harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '4.4RC'

Browse Source
This commit is contained in:
Mario Vavti 2019-08-13 09:46:01 +02:00
commit e8f3b7f853
83 changed files with 34247 additions and 32643 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.homeinstall/README.md
View File

@ -1,18 +1,18 @@
# Hubzilla at Home next to your Router
This readme will show you how to install and run Hubzilla or Zap at home.
This readme will show you how to install and run Hubzilla (or Zap) at home.
The installation is done by a script.
What the script will do for you...
+ install everything required by Zap/Hubzilla, basically a web server (Apache), PHP, a database (MySQL), certbot,...
+ install everything required by Hubzilla, basically a web server (Apache), PHP, a database (MySQL), certbot,...
+ create a database
+ run certbot to have everything for a secure connection (httpS)
+ create a script for daily maintenance
- backup to external disk (certificates, database, /var/www/)
- renew certfificate (letsencrypt)
- update of Zap/Hubzilla
- update of Hubzilla
- update of Debian
- restart
+ create cron jobs for
@ -23,8 +23,8 @@ What the script will do for you...
The script is known to work without adjustments with
+ Hardware
- Mini-PC with Debian 9 (stretch), or
- Rapberry 3 with Raspbian, Debian 9
- Mini-PC with Debian 10 (stretch), or
- Rapberry 3 with Raspbian, Debian 10
+ DynDNS
- selfHOST.de
- freedns.afraid.org
@ -40,7 +40,7 @@ The script can install both [Hubzilla](https://zotlabs.org/page/hubzilla/hubzill
## Disclaimers
- This script does work with Debian 9 only.
- This script does work with Debian 10 only.
- This script has to be used on a fresh debian install only (it does not take account for a possibly already installed and configured webserver or sql implementation).
# Step-by-Step Overwiew
@ -55,7 +55,7 @@ Hardware
Software
+ Fresh installation of Debian 9 (Stretch)
+ Fresh installation of Debian 10 (Stretch)
+ Router with open ports 80 and 443 for your web server
## The basic steps (quick overview)
@ -136,7 +136,7 @@ The cost is 1,50 € per month (2019).
## Note on Rasperry
The script was tested with an Raspberry 3 under Raspian, Debian 9.
The script was tested with an Raspberry 3 under Raspian, Debian 10.
It is recommended to run the Raspi without graphical frontend (X-Server). Use...
@ -146,7 +146,7 @@ to boot the Rapsi to the client console.
DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
On a Raspian Stretch (Debian 9) the validation of the mail address fails for the very first user.
On a Raspian Stretch (Debian 10) the validation of the mail address fails for the very first user.
This used to happen on some *bsd distros but there was some work to fix that a year ago (2017).
So if your system isn't registered in DNS or DNS isn't active do

