From 2afe28785cc8cb4e655d6566c6c3ee8c787b2a2d Mon Sep 17 00:00:00 2001 From: phellmes Date: Wed, 4 Apr 2018 16:00:34 +0200 Subject: [PATCH 01/16] add basic structure for additional features documentation Setting the raw frame with overview, short descriptions like in code and already revealing skill levels. Based on the current (recently modified) structure of the feature settings. Detailed descriptions in work and coming with later commits as well as a dedicated admin section for that topic. Better menu integration may be possible with Andrew's new doco structure work in progress later. --- doc/feature/additional/access.md | 41 ++++++++ doc/feature/additional/composition.md | 67 +++++++++++++ doc/feature/additional/filtering.md | 57 +++++++++++ doc/feature/additional/general.md | 130 ++++++++++++++++++++++++++ doc/feature/additional/overview.md | 33 +++++++ doc/feature/additional/posts.md | 57 +++++++++++ doc/toc.html | 3 +- 7 files changed, 387 insertions(+), 1 deletion(-) create mode 100644 doc/feature/additional/access.md create mode 100644 doc/feature/additional/composition.md create mode 100644 doc/feature/additional/filtering.md create mode 100644 doc/feature/additional/general.md create mode 100644 doc/feature/additional/overview.md create mode 100644 doc/feature/additional/posts.md diff --git a/doc/feature/additional/access.md b/doc/feature/additional/access.md new file mode 100644 index 000000000..3581ca11d --- /dev/null +++ b/doc/feature/additional/access.md @@ -0,0 +1,41 @@ +## Access Control and Permissions + + +### Privacy Groups + +Enable management and selection of privacy groups. + + +Minimum required technical skill level to see this feature: 0 + + +### Multiple Profiles + +Ability to create multiple profiles. + + +Minimum required technical skill level to see this feature: 3 + + +### Permission Groups + +Provide alternate connection permission roles. + + +Minimum required technical skill level to see this feature: 2 + + +### OAuth Clients + +Manage authenticatication tokens for mobile and remote apps. + + +Minimum required technical skill level to see this feature: 1 + + +### Access Tokens + +Create access tokens so that non-members can access private content. + + +Minimum required technical skill level to see this feature: 2 diff --git a/doc/feature/additional/composition.md b/doc/feature/additional/composition.md new file mode 100644 index 000000000..1256f7501 --- /dev/null +++ b/doc/feature/additional/composition.md @@ -0,0 +1,67 @@ +## Post Composition Features + + +### Large Photos + +Include large (1024px) photo thumbnails in posts. +If not enabled, use small (640px) photo thumbnails + + +Minimum required technical skill level to see this feature: 1 + + +### Channel Sources + +Automatically import channel content from other channels or feeds + + +Minimum required technical skill level to see this feature: 3 + + +### Even More Encryption + +Allow optional encryption of content end-to-end with a shared secret key + + +Minimum required technical skill level to see this feature: 3 + + +### Enable Voting Tools + +Provide a class of post which others can vote on + + +Minimum required technical skill level to see this feature: 3 + + +### Disable Comments + +Provide the option to disable comments for a post + + +Minimum required technical skill level to see this feature: 2 + + +### Delayed Posting + +Allow posts to be published at a later date + + +Minimum required technical skill level to see this feature: 2 + + +### Content Expiration + +Remove posts/comments and/or private messages at a future time + + +Minimum required technical skill level to see this feature: 1 + + +### Suppress Duplicate Posts/Comments + +Prevent posts with identical content to be published +with less than two minutes in between submissions. + + +Minimum required technical skill level to see this feature: 1 diff --git a/doc/feature/additional/filtering.md b/doc/feature/additional/filtering.md new file mode 100644 index 000000000..ba8e1e29f --- /dev/null +++ b/doc/feature/additional/filtering.md @@ -0,0 +1,57 @@ +## Network and Stream Filtering + + +### Search by Date + +Ability to select posts by date ranges + + +Minimum required technical skill level to see this feature: 1 + + +### Saved Searches + +Save search terms for re-use + + +Minimum required technical skill level to see this feature: 2 + + +### Network Personal Tab + +Enable tab to display only Network posts that you've interacted on + + +Minimum required technical skill level to see this feature: 1 + + +### Network New Tab + +Enable tab to display all new Network activity + + +Minimum required technical skill level to see this feature: 2 + + +### Affinity Tool + +Filter stream activity by depth of relationships + + +Minimum required technical skill level to see this feature: 1 + + +### Suggest Channels + +Show friend and connection suggestions + + +Minimum required technical skill level to see this feature: 1 + + +### Connection Filtering + +Filter incoming posts from connections based on keywords/content + + +Minimum required technical skill level to see this feature: 3 diff --git a/doc/feature/additional/general.md b/doc/feature/additional/general.md new file mode 100644 index 000000000..a1b712b12 --- /dev/null +++ b/doc/feature/additional/general.md @@ -0,0 +1,130 @@ +## General Features + + +### New Member Links + +Display new member quick links menu. + + +Minimum required technical skill level to see this feature: 1 + + +### Advanced Profiles + +Additional profile sections and selections + + +Minimum required technical skill level to see this feature: 1 + + +### Profile Import/Export + +Save and load profile details across sites/channels + + +Minimum required technical skill level to see this feature: 3 + + +### Web Pages + +Provide managed web pages on your channel + + +Minimum required technical skill level to see this feature: 3 + + +### Wiki + +Provide a wiki for your channel + + +Minimum required technical skill level to see this feature: 2 + + +### Private Notes + +Enables a tool to store notes and reminders (note: not encrypted) + + +Minimum required technical skill level to see this feature: 1 + + +### Cards + +Create personal planning cards + + +Minimum required technical skill level to see this feature: 1 + + +### Articles + +Create interactive articles + + +Minimum required technical skill level to see this feature: 1 + + +### Navigation Channel Select + +Change channels directly from within the navigation dropdown menu + + +Minimum required technical skill level to see this feature: 3 + + +### Photo Location + +If location data is available on uploaded photos, link this to a map. + + +Minimum required technical skill level to see this feature: 2 + + +### Access Controlled