harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge

Browse Source
This commit is contained in:
Christian Vogeley
2013-08-03 00:04:26 +02:00
parent d2d1e54bfe 1d816ba90a
commit c0cd147a3a
119 changed files with 1506 additions and 1508 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/ItemObject.php
View File

@@ -262,7 +262,7 @@ class Item extends BaseObject {
}
}
$result['private'] = $item['private'];
$result['private'] = $item['item_private'];
$result['toplevel'] = ($this->is_toplevel() ? 'toplevel_item' : '');
if($this->is_threaded()) {

4
include/attach.php
View File

@@ -193,13 +193,13 @@ function attach_by_hash($hash,$rev = 0) {
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the attachment
dbg(1);
$r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1",
dbesc($hash),
intval($r[0]['uid'])
);
dbg(0);
if(! $r) {
$ret['message'] = t('Permission denied.');
return $ret;

36
include/config.php
View File

@@ -130,20 +130,12 @@ function load_pconfig($uid,$family = '') {
if(! array_key_exists($uid,$a->config))
$a->config[$uid] = array();
if(($family) && (! array_key_exists($family,$a->config[$uid])))
$a->config[$uid][$family] = array();
if($family) {
$r = q("SELECT * FROM `pconfig` WHERE `cat` = '%s' AND `uid` = %d",
dbesc($family),
intval($uid)
);
}
else {
$r = q("SELECT * FROM `pconfig` WHERE `uid` = %d",
intval($uid)
);
}
// family is no longer used - load entire user config
$r = q("SELECT * FROM `pconfig` WHERE `uid` = %d",
intval($uid)
);
if($r) {
foreach($r as $rr) {
@@ -266,20 +258,12 @@ function load_xconfig($xchan,$family = '') {
if(! array_key_exists($xchan,$a->config))
$a->config[$xchan] = array();
if(($family) && (! array_key_exists($family,$a->config[$xchan])))
$a->config[$xchan][$family] = array();
if($family) {
$r = q("SELECT * FROM `xconfig` WHERE `cat` = '%s' AND `xchan` = '%s'",
dbesc($family),
dbesc($xchan)
);
}
else {
$r = q("SELECT * FROM `xconfig` WHERE `xchan` = '%s'",
dbesc($xchan)
);
}
// family is no longer used. Entire config is loaded
$r = q("SELECT * FROM `xconfig` WHERE `xchan` = '%s'",
dbesc($xchan)
);
if($r) {
foreach($r as $rr) {

2
include/conversation.php
View File

@@ -1128,6 +1128,8 @@ function conv_sort($arr,$order) {
usort($parents,'sort_thr_created');
elseif(stristr($order,'commented'))
usort($parents,'sort_thr_commented');
elseif(stristr($order,'ascending'))
usort($parents,'sort_thr_created_rev');
if(count($parents))
foreach($parents as $i=>$_x)

17
include/enotify.php
View File

@@ -33,7 +33,7 @@ function notification($params) {
push_lang($recip['account_language']); // should probably have a channel language
$banner = t('Red Notification');
$banner = t('Red Matrix Notification');
$product = RED_PLATFORM;
$siteurl = $a->get_baseurl(true);
$thanks = t('Thank You,');
@@ -89,7 +89,7 @@ function notification($params) {
intval($recip['channel_id'])
);
if($p) {
logger('notification comment already notified');
logger('notification: comment already notified');
pop_lang();
return;
}
@@ -168,6 +168,19 @@ function notification($params) {
}
if($params['type'] == NOTIFY_TAGSELF) {
$p = null;
$p = q("select id from notify where link = '%s' and uid = %d limit 1",
dbesc($params['link']),
intval($recip['channel_id'])
);
if($p) {
logger('enotify: tag: already notified about this post');
pop_lang();
return;
}
$subject = sprintf( t('[Red:Notify] %s tagged you') , $sender['xchan_name']);
$preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename);
$epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') ,