145
.homeinstall/hubzilla-setup.sh Normal file → Executable file
View File

@ -26,8 +26,8 @@
# - install
# * apache webserer,
# * php,
# * mysql - the database for hubzilla,
# * phpmyadmin,
# * mariadb - the database for hubzilla,
# * adminer,
# * git to download and update hubzilla addon
# - download hubzilla core and addons
# - configure cron
@ -44,11 +44,6 @@
# Security - password is the same for mysql-server, phpmyadmin and hubzilla db
# - The script runs into installation errors for phpmyadmin if it uses
# different passwords. For the sake of simplicity one singel password.
#
# Hubzilla - email verification
# - The script switches off email verification off in all htconfig.tpl.
# Example: /var/www/html/view/en/htconfig.tpl
# - Is this a silly idea or not?
#
# How to restore from backup
# --------------------------
@ -73,8 +68,6 @@
# The script is based on Thomas Willinghams script "debian-setup.sh"
# which he used to install the red#matrix.
#
# The script uses another script from https://github.com/lukas2511/letsencrypt.sh
#
# The documentation for bash is here
# https://www.gnu.org/software/bash/manual/bash.html
#
@ -94,9 +87,9 @@ function check_sanity {
then
die "Debian is supported only"
fi
if ! grep -q 'Linux 9' /etc/issue
if ! grep -q 'Linux 10' /etc/issue
then
die "Linux 9 (stretch) is supported only"x
die "Linux 10 (buster) is supported only"x
fi
}
@ -207,21 +200,17 @@ function print_warn {
}
function stop_hubzilla {
if [ -d /etc/apache2 ]
then
print_info "stopping apache webserver..."
service apache2 stop
fi
if [ -f /etc/init.d/mysql ]
then
print_info "stopping mysql db..."
/etc/init.d/mysql stop
fi
print_info "stopping apache webserver..."
systemctl stop apache2
print_info "stopping mysql db..."
systemctl stop mariadb
}
function install_apache {
print_info "installing apache..."
nocheck_install "apache2 apache2-utils"
a2enmod rewrite
systemctl restart apache2
}
function install_imagemagick {
@ -242,78 +231,46 @@ function install_sendmail {
function install_php {
# openssl and mbstring are included in libapache2-mod-php
print_info "installing php..."
nocheck_install "libapache2-mod-php php php-pear php-curl php-mcrypt php-gd php-mysqli php-mbstring php-xml"
sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.0/apache2/php.ini
sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.0/apache2/php.ini
nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mysqli php-mbstring php-xml php-zip"
sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini
sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini
}
function install_mysql {
# http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html
#
# To determine the required package name, key and type you can perform
# a trial installation then search the configuration database.
#
# debconf-get-selections | grep mysql-server
#
# The command debconf-get-selections is provided by the package
# debconf-utils, which you may need to install.
#
# apt-get install debconf-utils
#
# If you want to supply an answer to a configuration question but do not
# want to be prompted for it then this can be arranged by preseeding the
# DebConf database with the required information.
#
# echo mysql-server mysql-server/root_password password xyzzy | debconf-set-selections
# echo mysql-server mysql-server/root_password_again password xyzzy | debconf-set-selections
#
print_info "installing mysql..."
if [ -z "$mysqlpass" ]
then
die "mysqlpass not set in $configfile"
fi
echo mysql-server mysql-server/root_password password $mysqlpass | debconf-set-selections
echo mysql-server mysql-server/root_password_again password $mysqlpass | debconf-set-selections
nocheck_install "php-mysql mysql-server mysql-client"
if type mysql ; then
echo "Yes, mysql is installed"
else
echo "mariadb-server"
nocheck_install "mariadb-server"
systemctl status mariadb
systemctl start mariadb
mysql --user=root <<_EOF_
UPDATE mysql.user SET Password=PASSWORD('${db_root_password}') WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
_EOF_
fi
}
function install_phpmyadmin {
print_info "installing phpmyadmin..."
if [ -z "$phpmyadminpass" ]
function install_adminer {
print_info "installing adminer..."
nocheck_install "adminer"
if [ ! -f /etc/adminer/adminer.conf ]
then
die "phpmyadminpass not set in $configfile"
echo "Alias /adminer /usr/share/adminer/adminer" > /etc/adminer/adminer.conf
ln -s /etc/adminer/adminer.conf /etc/apache2/conf-available/adminer.conf
else
print_info "file /etc/adminer/adminer.conf exists already"
fi
echo phpmyadmin phpmyadmin/setup-password password $phpmyadminpass | debconf-set-selections
echo phpmyadmin phpmyadmin/mysql/app-pass password $phpmyadminpass | debconf-set-selections
echo phpmyadmin phpmyadmin/app-password-confirm password $phpmyadminpass | debconf-set-selections
echo phpmyadmin phpmyadmin/mysql/admin-pass password $phpmyadminpass | debconf-set-selections
echo phpmyadmin phpmyadmin/password-confirm password $phpmyadminpass | debconf-set-selections
echo phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2 | debconf-set-selections
nocheck_install "phpmyadmin"
# It seems to be not neccessary to check rewrite.load because it comes
# with the installation. To be sure you could check this manually by:
#
# nano /etc/apache2/mods-available/rewrite.load
#
# You should find the content:
#
# LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
a2enmod rewrite
if [ ! -f /etc/apache2/apache2.conf ]
then
die "could not find file /etc/apache2/apache2.conf"
fi
sed -i \
"s/AllowOverride None/AllowOverride all/" \
/etc/apache2/apache2.conf
if [ -z "`grep 'Include /etc/phpmyadmin/apache.conf' /etc/apache2/apache2.conf`" ]
then
echo "Include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf
fi
service apache2 restart
/etc/init.d/mysql start
a2enconf adminer
systemctl reload apache2
}
function create_hubzilla_db {
@ -330,6 +287,7 @@ function create_hubzilla_db {
then
die "hubzilla_db_pass not set in $configfile"
fi
systemctl restart mariadb
Q1="CREATE DATABASE IF NOT EXISTS $hubzilla_db_name;"
Q2="GRANT USAGE ON *.* TO $hubzilla_db_user@localhost IDENTIFIED BY '$hubzilla_db_pass';"
Q3="GRANT ALL PRIVILEGES ON $hubzilla_db_name.* to $hubzilla_db_user@localhost identified by '$hubzilla_db_pass';"
@ -454,17 +412,7 @@ function install_letsencrypt {
then
die "Failed to install let's encrypt: 'le_domain' is empty in $configfile"
fi
nocheck_install "apt-transport-https"
# add backports to your sources.list
backports_list=/etc/apt/sources.list.d/backports.list
if [ -f $backports_list ]
then
print_info "$backports_list exist already"
else
echo "deb https://deb.debian.org/debian stretch-backports main" > $backports_list
fi
apt-get -y update
DEBIAN_FRONTEND=noninteractive apt-get -q -y -t stretch-backports install certbot python-certbot-apache
nocheck_install "certbot python-certbot-apache"
print_info "run certbot ..."
certbot --apache -w /var/www/html -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
service apache2 restart
@ -486,9 +434,9 @@ function install_hubzilla {
print_info "installing hubzilla addons..."
cd /var/www/html/
# if you install Hubzilla
util/add_addon_repo https://framagit.org/hubzilla/addons hzaddons
# util/add_addon_repo https://framagit.org/hubzilla/addons hzaddons
# if you install ZAP
#util/add_addon_repo https://framagit.org/zot/zap-addons.git zaddons
util/add_addon_repo https://framagit.org/zot/zap-addons.git zaddons
mkdir -p "store/[data]/smarty3"
chmod -R 777 store
touch .htconfig.php
@ -498,12 +446,6 @@ function install_hubzilla {
chown root:www-data /var/www/html/
chown root:www-data /var/www/html/.htaccess
chmod 0644 /var/www/html/.htaccess
print_info "try to switch off email registration..."
sed -i "s/verify_email.*1/verify_email'] = 0/" /var/www/html/view/*/ht*
if [ -n "`grep -r 'verify_email.*1' /var/www/html/view/`" ]
then
print_warn "Hubzillas registration prozess might have email verification switched on."
fi
print_info "installed hubzilla"
}
@ -635,7 +577,6 @@ source $configfile
selfhostdir=/etc/selfhost
selfhostscript=selfhost-updater.sh
hubzilladaily=hubzilla-daily.sh
plugins_update=.homeinstall/plugins_update.sh
backup_mount_point=/media/hubzilla_backup
#set -x # activate debugging from here
@ -649,7 +590,7 @@ install_apache
install_imagemagick
install_php
install_mysql
install_phpmyadmin
install_adminer
create_hubzilla_db
run_freedns
install_run_selfhost