Chatrooms + +Provide chatrooms and chat services with access control. + + +Minimum required technical skill level to see this feature: 1 + + +### Smart Birthdays + +Make birthday events timezone aware in case your friends are scattered across the planet. + + +Minimum required technical skill level to see this feature: 2 + + +### Event Timezone Selection + +Allow event creation in timezones other than your own. + + +Minimum required technical skill level to see this feature: 2 + + +### Premium Channel + +Allows you to set restrictions and terms +on those that connect with your channel + + +Minimum required technical skill level to see this feature: 4 + + +### Advanced Directory Search + +Allows creation of complex directory search queries + + +Minimum required technical skill level to see this feature: 4 + + +### Advanced Theme and Layout Settings + +Allows fine tuning of themes and page layouts + + +Minimum required technical skill level to see this feature: 4 diff --git a/doc/feature/additional/overview.md b/doc/feature/additional/overview.md new file mode 100644 index 000000000..b51f60bcd --- /dev/null +++ b/doc/feature/additional/overview.md @@ -0,0 +1,33 @@ +[chset]: /settings "Channel Settings" +[ftset]: /settings/features "Additional Features Settings" +[ftgen]: /help/feature/additional/general "General Features" +[ftacc]: /help/feature/additional/access "Access Control and Permissions" +[ftcom]: /help/feature/additional/composition "Post Composition Features" +[ftfil]: /help/feature/additional/filtering "Network and Stream Filtering" +[ftpos]: /help/feature/additional/posts "Post/Comment Tools" + + +# Additional Features + + + + + +You can switch the features on and off from the +[Additional Features][ftset] link in the [Channel Settings][chset]. + + + +The following pages decribe all the available features +grouped in the same way as they are with the accordion tabs on the +[Additional Features][ftset] settings page: + +[General Features][ftgen] + +[Access Control and Permissions][ftacc] + +[Post Composition Features][ftcom] + +[Network and Stream Filtering][ftfil] + +[Post/Comment Tools][ftpos] diff --git a/doc/feature/additional/posts.md b/doc/feature/additional/posts.md new file mode 100644 index 000000000..d3f6b37db --- /dev/null +++ b/doc/feature/additional/posts.md @@ -0,0 +1,57 @@ +## Post/Comment Tools + + +### Community Tagging + +Ability to tag existing posts + + +Minimum required technical skill level to see this feature: 1 + + +### Post Categories + +Add categories to your posts + + +Minimum required technical skill level to see this feature: 1 + + +### Emoji Reactions + +Add emoji reaction ability to posts + + +Minimum required technical skill level to see this feature: 1 + + +### Saved Folders + +Ability to file posts under folders + + +Minimum required technical skill level to see this feature: 2 + + +### Dislike Posts + +Ability to dislike posts/comments + + +Minimum required technical skill level to see this feature: 1 + + +### Star Posts + +Ability to mark special posts with a star indicator + + +Minimum required technical skill level to see this feature: 1 + + +### Tag Cloud + +Provide a personal tag cloud on your channel page + + +Minimum required technical skill level to see this feature: 2 diff --git a/doc/toc.html b/doc/toc.html index f6ade61c7..9c3d22ab8 100644 --- a/doc/toc.html +++ b/doc/toc.html @@ -21,7 +21,8 @@
Guide BBcode Reference - Reporting Bugs + Additional Features + Reporting Bugs FAQ
From f7481396060a5a57cdd5fe7055eed5ad3225f8f1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 4 Apr 2018 16:33:11 -0700 Subject: [PATCH 02/16] allow the link target attribute to be modified in bbcode() from much further up the call stack in prepare_page() which will usually refer to a local item. --- include/bbcode.php | 42 ++++++++++++++++------------------------ include/conversation.php | 2 +- include/help.php | 2 +- include/text.php | 9 +++++---- 4 files changed, 24 insertions(+), 31 deletions(-) diff --git a/include/bbcode.php b/include/bbcode.php index 67f40dd23..8850f1c65 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -783,7 +783,9 @@ function bbcode($Text, $options = []) { $preserve_nl = ((array_key_exists('preserve_nl',$options)) ? $options['preserve_nl'] : false); $tryoembed = ((array_key_exists('tryoembed',$options)) ? $options['tryoembed'] : true); $cache = ((array_key_exists('cache',$options)) ? $options['cache'] : false); + $newwin = ((array_key_exists('newwin',$options)) ? $options['newwin'] : true); + $target = (($newwin) ? ' target="_blank" ' : ''); call_hooks('bbcode_filter', $Text); @@ -934,7 +936,7 @@ function bbcode($Text, $options = []) { if($tryoembed) { $Text = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", 'tryoembed', $Text); } - $Text = preg_replace("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1$2', $Text); + $Text = preg_replace("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1$2', $Text); } if (strpos($Text,'[/share]') !== false) { @@ -946,16 +948,16 @@ function bbcode($Text, $options = []) { } } if (strpos($Text,'[/url]') !== false) { - $Text = preg_replace("/\#\^\[url\]([$URLSearchString]*)\[\/url\]/ism", '#^$1', $Text); - $Text = preg_replace("/\#\^\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '#^$2', $Text); - $Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '$1', $Text); - $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$2', $Text); + $Text = preg_replace("/\#\^\[url\]([$URLSearchString]*)\[\/url\]/ism", '#^$1', $Text); + $Text = preg_replace("/\#\^\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '#^$2', $Text); + $Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '$1', $Text); + $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$2', $Text); } if (strpos($Text,'[/zrl]') !== false) { - $Text = preg_replace("/\#\^\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '#^$1', $Text); - $Text = preg_replace("/\#\^\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '#^$2', $Text); - $Text = preg_replace("/\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '$1', $Text); - $Text = preg_replace("/\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '$2', $Text); + $Text = preg_replace("/\#\^\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '#^$1', $Text); + $Text = preg_replace("/\#\^\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '#^$2', $Text); + $Text = preg_replace("/\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '$1', $Text); + $Text = preg_replace("/\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '$2', $Text); } if (get_account_techlevel() < 2) @@ -963,8 +965,8 @@ function bbcode($Text, $options = []) { // Perform MAIL Search if (strpos($Text,'[/mail]') !