From 9a0264f5d23f08d8dc9b4484c93f630dd91738b8 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 25 May 2015 19:17:35 -0700 Subject: [PATCH 01/12] some work on issue #329 --- include/diaspora.php | 5 +++-- include/identity.php | 5 +++-- include/zot.php | 7 ++++--- mod/receive.php | 2 +- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/include/diaspora.php b/include/diaspora.php index 9b2e4623a..b532822bf 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -24,8 +24,9 @@ function diaspora_dispatch_public($msg) { // find everybody following or allowing this author - $r = q("SELECT * from channel where channel_id in ( SELECT abook_channel from abook left join xchan on abook_xchan = xchan_hash WHERE xchan_network like '%%diaspora%%' and xchan_addr = '%s' )", - dbesc($msg['author']) + $r = q("SELECT * from channel where channel_id in ( SELECT abook_channel from abook left join xchan on abook_xchan = xchan_hash WHERE xchan_network like '%%diaspora%%' and xchan_addr = '%s' ) and ( channel_pageflags & %d ) = 0 ", + dbesc($msg['author']), + intval(PAGE_REMOVED) ); // also need to look for those following public streams diff --git a/include/identity.php b/include/identity.php index dec3f6e98..06d8a4cf8 100644 --- a/include/identity.php +++ b/include/identity.php @@ -621,8 +621,9 @@ function profile_load(&$a, $nickname, $profile = '') { logger('profile_load: ' . $nickname . (($profile) ? ' profile: ' . $profile : '')); - $user = q("select channel_id from channel where channel_address = '%s' limit 1", - dbesc($nickname) + $user = q("select channel_id from channel where channel_address = '%s' and not ( channel_pageflags & %d ) > 0 limit 1", + dbesc($nickname), + intval(PAGE_REMOVED) ); if(! $user) { diff --git a/include/zot.php b/include/zot.php index d719f3177..02ac1301b 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1114,7 +1114,7 @@ function zot_import($arr, $sender_url) { } stringify_array_elms($recip_arr); $recips = implode(',',$recip_arr); - $r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d )>0 ", + $r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d ) > 0 ", intval(PAGE_REMOVED) ); if(! $r) { @@ -1378,7 +1378,8 @@ function public_recips($msg) { if(($tag['type'] === 'mention') && (strpos($tag['url'],z_root()) !== false)) { $address = basename($tag['url']); if($address) { - $z = q("select channel_hash as hash from channel where channel_address = '%s' limit 1", + $z = q("select channel_hash as hash from channel where channel_address = '%s' + and ( channel_pageflags & " . intval(PAGE_REMOVED) . " ) = 0 limit 1", dbesc($address) ); if($z) @@ -1482,7 +1483,7 @@ function allowed_public_recips($msg) { $condensed_recips[] = $rr['hash']; $results = array(); - $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d ) > 0 ", + $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and ( channel_pageflags & %d ) = 0 ", dbesc($hash), intval(PAGE_REMOVED) ); diff --git a/mod/receive.php b/mod/receive.php index b7d27d40f..deaf8cb37 100644 --- a/mod/receive.php +++ b/mod/receive.php @@ -31,7 +31,7 @@ function receive_post(&$a) { // Diaspora sites *may* provide a truncated guid. - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND NOT (channel_pageflags & %d )>0 LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_guid like '%s' AND (channel_pageflags & %d ) = 0 LIMIT 1", dbesc($guid . '%'), intval(PAGE_REMOVED) ); From 9e6e41c6cb7b43da80b771e651a5dbdfc3960688 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 25 May 2015 21:31:23 -0700 Subject: [PATCH 02/12] slow but forward progress on dynamic client registration --- include/api.php | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/include/api.php b/include/api.php index 788a84208..fa4910833 100644 --- a/include/api.php +++ b/include/api.php @@ -435,6 +435,48 @@ require_once('include/items.php'); } + function api_client_register(&$a,$type) { + + // This currently isn't providing the correct authentication flow. + + if(! api_user()) + return false; + + $ret = array(); + $key = random_string(16); + $secret = random_string(16); + $name = trim(escape_tags($_REQUEST['application_name'])); + if(! $name) + json_return_and_die($ret); + if(is_array($_REQUEST['redirect_uris'])) + $redirect = trim($_REQUEST['redirect_uris'][0]); + else + $redirect = trim($_REQUEST['redirect_uris']); + $icon = trim($_REQUEST['logo_uri']); + $r = q("INSERT INTO clients (client_id, pw, name, redirect_uri, icon, uid) + VALUES ('%s','%s','%s','%s','%s',%d)", + dbesc($key), + dbesc($secret), + dbesc($name), + dbesc($redirect), + dbesc($icon), + intval(api_user()), + ); + $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", + dbesc($key), + intval(api_user()), + dbesc('all') + ); + + $ret['client_id'] = $key; + $ret['client_secret'] = $secret; + $ret['expires_at'] = 0; + json_return_and_die($ret); + } + + api_register_func('api/client/register','api_client_register', false); + + function api_item_get_user(&$a, $item) { global $usercache; From f7731d7e8f08c30f85d1a8c22730638e7ef00445 Mon Sep 17 00:00:00 2001 From: Habeas Codice Date: Mon, 25 May 2015 22:40:04 -0700 Subject: [PATCH 03/12] Add docs about current service class system, tiny util to make updates a little easier than the standard config util --- doc/service_classes.bb | 31 +++++++++++++++++++++++++++++++ util/service_class | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 doc/service_classes.bb create mode 100755 util/service_class diff --git a/doc/service_classes.bb b/doc/service_classes.bb new file mode 100644 index 000000000..a36ec1021 --- /dev/null +++ b/doc/service_classes.bb @@ -0,0 +1,31 @@ +[b]Service Classes[/b] + +Service classes allow you to set limits on system resources. A GUI to configure this is currently under development. + +As a temporary measure, the following commandline utilities can be used: + +Usage: + +[code]util/service_class[/code] +list service classes + +[code]util/config system default_service_class firstclass[/code] +set the default service class to 'firstclass' + +[code]util/service_class firstclass[/code] +list the services that are part of 'firstclass' service class + +[code]util/service_class firstclass photo_upload_limit 10000000[/code] +set firstclass total photo disk usage to 10 million bytes + +[b]current limits[/b] +photo_upload_limit - maximum total bytes for photos +total_items - maximum total toplevel posts +total_pages - maximum comanche pages +total_identities - maximum number of channels owned by account +total_channels - maximum number of connections +total_feeds - maximum number of rss feed connections +attach_upload_limit - maximum file upload storage (bytes) +minimum_feedcheck_minutes - lowest setting allowed for polling rss feeds +chatrooms - maximum chatrooms +chatters_inroom - maximum chatters per room diff --git a/util/service_class b/util/service_class new file mode 100755 index 000000000..e762d8ad6 --- /dev/null +++ b/util/service_class @@ -0,0 +1,34 @@ +#!/usr/bin/env php + 3) { + $d = get_config('service_class', $argv[1]); + $d[$argv[2]] = $argv[3]; + set_config('service_class', $argv[1], $d); + echo 'Updated service class "' . $argv[1] . '" service "' . $argv[2] . '" to ' . $argv[3] . "\n"; +} + +if($argc == 2) { + $d = get_config('service_class', $argv[1]); + echo $argv[1] . ":\n"; + foreach($d as $k => $v) { + echo "$k = $v\n"; + } +} + +if($argc == 1) { + load_config('service_class'); + foreach($a->config['service_class'] as $class=>$props) { + echo "$class:\n"; + $d = unserialize($props); + foreach($d as $k => $v) { + echo "\t$k = $v\n"; + } + } +} \ No newline at end of file From 06eae98e53e7ac781a64eff4a85e793969124ad7 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 25 May 2015 22:50:36 -0700 Subject: [PATCH 04/12] placeholder for dynamic rego --- include/api.php | 4 ++-- include/oauth.php | 8 -------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/api.php b/include/api.php index fa4910833..cf0086c35 100644 --- a/include/api.php +++ b/include/api.php @@ -439,8 +439,8 @@ require_once('include/items.php'); // This currently isn't providing the correct authentication flow. - if(! api_user()) - return false; + if(! local_channel()) + goaway(z_root() . '/login'); $ret = array(); $key = random_string(16); diff --git a/include/oauth.php b/include/oauth.php index a9509c68e..80336f906 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -175,16 +175,8 @@ class FKOAuth1 extends OAuthServer { if(strlen($a->channel['channel_timezone'])) { date_default_timezone_set($a->channel['channel_timezone']); -// $a->timezone = $a->user['timezone']; } -// $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1", -// intval($_SESSION['uid'])); -// if(count($r)) { -// $a->contact = $r[0]; -// $a->cid = $r[0]['id']; -// $_SESSION['cid'] = $a->cid; -// } // q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1", // dbesc(datetime_convert()), // intval($_SESSION['uid']) From bd25f8577f812f02a054d7b9b2e3c7b28e6852b6 Mon Sep 17 00:00:00 2001 From: Habeas Codice Date: Tue, 26 May 2015 00:21:08 -0700 Subject: [PATCH 05/12] add ability to change existing channel/account service class with util/service_class add link from main doc --- doc/main.bb | 1 + doc/service_classes.bb | 6 ++++ util/service_class | 66 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+) diff --git a/doc/main.bb b/doc/main.bb index 8c28ccce2..1d323b918 100644 --- a/doc/main.bb +++ b/doc/main.bb @@ -44,6 +44,7 @@ Zot is the great new communicaton protocol invented especially for the $Projectn [zrl=[baseurl]/help/troubleshooting]Troubleshooting Tips[/zrl] [zrl=[baseurl]/help/hidden_configs]Tweaking $Projectname's Hidden Configurations[/zrl] [zrl=[baseurl]/help/faq_admins]FAQ For Admins[/zrl] +[zrl=[baseurl]/help/service_classes]Service Classes[/zrl] [size=large][b]Technical Documentation[/b][/size] [zrl=[baseurl]/help/history]$Projectname history[/zrl] diff --git a/doc/service_classes.bb b/doc/service_classes.bb index a36ec1021..e5d4ecfad 100644 --- a/doc/service_classes.bb +++ b/doc/service_classes.bb @@ -18,6 +18,12 @@ list the services that are part of 'firstclass' service class [code]util/service_class firstclass photo_upload_limit 10000000[/code] set firstclass total photo disk usage to 10 million bytes +[code]util/service_class --account=5 firstclass[/code] +set account id 5 to service class 'firstclass' (with confirmation) + +[code]util/service_class --channel=blogchan firstclass[/code] +set the account that owns channel 'blogchan' to service class 'firstclass' (with confirmation) + [b]current limits[/b] photo_upload_limit - maximum total bytes for photos total_items - maximum total toplevel posts diff --git a/util/service_class b/util/service_class index e762d8ad6..a1a172518 100755 --- a/util/service_class +++ b/util/service_class @@ -14,6 +14,72 @@ if($argc > 3) { echo 'Updated service class "' . $argv[1] . '" service "' . $argv[2] . '" to ' . $argv[3] . "\n"; } +if($argc == 3) { + if(substr($argv[1], 0, 10) == '--account=') { + $acct = substr($argv[1], 10); + } else if(substr($argv[1], 0, 10) == '--channel=') { + $chan = substr($argv[1], 10); + $r = q("SELECT channel_account_id FROM channel WHERE channel_address='%s'", + dbesc($chan) + ); + if(!$r) + die('could not find channel'); + + $acct = intval($r[0]['channel_account_id']); + } else { + exit(); + } + $r = q('SELECT account_service_class FROM account WHERE account_id=%d', + intval($acct) + ); + if(!$r) + die('could not find account'); + + $c = q('SELECT channel_address FROM channel WHERE channel_account_id=%d', + intval($acct) + ); + + echo "Account $acct: "; + + foreach($c as $chan) + echo $chan['channel_address'] . ', '; + + echo "\n\033[1mProperty Old\t\tNew\033[0m\n"; + + if(empty($r[0]['account_service_class'])) { + $oclass = 'None'; + $old = false; + } else { + $oclass = $r[0]['account_service_class']; + $old = get_config('service_class', $oclass); + } + echo "service_class $oclass\t\t\033[1m" . $argv[2] . "\033[0m\n"; + + $new = get_config('service_class', $argv[2]); + foreach(array('photo_upload_limit','total_items','total_pages','total_identities','total_channels','total_feeds','attach_upload_limit','minimum_feedcheck_minutes','chatrooms','chatters_inroom') as $prop) { + echo $prop . str_repeat(' ',26 - strlen($prop)) . (($old && $old[$prop]) ? $old[$prop] : 'unlimited') . "\t\t\033[1m" . (($new && $new[$prop]) ? $new[$prop] : 'unlimited') . "\033[0m\n"; + } + $r = ''; + $k = fopen('php://stdin', 'r'); + while($r != 'y' && $r != 'n') { + echo "Are you sure? (y/n)"; + $r = substr(fgets($k), 0, 1); + } + if($r == 'n') + die('no update done'); + + $r = q("UPDATE account SET account_service_class='%s' WHERE account_id=%d", + dbesc($argv[2]), + intval($acct) + ); + if($r) { + echo "updated successfully\n"; + } else { + echo "failed\n"; + } +} + + if($argc == 2) { $d = get_config('service_class', $argv[1]); echo $argv[1] . ":\n"; From ae69bf54a62629f88a3d1a9ea416c85e23c1b8a4 Mon Sep 17 00:00:00 2001 From: jeroenpraat Date: Tue, 26 May 2015 22:20:45 +0200 Subject: [PATCH 06/12] Update api.php one comma to much --- include/api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/api.php b/include/api.php index cf0086c35..50a46dadc 100644 --- a/include/api.php +++ b/include/api.php @@ -460,7 +460,7 @@ require_once('include/items.php'); dbesc($name), dbesc($redirect), dbesc($icon), - intval(api_user()), + intval(api_user()) ); $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", dbesc($key), From 07e8fe1b1cbd3a9fbddb95b85c1b372de7fb6e85 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 26 May 2015 21:00:27 -0700 Subject: [PATCH 07/12] Comments need to have some kind of routing instructions. --- include/notifier.php | 13 +++++++++++++ version.inc | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/include/notifier.php b/include/notifier.php index b82fb41cc..c89c756d9 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -412,6 +412,8 @@ function notifier_run($argv, $argc){ : false ); + + $uplink = false; // $cmd === 'relay' indicates the owner is sending it to the original recipients @@ -428,6 +430,17 @@ function notifier_run($argv, $argc){ $uplink = true; } + + if((! $top_level_post) && (! $relay_to_owner) && (! $uplink) && ($cmd !== 'relay')) { + + // We've been asked to deliver a comment, but it isn't being sent upstream + // and the owner isn't delivering it downstream. This is totally unexpected + // and shouldn't happen. We will also not allow it to happen. + + logger('Comment being processed with unspecific routing.'); + return; + } + if(($relay_to_owner || $uplink) && ($cmd !== 'relay')) { logger('notifier: followup relay', LOGGER_DEBUG); $recipients = array(($uplink) ? $parent_item['source_xchan'] : $parent_item['owner_xchan']); diff --git a/version.inc b/version.inc index 20fd10ffb..7d3b1b5ef 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2015-05-25.1043 +2015-05-26.1044 From 3fdf1ac458303fa01aeb4c75cb579affb381de91 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 27 May 2015 01:49:47 -0700 Subject: [PATCH 08/12] revert for now --- include/notifier.php | 10 +++++----- version.inc | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/notifier.php b/include/notifier.php index c89c756d9..c99625a57 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -430,16 +430,16 @@ function notifier_run($argv, $argc){ $uplink = true; } - - if((! $top_level_post) && (! $relay_to_owner) && (! $uplink) && ($cmd !== 'relay')) { +// FIXME - make sure this is complete (the other uplink) and check before enabling +// if((! $top_level_post) && (! $relay_to_owner) && (! $uplink) && ($cmd !== 'relay')) { // We've been asked to deliver a comment, but it isn't being sent upstream // and the owner isn't delivering it downstream. This is totally unexpected // and shouldn't happen. We will also not allow it to happen. - logger('Comment being processed with unspecific routing.'); - return; - } +// logger('Comment being processed with unspecific routing.'); +// return; +// } if(($relay_to_owner || $uplink) && ($cmd !== 'relay')) { logger('notifier: followup relay', LOGGER_DEBUG); diff --git a/version.inc b/version.inc index 7d3b1b5ef..2dbf2a1b8 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2015-05-26.1044 +2015-05-27.1045 From 5ccc9e1b8d90969c699d5b6520fd0c720bfcf26c Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 27 May 2015 15:21:30 +0200 Subject: [PATCH 09/12] make it possible to include menus in blocks - this will only work in html blocks of course --- include/comanche.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/comanche.php b/include/comanche.php index 65f64be5c..cb46985eb 100644 --- a/include/comanche.php +++ b/include/comanche.php @@ -168,6 +168,21 @@ function comanche_block($s, $class = '') { ); if($r) { + //check for eventual menus in the block and parse them + $cnt = preg_match_all("/\[menu\](.*?)\[\/menu\]/ism", $r[0]['body'], $matches, PREG_SET_ORDER); + if($cnt) { + foreach($matches as $mtch) { + $r[0]['body'] = str_replace($mtch[0], comanche_menu(trim($mtch[1])), $r[0]['body']); + } + } + $cnt = preg_match_all("/\[menu=(.*?)\](.*?)\[\/menu\]/ism", $r[0]['body'], $matches, PREG_SET_ORDER); + if($cnt) { + foreach($matches as $mtch) { + $r[0]['body'] = str_replace($mtch[0],comanche_menu(trim($mtch[2]),$mtch[1]),$r[0]['body']); + } + } + + //emit the block $o .= (($var['wrap'] == 'none') ? '' : '