187
include/items.php
View File

@@ -491,7 +491,6 @@ function title_is_body($title, $body) {
function get_item_elements($x) {
$arr = array();
$arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : '');
$arr['created'] = datetime_convert('UTC','UTC',$x['created']);
@@ -506,6 +505,11 @@ function get_item_elements($x) {
$arr['edited'] = datetime_convert();
$arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : '');
if(mb_strlen($arr['title']) > 255)
$arr['title'] = mb_substr($arr['title'],0,255);
$arr['app'] = (($x['app']) ? htmlentities($x['app'], ENT_COMPAT,'UTF-8',false) : '');
$arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
$arr['parent_mid'] = (($x['message_top']) ? htmlentities($x['message_top'], ENT_COMPAT,'UTF-8',false) : '');
@@ -528,6 +532,21 @@ function get_item_elements($x) {
$arr['item_private'] = ((array_key_exists('flags',$x) && is_array($x['flags']) && in_array('private',$x['flags'])) ? 1 : 0);
$arr['item_flags'] = 0;
// if it's a private post, encrypt it in the DB.
// We have to do that here because we need to cleanse the input and prevent bad stuff from getting in,
// and we need plaintext to do that.
if(intval($arr['item_private'])) {
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
$key = get_config('system','pubkey');
if($arr['title'])
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
if($arr['body'])
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
}
if(array_key_exists('flags',$x) && in_array('deleted',$x['flags']))
$arr['item_restrict'] = ITEM_DELETED;
@@ -599,6 +618,14 @@ function encode_item($item) {
$scope = map_scope($public_scope);
$c_scope = map_scope($comment_scope);
if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
$key = get_config('system','prvkey');
if($item['title'])
$item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key);
if($item['body'])
$item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key);
}
if($item['item_restrict'] & ITEM_DELETED) {
$x['message_id'] = $item['mid'];
$x['created'] = $item['created'];
@@ -791,7 +818,13 @@ function encode_mail($item) {
$x = array();
$x['type'] = 'mail';
logger('encode_mail: ' . print_r($item,true));
if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) {
$key = get_config('system','prvkey');
if($item['title'])
$item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key);
if($item['body'])
$item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key);
}
$x['message_id'] = $item['mid'];
$x['message_parent'] = $item['parent_mid'];
@@ -803,9 +836,6 @@ function encode_mail($item) {
$x['flags'] = array();
if($item['mail_flags'] & MAIL_OBSCURED)
$x['flags'][] = 'obscured';
if($item['mail_flags'] & MAIL_RECALLED) {
$x['flags'][] = 'recalled';
$x['title'] = '';
@@ -832,18 +862,16 @@ function get_mail_elements($x) {
if(in_array('recalled',$x['flags'])) {
$arr['mail_flags'] |= MAIL_RECALLED;
}
if(in_array('obscured',$x['flags'])) {
$arr['mail_flags'] |= MAIL_OBSCURED;
$arr['body'] = base64url_decode($arr['body']);
$arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
$arr['body'] = base64url_encode($arr['body']);
$arr['title'] = base64url_decode($arr['title']);
$arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
$arr['title'] = base64url_encode($arr['title']);
}
}
$key = get_config('system','pubkey');
$arr['mail_flags'] |= MAIL_OBSCURED;
$arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
if($arr['body'])
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
$arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
if($arr['title'])
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
if($arr['created'] > datetime_convert())
$arr['created'] = datetime_convert();
@@ -1328,24 +1356,56 @@ function item_store($arr,$force_parent = false) {
if(array_key_exists('parent',$arr))
unset($arr['parent']);
$arr['lang'] = detect_language($arr['body']);
$arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode');
$arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : '');
$arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : '');
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
$arr['allow_cid'] = ((x($arr,'allow_cid')) ? trim($arr['allow_cid']) : '');
$arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : '');
$arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : '');
$arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : '');
$arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : 0 );
$arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
call_hooks('item_translate', $translate);
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
return;
}
$arr = $translate['item'];
// this is a bit messy - we really need an input filter chain that temporarily undoes obscuring
if($arr['mimetype'] != 'text/html') {
if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
$arr['body'] = escape_tags($arr['body']);
if((strpos($arr['title'],'<') !== false) || (strpos($arr['title'],'>') !== false))
$arr['title'] = escape_tags($arr['title']);
}
// Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin.
// only detect language if we have text content, and if the post is private but not yet
// obscured, make it so.