== false) { - $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '$1', $Text); - $Text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.*?)\[\/mail\]/", '$2', $Text); + $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '$1', $Text); + $Text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.*?)\[\/mail\]/", '$2', $Text); } @@ -1286,29 +1288,19 @@ function bbcode($Text, $options = []) { // if video couldn't be embedded, link to it instead. if (strpos($Text,'[/video]') !== false) { - $Text = preg_replace("/\[video\](.*?)\[\/video\]/", '$1', $Text); + $Text = preg_replace("/\[video\](.*?)\[\/video\]/", '$1', $Text); } if (strpos($Text,'[/audio]') !== false) { - $Text = preg_replace("/\[audio\](.*?)\[\/audio\]/", '$1', $Text); + $Text = preg_replace("/\[audio\](.*?)\[\/audio\]/", '$1', $Text); } if (strpos($Text,'[/zvideo]') !== false) { - $Text = preg_replace("/\[zvideo\](.*?)\[\/zvideo\]/", '$1', $Text); + $Text = preg_replace("/\[zvideo\](.*?)\[\/zvideo\]/", '$1', $Text); } if (strpos($Text,'[/zaudio]') !== false) { - $Text = preg_replace("/\[zaudio\](.*?)\[\/zaudio\]/", '$1', $Text); + $Text = preg_replace("/\[zaudio\](.*?)\[\/zaudio\]/", '$1', $Text); } -// if ($tryoembed){ -// if (strpos($Text,'[/iframe]') !== false) { -// $Text = preg_replace_callback("/\[iframe\](.*?)\[\/iframe\]/ism", 'bb_iframe', $Text); -// } -// } else { -// if (strpos($Text,'[/iframe]') !== false) { -// $Text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '$1', $Text); -// } -// } - // oembed tag $Text = oembed_bbcode2html($Text); diff --git a/include/conversation.php b/include/conversation.php index 64beb1b0e..ce0467770 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1607,7 +1607,7 @@ function prepare_page($item) { // prepare_body calls unobscure() as a side effect. Do it here so that // the template will get passed an unobscured title. - $body = prepare_body($item, true); + $body = prepare_body($item, [ 'newwin' => false ]); if(App::$page['template'] == 'none') { $tpl = 'page_display_empty.tpl'; diff --git a/include/help.php b/include/help.php index 0dc37e517..ce389b4db 100644 --- a/include/help.php +++ b/include/help.php @@ -306,7 +306,7 @@ function store_doc_file($s) { require_once('include/html2plain.php'); - $item['body'] = html2plain(prepare_text(file_get_contents($s),$mimetype, true)); + $item['body'] = html2plain(prepare_text(file_get_contents($s),$mimetype, [ 'cache' => true ])); $item['mimetype'] = 'text/plain'; $item['plink'] = z_root() . '/' . str_replace('doc','help',$s); diff --git a/include/text.php b/include/text.php index f634f0d55..658f53305 100644 --- a/include/text.php +++ b/include/text.php @@ -1588,7 +1588,7 @@ function generate_named_map($location) { } -function prepare_body(&$item,$attach = false) { +function prepare_body(&$item,$attach = false,$opts = false) { call_hooks('prepare_body_init', $item); @@ -1616,7 +1616,7 @@ function prepare_body(&$item,$attach = false) { $s .= prepare_binary($item); } else { - $s .= prepare_text($item['body'],$item['mimetype'], false); + $s .= prepare_text($item['body'],$item['mimetype'], $opts); } $event = (($item['obj_type'] === ACTIVITY_OBJ_EVENT) ? format_event_obj($item['obj']) : false); @@ -1698,7 +1698,8 @@ function prepare_binary($item) { * * @return string */ -function prepare_text($text, $content_type = 'text/bbcode', $cache = false) { +function prepare_text($text, $content_type = 'text/bbcode', $opts = false) { + switch($content_type) { case 'text/plain': @@ -1742,7 +1743,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) { if(stristr($text,'[nosmile]')) $s = bbcode($text, [ 'cache' => $cache ]); else - $s = smilies(bbcode($text, [ 'cache' => $cache ])); + $s = smilies(bbcode($text, ((is_array($opts)) ? $opts : [] ))); $s = zidify_links($s); From 1a25b0bda7d598888a49ee722f0f5cbea2a2f8f9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 4 Apr 2018 17:54:43 -0700 Subject: [PATCH 03/16] allow the profile recrods to be cloned separately --- Zotlabs/Module/Like.php | 3 ++- include/channel.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 6d9fde17c..12de86e72 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -296,10 +296,11 @@ class Like extends \Zotlabs\Web\Controller { notice( t('Permission denied') . EOL); killme(); } - + $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['owner_xchan']) ); + if($r) $thread_owner = $r[0]; else diff --git a/include/channel.php b/include/channel.php index 460c818da..4a87ef602 100644 --- a/include/channel.php +++ b/include/channel.php @@ -780,7 +780,7 @@ function identity_basic_export($channel_id, $sections = null) { } } - if(in_array('channel',$sections)) { + if(in_array('channel',$sections) || in_array('profile',$sections)) { $r = q("select * from profile where uid = %d", intval($channel_id) ); From e8646799427a51a13e97f83a7858274fbf85ba20 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 4 Apr 2018 18:53:06 -0700 Subject: [PATCH 04/16] private forum mentions --- Zotlabs/Module/Item.php | 2 +- include/text.php | 8 ++++++-- view/js/autocomplete.js | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index fba2ef7a4..ad72d9ccd 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -542,7 +542,7 @@ class Item extends \Zotlabs\Web\Controller { // Look for tags and linkify them $results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid); - + if($results) { // Set permissions based on tag replacements diff --git a/include/text.php b/include/text.php index 658f53305..255d02c7c 100644 --- a/include/text.php +++ b/include/text.php @@ -2577,6 +2577,9 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d // The @! tag will alter permissions $exclusive = (((! $grouptag) && (strpos($tag,'!') === 1) && (! $diaspora)) ? true : false); + if(($grouptag) && (strpos($tag,'!!') === 0)) { + $exclusive = true; + } //is it already replaced? if(strpos($tag,'[zrl=')) @@ -2749,8 +2752,8 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d $profile = str_replace(',','%2c',$profile); $url = $profile; if($grouptag) { - $newtag = '!' . '[zrl=' . $profile . ']' . $newname . '[/zrl]'; - $body = str_replace('!' . $name, $newtag, $body); + $newtag = '!' . (($exclusive) ? '!' : '') . '[zrl=' . $profile . ']' . $newname . '[/zrl]'; + $body = str_replace('!' . (($exclusive) ? '!' : '') . $name, $newtag, $body); } else { $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . $profile . ']' . $newname . (($forum && ! $trailing_plus_name) ? '+' : '') . '[/zrl]'; @@ -2800,6 +2803,7 @@ function linkify_tags($a, &$body, $uid, $diaspora = false) { continue; $success = handle_tag($a, $body, $access_tag, $str_tags, ($uid) ? $uid : App::$profile_uid , $tag, $diaspora); + $results[] = array('success' => $success, 'access_tag' => $access_tag); if($success['replaced']) $tagged[] = $tag; } diff --git a/view/js/autocomplete.js b/view/js/autocomplete.js index 7a1a7673d..07b9bc449 100644 --- a/view/js/autocomplete.js +++ b/view/js/autocomplete.js @@ -198,7 +198,7 @@ function string2bb(element) { // Autocomplete forums forums = { - match: /(^|\s)(\!)