57
CHANGELOG
View File

@ -1,3 +1,60 @@
Hubzilla 4.4 (2019-08-13)
- Change primary directory from zotadel.net to hub.netzgemeinde.eu (requested by zotadel admin)
- Add Russian context help files
- Replace plink URL with share tag if possible
- Catch and exclude trailing punctuation while URL embedding
- Do not limit channel if service class property value is set to zero
- Streamline keyId and creator/actor
- Add daemon_master_summon hook
- Serve static files directly if not caught by web server
- Update cacert.pem
- Calendar: allow different date/time format inputs
- Calendar: hide timezone select for allday events
⁻ Add opengraph meta info to channel page
- Begin directory migration to zot6
- Support zot and zot6 in social graph operations
- Lowlevel support for zot6 direct messages
- Consolidate HTTP signatures
- Allow api login by address or url
- Provide auto redirect from zot6 /item permalinks
- Export all items except photos in channel_export_items_date()
- Calendar: clicking a day or week number will now open the day or week view
- Remove cached photo location directory on delete if empty
- Include zot6 hubs in the Grid scope
- Fix os_path replace for thumbnails
- Avoid to process original images using storeThumbnail()
Bugfixes
- Fix URLs on imported item taxonomy
- Fix admin not allowed to delete any item
- Fix webfiunger issue with URLs containing an @
- Fix missing object in emoji reactions
- Fix appschema to include diaspora:guid
- Fix zotfinger in update_directory_entry()
- Fix incorrect media type on links for photo objects
- Fix mid not dbesc'd in item_store()
- Fix calendar encoding issues
Addons
- twitter: various rendering improvements
- cavatar: fix wrong image mimetype
- gravatar: fix wrong image mimetype
- Add license file
- pubcrawl: make repeats render like wall to wall posts
- pubcrawl: fix pubcrawl_import_author() sometimes returning a non activitypub xchan
- pubcrawl: use Lib/Activity for taxonomy en/decoding
- pubcrawl: fix wrong uuid in like activity
- pubcrawl: fix issue with encoding hashtags
- openstreetmap: use https URLs by default
- queueworker: refactor and efficiency improvements
- pubcrawl: use unique IDs for follow and accept activities
- pubcrawl: implement thread completion
- pubcrawl: implement delete activity
- photocache: reduce the size of the photo cache subdirectories tree
- photocache: use html_entity_decode() for cached photo URL
- diaspora: fix possible issue with diaspora relay not initializing
Hubzilla 4.2.1 (2019-06-17)
- Deprecate mod events
- Revisit mod cal

11
LICENSE
View File

@ -1,4 +1,5 @@
Copyright (c) 2010-2018 the Hubzilla Community
Copyright (c) 2019 Hubzilla Community
All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy
@ -8,13 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

3
Zotlabs/Daemon/Cron.php
View File

@ -108,6 +108,7 @@ class Cron {
$file = dbunescbin($rr['content']);
if(is_file($file)) {
@unlink($file);
@rmdir(dirname($file));
logger('info: deleted cached photo file ' . $file, LOGGER_DEBUG);
}
}
@ -187,7 +188,7 @@ class Cron {
if($r) {
require_once('include/photo/photo_driver.php');
foreach($r as $rr) {
$photos = import_xchan_photo($rr['xchan_photo_l'],$rr['xchan_hash']);
$photos = import_xchan_photo($rr['xchan_photo_l'], $rr['xchan_hash'], false, true);
$x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
where xchan_hash = '%s'",
dbesc($photos[0]),

18
Zotlabs/Daemon/Master.php
View File

@ -17,7 +17,22 @@ if(array_search( __file__ , get_included_files()) === 0) {
class Master {
static public function Summon($arr) {
proc_run('php','Zotlabs/Daemon/Master.php',$arr);
$hookinfo = [
'argv'=>$arr
];
call_hooks ('daemon_master_summon',$hookinfo);
$arr = $hookinfo['argv'];
$argc = count($arr);
if ((!is_array($arr) || (count($arr) < 1))) {
logger("Summon handled by hook.",LOGGER_DEBUG);
return;
}
$phpbin = get_config('system','phpbin','php');
proc_run($phpbin,'Zotlabs/Daemon/Master.php',$arr);
}
static public function Release($argc,$argv) {
@ -33,6 +48,7 @@ class Master {
$argc = count($argv);
if ((!is_array($argv) || (count($argv) < 1))) {
logger("Release handled by hook.",LOGGER_DEBUG);
return;
}