'); if($r[0]['title'] && trim($r[0]['body']) != '$content') { From 3d79d4f577a2602e7f58578e933a9c9a8585fca1 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 27 May 2015 15:25:45 +0200 Subject: [PATCH 10/12] define some custom attributes and html5 elements for htmlpurifier --- include/text.php | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/include/text.php b/include/text.php index d483424ec..9c6fe3622 100644 --- a/include/text.php +++ b/include/text.php @@ -137,6 +137,72 @@ function purify_html($s) { $config->set('Cache.DefinitionImpl', null); $config->set('Attr.EnableID', true); + //Allow some custom data- attributes used by built-in libs. + //In this way members which do not have allowcode set can still use the built-in js libs in webpages to some extent. + + $def = $config->getHTMLDefinition(true); + + //data- attributes used by the foundation library + $def->info_global_attr['data-options'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-magellan-expedition'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-magellan-destination'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-magellan-arrival'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-offcanvas'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-topbar'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-orbit'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-orbit-slide-number'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-dropdown'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-dropdown-content'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-reveal-id'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-reveal'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-alert'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-tooltip'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-joyride'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-id'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-text'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-class'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-prev-tex'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-button'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-accordion'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-tab'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-equalizer'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-equalizer-watch'] = new HTMLPurifier_AttrDef_Text; + + //data- attributes used by the bootstrap library + $def->info_global_attr['data-dismiss'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-target'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-toggle'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-backdrop'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-keyboard'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-show'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-spy'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-offset'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-animation'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-container'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-delay'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-placement'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-title'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-trigger'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-content'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-trigger'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-parent'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-ride'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-slide-to'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-slide'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-interval'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-pause'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-wrap'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-offset-top'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-offset-bottom'] = new