You are here

public function PuSHSubscriber::receive in Feeds 6

Same name and namespace in other branches
  1. 7.2 libraries/PuSHSubscriber.inc \PuSHSubscriber::receive()
  2. 7 libraries/PuSHSubscriber.inc \PuSHSubscriber::receive()

Receive a notification.

Parameters

$ignore_signature: If FALSE, only accept payload if there is a signature present and the signature matches the payload. Warning: setting to TRUE results in unsafe behavior.

Return value

An XML string that is the payload of the notification if valid, FALSE otherwise.

1 call to PuSHSubscriber::receive()
PuSHSubscriber::handleRequest in libraries/PuSHSubscriber.inc
Request handler for subscription callbacks.

File

libraries/PuSHSubscriber.inc, line 146
Pubsubhubbub subscriber library.

Class

PuSHSubscriber
PubSubHubbub subscriber.

Code

public function receive($ignore_signature = FALSE) {

  /**
   * Verification steps:
   *
   * 1) Verify that this is indeed a POST reuest.
   * 2) Verify that posted string is XML.
   * 3) Per default verify sender of message by checking the message's
   *    signature against the shared secret.
   */
  if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $raw = file_get_contents('php://input');
    if (@simplexml_load_string($raw)) {
      if ($ignore_signature) {
        return $raw;
      }
      if (isset($_SERVER['HTTP_X_HUB_SIGNATURE']) && ($sub = $this
        ->subscription())) {
        $result = array();
        parse_str($_SERVER['HTTP_X_HUB_SIGNATURE'], $result);
        if (isset($result['sha1']) && $result['sha1'] == hash_hmac('sha1', $raw, $sub->secret)) {
          return $raw;
        }
        else {
          $this
            ->log('Could not verify signature.', 'error');
        }
      }
      else {
        $this
          ->log('No signature present.', 'error');
      }
    }
  }
  return FALSE;
}