public function PuSHSubscriber::receive in Feeds 7.2
Same name and namespace in other branches
- 6 libraries/PuSHSubscriber.inc \PuSHSubscriber::receive()
- 7 libraries/PuSHSubscriber.inc \PuSHSubscriber::receive()
Receive a notification.
Parameters
$ignore_signature: If FALSE, only accept payload if there is a signature present and the signature matches the payload. Warning: setting to TRUE results in unsafe behavior.
Return value
An XML string that is the payload of the notification if valid, FALSE otherwise.
1 call to PuSHSubscriber::receive()
- PuSHSubscriber::handleRequest in libraries/
PuSHSubscriber.inc - Request handler for subscription callbacks.
File
- libraries/
PuSHSubscriber.inc, line 146 - Pubsubhubbub subscriber library.
Class
- PuSHSubscriber
- PubSubHubbub subscriber.
Code
public function receive($ignore_signature = FALSE) {
/**
* Verification steps:
*
* 1) Verify that this is indeed a POST reuest.
* 2) Verify that posted string is XML.
* 3) Per default verify sender of message by checking the message's
* signature against the shared secret.
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$raw = file_get_contents('php://input');
if (@simplexml_load_string($raw)) {
if ($ignore_signature) {
return $raw;
}
if (isset($_SERVER['HTTP_X_HUB_SIGNATURE']) && ($sub = $this
->subscription())) {
$result = array();
parse_str($_SERVER['HTTP_X_HUB_SIGNATURE'], $result);
if (isset($result['sha1']) && $result['sha1'] === hash_hmac('sha1', $raw, $sub->secret)) {
return $raw;
}
else {
$this
->log('Could not verify signature.', 'error');
}
}
else {
$this
->log('No signature present.', 'error');
}
}
}
return FALSE;
}