if(! ($arr['item_flags'] & ITEM_OBSCURED)) {
$arr['lang'] = detect_language($arr['body']);
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
call_hooks('item_translate', $translate);
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
return;
}
$arr = $translate['item'];
}
if($arr['item_private']) {
$key = get_config('system','pubkey');
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
if($arr['title'])
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
if($arr['body'])
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
}
}
if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
$arr['body'] = escape_tags($arr['body']);
if((x($arr,'object')) && is_array($arr['object'])) {
activity_sanitise($arr['object']);
@@ -1372,8 +1432,6 @@ function item_store($arr,$force_parent = false) {
$arr['commented'] = datetime_convert();
$arr['received'] = datetime_convert();
$arr['changed'] = datetime_convert();
$arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode');
$arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : '');
$arr['location'] = ((x($arr,'location')) ? notags(trim($arr['location'])) : '');
$arr['coord'] = ((x($arr,'coord')) ? notags(trim($arr['coord'])) : '');
$arr['parent_mid'] = ((x($arr,'parent_mid')) ? notags(trim($arr['parent_mid'])) : '');
@@ -1384,19 +1442,12 @@ function item_store($arr,$force_parent = false) {
$arr['tgt_type'] = ((x($arr,'tgt_type')) ? notags(trim($arr['tgt_type'])) : '');
$arr['target'] = ((x($arr,'target')) ? trim($arr['target']) : '');
$arr['plink'] = ((x($arr,'plink')) ? notags(trim($arr['plink'])) : '');
$arr['allow_cid'] = ((x($arr,'allow_cid')) ? trim($arr['allow_cid']) : '');
$arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : '');
$arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : '');
$arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : '');
$arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : 0 );
$arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : '');
$arr['attach'] = ((x($arr,'attach')) ? notags(trim($arr['attach'])) : '');
$arr['app'] = ((x($arr,'app')) ? notags(trim($arr['app'])) : '');
$arr['item_restrict'] = ((x($arr,'item_restrict')) ? intval($arr['item_restrict']) : 0 );
$arr['comment_policy'] = ((x($arr,'comment_policy')) ? notags(trim($arr['comment_policy'])) : 'contacts' );
$arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
$arr['item_flags'] = $arr['item_flags'] | ITEM_UNSEEN;
@@ -1553,7 +1604,7 @@ function item_store($arr,$force_parent = false) {
if(strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid))
$private = 1;
else
$private = $arr['private'];
$private = $arr['item_private'];
// Set parent id - and also make sure to inherit the parent's ACL's.
@@ -1574,7 +1625,7 @@ function item_store($arr,$force_parent = false) {
$arr['allow_gid'] = $allow_gid;
$arr['deny_cid'] = $deny_cid;
$arr['deny_gid'] = $deny_gid;
$arr['private'] = $private;
$arr['item_private'] = $private;
// Store taxonomy
@@ -2050,10 +2101,17 @@ function tgroup_check($uid,$item) {
$mention = false;
// check that the message originated elsewhere and is a top-level post
// or is a followup and we have already accepted the top level post
if($arr['mid'] != $arr['parent_mid'])
if($item['mid'] != $item['parent_mid']) {
$r = q("select id from item where mid = '%s' and uid = %d limit 1",
dbesc($item['parent_mid']),
intval($uid)
);
if($r)
return true;
return false;
}
if(! perm_is_allowed($uid,$item['author_xchan'],'tag_deliver'))
return false;
@@ -4712,39 +4770,52 @@ function zot_feed($uid,$observer_xchan,$mindate) {
if(! $mindate)
$mindate = '0000-00-00 00:00:00';
$mindate = dbesc($mindate);
if(! perm_is_allowed($uid,$observer_xchan,'view_stream')) {
return $result;
}
// FIXME
$sql_extra = item_permissions_sql($uid,$remote_contact,$groups);
$sql_extra = item_permissions_sql($uid);
if($mindate != '0000-00-00 00:00:00')
if($mindate != '0000-00-00 00:00:00') {
$sql_extra .= " and created > '$mindate' ";
$limit = "";
}
else
$limit = " limit 0, 50 ";
$items = array();
// FIXME
// We probably should use two queries and pick up total conversations.
// For now get a chunk of raw posts in ascending created order so that
// hopefully the parent is imported before we see the kids.
// This will fail if there are more than $limit kids and you didn't
// receive the parent via direct delivery
$limit = 200;
$items = q("SELECT item.* from item
WHERE uid = %d AND item_restrict = 0
$r = q("SELECT item.*, item.id as item_id from item
WHERE uid = %d AND item_restrict = 0 and id = parent
AND (item_flags & %d)
$sql_extra ORDER BY created ASC limit 0, $limit",
$sql_extra ORDER BY created ASC $limit",
intval($uid),
intval(ITEM_WALL)
);
if($r) {
$parents_str = ids_to_querystr($r,'id');
$items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item`
WHERE `item`.`uid` = %d AND `item`.`item_restrict` = 0
AND `item`.`parent` IN ( %s ) ",
intval($uid),
dbesc($parents_str)
);
}
if($items) {
xchan_query($items);
$items = fetch_post_tags($items);
} else {
$items = array();
require_once('include/conversation.php');
$items = conv_sort($items,'ascending');
}
else
$items = array();
foreach($items as $item)
$result[] = encode_item($item);

