harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'mike/master' into dev

Browse Source
This commit is contained in:
Mario Vavti 2018-11-07 10:15:40 +01:00
commit c23dfa0d23
3 changed files with 93 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/network.php
View File

@ -233,7 +233,7 @@ function z_post_url($url, $params, $redirects = 0, $opts = array()) {
return $ret; return $ret;
if(! array_key_exists('request_target',$opts)) { if(! array_key_exists('request_target',$opts)) {
$opts['request_target'] = 'get ' . get_request_string($url); $opts['request_target'] = 'post ' . get_request_string($url);
} }
@curl_setopt($ch, CURLOPT_HEADER, true); @curl_setopt($ch, CURLOPT_HEADER, true);

8
include/text.php
View File

@ -3219,8 +3219,16 @@ function create_table_from_array($table, $arr, $binary_fields = []) {
if(! ($arr && $table)) if(! ($arr && $table))
return false; return false;
$columns = db_columns($table);
$clean = []; $clean = [];
foreach($arr as $k => $v) { foreach($arr as $k => $v) {
if(! in_array($k,$columns)) {
continue;
}
$matches = false; $matches = false;
if(preg_match('/([^a-zA-Z0-9\-\_\.])/',$k,$matches)) { if(preg_match('/([^a-zA-Z0-9\-\_\.])/',$k,$matches)) {
return false; return false;

132
include/xchan.php
View File

@ -1,5 +1,7 @@
<?php <?php
use Zotlabs\Zot6\HTTPSig;
function xchan_store_lowlevel($arr) { function xchan_store_lowlevel($arr) {
@ -39,6 +41,13 @@ function xchan_store_lowlevel($arr) {
function xchan_store($arr) { function xchan_store($arr) {
$update_photo = false;
$update_name = false;
if(! ($arr['guid'] || $arr['hash'])) {
$arr = json_decode(file_get_contents('php://input'),true);
}
logger('xchan_store: ' . print_r($arr,true)); logger('xchan_store: ' . print_r($arr,true));
if(! $arr['hash']) if(! $arr['hash'])
@ -49,57 +58,90 @@ function xchan_store($arr) {
$r = q("select * from xchan where xchan_hash = '%s' limit 1", $r = q("select * from xchan where xchan_hash = '%s' limit 1",
dbesc($arr['hash']) dbesc($arr['hash'])
); );
if($r) if(! $r) {
return true;
if(! $arr['network']) $update_photo = true;
$arr['network'] = 'unknown';
if(! $arr['name'])
$arr['name'] = 'unknown';
if(! $arr['url'])
$arr['url'] = z_root();
if(! $arr['photo'])
$arr['photo'] = z_root() . '/' . get_default_profile_photo();
if(! $arr['network'])
$arr['network'] = 'unknown';
if(! $arr['name'])
$arr['name'] = 'unknown';
if(! $arr['url'])
$arr['url'] = z_root();
if(! $arr['photo'])
$arr['photo'] = z_root() . '/' . get_default_profile_photo();
if($arr['network'] === 'zot') { if($arr['network'] === 'zot6') {
if((! $arr['key']) || (! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) { if((! $arr['key']) || (! Libzot::verify($arr['id'],$arr['id_sig'],$arr['key']))) {
logger('Unable to verify signature for ' . $arr['hash']); logger('Unable to verify signature for ' . $arr['hash']);
return false; return false;
}
} }
if($arr['network'] === 'zot') {
if((! $arr['key']) || (! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) {
logger('Unable to verify signature for ' . $arr['hash']);
return false;
}
}
$columns = db_columns('xchan');
$x = [];
foreach($arr as $k => $v) {
if($k === 'key') {
$x['xchan_pubkey'] = HTTPSig::convertKey(escape_tags($v));;
continue;
}
if($k === 'photo') {
continue;
}
if(in_array($columns,'xchan_' . $k))
$x['xchan_' . $k] = escape_tags($v);
}
$x['xchan_name_date'] = datetime_convert();
$x['xchan_photo_date'] = datetime_convert();
$x['xchan_system'] = false;
$result = xchan_store_lowlevel($x);
if(! $result)
return $result;
}
else {
if($r[0]['network'] === 'zot6') {
return true;
}
if($r[0]['xchan_photo_date'] < datetime_convert('UTC','UTC',$arr['photo_date'])) {
$update_photo = true;
}
if($r[0]['xchan_name_date'] < datetime_convert('UTC','UTC',$arr['name_date'])) {
$update_name = true;
}
}
if($update_photo && $arr['photo']) {
$photos = import_xchan_photo($arr['photo'],$arr['hash']);
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbesc(datetime_convert()),
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),
dbesc($photos[3]),
dbesc($arr['hash'])
);
}
if($update_name && $arr['name']) {
$x = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'",
dbesc(escape_tags($arr['name'])),
dbesc(datetime_convert()),
dbesc($arr['hash'])
);
} }
$x = []; return true;
foreach($arr as $k => $v) {
if($k === 'key') {
$x['xchan_pubkey'] = $v;
continue;
}
if($k === 'photo') {
continue;
}
$x['xchan_' . $k] = $v;
}
$x['xchan_name_date'] = datetime_convert();
$r = xchan_store_lowlevel($x);
if(! $r)
return $r;
$photos = import_xchan_photo($arr['photo'],$arr['hash']);
$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
dbesc(datetime_convert()),
dbesc($photos[0]),
dbesc($photos[1]),
dbesc($photos[2]),
dbesc($photos[3]),
dbesc($arr['hash'])
);
return $r;
} }