322
Zotlabs/Lib/Activity.php
View File

@ -3,7 +3,7 @@
namespace Zotlabs\Lib;
use Zotlabs\Daemon\Master;
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
require_once('include/event.php');
@ -75,7 +75,7 @@ class Activity {
if($x['success']) {
$y = json_decode($x['body'],true);
logger('returned: ' . json_encode($y,JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES));
logger('returned: ' . json_encode($y,JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES), LOGGER_DEBUG);
return json_decode($x['body'], true);
}
else {
@ -312,6 +312,10 @@ class Activity {
}
}
if (intval($i['item_private']) === 2) {
$ret['directMessage'] = true;
}
$ret['attributedTo'] = $i['author']['xchan_url'];
if($i['id'] != $i['parent']) {
@ -357,7 +361,7 @@ class Activity {
switch($t['type']) {
case 'Hashtag':
$ret[] = [ 'ttype' => TERM_HASHTAG, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'],0,1) === '#') ? substr($t['name'],1) : $t['name']) ];
$ret[] = [ 'ttype' => TERM_HASHTAG, 'url' => ((isset($t['href'])) ? $t['href'] : $t['id']), 'term' => escape_tags((substr($t['name'],0,1) === '#') ? substr($t['name'],1) : $t['name']) ];
break;
case 'Mention':
@ -388,9 +392,9 @@ class Activity {
foreach($item['term'] as $t) {
switch($t['ttype']) {
case TERM_HASHTAG:
// An id is required so if we don't have a url in the taxonomy, ignore it and keep going.
// href is required so if we don't have a url in the taxonomy, ignore it and keep going.
if($t['url']) {
$ret[] = [ 'id' => $t['url'], 'name' => '#' . $t['term'] ];
$ret[] = [ 'type' => 'Hashtag', 'href' => $t['url'], 'name' => '#' . $t['term'] ];
}
break;
@ -483,6 +487,19 @@ class Activity {
$ret['type'] = self::activity_mapper($i['verb']);
if($ret['type'] === 'emojiReaction') {
// There may not be an object for these items for legacy reasons - it should be the conversation parent.
$p = q("select * from item where mid = '%s' and uid = %d",
dbesc($i['parent_mid']),
intval($i['uid'])
);
if($p) {
xchan_query($p,true);
$p = fetch_post_tags($p,true);
$i['obj'] = self::encode_item($p[0]);
}
}
$ret['id'] = ((strpos($i['mid'],'http') === 0) ? $i['mid'] : z_root() . '/activity/' . urlencode($i['mid']));
@ -1415,6 +1432,11 @@ class Activity {
if($act->recips && (! in_array(ACTIVITY_PUBLIC_INBOX,$act->recips)))
$s['item_private'] = 1;
if (array_key_exists('directMessage',$act->obj) && intval($act->obj['directMessage'])) {
$s['item_private'] = 2;
}
set_iconfig($s,'activitypub','recips',$act->raw_recips);
if($parent) {
set_iconfig($s,'activitypub','rawmsg',$act->raw,1);
@ -1747,14 +1769,14 @@ class Activity {
}
foreach($ptr as $vurl) {
if(strpos($s['body'],$vurl['href']) === false) {
$s['body'] .= "\n\n" . '[zmg]' . $vurl['href'] . '[/zmg]';
$s['body'] .= '[zmg]' . $vurl['href'] . '[/zmg]' . "\n\n" . $s['body'];
break;
}
}
}
elseif(is_string($act->obj['url'])) {
if(strpos($s['body'],$act->obj['url']) === false) {
$s['body'] .= "\n\n" . '[zmg]' . $act->obj['url'] . '[/zmg]';
$s['body'] .= '[zmg]' . $act->obj['url'] . '[/zmg]' . "\n\n" . $s['body'];
}
}
}
@ -1835,7 +1857,8 @@ class Activity {
$s['item_private'] = 1;
set_iconfig($s,'activitypub','recips',$act->raw_recips);
// @FIXME: $parent is not defined
$parent = (($s['parent_mid'] && $s['parent_mid'] === $s['mid']) ? true : false);
if($parent) {
set_iconfig($s,'activitypub','rawmsg',$act->raw,1);
}
@ -1844,6 +1867,265 @@ class Activity {
}
static function store($channel,$observer_hash,$act,$item,$fetch_parents = true) {
$is_sys_channel = is_sys_channel($channel['channel_id']);
// Mastodon only allows visibility in public timelines if the public inbox is listed in the 'to' field.
// They are hidden in the public timeline if the public inbox is listed in the 'cc' field.
// This is not part of the activitypub protocol - we might change this to show all public posts in pubstream at some point.
$pubstream = ((is_array($act->obj) && array_key_exists('to', $act->obj) && in_array(ACTIVITY_PUBLIC_INBOX, $act->obj['to'])) ? true : false);
$is_parent = (($item['parent_mid'] && $item['parent_mid'] === $item['mid']) ? true : false);
if($is_parent && (! perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && ! ($is_sys_channel && $pubstream))) {
logger('no permission');
return;
}
if(is_array($act->obj)) {
$content = self::get_content($act->obj);
}
if(! $content) {
logger('no content');
return;
}
$item['aid'] = $channel['channel_account_id'];
$item['uid'] = $channel['channel_id'];
$s['uuid'] = '';
// Friendica sends the diaspora guid in a nonstandard field via AP
if($act->obj['diaspora:guid'])
$s['uuid'] = $act->obj['diaspora:guid'];
if(! ( $item['author_xchan'] && $item['owner_xchan'])) {
logger('owner or author missing.');
return;
}
if($channel['channel_system']) {
if(! MessageFilter::evaluate($item,get_config('system','pubstream_incl'),get_config('system','pubstream_excl'))) {
logger('post is filtered');
return;
}
}
$abook = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