94
include/message.php
View File

@@ -2,6 +2,7 @@
/* Private Message backend API */
require_once('include/crypto.php');
// send a private message
@@ -56,6 +57,28 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
$replyto = $mid;
}
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded messages that are in the
* post and set them to the same permissions as the post itself.
*
*/
$match = null;
$images = null;
if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match))
$images = $match[1];
$key = get_config('system','pubkey');
if($subject)
$subject = json_encode(aes_encapsulate($subject,$key));
if($body)
$body = json_encode(aes_encapsulate($body,$key));
$r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created )
VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
@@ -64,8 +87,8 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
intval($channel['channel_id']),
dbesc($channel['channel_hash']),
dbesc($recipient),
dbesc(base64url_encode($subject)),
dbesc(base64url_encode($body)),
dbesc($subject),
dbesc($body),
dbesc($mid),
dbesc($replyto),
dbesc(datetime_convert())
@@ -84,35 +107,18 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
return $ret;
}
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded messages that are in the
* post and set them to the same permissions as the post itself.
*
*/
$match = null;
if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) {
$images = $match[1];
if(count($images)) {
foreach($images as $image) {
if(! stristr($image,$a->get_baseurl() . '/photo/'))
continue;
$image_uri = substr($image,strrpos($image,'/') + 1);
$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
$r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'",
dbesc('<' . $recipient . '>'),
dbesc($image_uri),
intval($channel['channel_id']),
dbesc('<' . $channel['channel_hash'] . '>')
);
}
if(count($images)) {
foreach($images as $image) {
if(! stristr($image,$a->get_baseurl() . '/photo/'))
continue;
$image_uri = substr($image,strrpos($image,'/') + 1);
$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
$r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'",
dbesc('<' . $recipient . '>'),
dbesc($image_uri),
intval($channel['channel_id']),
dbesc('<' . $channel['channel_hash'] . '>')
);
}
}
@@ -171,11 +177,14 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
$r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c);
$r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0);
if($r[$k]['mail_flags'] & MAIL_OBSCURED) {
$r[$k]['title'] = base64url_decode($r[$k]['title']);
$r[$k]['body'] = base64url_decode($r[$k]['body']);
logger('unencrypting');
$key = get_config('system','prvkey');
if($r[$k]['title'])
$r[$k]['title'] = aes_unencapsulate(json_decode($r[$k]['title'],true),$key);
if($r[$k]['body'])
$r[$k]['body'] = aes_unencapsulate(json_decode($r[$k]['body'],true),$key);
}
}
return $r;
@@ -209,8 +218,11 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
$messages[$k]['title'] = base64url_decode($messages[$k]['title']);
$messages[$k]['body'] = base64url_decode($messages[$k]['body']);
$key = get_config('system','prvkey');
if($messages[$k]['title'])
$messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key);
if($messages[$k]['body'])
$messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key);
}
}
@@ -294,10 +306,12 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
$messages[$k]['title'] = base64url_decode($messages[$k]['title']);
$messages[$k]['body'] = base64url_decode($messages[$k]['body']);
$key = get_config('system','prvkey');
if($messages[$k]['title'])
$messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key);
if($messages[$k]['body'])
$messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key);
}
}