([^ \n]+)$/, + match: /(^|\s)(\!\!*)([^ \n]+)$/, index: 3, search: function(term, callback) { contact_search(term, callback, backend_url, 'f', extra_channels, spinelement=false); }, replace: editor_replace, From c86032d4dc0e3396a03d8bcc8eef25d9191f3cfc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 4 Apr 2018 20:58:54 -0700 Subject: [PATCH 05/16] oauth2 dynamic client registration update --- include/api.php | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/include/api.php b/include/api.php index c91590070..6a05a40a5 100644 --- a/include/api.php +++ b/include/api.php @@ -193,26 +193,18 @@ require_once('include/api_zot.php'); $redirect = trim($_REQUEST['redirect_uris'][0]); else $redirect = trim($_REQUEST['redirect_uris']); + $grant_types = trim($_REQUEST['grant_types']); + $scope = trim($_REQUEST['scope']); $icon = trim($_REQUEST['logo_uri']); - if($oauth2) { - $r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) - VALUES ( '%s', '%s', '%s', null, null, null ) ", - dbesc($key), - dbesc($secret), - dbesc($redirect) - ); - } - else { - $r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid) - VALUES ('%s','%s','%s','%s','%s',%d)", - dbesc($key), - dbesc($secret), - dbesc($name), - dbesc($redirect), - dbesc($icon), - intval(0) - ); - } + $r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) + VALUES ( '%s', '%s', '%s', '%s', '%s', '%s' ) ", + dbesc($key), + dbesc($secret), + dbesc($redirect), + dbesc($grant_types), + dbesc($scope), + dbesc((string) api_user()) + ); $ret['client_id'] = $key; $ret['client_secret'] = $secret; From fe401203bd33fdb19880420556c8a6b6a371f94e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 4 Apr 2018 23:14:41 -0700 Subject: [PATCH 06/16] bbcode() - ensure that $options is always an array, as the interface has changed slightly --- include/bbcode.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/bbcode.php b/include/bbcode.php index 8850f1c65..152e4888f 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -780,6 +780,10 @@ function parseIdentityAwareHTML($Text) { function bbcode($Text, $options = []) { + if(! is_array($options)) { + $options = []; + } + $preserve_nl = ((array_key_exists('preserve_nl',$options)) ? $options['preserve_nl'] : false); $tryoembed = ((array_key_exists('tryoembed',$options)) ? $options['tryoembed'] : true); $cache = ((array_key_exists('cache',$options)) ? $options['cache'] : false); From b7386a0e88ca292bf183cd1de9b09bd6e819172d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Apr 2018 16:58:37 -0700 Subject: [PATCH 07/16] fix permalinks to children of articles and cards --- Zotlabs/Module/Display.php | 6 +++--- Zotlabs/Module/Item.php | 1 + Zotlabs/Module/Like.php | 1 + Zotlabs/Module/React.php | 1 + 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 30f2a7f5f..06c9479b2 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -132,7 +132,7 @@ class Display extends \Zotlabs\Web\Controller { $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item.id = %d limit 1", intval($target_item['uid']), - intval($target_item['id']) + intval($target_item['parent']) ); if($x && $y) { goaway(z_root() . '/page/' . $x[0]['channel_address'] . '/' . $y[0]['v']); @@ -149,7 +149,7 @@ class Display extends \Zotlabs\Web\Controller { $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and item.id = %d limit 1", intval($target_item['uid']), - intval($target_item['id']) + intval($target_item['parent']) ); if($x && $y) { goaway(z_root() . '/articles/' . $x[0]['channel_address'] . '/' . $y[0]['v']); @@ -166,7 +166,7 @@ class Display extends \Zotlabs\Web\Controller { $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'CARD' and item.id = %d limit 1", intval($target_item['uid']), - intval($target_item['id']) + intval($target_item['parent']) ); if($x && $y) { goaway(z_root() . '/cards/' . $x[0]['channel_address'] . '/' . $y[0]['v']); diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index ad72d9ccd..bba1dc02d 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -468,6 +468,7 @@ class Item extends \Zotlabs\Web\Controller { $private = intval($acl->is_private() || $parent_item['item_private']); $public_policy = $parent_item['public_policy']; $owner_hash = $parent_item['owner_xchan']; + $webpage = $parent_item['item_type']; } if((! $allow_empty) && (! strlen($body))) { diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 12de86e72..4e216f08b 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -419,6 +419,7 @@ class Like extends \Zotlabs\Web\Controller { $arr['item_origin'] = 1; $arr['item_notshown'] = 1; + $arr['item_type'] = $item['item_type']; if(intval($item['item_wall'])) $arr['item_wall'] = 1; diff --git a/Zotlabs/Module/React.php b/Zotlabs/Module/React.php index 6473317c7..fbb760786 100644 --- a/Zotlabs/Module/React.php +++ b/Zotlabs/Module/React.php @@ -49,6 +49,7 @@ class React extends \Zotlabs\Web\Controller { $n['aid'] = $channel['channel_account_id']; $n['uid'] = $channel['channel_id']; $n['item_origin'] = true; + $n['item_type'] = $i[0]['item_type']; $n['parent'] = $postid; $n['parent_mid'] = $i[0]['mid']; $n['mid'] = item_message_id(); From f4c94ab121167ac34e550939f032e9982d69307b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Apr 2018 17:31:20 -0700 Subject: [PATCH 08/16] use profile_store_lowlevel() when importing profile structures to ensure all non-null fields are present --- include/import.php | 2 +- include/zot.php | 11 +++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/include/import.php b/include/import.php index d8b7030b6..1b0e95416 100644 --- a/include/import.php +++ b/include/import.php @@ -180,7 +180,7 @@ function import_profiles($channel, $profiles) { $profile['thumb'] = z_root() . '/photo/' . basename($profile['thumb']); } - create_table_from_array('profile', $profile); + profile_store_lowlevel($profile); } } } diff --git a/include/zot.php b/include/zot.php index 25ea9b8fb..2ad43f0e5 100644 --- a/include/zot.php +++ b/include/zot.php @@ -3855,11 +3855,14 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { intval($channel['channel_id']) ); if(! $x) { - q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", - dbesc($profile['profile_guid']), - intval($channel['channel_account_id']), - intval($channel['channel_id']) + profile_store_lowlevel( + [ + 'aid' => $channel['channel_account_id'], + 'uid' => $channel['channel_id'], + 'profile_guid' => $profile['profile_guid'], + ] ); + $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']) From 4a45c35c4e0e27b737d80a6f151b0b50aaef3d1e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Apr 