HTMLPurifier_AttrDef_Text; + + //some html5 elements + $def->addElement('section', 'Block', 'Flow', 'Common'); + $def->addElement('nav', 'Block', 'Flow', 'Common'); + $def->addElement('article', 'Block', 'Flow', 'Common'); + $def->addElement('aside', 'Block', 'Flow', 'Common'); + $def->addElement('header', 'Block', 'Flow', 'Common'); + $def->addElement('footer', 'Block', 'Flow', 'Common'); + $purifier = new HTMLPurifier($config); return $purifier->purify($s); From 3ecc9efd8d22caf3317876ff8d79cffa52f75513 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 27 May 2015 16:01:51 -0700 Subject: [PATCH 11/12] fix for forked thread on diaspora --- include/diaspora.php | 5 +++++ include/notifier.php | 11 ----------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/include/diaspora.php b/include/diaspora.php index b532822bf..25e0027b2 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -2400,6 +2400,11 @@ function diaspora_send_status($item,$owner,$contact,$public_batch = false) { $a = get_app(); $myaddr = $owner['channel_address'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + if(intval($item['id']) != intval($item['parent'])) { + logger('attempted to send a comment as a top-level post'); + return; + } + $images = array(); $title = $item['title']; diff --git a/include/notifier.php b/include/notifier.php index c99625a57..46f9eb1de 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -430,17 +430,6 @@ function notifier_run($argv, $argc){ $uplink = true; } -// FIXME - make sure this is complete (the other uplink) and check before enabling -// if((! $top_level_post) && (! $relay_to_owner) && (! $uplink) && ($cmd !== 'relay')) { - - // We've been asked to deliver a comment, but it isn't being sent upstream - // and the owner isn't delivering it downstream. This is totally unexpected - // and shouldn't happen. We will also not allow it to happen. - -// logger('Comment being processed with unspecific routing.'); -// return; -// } - if(($relay_to_owner || $uplink) && ($cmd !== 'relay')) { logger('notifier: followup relay', LOGGER_DEBUG); $recipients = array(($uplink) ? $parent_item['source_xchan'] : $parent_item['owner_xchan']); From 11301d51a58d04843ba3056b4c9e92d59ced1334 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 27 May 2015 17:30:36 -0700 Subject: [PATCH 12/12] some high-level stuff we may need for shareable menus. Also make the client register function do the right thing even though I refuse to make it work. If **you** want service federation with things like pumpio and openid connect, it's time for **you** to put your own skin in the game and quit treating project volunteers like excrement just because you can't get up off your lazy buttocks. --- include/api.php | 12 +---- mod/impel.php | 138 ++++++++++++++++++++++++++++-------------------- 2 files changed, 83 insertions(+), 67 deletions(-) diff --git a/include/api.php b/include/api.php index 50a46dadc..6eede68f4 100644 --- a/include/api.php +++ b/include/api.php @@ -437,11 +437,6 @@ require_once('include/items.php'); function api_client_register(&$a,$type) { - // This currently isn't providing the correct authentication flow. - - if(! local_channel()) - goaway(z_root() . '/login'); - $ret = array(); $key = random_string(16); $secret = random_string(16); @@ -460,12 +455,7 @@ require_once('include/items.php'); dbesc($name), dbesc($redirect), dbesc($icon), - intval(api_user()) - ); - $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", - dbesc($key), - intval(api_user()), - dbesc('all') + intval(0) ); $ret['client_id'] = $key; diff --git a/mod/impel.php b/mod/impel.php index e78b3311d..e58264ce8 100644 --- a/mod/impel.php +++ b/mod/impel.php @@ -25,6 +25,10 @@ function impel_init(&$a) { $channel = $a->get_channel(); $arr = array(); + $is_menu = false; + + // a portable menu has its links rewritten with the local baseurl + $portable_menu = false; switch($j['type']) { case 'webpage': @@ -42,82 +46,104 @@ function impel_init(&$a) { $namespace = 'PDL'; $installed_type = t('layout'); break; + case 'portable-menu': + $portable_menu = true; + // fall through + case 'menu': + $is_menu = true; + $installed_type = t('menu'); + break; default: logger('mod_impel: unrecognised element type' . print_r($j,true)); break; } - $arr['uid'] = local_channel(); - $arr['aid'] = $channel['channel_account_id']; - $arr['title'] = $j['title']; - $arr['body'] = $j['body']; - $arr['term'] = $j['term']; - $arr['created'] = datetime_convert('UTC','UTC', $j['created']); - $arr['edited'] = datetime_convert('UTC','UTC',$j['edited']); - $arr['owner_xchan'] = get_observer_hash(); - $arr['author_xchan'] = (($j['author_xchan']) ? $j['author_xchan'] : get_observer_hash()); - $arr['mimetype'] = (($j['mimetype']) ? $j['mimetype'] : 'text/bbcode'); - - if(! $j['mid']) - $j['mid'] = item_message_id(); - - $arr['mid'] = $arr['parent_mid'] = $j['mid']; + if($is_menu) { + + + + + + - if($j['pagetitle']) { - require_once('library/urlify/URLify.php'); - $pagetitle = strtolower(URLify::transliterate($j['pagetitle'])); } + else { + $arr['uid'] = local_channel(); + $arr['aid'] = $channel['channel_account_id']; + $arr['title'] = $j['title']; + $arr['body'] = $j['body']; + $arr['term'] = $j['term']; + $arr['created'] = datetime_convert('UTC','UTC', $j['created']); + $arr['edited'] = datetime_convert('UTC','UTC',$j['edited']); + $arr['owner_xchan'] = get_observer_hash(); + $arr['author_xchan'] = (($j['author_xchan']) ? $j['author_xchan'] : get_observer_hash()); + $arr['mimetype'] = (($j['mimetype']) ? $j['mimetype'] : 'text/bbcode'); + + if(! $j['mid']) + $j['mid'] = item_message_id(); + + $arr['mid'] = $arr['parent_mid'] = $j['mid']; + + + if($j['pagetitle']) { + require_once('library/urlify/URLify.php'); + $pagetitle = strtolower(URLify::transliterate($j['pagetitle'])); + } - // Verify ability to use html or php!!! + // Verify ability to use html or php!!! - $execflag = false; + $execflag = false; - if($arr['mimetype'] === 'application/x-php') { - $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", + if($arr['mimetype'] === 'application/x-php') { + $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", + intval(local_channel()) + ); + + if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { + $execflag = true; + } + } + + $remote_id = 0; + + $z = q("select * from item_id where sid = '%s' and service = '%s' and uid = %d limit 1", + dbesc($pagetitle), + dbesc($namespace), + intval(local_channel()) + ); + $i = q("select id, item_restrict from item where mid = '%s' and uid = %d limit 1", + dbesc($arr['mid']), intval(local_channel()) ); - if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) { - $execflag = true; + if($z && $i) { + $remote_id = $z[0]['id']; + $arr['id'] = $i[0]['id']; + // don't update if it has the same timestamp as the original + if($arr['edited'] > $i[0]['edited']) + $x = item_store_update($arr,$execflag); + } + else { + if(($i) && ($i[0]['item_restrict'] & ITEM_DELETED)) { + // was partially deleted already, finish it off + q("delete from item where mid = '%s' and uid = %d", + dbesc($arr['mid']), + intval(local_channel()) + ); + } + $x = item_store($arr,$execflag); + } + + if($x['success']) { + $item_id = $x['item_id']; + update_remote_id($channel,$item_id,$arr['item_restrict'],$pagetitle,$namespace,$remote_id,$arr['mid']); } } - $remote_id = 0; - - $z = q("select * from item_id where sid = '%s' and service = '%s' and uid = %d limit 1", - dbesc($pagetitle), - dbesc($namespace), - intval(local_channel()) - ); - $i = q("select id, item_restrict from item where mid = '%s' and uid = %d limit 1", - dbesc($arr['mid']), - intval(local_channel()) - ); - - if($z && $i) { - $remote_id = $z[0]['id']; - $arr['id'] = $i[0]['id']; - // don't update if it has the same timestamp as the original - if($arr['edited'] > $i[0]['edited']) - $x = item_store_update($arr,$execflag); - } - else { - if(($i) && ($i[0]['item_restrict'] & ITEM_DELETED)) { - // was partially deleted already, finish it off - q("delete from item where mid = '%s' and uid = %d", - dbesc($arr['mid']), - intval(local_channel()) - ); - } - $x = item_store($arr,$execflag); - } if($x['success']) { - $item_id = $x['item_id']; - update_remote_id($channel,$item_id,$arr['item_restrict'],$pagetitle,$namespace,$remote_id,$arr['mid']); $ret['success'] = true; - info( sprintf( t('%s element installed'), $installed_type)); } else {