harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

IMPORTANT: magic-auth protocol update, plus 'zrl' bbcode tag for the privacy-is-more-important-than-ease-of-use folks.

Browse Source
This commit is contained in:
friendica 2013-04-14 20:41:58 -07:00
parent 2942155797
commit e411a4bdc2
5 changed files with 54 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
include/bbcode.php
View File

@ -263,21 +263,24 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) {
// Perform URL Search
$Text = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1<a href="$2" >$2</a>', $Text);
$urlchars = '[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]';
if ($tryoembed)
$Text = preg_replace_callback("/\[bookmark\=([^\]]*)\].*?\[\/bookmark\]/ism",'tryoembed',$Text);
$Text = preg_replace("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism",'[url=$1]$2[/url]',$Text);
$Text = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/$urlchars+)/ism", '$1<a href="$2" >$2</a>', $Text);
// $Text = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/$urlchars+)\{zid\}($urlchars*)/ism", '$1<a class="zrl" href="$2$3" >$2$3</a>', $Text);
$Text = preg_replace_callback("/\[share(.*?)\](.*?)\[\/share\]/ism","bb_ShareAttributes",$Text);
if ($tryoembed)
if($tryoembed)
$Text = preg_replace_callback("/\[url\]([$URLSearchString]*)\[\/url\]/ism",'tryoembed',$Text);
$Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '<a href="$1" >$1</a>', $Text);
$Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '<a href="$1" >$2</a>', $Text);
//$Text = preg_replace("/\[url\=([$URLSearchString]*)\]([$URLSearchString]*)\[\/url\]/ism", '<a href="$1" target="_blank">$2</a>', $Text);
$Text = preg_replace("/\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '<a class="zrl" href="$1" >$1</a>', $Text);
$Text = preg_replace("/\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '<a class="zrl" href="$1" >$2</a>', $Text);
// Perform MAIL Search
$Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '<a href="mailto:$1">$1</a>', $Text);

29
include/text.php
View File

@ -1108,6 +1108,7 @@ function prepare_text($text,$content_type = 'text/bbcode') {
$s = bbcode($text);
else
$s = smilies(bbcode($text));
$s = zidify_links($s);
break;
}
@ -1115,6 +1116,34 @@ function prepare_text($text,$content_type = 'text/bbcode') {
}
/**
* zidify_callback() and zidify_links() work together to turn any HTML a tags with class="zrl" into zid links
* These will typically be generated by a bbcode '[zrl]' tag. This is done inside prepare_text() rather than bbcode()
* because the latter is used for general purpose conversions and the former is used only when preparing text for
* immediate display.
*
* Issues: Currently the order of HTML parameters in the text is somewhat rigid and inflexible.
* We assume it looks like <a class="zrl" href="xxxxxxxxxx"> and will not work if zrl and href appear in a different order.
*/
function zidify_callback($match) {
$replace = '<a' . $match[1] . 'class="zrl"' . $match[2] . ' href="' . zid($match[3]) . '"';
$x = str_replace($match[0],$replace,$match[0]);
return $x;
}
function zidify_links($s) {
$s = preg_replace_callback('/\<a(.*?)class\=\"zrl\"(.*?)href\=\"(.*?)\"/ism','zidify_callback',$s);
return $s;
}
/**
* return atom link elements for all of our hubs
*/

12
mod/post.php
View File

@ -96,6 +96,13 @@ function post_init(&$a) {
}
if($already_authed || $j['success']) {
if($j['success']) {
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) {
logger('mod_zot: auth: final confirmation failed.');
goaway($desturl);
}
}
// everything is good... maybe
if(local_user()) {
@ -386,7 +393,7 @@ function post_post(&$a) {
$arr = $data['recipients'][0];
$recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
$c = q("select channel_id from channel where channel_hash = '%s' limit 1",
$c = q("select channel_id, channel_prvkey from channel where channel_hash = '%s' limit 1",
dbesc($recip_hash)
);
if(! $c) {
@ -394,6 +401,8 @@ function post_post(&$a) {
json_return_and_die($ret);
}
$confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey']));
// This additionally checks for forged senders since we already stored the expected result in meta
// and we've already verified that this is them via zot_gethub() and that their key signed our token
@ -412,6 +421,7 @@ function post_post(&$a) {
logger('mod_zot: auth_check: success', LOGGER_DEBUG);
$ret['success'] = true;
$ret['confirm'] = $confirm;
json_return_and_die($ret);
}

8
util/messages.po
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2013-04-05 00:01-0700\n"
"POT-Creation-Date: 2013-04-12 00:00-0700\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -3546,7 +3546,7 @@ msgid "View Connnections"
msgstr ""
#: ../../mod/chanview.php:74 ../../mod/wall_upload.php:35
#: ../../mod/magic.php:59 ../../mod/page.php:21
#: ../../mod/magic.php:58 ../../mod/page.php:21
msgid "Channel not found."
msgstr ""
@ -3592,13 +3592,13 @@ msgstr ""
msgid "Wall Photos"
msgstr ""
#: ../../mod/post.php:107
#: ../../mod/post.php:114
msgid ""
"Remote authentication blocked. You are logged into this site locally. Please "
"logout and retry."
msgstr ""
#: ../../mod/post.php:117
#: ../../mod/post.php:124
#, php-format
msgid "Welcome %s. Remote authentication successful."
msgstr ""

2
version.inc
View File

@ -1 +1 @@
2013-04-10.279
2013-04-14.283