2018 21:01:36 -0700 Subject: [PATCH 09/16] oauth2 client settings page --- Zotlabs/Module/Settings/Oauth.php | 11 +- Zotlabs/Module/Settings/Oauth2.php | 160 +++++++++++++++++++++++++++++ Zotlabs/Widget/Settings_menu.php | 10 +- include/features.php | 13 ++- view/tpl/settings_oauth2.tpl | 35 +++++++ view/tpl/settings_oauth2_edit.tpl | 21 ++++ view/tpl/settings_oauth_edit.tpl | 1 - 7 files changed, 242 insertions(+), 9 deletions(-) create mode 100644 Zotlabs/Module/Settings/Oauth2.php create mode 100755 view/tpl/settings_oauth2.tpl create mode 100755 view/tpl/settings_oauth2_edit.tpl diff --git a/Zotlabs/Module/Settings/Oauth.php b/Zotlabs/Module/Settings/Oauth.php index c612c7667..d6576c6de 100644 --- a/Zotlabs/Module/Settings/Oauth.php +++ b/Zotlabs/Module/Settings/Oauth.php @@ -23,11 +23,12 @@ class Oauth { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); - $name = ((x($_POST,'name')) ? $_POST['name'] : ''); - $key = ((x($_POST,'key')) ? $_POST['key'] : ''); - $secret = ((x($_POST,'secret')) ? $_POST['secret'] : ''); - $redirect = ((x($_POST,'redirect')) ? $_POST['redirect'] : ''); - $icon = ((x($_POST,'icon')) ? $_POST['icon'] : ''); + $name = ((x($_POST,'name')) ? escape_tags($_POST['name']) : ''); + $key = ((x($_POST,'key')) ? escape_tags($_POST['key']) : ''); + $secret = ((x($_POST,'secret')) ? escape_tags($_POST['secret']) : ''); + $redirect = ((x($_POST,'redirect')) ? escape_tags($_POST['redirect']) : ''); + $icon = ((x($_POST,'icon')) ? escape_tags($_POST['icon']) : ''); + $oauth2 = ((x($_POST,'oauth2')) ? intval($_POST['oauth2']) : 0); $ok = true; if($name == '') { $ok = false; diff --git a/Zotlabs/Module/Settings/Oauth2.php b/Zotlabs/Module/Settings/Oauth2.php new file mode 100644 index 000000000..88bbea3b8 --- /dev/null +++ b/Zotlabs/Module/Settings/Oauth2.php @@ -0,0 +1,160 @@ + 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) { + + check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2'); + + $name = ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : ''); + $secret = ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : ''); + $redirect = ((x($_POST,'redirect')) ? escape_tags(trim($_POST['redirect'])) : ''); + $grant = ((x($_POST,'grant')) ? escape_tags(trim($_POST['grant'])) : ''); + $scope = ((x($_POST,'scope')) ? escape_tags(trim($_POST['scope'])) : ''); + + $ok = true; + if($name == '' || $secret == '') { + $ok = false; + notice( t('Name and Secret are required') . EOL); + } + + if($ok) { + if ($_POST['submit']==t("Update")){ + $r = q("UPDATE oauth_clients SET + client_id = '%s', + client_secret = '%s', + redirect_uri = '%s', + grant_types = '%s', + scope = '%s', + user_id = '%s' + WHERE client_id='%s'", + dbesc($name), + dbesc($secret), + dbesc($redirect), + dbesc($grant), + dbesc($scope), + dbesc(local_channel()), + dbesc($name)); + } else { + $r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) + VALUES ('%s','%s','%s','%s','%s','%s')", + dbesc($name), + dbesc($secret), + dbesc($redirect), + dbesc($grant), + dbesc($scope), + dbesc(local_channel()) + ); + $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", + dbesc($name), + intval(local_channel()), + dbesc('all') + ); + } + } + goaway(z_root()."/settings/oauth2/"); + return; + } + } + + function get() { + + if((argc() > 2) && (argv(2) === 'add')) { + $tpl = get_markup_template("settings_oauth2_edit.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth2"), + '$title' => t('Add OAuth2 application'), + '$submit' => t('Submit'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), '', t('Name of application')), + '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), + '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), + '$grant' => array('grant', t('Grant Types'), '', t('leave blank unless your application sepcifically requires this')), + '$scope' => array('scope', t('Authorization scope'), '', t('leave blank unless your application sepcifically requires this')), + )); + return $o; + } + + if((argc() > 3) && (argv(2) === 'edit')) { + $r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= '%s'", + dbesc(argv(3)), + dbesc(local_channel()) + ); + + if (! $r){ + notice(t('OAuth2 Application not found.')); + return; + } + + $app = $r[0]; + + $tpl = get_markup_template("settings_oauth2_edit.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth2"), + '$title' => t('Add application'), + '$submit' => t('Update'), + '$cancel' => t('Cancel'), + '$name' => array('name', t('Name'), $app['client_id'], t('Name of application')), + '$secret' => array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')), + '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')), + '$grant' => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application sepcifically requires this')), + '$scope' => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application sepcifically requires this')), + )); + return $o; + } + + if((argc() > 3) && (argv(2) === 'delete')) { + check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2', 't'); + + $r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = '%s'", + dbesc(argv(3)), + dbesc(local_channel()) + ); + goaway(z_root()."/settings/oauth2/"); + return; + } + + + $r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = '%s') AS my + FROM oauth_clients + LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id + WHERE oauth_clients.user_id IN ('%s',0)", + dbesc(local_channel()), + dbesc(local_channel()) + ); + + $tpl = get_markup_template("settings_oauth2.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth2"), + '$baseurl' => z_root(), + '$title' => t('Connected OAuth2 Apps'), + '$add' => t('Add application'), + '$edit' => t('Edit'), + '$delete' => t('Delete'), + '$consumerkey' => t('Client key starts with'), + '$noname' => t('No name'), + '$remove' => t('Remove authorization'), + '$apps' => $r, + )); + return $o; + + } + +} \ No newline at end of file diff --git a/Zotlabs/Widget/Settings_menu.php b/Zotlabs/Widget/Settings_menu.php index 455fdcb9b..9574becc3 100644 --- a/Zotlabs/Widget/Settings_menu.php +++ b/Zotlabs/Widget/Settings_menu.php @@ -81,12 +81,20 @@ class Settings_menu { if(feature_enabled(local_channel(),'oauth_clients')) { $tabs[] = array( - 'label' => t('Connected apps'), + 'label' => t('OAuth1 apps'), 'url' => z_root() . '/settings/oauth', 'selected' => ((argv(1) === 'oauth') ? 'active' : ''), ); } + if(feature_enabled(local_channel(),'oauth2_clients')) { + $tabs[] = array( + 'label' => t('OAuth2 apps'), + 'url' => z_root() . '/settings/oauth2', + 'selected' => ((argv(1) === 'oauth2') ? 'active' : ''), + ); + } + if(feature_enabled(local_channel(),'access_tokens')) { $tabs[] = array( 'label' => t('Guest Access Tokens'), diff --git a/include/features.php b/include/features.php index 5481c37a4..4859a01db 100644 --- a/include/features.php +++ b/include/features.php @@ -246,13 +246,22 @@ function get_features($filtered = true) { [ 'oauth_clients', - t('OAuth Clients'), - t('Manage authenticatication tokens for mobile and remote apps.'), + t('OAuth1 Clients'), + t('Manage OAuth1 authenticatication tokens for mobile and remote apps.'), false, get_config('feature_lock','oauth_clients'), feature_level('oauth_clients',1), ], + [ + 'oauth2_clients', + t('OAuth2 Clients'), + t('Manage OAuth2 authenticatication tokens for mobile and remote apps.'), + false, + get_config('feature_lock','oauth2_clients'), + feature_level('oauth2_clients',1), + ], + [ 'access_tokens', t('Access Tokens'), diff --git a/view/tpl/settings_oauth2.tpl b/view/tpl/settings_oauth2.tpl new file mode 100755 index 000000000..882d34ea9 --- /dev/null +++ b/view/tpl/settings_oauth2.tpl @@ -0,0 +1,35 @@ +
