harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge

Browse Source
This commit is contained in:
zotlabs 2017-09-06 19:59:07 -07:00
commit 5877e28d72
18 changed files with 86 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Zotlabs/Lib/ThreadItem.php
View File

@ -314,6 +314,7 @@ class ThreadItem {
$tmp_item = array( $tmp_item = array(
'template' => $this->get_template(), 'template' => $this->get_template(),
'mode' => $mode, 'mode' => $mode,
'item_type' => intval($item['item_type']),
'type' => implode("",array_slice(explode("/",$item['verb']),-1)), 'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
'body' => $body['html'], 'body' => $body['html'],
'tags' => $body['tags'], 'tags' => $body['tags'],

2
Zotlabs/Module/Attach.php
View File

@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller {
$unsafe_types = array('text/html','text/css','application/javascript'); $unsafe_types = array('text/html','text/css','application/javascript');
if(in_array($r['data']['filetype'],$unsafe_types)) { if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
header('Content-type: text/plain'); header('Content-type: text/plain');
} }
else { else {

2
Zotlabs/Module/Getfile.php
View File

@ -108,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller {
$unsafe_types = array('text/html','text/css','application/javascript'); $unsafe_types = array('text/html','text/css','application/javascript');
if(in_array($r['data']['filetype'],$unsafe_types)) { if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) {
header('Content-type: text/plain'); header('Content-type: text/plain');
} }
else { else {

2
Zotlabs/Module/Like.php
View File

@ -255,7 +255,7 @@ class Like extends \Zotlabs\Web\Controller {
// get the item. Allow linked photos (which are normally hidden) to be liked // get the item. Allow linked photos (which are normally hidden) to be liked
$r = q("SELECT * FROM item WHERE id = %d $r = q("SELECT * FROM item WHERE id = %d
and item_type = 0 and item_deleted = 0 and item_unpublished = 0 and (item_type = 0 or item_type = 6) and item_deleted = 0 and item_unpublished = 0
and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1", and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1",
intval($item_id) intval($item_id)
); );

2
Zotlabs/Module/Oep.php
View File

@ -172,7 +172,7 @@ class Oep extends \Zotlabs\Web\Controller {
if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages')) if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages'))
return $ret; return $ret;
$sql_extra = items_permissions_sql($channel['channel_id'],get_observer_hash()); $sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash());
$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1", $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
dbesc($res) dbesc($res)

41
Zotlabs/Module/Rpost.php
View File

@ -20,6 +20,7 @@ require_once('include/zot.php');
* body= Body of post * body= Body of post
* url= URL which will be parsed and the results appended to the body * url= URL which will be parsed and the results appended to the body
* source= Source application * source= Source application
* post_id= post_id of post to 'share' (local use only)
* remote_return= absolute URL to return after posting is finished * remote_return= absolute URL to return after posting is finished
* type= choices are 'html' or 'bbcode', default is 'bbcode' * type= choices are 'html' or 'bbcode', default is 'bbcode'
* *
@ -109,6 +110,46 @@ class Rpost extends \Zotlabs\Web\Controller {
$_REQUEST['body'] = $_REQUEST['body'] . $x['body']; $_REQUEST['body'] = $_REQUEST['body'] . $x['body'];
} }
if($_REQUEST['post_id']) {
$r = q("SELECT * from item WHERE id = %d LIMIT 1",
intval($_REQUEST['post_id'])
);
if(($r) && (! intval($r[0]['item_private']))) {
$sql_extra = item_permissions_sql($r[0]['uid']);
$r = q("select * from item where id = %d $sql_extra",
intval($_REQUEST['post_id'])
);
if($r && $r[0]['mimetype'] === 'text/bbcode') {
xchan_query($r);
$is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false);
if($is_photo) {
$object = json_decode($r[0]['obj'],true);
$photo_bb = $object['body'];
}
if (strpos($r[0]['body'], "[/share]") !== false) {
$pos = strpos($r[0]['body'], "[share");
$i = substr($r[0]['body'], $pos);
} else {
$i = "[share author='".urlencode($r[0]['author']['xchan_name']).
"' profile='".$r[0]['author']['xchan_url'] .
"' avatar='".$r[0]['author']['xchan_photo_s'].
"' link='".$r[0]['plink'].
"' posted='".$r[0]['created'].
"' message_id='".$r[0]['mid']."']";
if($r[0]['title'])
$i .= '[b]'.$r[0]['title'].'[/b]'."\r\n";
$i .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']);
$i .= "[/share]";
}
}
}
$_REQUEST['body'] = $_REQUEST['body'] . $i;
}
$x = array( $x = array(
'is_owner' => true, 'is_owner' => true,
'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),

