secret' => $secret,
255
      'hub.verify_token' => md5(session_id() . rand()),
256 252
    );
257 253
    $sub = new $this->subscription_class($this->domain, $this->subscriber_id, $hub, $topic, $secret, $mode, $post_fields);
258 254
    $sub->save();
......
310 306
  protected function log($msg, $level = 'status') {
311 307
    $this->env->log("{$this->domain}:{$this->subscriber_id}\t$msg", $level);
312 308
  }
309

  
310
  /**
311
   * Rejects a request subscription request.
312
   */
313
  protected function rejectRequest() {
314
    header('HTTP/1.1 404 "Not Found"', NULL, 404);
315
    $this->log('Could not verify subscription.', 'error');
316
    drupal_exit();
317
  }
318

  
313 319
}
314 320

  
315 321
/**

Also available in: Unified diff