+
+

{{$title}}

+
+ +
+
+ + + + + {{foreach $apps as $app}} +
+ {{if $app.client_id}}

{{$app.client_id}}

{{else}}

{{$noname}}

{{/if}} + {{if $app.my}} + {{if $app.oauth_token}} +
+ {{/if}} + {{/if}} + {{if $app.my}} + + + {{/if}} +
+ {{/foreach}} + +
+
+
diff --git a/view/tpl/settings_oauth2_edit.tpl b/view/tpl/settings_oauth2_edit.tpl new file mode 100755 index 000000000..399c64977 --- /dev/null +++ b/view/tpl/settings_oauth2_edit.tpl @@ -0,0 +1,21 @@ +
+
+

{{$title}}

+
+
+
+ +{{include file="field_input.tpl" field=$name}} +{{include file="field_input.tpl" field=$secret}} +{{include file="field_input.tpl" field=$redirect}} +{{include file="field_input.tpl" field=$grant}} +{{include file="field_input.tpl" field=$scope}} + +
+ + +
+ +
+
+
diff --git a/view/tpl/settings_oauth_edit.tpl b/view/tpl/settings_oauth_edit.tpl index b94dec48a..e44b44723 100755 --- a/view/tpl/settings_oauth_edit.tpl +++ b/view/tpl/settings_oauth_edit.tpl @@ -5,7 +5,6 @@
- {{include file="field_input.tpl" field=$name}} {{include file="field_input.tpl" field=$key}} {{include file="field_input.tpl" field=$secret}} From b17f7410501acadbf547c68a4577c371826e69e3 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 5 Apr 2018 22:15:15 -0700 Subject: [PATCH 10/16] bring back the dnt policy document, not sure when it was lost --- Zotlabs/Module/Well_known.php | 5 +- doc/dnt-policy.txt | 218 ++++++++++++++++++++++++++++++++++ 2 files changed, 222 insertions(+), 1 deletion(-) create mode 100644 doc/dnt-policy.txt diff --git a/Zotlabs/Module/Well_known.php b/Zotlabs/Module/Well_known.php index b57666bff..177de2323 100644 --- a/Zotlabs/Module/Well_known.php +++ b/Zotlabs/Module/Well_known.php @@ -26,7 +26,6 @@ class Well_known extends \Zotlabs\Web\Controller { killme(); } - switch(argv(1)) { case 'zot-info': \App::$argc -= 1; @@ -52,6 +51,10 @@ class Well_known extends \Zotlabs\Web\Controller { $module->init(); break; + case 'dnt-policy.txt': + echo file_get_contents('doc/dnt-policy.txt'); + killme(); + default: if(file_exists(\App::$cmd)) { echo file_get_contents(\App::$cmd); diff --git a/doc/dnt-policy.txt b/doc/dnt-policy.txt new file mode 100644 index 000000000..ad946d1f8 --- /dev/null +++ b/doc/dnt-policy.txt @@ -0,0 +1,218 @@ +Do Not Track Compliance Policy + +Version 1.0 + +This domain complies with user opt-outs from tracking via the "Do Not Track" +or "DNT" header [http://www.w3.org/TR/tracking-dnt/]. This file will always +be posted via HTTPS at https://example-domain.com/.well-known/dnt-policy.txt +to indicate this fact. + +SCOPE + +This policy document allows an operator of a Fully Qualified Domain Name +("domain") to declare that it respects Do Not Track as a meaningful privacy +opt-out of tracking, so that privacy-protecting software can better determine +whether to block or anonymize communications with this domain. This policy is +intended first and foremost to be posted on domains that publish ads, widgets, +images, scripts and other third-party embedded hypertext (for instance on +widgets.example.com), but it can be posted on any domain, including those users +visit directly (such as www.example.com). The policy may be applied to some +domains used by a company, site, or service, and not to others. Do Not Track +may be sent by any client that uses the HTTP protocol, including websites, +mobile apps, and smart devices like TVs. Do Not Track also works with all +protocols able to read HTTP headers, including SPDY. + +NOTE: This policy contains both Requirements and Exceptions. Where possible +terms are defined in the text, but a few additional definitions are included +at the end. + +REQUIREMENTS + +When this domain receives Web requests from a user who enables DNT by actively +choosing an opt-out setting in their browser or by installing software that is +primarily designed to protect privacy ("DNT User"), we will take the following +measures with respect to those users' data, subject to the Exceptions, also +listed below: + +1. END USER IDENTIFIERS: + + a. If a DNT User has logged in to our service, all user identifiers, such as + unique or nearly unique cookies, "supercookies" and fingerprints are + discarded as soon as the HTTP(S) response is issued. + + Data structures which associate user identifiers with accounts may be + employed to recognize logged in users per Exception 4 below, but may not + be associated with records of the user's activities unless otherwise + excepted. + + b. If a DNT User is not logged in to our service, we will take steps to ensure + that no user identifiers are transmitted to us at all. + +2. LOG RETENTION: + + a. Logs with DNT Users' identifiers removed (but including IP addresses and + User Agent strings) may be retained for a period of 10 days or less, + unless an Exception (below) applies. This period of time balances privacy + concerns with the need to ensure that log processing systems have time to + operate; that operations engineers have time to monitor and fix technical + and performance problems; and that security and data aggregation systems + have time to operate. + + b. These logs will not be used for any other purposes. + +3. OTHER DOMAINS: + + a. If this domain transfers identifiable user data about DNT Users to + contractors, affiliates or other parties, or embeds from or posts data to + other domains, we will either: + + b. ensure that the operators of those domains abide by this policy overall + by posting it at /.well-known/dnt-policy.txt via HTTPS on the domains in + question, + + OR + + ensure that the recipient's policies and practices require the recipient + to respect the policy for our DNT Users' data. + + OR + + obtain a contractual commitment from the recipient to respect this policy + for our DNT Users' data. + + NOTE: if an “Other Domain” does not receive identifiable user information + from the domain because