5
include/notifier.php
View File

@@ -328,7 +328,10 @@ function notifier_run($argv, $argc){
// Generic delivery section, we have an encoded item and recipients
// Now start the delivery process
logger('notifier: encoded item: ' . print_r($encoded_item,true));
$x = $encoded_item;
$x['title'] = 'private';
$x['body'] = 'private';
logger('notifier: encoded item: ' . print_r($x,true), LOGGER_DATA);
stringify_array_elms($recipients);
if(! $recipients)

4
include/photo/photo_imagick.php
View File

@@ -153,14 +153,14 @@ class photo_imagick extends photo_driver {
do {
$this->image->cropImage($w, $h, $x, $y);
/**
* We need to remove the canva,
* We need to remove the canvas,
* or the image is not resized to the crop:
* http://php.net/manual/en/imagick.cropimage.php#97232
*/
$this->image->setImagePage(0, 0, 0, 0);
} while ($this->image->nextImage());
$this->doScaleImage($max);
$this->doScaleImage($max,$max);
}
public function imageString() {

74
include/security.php
View File

@@ -205,26 +205,29 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
else {
$observer = get_app()->get_observer();
$groups = init_groups_visitor($remote_user);
$observer = get_observer_hash();
if($observer) {
$groups = init_groups_visitor($observer);
$gs = '<<>>'; // should be impossible to match
$gs = '<<>>'; // should be impossible to match
if(is_array($groups) && count($groups)) {
foreach($groups as $g)
$gs .= '|<' . $g . '>';
}
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
dbesc($gs),
dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
dbesc($gs)
);
if(is_array($groups) && count($groups)) {
foreach($groups as $g)
$gs .= '|<' . $g . '>';
}
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
dbesc(protect_sprintf( '%<' . $observer . '>%')),
dbesc($gs),
dbesc(protect_sprintf( '%<' . $observer . '>%')),
dbesc($gs)
);
}
}
return $sql;
}
@@ -260,25 +263,28 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
else {
$observer = get_app()->get_observer();
$groups = init_groups_visitor($remote_user);
$observer = get_observer_hash();
$gs = '<<>>'; // should be impossible to match
if($observer) {
$groups = init_groups_visitor($observer);
if(is_array($groups) && count($groups)) {
foreach($groups as $g)
$gs .= '|<' . $g . '>';
}
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
dbesc($gs),
dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
dbesc($gs)
);
$gs = '<<>>'; // should be impossible to match
if(is_array($groups) && count($groups)) {
foreach($groups as $g)
$gs .= '|<' . $g . '>';
}
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
)
",
dbesc(protect_sprintf( '%<' . $observer . '>%')),
dbesc($gs),
dbesc(protect_sprintf( '%<' . $observer . '>%')),
dbesc($gs)
);
}
}
return $sql;
}

