Import backlog on new subscription.

Danger is when importing a new feed that may be maliciously crafted
to contain a zillion entries.
This commit is contained in:
Mikael Nordfeldth 2017-04-21 09:31:27 +02:00
parent f51cb6fca9
commit e98bceec10
3 changed files with 33 additions and 3 deletions

View File

@ -77,7 +77,7 @@ class PushCallbackAction extends Action
/** /**
* Handler for GET verification requests from the hub. * Handler for GET verification requests from the hub.
*/ */
function handleGet() public function handleGet()
{ {
$mode = $this->arg('hub_mode'); $mode = $this->arg('hub_mode');
$topic = $this->arg('hub_topic'); $topic = $this->arg('hub_topic');
@ -110,12 +110,21 @@ class PushCallbackAction extends Action
} }
if ($mode == 'subscribe') { if ($mode == 'subscribe') {
if ($feedsub->sub_state == 'active') { $renewal = ($feedsub->sub_state == 'active');
if ($renewal) {
common_log(LOG_INFO, __METHOD__ . ': sub update confirmed'); common_log(LOG_INFO, __METHOD__ . ': sub update confirmed');
} else { } else {
common_log(LOG_INFO, __METHOD__ . ': sub confirmed'); common_log(LOG_INFO, __METHOD__ . ': sub confirmed');
} }
$feedsub->confirmSubscribe($lease_seconds); $feedsub->confirmSubscribe($lease_seconds);
if (!$renewal) {
// Kickstart the feed by importing its most recent backlog
// FIXME: Send this to background queue handling
common_log(LOG_INFO, __METHOD__ . ': Confirmed a new subscription, importing backlog...');
$feedsub->importFeed();
}
} else { } else {
common_log(LOG_INFO, __METHOD__ . ": unsub confirmed; deleting sub record for $topic"); common_log(LOG_INFO, __METHOD__ . ": unsub confirmed; deleting sub record for $topic");
$feedsub->confirmUnsubscribe(); $feedsub->confirmUnsubscribe();

View File

@ -405,6 +405,7 @@ class FeedSub extends Managed_DataObject
} }
$this->modified = common_sql_now(); $this->modified = common_sql_now();
common_debug(__METHOD__ . ': Updating sub state and metadata for '.$this->getUri());
return $this->update($original); return $this->update($original);
} }
@ -463,6 +464,24 @@ class FeedSub extends Managed_DataObject
$this->receiveFeed($post); $this->receiveFeed($post);
} }
/**
* All our feed URIs should be URLs.
*/
public function importFeed()
{
$feed_url = $this->getUri();
// Fetch the URL
try {
common_log(LOG_INFO, sprintf('Importing feed backlog from %s', $feed_url));
$feed_xml = HTTPClient::quickGet($feed_url, 'application/atom+xml');
} catch (Exception $e) {
throw new FeedSubException("Could not fetch feed from URL '%s': %s (%d).\n", $feed_url, $e->getMessage(), $e->getCode());
}
return $this->receiveFeed($feed_xml);
}
protected function receiveFeed($feed_xml) protected function receiveFeed($feed_xml)
{ {
// We're passed the XML for the Atom feed as $feed_xml, // We're passed the XML for the Atom feed as $feed_xml,

View File

@ -53,9 +53,11 @@ if (!$sub) {
exit(1); exit(1);
} }
// XXX: This could maybe be replaced with $sub->importFeed()
// Fetch the URL // Fetch the URL
try { try {
$xml = HTTPClient::quickGet($feedurl, 'text/html,application/xhtml+xml'); $xml = HTTPClient::quickGet($feedurl, 'application/atom+xml');
} catch (Exception $e) { } catch (Exception $e) {
echo sprintf("Could not fetch feedurl %s (%d).\n", $e->getMessage(), $e->getCode()); echo sprintf("Could not fetch feedurl %s (%d).\n", $e->getMessage(), $e->getCode());
exit(1); exit(1);