dbesc($observer_hash),
intval($channel['channel_id'])
);
if($abook) {
if(! post_is_importable($item,$abook[0])) {
logger('post is filtered');
return;
}
}
if($act->obj['conversation']) {
set_iconfig($item,'ostatus','conversation',$act->obj['conversation'],1);
}
// This isn't perfect but the best we can do for now.
$item['comment_policy'] = 'authenticated';
set_iconfig($item,'activitypub','recips',$act->raw_recips);
if(! $is_parent) {
$p = q("select parent_mid from item where mid = '%s' and uid = %d limit 1",
dbesc($item['parent_mid']),
intval($item['uid'])
);
if(! $p) {
$a = (($fetch_parents) ? self::fetch_and_store_parents($channel,$act,$item) : false);
if($a) {
$p = q("select parent_mid from item where mid = '%s' and uid = %d limit 1",
dbesc($item['parent_mid']),
intval($item['uid'])
);
}
else {
logger('could not fetch parents');
return;
// @TODO we maybe could accept these is we formatted the body correctly with share_bb()
// or at least provided a link to the object
// if(in_array($act->type,[ 'Like','Dislike' ])) {
// return;
// }
// @TODO do we actually want that?
// if no parent was fetched, turn into a top-level post
// turn into a top level post
// $s['parent_mid'] = $s['mid'];
// $s['thr_parent'] = $s['mid'];
}
}
if($p[0]['parent_mid'] !== $item['parent_mid']) {
$item['thr_parent'] = $item['parent_mid'];
}
else {
$item['thr_parent'] = $p[0]['parent_mid'];
}
$item['parent_mid'] = $p[0]['parent_mid'];
}
$r = q("select id, created, edited from item where mid = '%s' and uid = %d limit 1",
dbesc($item['mid']),
intval($item['uid'])
);
if($r) {
if($item['edited'] > $r[0]['edited']) {
$item['id'] = $r[0]['id'];
$x = item_store_update($item);
}
else {
return;
}
}
else {
$x = item_store($item);
}
if(is_array($x) && $x['item_id']) {
if($is_parent) {
if($item['owner_xchan'] === $channel['channel_hash']) {
// We are the owner of this conversation, so send all received comments back downstream
Master::Summon(array('Notifier','comment-import',$x['item_id']));
}
$r = q("select * from item where id = %d limit 1",
intval($x['item_id'])
);
if($r) {
send_status_notifications($x['item_id'],$r[0]);
}
}
sync_an_item($channel['channel_id'],$x['item_id']);
}
}
static public function fetch_and_store_parents($channel,$act,$item) {
logger('fetching parents');
$p = [];
$current_act = $act;
$current_item = $item;
while($current_item['parent_mid'] !== $current_item['mid']) {
$n = ActivityStreams::fetch($current_item['parent_mid'], $channel);
if(! $n) {
break;
}
$a = new ActivityStreams($n);
//logger($a->debug());
if(! $a->is_valid()) {
break;
}
$replies = null;
if(isset($a->obj['replies']['first']['items'])) {
$replies = $a->obj['replies']['first']['items'];
// we already have this one
array_diff($replies, [$current_item['mid']]);
}
$item = null;
switch($a->type) {
case 'Create':
case 'Update':
case 'Like':
case 'Dislike':
case 'Announce':
$item = self::decode_note($a);
break;
default:
break;
}
if(! $item) {
break;
}
array_unshift($p,[ $a, $item, $replies]);
if($item['parent_mid'] === $item['mid'] || count($p) > 20) {
break;
}
$current_act = $a;
$current_item = $item;
}
if($p) {
foreach($p as $pv) {
self::store($channel,$pv[0]->actor['id'],$pv[0],$pv[1],false);
if($pv[2])
self::fetch_and_store_replies($channel, $pv[2]);
}
return true;
}
return false;
}
static public function fetch_and_store_replies($channel, $arr) {
logger('fetching replies');
$p = [];
foreach($arr as $url) {
$n = ActivityStreams::fetch($url, $channel);
if(! $n) {
break;
}
$a = new ActivityStreams($n);
if(! $a->is_valid()) {
break;
}
$item = null;
switch($a->type) {
case 'Create':
case 'Update':
case 'Like':
case 'Dislike':
case 'Announce':
$item = self::decode_note($a);
break;
default:
break;
}
if(! $item) {
break;
}
array_unshift($p,[ $a, $item ]);
}
if($p) {
foreach($p as $pv) {
self::store($channel,$pv[0]->actor['id'],$pv[0],$pv[1],false);
}
}
}
static function announce_note($channel,$observer_hash,$act) {
$s = [];
@ -1964,25 +2246,21 @@ class Activity {
$x = item_store($s);
}
if(is_array($x) && $x['item_id']) {
// @FIXME: $parent is not defined
if($parent) {
if($s['owner_xchan'] === $channel['channel_hash']) {
// We are the owner of this conversation, so send all received comments back downstream
Master::Summon(array('Notifier','comment-import',$x['item_id']));
}
$r = q("select * from item where id = %d limit 1",
intval($x['item_id'])
);
if($r) {
send_status_notifications($x['item_id'],$r[0]);
}
if($s['owner_xchan'] === $channel['channel_hash']) {
// We are the owner of this conversation, so send all received comments back downstream
Master::Summon(array('Notifier','comment-import',$x['item_id']));
}
$r = q("select * from item where id = %d limit 1",
intval($x['item_id'])
);
if($r) {
send_status_notifications($x['item_id'],$r[0]);
}
sync_an_item($channel['channel_id'],$x['item_id']);
}
}
static function like_note($channel,$observer_hash,$act) {