18
include/text.php
View File

@@ -887,7 +887,7 @@ function smilies($s, $sample = false) {
'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />',
'<img class="smiley" src="' . $a->get_baseurl() . '/images/like.gif" alt=":like" />',
'<img class="smiley" src="' . $a->get_baseurl() . '/images/dislike.gif" alt=":dislike" />',
'<img class="smiley" src="' . $a->get_baseurl() . '/images/rhash-16.png" alt="red#" /></a>',
'<a href="http://getzot.com"><img class="smiley" src="' . $a->get_baseurl() . '/images/rhash-16.png" alt="red#" /> the Red Matrix</a>',
'<a href="http://friendica.com">~friendica <img class="smiley" src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>'
);
@@ -977,11 +977,22 @@ function link_compare($a,$b) {
function prepare_body($item,$attach = false) {
function prepare_body(&$item,$attach = false) {
$a = get_app();
call_hooks('prepare_body_init', $item);
if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
$key = get_config('system','prvkey');
if($item['title'])
$item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key);
if($item['body'])
$item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key);
}
$s = prepare_text($item['body'],$item['mimetype']);
$prep_arr = array('item' => $item, 'html' => $s);
@@ -992,6 +1003,7 @@ function prepare_body($item,$attach = false) {
return $s;
}
$arr = json_decode($item['attach'],true);
if(count($arr)) {
$s .= '<div class="body-attach">';
@@ -1246,7 +1258,7 @@ function feed_salmonlinks($nick) {
function get_plink($item) {
$a = get_app();
if (x($item,'plink') && ($item['private'] != 1)) {
if (x($item,'plink') && ($item['item_private'] != 1)) {
return array(
'href' => $item['plink'],
'title' => t('link to source'),

25
include/zot.php
View File

@@ -770,8 +770,6 @@ function zot_fetch($arr) {
function zot_import($arr) {
// logger('zot_import: ' . print_r($arr,true), LOGGER_DATA);
$data = json_decode($arr['body'],true);
if(! $data) {
@@ -783,8 +781,6 @@ function zot_import($arr) {
$data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true);
}
logger('zot_import: data' . print_r($data,true), LOGGER_DATA);
$incoming = $data['pickup'];
$return = array();
@@ -837,10 +833,12 @@ function zot_import($arr) {
if($i['message']) {
if($i['message']['type'] === 'activity') {
$arr = get_item_elements($i['message']);
if(! array_key_exists('created',$arr)) {
logger('Activity rejected: probable failure to lookup author/owner. ' . print_r($i['message'],true));
continue;
}
logger('Activity received: ' . print_r($arr,true), LOGGER_DATA);
logger('Activity recipients: ' . print_r($deliveries,true), LOGGER_DATA);
@@ -1022,6 +1020,18 @@ function process_delivery($sender,$arr,$deliveries,$relay) {
$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
// This is our own post, possibly coming from a channel clone
if($arr['owner_xchan'] == $d['hash']) {
$arr['item_flags'] = $arr['item_flags'] | ITEM_WALL;
}
else {
// clear the wall flag if it is set
if($arr['item_flags'] & ITEM_WALL) {
$arr['item_flags'] = ($arr['item_flags'] ^ ITEM_WALL);
}
}
if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery)) {
logger("permission denied for delivery {$channel['channel_id']}");
$result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
@@ -1565,7 +1575,7 @@ function build_sync_packet($uid = 0, $packet = null) {
// don't pass these elements, they should not be synchronised
$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey');
$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address');
if(in_array($k,$disallowed))
continue;
@@ -1605,7 +1615,8 @@ function build_sync_packet($uid = 0, $packet = null) {
function process_channel_sync_delivery($sender,$arr,$deliveries) {
// FIXME - this will sync red structures. Eventually we need to make this application agnostic.
// FIXME - this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic.
// TODO: missing group membership changes
$result = array();
@@ -1635,7 +1646,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
}
if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) {
$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey');
$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey', 'channel_address');
$clean = array();
foreach($arr['channel'] as $k => $v) {