4
Zotlabs/Storage/File.php
View File

@ -254,7 +254,7 @@ class File extends DAV\Node implements DAV\IFile {
// @todo this should be a global definition // @todo this should be a global definition
$unsafe_types = array('text/html', 'text/css', 'application/javascript'); $unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($r[0]['filetype'], $unsafe_types)) { if (in_array($r[0]['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"'); header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
header('Content-type: text/plain'); header('Content-type: text/plain');
} }
@ -300,7 +300,7 @@ class File extends DAV\Node implements DAV\IFile {
public function getContentType() { public function getContentType() {
// @todo this should be a global definition. // @todo this should be a global definition.
$unsafe_types = array('text/html', 'text/css', 'application/javascript'); $unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($this->data['filetype'], $unsafe_types)) { if (in_array($this->data['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
return 'text/plain'; return 'text/plain';
} }
return $this->data['filetype']; return $this->data['filetype'];

1
Zotlabs/Zot/Auth.php
View File

@ -167,7 +167,6 @@ class Auth {
dbesc($hubloc['hubloc_url']) dbesc($hubloc['hubloc_url'])
); );
// needs a nonce!!!!
$p = zot_build_packet($channel,$type = 'auth_check', $p = zot_build_packet($channel,$type = 'auth_check',
array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])),
$hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec); $hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec);

2
Zotlabs/Zot/Finger.php
View File

@ -122,7 +122,7 @@ class Finger {
$x = json_decode($result['body'], true); $x = json_decode($result['body'], true);
$verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''); $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''));
if($x && (! $verify['header_valid'])) { if($x && (! $verify['header_valid'])) {
$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);

7
include/bbcode.php
View File

@ -327,11 +327,16 @@ function bb_ShareAttributes($match) {
if ($avatar != "") if ($avatar != "")
$headline .= '<a href="' . zid($profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>'; $headline .= '<a href="' . zid($profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>';
if(strpos($link,'/cards/'))
$type = t('card');
else
$type = t('post');
// Bob Smith wrote the following post 2 hours ago // Bob Smith wrote the following post 2 hours ago
$fmt = sprintf( t('%1$s wrote the following %2$s %3$s'), $fmt = sprintf( t('%1$s wrote the following %2$s %3$s'),
'<a href="' . zid($profile) . '" >' . $author . '</a>', '<a href="' . zid($profile) . '" >' . $author . '</a>',
'<a href="' . zid($link) . '" >' . t('post') . '</a>', '<a href="' . zid($link) . '" >' . $type . '</a>',
$reldate $reldate
); );

4
include/channel.php
View File

@ -52,7 +52,7 @@ function identity_check_service_class($account_id) {
* *
* This action is pluggable. * This action is pluggable.
* We're currently only checking for an empty name or one that exceeds our * We're currently only checking for an empty name or one that exceeds our
* storage limit (255 chars). 255 chars is probably going to create a mess on * storage limit (191 chars). 191 chars is probably going to create a mess on
* some pages. * some pages.
* Plugins can set additional policies such as full name requirements, character * Plugins can set additional policies such as full name requirements, character
* sets, multi-byte length, etc. * sets, multi-byte length, etc.
@ -67,7 +67,7 @@ function validate_channelname($name) {
if (! $name) if (! $name)
return t('Empty name'); return t('Empty name');
if (strlen($name) > 255) if (mb_strlen($name) > 191)
return t('Name too long'); return t('Name too long');
$arr = ['name' => $name]; $arr = ['name' => $name];

1
include/conversation.php
View File

@ -709,6 +709,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa
$tmp_item = array( $tmp_item = array(
'template' => $tpl, 'template' => $tpl,
'toplevel' => 'toplevel_item', 'toplevel' => 'toplevel_item',
'item_type' => intval($item['item_type']),
'mode' => $mode, 'mode' => $mode,
'approve' => t('Approve'), 'approve' => t('Approve'),
'delete' => t('Delete'), 'delete' => t('Delete'),