17
Zotlabs/Lib/Enotify.php
View File

@ -807,6 +807,11 @@ class Enotify {
$itemem_text = (($item['item_thread_top'])
? t('created a new post')
: sprintf( t('commented on %s\'s post'), $item['owner']['xchan_name']));
if($item['verb'] === ACTIVITY_SHARE) {
$itemem_text = sprintf( t('repeated %s\'s post'), $item['author']['xchan_name']);
}
}
$edit = false;
@ -825,12 +830,14 @@ class Enotify {
// convert this logic into a json array just like the system notifications
$who = (($item['verb'] === ACTIVITY_SHARE) ? 'owner' : 'author');
$x = array(
'notify_link' => $item['llink'],
'name' => $item['author']['xchan_name'],
'addr' => (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']),
'url' => $item['author']['xchan_url'],
'photo' => $item['author']['xchan_photo_s'],
'name' => $item[$who]['xchan_name'],
'addr' => (($item[$who]['xchan_addr']) ? $item[$who]['xchan_addr'] : $item[$who]['xchan_url']),
'url' => $item[$who]['xchan_url'],
'photo' => $item[$who]['xchan_photo_s'],
'when' => relative_date(($edit)? $item['edited'] : $item['created']),
'class' => (intval($item['item_unseen']) ? 'notify-unseen' : 'notify-seen'),
'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])),
@ -838,7 +845,7 @@ class Enotify {
'thread_top' => (($item['item_thread_top']) ? true : false),
'message' => strip_tags(bbcode($itemem_text)),
// these are for the superblock addon
'hash' => $item['author']['xchan_hash'],
'hash' => $item[$who]['xchan_hash'],
'uid' => local_channel(),
'display' => true
);

2
Zotlabs/Lib/JSalmon.php
View File

@ -2,7 +2,7 @@
namespace Zotlabs\Lib;
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
class JSalmon {

6
Zotlabs/Lib/LDSignatures.php
View File

@ -29,7 +29,7 @@ class LDSignatures {
$options = [
'type' => 'RsaSignature2017',
'nonce' => random_string(64),
'creator' => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem',
'creator' => z_root() . '/channel/' . $channel['channel_address'],
'created' => datetime_convert('UTC','UTC', 'now', 'Y-m-d\Th:i:s\Z')
];
@ -124,7 +124,7 @@ class LDSignatures {
'meDataType' => $data_type,
'meEncoding' => $encoding,
'meAlgorithm' => $algorithm,
'meCreator' => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem',
'meCreator' => z_root() . '/channel/' . $channel['channel_address'],
'meSignatureValue' => $signature
]);
@ -132,4 +132,4 @@ class LDSignatures {
}
}

2
Zotlabs/Lib/Libzot.php
View File

@ -2,7 +2,7 @@
namespace Zotlabs\Lib;
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
use Zotlabs\Access\Permissions;
use Zotlabs\Access\PermissionLimits;
use Zotlabs\Daemon\Master;

4
Zotlabs/Lib/ThreadItem.php
View File

@ -98,7 +98,7 @@ class ThreadItem {
$conv = $this->get_conversation();
$observer = $conv->get_observer();
$lock = ((($item['item_private'] == 1) || (($item['uid'] == local_channel()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
$lock = (((intval($item['item_private'])) || (($item['uid'] == local_channel()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))))
? t('Private Message')
: false);
@ -110,7 +110,7 @@ class ThreadItem {
$shareable = true;
$privacy_warning = false;
if(($item['item_private'] == 1) && ($item['owner']['xchan_network'] === 'activitypub')) {
if(intval($item['item_private']) && ($item['owner']['xchan_network'] === 'activitypub')) {
$recips = get_iconfig($item['parent'], 'activitypub', 'recips');
if(! in_array($observer['xchan_url'], $recips['to']))

2
Zotlabs/Lib/ZotURL.php
View File

@ -2,7 +2,7 @@
namespace Zotlabs\Lib;
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
class ZotURL {

2
Zotlabs/Lib/Zotfinger.php
View File

@ -2,7 +2,7 @@
namespace Zotlabs\Lib;
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
class Zotfinger {

12
Zotlabs/Module/Apschema.php
View File

@ -28,7 +28,8 @@ class Apschema extends \Zotlabs\Web\Controller {
'nomadicHubs' => 'zot:nomadicHubs',
'emojiReaction' => 'zot:emojiReaction',
'expires' => 'zot:expires',
'directMessage' => 'zot:directMessage',
'magicEnv' => [
'@id' => 'zot:magicEnv',
'@type' => '@id'
@ -40,8 +41,13 @@ class Apschema extends \Zotlabs\Web\Controller {
],
'ostatus' => 'http://ostatus.org#',
'conversation' => 'ostatus:conversation'
'conversation' => 'ostatus:conversation',
'diaspora' => 'https://diasporafoundation.org/ns/',
'guid' => 'diaspora:guid',
'Hashtag' => 'as:Hashtag'
]
];
@ -54,4 +60,4 @@ class Apschema extends \Zotlabs\Web\Controller {
}
}