such information has been removed, because the + Other Domain does not log that information, or for some other reason, these + requirements do not apply. + + c. "Identifiable" means any records which are not Anonymized or otherwise + covered by the Exceptions below. + +4. PERIODIC REASSERTION OF COMPLIANCE: + + At least once every 12 months, we will take reasonable steps commensurate + with the size of our organization and the nature of our service to confirm + our ongoing compliance with this document, and we will publicly reassert our + compliance. + +5. USER NOTIFICATION: + + a. If we are required by law to retain or disclose user identifiers, we will + attempt to provide the users with notice (unless we are prohibited or it + would be futile) that a request for their information has been made in + order to give the users an opportunity to object to the retention or + disclosure. + + b. We will attempt to provide this notice by email, if the users have given + us an email address, and by postal mail if the users have provided a + postal address. + + c. If the users do not challenge the disclosure request, we may be legally + required to turn over their information. + + d. We may delay notice if we, in good faith, believe that an emergency + involving danger of death or serious physical injury to any person + requires disclosure without delay of information relating to the + emergency. + +EXCEPTIONS + +Data from DNT Users collected by this domain may be logged or retained only in +the following specific situations: + +1. CONSENT / "OPT BACK IN" + + a. DNT Users are opting out from tracking across the Web. It is possible + that for some feature or functionality, we will need to ask a DNT User to + "opt back in" to be tracked by us across the entire Web. + + b. If we do that, we will take reasonable steps to verify that the users who + select this option have genuinely intended to opt back in to tracking. + One way to do this is by performing scientifically reasonable user + studies with a representative sample of our users, but smaller + organizations can satisfy this requirement by other means. + + c. Where we believe that we have opt back in consent, our server will + send a tracking value status header "Tk: C" as described in section 6.2 + of the W3C Tracking Preference Expression draft: + + http://www.w3.org/TR/tracking-dnt/#tracking-status-value + +2. TRANSACTIONS + + If a DNT User actively and knowingly enters a transaction with our + services (for instance, clicking on a clearly-labeled advertisement, + posting content to a widget, or purchasing an item), we will retain + necessary data for as long as required to perform the transaction. This + may for example include keeping auditing information for clicks on + advertising links; keeping a copy of posted content and the name of the + posting user; keeping server-side session IDs to recognize logged in + users; or keeping a copy of the physical address to which a purchased + item will be shipped. By their nature, some transactions will require data + to be retained indefinitely. + +3. TECHNICAL AND SECURITY LOGGING: + + a. If, during the processing of the initial request (for unique identifiers) + or during the subsequent 10 days (for IP addresses and User Agent strings), + we obtain specific information that causes our employees or systems to + believe that a request is, or is likely to be, part of a security attack, + spam submission, or fraudulent transaction, then logs of those requests + are not subject to this policy. + + b. If we encounter technical problems with our site, then, in rare + circumstances, we may retain logs for longer than 10 days, if that is + necessary to diagnose and fix those problems, but this practice will not be + routinized and we will strive to delete such logs as soon as possible. + +4. AGGREGATION: + + a. We may retain and share anonymized datasets, such as aggregate records of + readership patterns; statistical models of user behavior; graphs of system + variables; data structures to count active users on monthly or yearly + bases; database tables mapping authentication cookies to logged in + accounts; non-unique data structures constructed within browsers for tasks + such as ad frequency capping or conversion tracking; or logs with truncated + and/or encrypted IP addresses and simplified User Agent strings. + + b. "Anonymized" means we have conducted risk mitigation to ensure + that the dataset, plus any additional information that is in our + possession or likely to be available to us, does not allow the + reconstruction of reading habits, online or offline activity of groups of + fewer than 5000 individuals or devices. + + c. If we generate anonymized datasets under this exception we will publicly + document our anonymization methods in sufficient detail to allow outside + experts to evaluate the effectiveness of those methods. + +5. ERRORS: + +From time to time, there may be errors by which user data is temporarily +logged or retained in violation of this policy. If such errors are +inadvertent, rare, and made in good faith, they do not constitute a breach +of this policy. We will delete such data as soon as practicable after we +become aware of any error and take steps to ensure that it is deleted by any +third-party who may have had access to the data. + +ADDITIONAL DEFINITIONS + +"Fully Qualified Domain Name" means a domain name that addresses a computer +connected to the Internet. For instance, example1.com; www.example1.com; +ads.example1.com; and widgets.example2.com are all distinct FQDNs. + +"Supercookie" means any technology other than an HTTP Cookie which can be used +by a server to associate identifiers with the clients that visit it. Examples +of supercookies include Flash LSO cookies, DOM storage, HTML5 storage, or +tricks to store information in caches or etags. + +"Risk mitigation" means an engineering process that evaluates the possibility +and likelihood of various adverse outcomes, considers the available methods of +making those adverse outcomes less likely, and deploys sufficient mitigations +to bring the probability and harm from adverse outcomes below an acceptable +threshold. + +"Reading habits" includes amongst other things lists of visited DNS names, if +those domains pertain to specific topics or activities, but records of visited +DNS names are not reading habits if those domain names serve content of a very +diverse and general nature, thereby revealing minimal information about the +opinions, interests or activities of the user. From 4499ee178f5ae7238fe1d3bd4bcc5060111f546a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 6 Apr 2018 01:24:38 -0700 Subject: [PATCH 11/16] put directory server in siteinfo - there are a lot of sites using broken directories --- include/network.php | 1 + 1 file changed, 1 insertion(+) diff --git a/include/network.php b/include/network.php index a49e5920d..db9a7d00a 100644 --- a/include/network.php +++ b/include/network.php @@ -1607,6 +1607,7 @@ function get_site_info() { 'register_policy' => $register_policy[get_config('system','register_policy')], 'invitation_only' => (bool) intval(get_config('system','invitation_only')), 'directory_mode' => $directory_mode[get_config('system','directory_mode')], + 'directory_server' => get_config('system','directory_server'), 'language' => get_config('system','language'), 'rss_connections' => (bool) intval(get_config('system','feed_contacts')), 'expiration' => $site_expire, From 8048b7addcf214d1f81cd63d602cce21adce0c8d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 6 Apr 2018 16:45:25 -0700 Subject: [PATCH 12/16] channel import failing to provide channel_password value --- include/import.