8
include/text.php
View File

@ -1984,14 +1984,14 @@ function is_a_date_arg($s) {
} }
function legal_webbie($s) { function legal_webbie($s) {
if(! strlen($s)) if(! $s)
return ''; return '';
// WARNING: This regex will not work in a federated environment. // WARNING: This regex may not work in a federated environment.
// You will probably want something like // You will probably want something like
// preg_replace('/([^a-z0-9\_])/','',strtolower($s)); // preg_replace('/([^a-z0-9\_])/','',strtolower($s));
$r = preg_replace('/([^a-z0-9\-\_\.])/','',strtolower($s)); $r = preg_replace('/([^a-z0-9\-\_])/','',strtolower($s));
$x = [ 'input' => $s, 'output' => $r ]; $x = [ 'input' => $s, 'output' => $r ];
call_hooks('legal_webbie',$x); call_hooks('legal_webbie',$x);
@ -2003,7 +2003,7 @@ function legal_webbie_text() {
// WARNING: This will not work in a federated environment. // WARNING: This will not work in a federated environment.
$s = t('a-z, 0-9, -, _, and . only'); $s = t('a-z, 0-9, -, and _ only');
$x = [ 'text' => $s ]; $x = [ 'text' => $s ];
call_hooks('legal_webbie_text',$x); call_hooks('legal_webbie_text',$x);

3
include/zot.php
View File

@ -137,7 +137,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
} }
if ($secret) { if ($secret) {
$data['secret'] = $secret; $data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret);
$data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method)); $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method));
} }
@ -4621,7 +4621,6 @@ function zot_reply_auth_check($data,$encrypted_packet) {
// First verify their signature. We will have obtained a zot-info packet from them as part of the sender // First verify their signature. We will have obtained a zot-info packet from them as part of the sender
// verification. // verification.
// needs a nonce!!!!
if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
$ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL;

13
view/tpl/cards.tpl
View File

@ -1,9 +1,4 @@
<div class="generic-content-wrapper"> <div id="live-cards"></div>
<div class="section-title-wrapper"> {{$editor}}
<h2>{{$title}}</h2> {{$content}}
</div> {{$pager}}
<div id="live-cards"></div>
{{$editor}}
{{$content}}
</div>
{{$pager}}

2
view/tpl/conv_item.tpl
View File

@ -151,7 +151,7 @@
</button> </button>
<div class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="wall-item-menu-{{$item.id}}"> <div class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="wall-item-menu-{{$item.id}}">
{{if $item.share}} {{if $item.share}}
<a class="dropdown-item" href="#" onclick="jotShare({{$item.id}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a> <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}},{{$item.item_type}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a>
{{/if}} {{/if}}
{{if $item.plink}} {{if $item.plink}}
<a class="dropdown-item" href="{{$item.plink.href}}" title="{{$item.plink.title}}" class="u-url"><i class="generic-icons-nav fa fa-fw fa-external-link"></i>{{$item.plink.title}}</a> <a class="dropdown-item" href="{{$item.plink.href}}" title="{{$item.plink.title}}" class="u-url"><i class="generic-icons-nav fa fa-fw fa-external-link"></i>{{$item.plink.title}}</a>

2
view/tpl/conv_list.tpl
View File

@ -150,7 +150,7 @@
</button> </button>
<div class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="wall-item-menu-{{$item.id}}"> <div class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="wall-item-menu-{{$item.id}}">
{{if $item.share}} {{if $item.share}}
<a class="dropdown-item" href="#" onclick="jotShare({{$item.id}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a> <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}},{{$item.item_type}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a>
{{/if}} {{/if}}
{{if $item.plink}} {{if $item.plink}}
<a class="dropdown-item" href="{{$item.plink.href}}" title="{{$item.plink.title}}" class="u-url"><i class="generic-icons-nav fa fa-fw fa-external-link"></i>{{$item.plink.title}}</a> <a class="dropdown-item" href="{{$item.plink.href}}" title="{{$item.plink.title}}" class="u-url"><i class="generic-icons-nav fa fa-fw fa-external-link"></i>{{$item.plink.title}}</a>

25
view/tpl/jot-header.tpl
View File

@ -247,18 +247,23 @@ var activeCommentText = '';
} }
function jotShare(id) { function jotShare(id,post_type) {
if ($('#jot-popup').length != 0) $('#jot-popup').show(); if(post_type == 6) {
window.location.href = 'rpost?f=&post_id='+id;
}
else {
if ($('#jot-popup').length != 0) $('#jot-popup').show();
$('#like-rotator-' + id).spin('tiny'); $('#like-rotator-' + id).spin('tiny');
$.get('{{$baseurl}}/share/' + id, function(data) { $.get('{{$baseurl}}/share/' + id, function(data) {
if (!editor) $("#profile-jot-text").val(""); if (!editor) $("#profile-jot-text").val("");
initEditor(function(){ initEditor(function(){
addeditortext(data); addeditortext(data);
$('#like-rotator-' + id).spin(false); $('#like-rotator-' + id).spin(false);
$(window).scrollTop(0); $(window).scrollTop(0);
});
}); });
}); }
} }
function linkdropper(event) { function linkdropper(event) {