17
Zotlabs/Module/Cdav.php
View File

@ -4,6 +4,7 @@ namespace Zotlabs\Module;
use App;
use Zotlabs\Lib\Apps;
use Zotlabs\Web\Controller;
use Zotlabs\Web\HTTPSig;
require_once('include/event.php');
@ -41,7 +42,7 @@ class Cdav extends Controller {
continue;
}
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
$sigblock = HTTPSig::parse_sigheader($_SERVER[$head]);
if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) {
@ -64,7 +65,7 @@ class Cdav extends Controller {
continue;
if($record) {
$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
$verified = HTTPSig::verify('',$record['channel']['channel_pubkey']);
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
$record = null;
}
@ -277,11 +278,11 @@ class Cdav extends Controller {
$allday = $_REQUEST['allday'];
$title = $_REQUEST['title'];
$start = datetime_convert($tz, 'UTC', $_REQUEST['dtstart']);
$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
$dtstart = new \DateTime($start);
if($_REQUEST['dtend']) {
$end = datetime_convert($tz, 'UTC', $_REQUEST['dtend']);
$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
$dtend = new \DateTime($end);
}
$description = $_REQUEST['description'];
@ -368,10 +369,10 @@ class Cdav extends Controller {
$uri = $_REQUEST['uri'];
$title = $_REQUEST['title'];
$start = datetime_convert($tz, 'UTC', $_REQUEST['dtstart']);
$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
$dtstart = new \DateTime($start);
if($_REQUEST['dtend']) {
$end = datetime_convert($tz, 'UTC', $_REQUEST['dtend']);
$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
$dtend = new \DateTime($end);
}
$description = $_REQUEST['description'];
@ -441,10 +442,10 @@ class Cdav extends Controller {
$allday = $_REQUEST['allday'];
$uri = $_REQUEST['uri'];
$start = datetime_convert($tz, 'UTC', $_REQUEST['dtstart']);
$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
$dtstart = new \DateTime($start);
if($_REQUEST['dtend']) {
$end = datetime_convert($tz, 'UTC', $_REQUEST['dtend']);
$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
$dtend = new \DateTime($end);
}

13
Zotlabs/Module/Channel.php
View File

@ -6,7 +6,7 @@ namespace Zotlabs\Module;
use App;
use Zotlabs\Web\Controller;
use Zotlabs\Lib\PermissionDescription;
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
use Zotlabs\Lib\Libzot;
require_once('include/items.php');
@ -111,6 +111,17 @@ class Channel extends Controller {
// we start loading content
profile_load($which,$profile);
App::$page['htmlhead'] .= '<meta property="og:title" content="' . htmlspecialchars($channel['channel_name']) . '">' . "\r\n";
App::$page['htmlhead'] .= '<meta property="og:image" content="' . $channel['xchan_photo_l'] . '">' . "\r\n";
if(App::$profile['about'] && perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_profile')) {
App::$page['htmlhead'] .= '<meta property="og:description" content="' . htmlspecialchars(App::$profile['about']) . '">' . "\r\n";
}
else {
App::$page['htmlhead'] .= '<meta property="og:description" content="' . htmlspecialchars(sprintf( t('This is the home page of %s.'), $channel['channel_name'])) . '">' . "\r\n";
}
}
function get($update = 0, $load = false) {

6
Zotlabs/Module/Channel_calendar.php
View File

@ -21,7 +21,7 @@ class Channel_calendar extends \Zotlabs\Web\Controller {
$event_hash = ((x($_POST,'event_hash')) ? $_POST['event_hash'] : '');
$xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : '');
$uid = local_channel();
$uid = local_channel();
// only allow editing your own events.
if(($xchan) && ($xchan !== get_observer_hash()))
@ -34,8 +34,8 @@ class Channel_calendar extends \Zotlabs\Web\Controller {
$adjust = intval($_POST['adjust']);
$start = (($adjust) ? datetime_convert($tz, 'UTC', escape_tags($_REQUEST['dtstart'])) : datetime_convert('UTC', 'UTC', escape_tags($_REQUEST['dtstart'])));
$finish = (($adjust) ? datetime_convert($tz, 'UTC', escape_tags($_REQUEST['dtend'])) : datetime_convert('UTC', 'UTC', escape_tags($_REQUEST['dtend'])));
$start = datetime_convert('UTC', 'UTC', escape_tags($_REQUEST['dtstart']));
$finish = datetime_convert('UTC', 'UTC', escape_tags($_REQUEST['dtend']));
$summary = escape_tags(trim($_POST['summary']));
$desc = escape_tags(trim($_POST['desc']));

9
Zotlabs/Module/Dav.php
View File

@ -8,8 +8,9 @@
namespace Zotlabs\Module;
use \Sabre\DAV as SDAV;
use \Zotlabs\Storage;
use Sabre\DAV as SDAV;
use Zotlabs\Storage;
use Zotlabs\Web\HTTPSig;
require_once('include/attach.php');
require_once('include/auth.php');
@ -46,7 +47,7 @@ class Dav extends \Zotlabs\Web\Controller {
continue;
}
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
$sigblock = HTTPSig::parse_sigheader($_SERVER[$head]);
if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) {
@ -69,7 +70,7 @@ class Dav extends \Zotlabs\Web\Controller {
continue;
if($record) {
$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
$verified = HTTPSig::verify('',$record['channel']['channel_pubkey']);
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
$record = null;
}

