Index: subscribe.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/subscribe/subscribe.module,v retrieving revision 1.21.2.5 diff -u -p -r1.21.2.5 subscribe.module --- subscribe.module 1 Nov 2006 15:45:56 -0000 1.21.2.5 +++ subscribe.module 31 Jan 2007 00:42:45 -0000 @@ -472,7 +472,9 @@ function subscribe_vocabmap_form_submit( */ function subscribe_vocabmap_save($local_vocabularies, $sid) { db_query("DELETE FROM {subscribe_vocab_map} WHERE sid = '%s'", $sid); - foreach ($local_vocabularies as $lvid => $rvid) { + // Roland Tanglao hacked patch + foreach ($local_vocabularies as $rvid => $lvid) { + // foreach ($local_vocabularies as $lvid => $rvid) { db_query("INSERT INTO {subscribe_vocab_map} (sid, remote_vid, local_vid) VALUES (%d, %d, %d)", $sid, $rvid, $lvid); } } @@ -890,13 +892,23 @@ function subscribe_xmlc_cancel_subscript */ function subscribe_xmls_receive($message) { - $subscription = db_fetch_object(db_query("SELECT * FROM {subscribe_subscriptions} WHERE token = '%s' AND method = 'push' AND rsid = %d", $message['token'], $message['rsid'])); - if (!$subscription) { +// Roland Tanglao patch - 'method' is stored as an integer not a string! +$subscription = db_fetch_object(db_query("SELECT * FROM {subscribe_subscriptions} WHERE token = '%s' AND method = 0 AND rsid = %d", $message['token'], $message['rsid'])); +/* +$subscription = db_fetch_object(db_query("SELECT * FROM {subscribe_subscriptions} WHERE token = '%s' AND method = 'push' AND rsid = %d", $message['token'], $message['rsid'])); +*/ +if (!$subscription) { return xmlrpc_error(801, t('No such subscription')); } // verify that it's from a domain that we trust +// Roland Tanglao patch: the following code does not work in a multi hosting environment +// to make it work follow Steven Wittens' proposal: subscribe side passes its domain +// name to publish side, publish side sees if the ip adress the of the subscribe +// side domain name is equal to the ipaddress from $_SERVER['REMOTE_ADDR'] +// if equal then domain can be trusted! +/* $ip = $_SERVER['REMOTE_ADDR']; if ($ip != '127.0.0.1') { $host = gethostbyaddr($ip); @@ -905,7 +917,7 @@ function subscribe_xmls_receive($message return xmlrpc_error(701, t('Publishing domain not trusted.')); } } - +*/ $site_metadata = array('site_url' => $message['site_url'], 'site_name' => $message['site_name'], 'sid' => $subscription->sid); list($n_counter, $u_counter, $t_counter) = subscribe_import($message['nodes'], $site_metadata); $result = t("New content from %name. Nodes imported: %ncount; noded updated: %ucount; terms imported: %tcount.", array('%ncount' => $n_counter, '%ucount' => $u_counter, '%tcount' => $t_counter, '%name' => $subscription->name)); @@ -944,4 +956,4 @@ function _subscribe_db_fields($table_nam case 'subscribe_subscriptions': return array('sid', 'rsid', 'name', 'base_url', 'url', 'channel_id', 'domain', 'username', 'pass', 'token', 'method', 'last_update'); } -} \ No newline at end of file +}