GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Import backlog on new subscription.

Browse Source 
Danger is when importing a new feed that may be maliciously crafted
to contain a zillion entries.
This commit is contained in:
Mikael Nordfeldth
2017-04-21 09:31:27 +02:00
parent f51cb6fca9
commit e98bceec10
3 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
plugins/OStatus/classes/FeedSub.php
View File

@@ -405,6 +405,7 @@ class FeedSub extends Managed_DataObject
}
$this->modified = common_sql_now();
common_debug(__METHOD__ . ': Updating sub state and metadata for '.$this->getUri());
return $this->update($original);
}
@@ -463,6 +464,24 @@ class FeedSub extends Managed_DataObject
$this->receiveFeed($post);
}
/**
* All our feed URIs should be URLs.
*/
public function importFeed()
{
$feed_url = $this->getUri();
// Fetch the URL
try {
common_log(LOG_INFO, sprintf('Importing feed backlog from %s', $feed_url));
$feed_xml = HTTPClient::quickGet($feed_url, 'application/atom+xml');
} catch (Exception $e) {
throw new FeedSubException("Could not fetch feed from URL '%s': %s (%d).\n", $feed_url, $e->getMessage(), $e->getCode());
}
return $this->receiveFeed($feed_xml);
}
protected function receiveFeed($feed_xml)
{
// We're passed the XML for the Atom feed as $feed_xml,