Index: subscribe.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/subscribe/subscribe.module,v
retrieving revision 1.21.2.5
diff -u -p -r1.21.2.5 subscribe.module
--- subscribe.module	1 Nov 2006 15:45:56 -0000	1.21.2.5
+++ subscribe.module	31 Jan 2007 00:42:45 -0000
@@ -472,7 +472,9 @@ function subscribe_vocabmap_form_submit(
  */
 function subscribe_vocabmap_save($local_vocabularies, $sid) {
   db_query("DELETE FROM {subscribe_vocab_map} WHERE sid = '%s'", $sid);
-  foreach ($local_vocabularies as $lvid => $rvid) {
+  // Roland Tanglao hacked patch
+  foreach ($local_vocabularies as $rvid => $lvid) {
+  //  foreach ($local_vocabularies as $lvid => $rvid) {
     db_query("INSERT INTO {subscribe_vocab_map} (sid, remote_vid, local_vid) VALUES (%d, %d, %d)", $sid, $rvid, $lvid);
   }
 }
@@ -890,13 +892,23 @@ function subscribe_xmlc_cancel_subscript
  */
 
 function subscribe_xmls_receive($message) {
-  $subscription = db_fetch_object(db_query("SELECT * FROM {subscribe_subscriptions} WHERE token = '%s' AND method = 'push' AND rsid = %d", $message['token'], $message['rsid']));
-  if (!$subscription) {
+// Roland Tanglao patch - 'method' is stored as an integer not a string!
+$subscription = db_fetch_object(db_query("SELECT * FROM {subscribe_subscriptions} WHERE token = '%s' AND method = 0  AND rsid = %d", $message['token'], $message['rsid']));
+/*
+$subscription = db_fetch_object(db_query("SELECT * FROM {subscribe_subscriptions} WHERE token = '%s' AND method = 'push' AND rsid = %d", $message['token'], $message['rsid']));
+*/
+if (!$subscription) {
     return xmlrpc_error(801, t('No such subscription'));
   }
 
 
   // verify that it's from a domain that we trust
+// Roland Tanglao patch: the following code does not work in a multi hosting environment
+// to make it work follow Steven Wittens' proposal: subscribe side passes its domain 
+// name to publish side, publish side sees if the ip adress the of the subscribe 
+// side domain name is equal to the ipaddress from $_SERVER['REMOTE_ADDR']
+// if equal then domain can be trusted!
+/*
   $ip = $_SERVER['REMOTE_ADDR'];
   if ($ip != '127.0.0.1') {
     $host = gethostbyaddr($ip);
@@ -905,7 +917,7 @@ function subscribe_xmls_receive($message
       return xmlrpc_error(701, t('Publishing domain not trusted.'));
     }
   }
-
+*/
   $site_metadata = array('site_url' => $message['site_url'], 'site_name' => $message['site_name'], 'sid' => $subscription->sid);
   list($n_counter, $u_counter, $t_counter) = subscribe_import($message['nodes'], $site_metadata);
   $result = t("New content from %name. Nodes imported: %ncount; noded updated: %ucount; terms imported: %tcount.", array('%ncount' => $n_counter, '%ucount' => $u_counter, '%tcount' => $t_counter, '%name' => $subscription->name));
@@ -944,4 +956,4 @@ function _subscribe_db_fields($table_nam
     case 'subscribe_subscriptions':
       return array('sid', 'rsid', 'name', 'base_url', 'url', 'channel_id', 'domain', 'username', 'pass', 'token', 'method', 'last_update');
   }
-}
\ No newline at end of file
+}