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/import.php b/include/import.php index 1b0e95416..0d3fb8c32 100644 --- a/include/import.php +++ b/include/import.php @@ -99,7 +99,7 @@ function import_channel($channel, $account_id, $seize) { } if($clean) { - create_table_from_array('channel',$clean); + channel_store_lowlevel($clean); } $r = q("select * from channel where channel_account_id = %d and channel_guid = '%s' limit 1", From 4d08fcf1a7075c933c8b57b9bf1d66acbb19ec07 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 7 Apr 2018 13:29:36 +0200 Subject: [PATCH 13/16] Use Add Files/Photos instead of Upload to open the upload dialog --- Zotlabs/Module/Photos.php | 4 ++-- Zotlabs/Storage/Browser.php | 2 +- view/tpl/cloud_header.tpl | 2 +- view/tpl/photo_album.tpl | 2 +- view/tpl/photos_recent.tpl | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 81af607ec..05cacb2c2 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -841,7 +841,7 @@ class Photos extends \Zotlabs\Web\Controller { '$album_id' => $datum, '$album_edit' => array(t('Edit Album'), $album_edit), '$can_post' => $can_post, - '$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum), + '$upload' => array(t('Add Photos'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum), '$order' => $order, '$upload_form' => $upload_form, '$usage' => $usage_message @@ -1378,7 +1378,7 @@ class Photos extends \Zotlabs\Web\Controller { '$title' => t('Recent Photos'), '$album_id' => bin2hex(t('Recent Photos')), '$can_post' => $can_post, - '$upload' => array(t('Upload'), z_root().'/photos/'.\App::$data['channel']['channel_address'].'/upload'), + '$upload' => array(t('Add Photos'), z_root().'/photos/'.\App::$data['channel']['channel_address'].'/upload'), '$photos' => $photos, '$upload_form' => $upload_form, '$usage' => $usage_message diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index f1c95802b..508c39d22 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -274,7 +274,7 @@ class Browser extends DAV\Browser\Plugin { '$actionspanel' => $output, '$shared' => t('Shared'), '$create' => t('Create'), - '$upload' => t('Upload'), + '$upload' => t('Add Files'), '$is_owner' => $is_owner, '$parentpath' => $parentpath, '$cpath' => bin2hex(\App::$query_string), diff --git a/view/tpl/cloud_header.tpl b/view/tpl/cloud_header.tpl index 307dc8956..642fb1866 100644 --- a/view/tpl/cloud_header.tpl +++ b/view/tpl/cloud_header.tpl @@ -6,7 +6,7 @@  {{$shared}} {{/if}} - + {{/if}}
diff --git a/view/tpl/photo_album.tpl b/view/tpl/photo_album.tpl index 678e790ac..de59809f4 100755 --- a/view/tpl/photo_album.tpl +++ b/view/tpl/photo_album.tpl @@ -9,7 +9,7 @@ {{/if}} {{if $can_post}} - + {{/if}} diff --git a/view/tpl/photos_recent.tpl b/view/tpl/photos_recent.tpl index a9574aade..d24b362f8 100755 --- a/view/tpl/photos_recent.tpl +++ b/view/tpl/photos_recent.tpl @@ -2,7 +2,7 @@
{{if $can_post}} - + {{/if}}

{{$title}}

From 969a91c4321eecade0537bf40b2ba5930da27d8a Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 7 Apr 2018 13:36:34 +0200 Subject: [PATCH 14/16] use Title instead of Caption - issue #1037 --- Zotlabs/Module/Photos.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 05cacb2c2..fa22c3f26 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -695,8 +695,8 @@ class Photos extends \Zotlabs\Web\Controller { '$newalbum_label' => t('Enter an album name'), '$newalbum_placeholder' => t('or select an existing album (doubleclick)'), '$visible' => array('visible', t('Create a status post for this upload'), 0,'', array(t('No'), t('Yes')), 'onclick="showHideBodyTextarea();"'), - '$caption' => array('description', t('Caption (optional):')), - '$body' => array('body', t('Description (optional):'),'', 'Description will only appear in the status post'), + '$caption' => array('description', t('Title (optional)')), + '$body' => array('body', t('Description (optional)'),'', 'Description will only appear in the status post'), '$albums' => $albums['albums'], '$selname' => $selname, '$permissions' => t('Permissions'), @@ -1065,7 +1065,7 @@ class Photos extends \Zotlabs\Web\Controller { 'newalbum_placeholder' => t('or select an existing one (doubleclick)'), 'nickname' => \App::$data['channel']['channel_address'], 'resource_id' => $ph[0]['resource_id'], - 'capt_label' => t('Caption'), + 'capt_label' => t('Title (optional)'), 'caption' => $caption_e, 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), From 0fd763433912d50b07a0d2fc20208e1060318df7 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 7 Apr 2018 13:50:41 +0200 Subject: [PATCH 15/16] rename relation to relationship - issue #1044 --- Zotlabs/Module/Profiles.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index e02cb33db..202ee462a 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -732,7 +732,7 @@ class Profiles extends \Zotlabs\Web\Controller { '$addthing' => t('Add profile things'), '$personal' => t('Personal'), '$location' => t('Location'), - '$relation' => t('Relation'), + '$relation' => t('Relationship'), '$miscellaneous'=> t('Miscellaneous'), '$exportable' => feature_enabled(local_channel(),'profile_export'), '$lbl_import' => t('Import profile from file'), From 9369150db7ada4b57936caef838766c806aa1ca7 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 7 Apr 2018 14:15:07 +0200 Subject: [PATCH 16/16] rename button label in editpost from edit to submit --- Zotlabs/Module/Editpost.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index a54c42e7f..57a4cb97f 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -82,7 +82,7 @@ class Editpost extends \Zotlabs\Web\Controller { 'editor_autocomplete'=> true, 'bbco_autocomplete'=> 'bbcode', 'return_path' => $_SESSION['return_url'], - 'button' => t('Edit'), + 'button' => t('Submit'), 'hide_voting' => true, 'hide_future' => true, 'hide_location' => true,