From 3b8b3d6911a4d28cddd7cf81f16f34984184ae9e Mon Sep 17 00:00:00 2001
From: Aaron Parecki <aaron@parecki.com>
Date: Mon, 29 Feb 2016 16:54:10 -0800
Subject: [PATCH] don't send self-mentions using target_domain feature

---
 controllers/API.php | 18 +++++++++++++++++-
 tests/APITest.php   | 10 ++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/controllers/API.php b/controllers/API.php
index 8a4511f..1bfe79f 100644
--- a/controllers/API.php
+++ b/controllers/API.php
@@ -74,6 +74,21 @@ class API {
       ]);
     }
 
+    # Don't send anything if the source domain matches the target domain
+    # The problem is someone pushing to Superfeedr who is also subscribed, will cause a 
+    # request to be sent with the source of one of their posts, and their own target domain.
+    # This causes a whole slew of webmentions to be queued up, almost all of which are not needed.
+    if($target_domain) {
+      $source_domain = parse_url($source, PHP_URL_HOST);
+      if($target_domain == $source_domain) {
+        # Return 200 so Superfeedr doesn't think something is broken
+        return $this->respond($response, 200, [
+          'error' => 'not_supported',
+          'error_description' => 'You cannot use the target_domain feature to send webmentions to the same domain as the source URL'
+        ]);
+      }
+    }
+
     # Verify the token is valid
     $role = ORM::for_table('roles')->where('token', $token)->find_one();
 
@@ -194,7 +209,8 @@ class API {
 
     $site = ORM::for_table('sites')->where('id', $role->site_id)->find_one();
 
-    if(array_key_exists('items', $input) 
+    if(is_array($input)
+      && array_key_exists('items', $input) 
       && ($items = $input['items'])
       && is_array($items)
       && array_key_exists(0, $items)
diff --git a/tests/APITest.php b/tests/APITest.php
index 66db003..4e475f4 100644
--- a/tests/APITest.php
+++ b/tests/APITest.php
@@ -244,6 +244,16 @@ class APITest extends PHPUnit_Framework_TestCase {
     $this->assertEquals('no_link_found', $data->error);
   }
 
+  public function testTargetDomainCantMatchSourceDomain() {
+    $this->_createExampleAccount();
+
+    $response = $this->webmention(['token'=>'a','source'=>'http://example.com/test','target_domain'=>'example.com']);
+    $body = $response->getContent();
+    $this->assertEquals(200, $response->getStatusCode());
+    $data = json_decode($response->getContent());
+    $this->assertEquals('not_supported', $data->error);
+  }
+
   public function testStatusNotFound() {
     $this->_createExampleAccount();