2
Zotlabs/Module/Dirsearch.php
View File

@ -394,7 +394,7 @@ class Dirsearch extends \Zotlabs\Web\Controller {
$quoted_string = false;
}
else
$curr['value'] .= ' ' . trim(q);
$curr['value'] .= ' ' . trim($q);
}
}
}

6
Zotlabs/Module/Getfile.php
View File

@ -1,6 +1,8 @@
<?php
namespace Zotlabs\Module;
use Zotlabs\Web\HTTPSig;
/**
* module: getfile
*
@ -46,7 +48,7 @@ class Getfile extends \Zotlabs\Web\Controller {
continue;
}
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
$sigblock = HTTPSig::parse_sigheader($_SERVER[$head]);
if($sigblock) {
$keyId = $sigblock['keyId'];
@ -57,7 +59,7 @@ class Getfile extends \Zotlabs\Web\Controller {
);
if($r) {
$hubloc = $r[0];
$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
$verified = HTTPSig::verify('',$hubloc['xchan_pubkey']);
if($verified && $verified['header_signed'] && $verified['header_valid'] && $hash == $hubloc['hubloc_hash']) {
$header_verified = true;
}

2
Zotlabs/Module/Group.php
View File

@ -177,7 +177,7 @@ class Group extends Controller {
if($r)
$result = group_rmv(local_channel(),$r[0]['gname']);
if($result) {
$hookinfo = [ 'pgrp_extras' => '', 'group'=>$argv(2) ];
$hookinfo = [ 'pgrp_extras' => '', 'group' => argv(2) ];
call_hooks ('privacygroup_extras_drop',$hookinfo);
info( t('Privacy group removed.') . EOL);
}

2
Zotlabs/Module/Id.php
View File

@ -12,7 +12,7 @@ namespace Zotlabs\Module;
use Zotlabs\Lib\Activity;
use Zotlabs\Lib\ActivityStreams;
use Zotlabs\Lib\LDSignatures;
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
use Zotlabs\Web\Controller;
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\ThreadListener;

39
Zotlabs/Module/Item.php
View File

@ -9,7 +9,7 @@ use Zotlabs\Daemon\Master;
use Zotlabs\Lib\Activity;
use Zotlabs\Lib\ActivityStreams;
use Zotlabs\Lib\LDSignatures;
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\ThreadListener;
use App;
@ -193,6 +193,25 @@ class Item extends Controller {
killme();
}
if(argc() > 1 && argv(1) !== 'drop') {
$x = q("select uid, item_wall, llink, mid from item where mid = '%s' ",
dbesc(z_root() . '/item/' . argv(1))
);
if($x) {
foreach($x as $xv) {
if (intval($xv['item_wall'])) {
$c = channelx_by_n($xv['uid']);
if ($c) {
goaway($c['xchan_url'] . '?mid=' . gen_link_id($xv['mid']));
}
}
}
goaway($x[0]['llink']);
}
http_status_exit(404, 'Not found');
}
}
@ -551,10 +570,10 @@ class Item extends Controller {
$public_policy = $orig_post['public_policy'];
$private = $orig_post['item_private'];
}
if($private || $public_policy || $acl->is_private())
$private = 1;
if($public_policy || $acl->is_private()) {
$private = (($private) ? $private : 1);
}
$location = $orig_post['location'];
$coord = $orig_post['coord'];
@ -631,12 +650,11 @@ class Item extends Controller {
$allow_empty = ((array_key_exists('allow_empty',$_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0);
$private = intval($acl->is_private() || ($public_policy));
$private = (($private) ? $private : intval($acl->is_private() || ($public_policy)));
// If this is a comment, set the permissions from the parent.
if($parent_item) {
$private = 0;
$acl->set($parent_item);
$private = intval($acl->is_private() || $parent_item['item_private']);
$public_policy = $parent_item['public_policy'];
@ -742,7 +760,12 @@ class Item extends Controller {
}
}
}
if(($str_contact_allow) && (! $str_group_allow)) {
// direct message - private between individual channels but not groups
$private = 2;
}
/**
*

27
Zotlabs/Module/Linkinfo.php
View File

@ -2,9 +2,6 @@
namespace Zotlabs\Module;
class Linkinfo extends \Zotlabs\Web\Controller {
function get() {
@ -48,7 +45,22 @@ class Linkinfo extends \Zotlabs\Web\Controller {
}
logger('linkinfo: ' . $url);
// Replace plink URL with 'share' tag if possible
preg_match("/(mid=b64\.|display\/|posts\/)([\w\-]+)(&.+)?$/", $url, $mid);
if (!empty($mid) && $mid[1] == 'mid=b64.')
$mid[2] = base64_decode($mid[2]);
$r = q("SELECT id FROM item WHERE mid = '%s' AND uid = %d AND item_private = 0 LIMIT 1",
dbesc((empty($mid) ? $url : $mid[2])),
intval(local_channel())
);
if ($r) {
echo "[share=" . $r[0]['id'] . "][/share]";
killme();
}
$result = z_fetch_url($url,false,0,array('novalidate' => true, 'nobody' => true));
if($result['success']) {
$hdrs=array();
@ -275,7 +287,7 @@ class Linkinfo extends \Zotlabs\Web\Controller {
// Check codepage in HTTP headers or HTML if not exist
$cp = (preg_match('/Content-Type: text\/html; charset=(.+)\r\n/i', $header, $o) ? $o[1] : '');
if(empty($cp))
$cp = (preg_match('/meta.+content=["|\']text\/html; charset=([^"|\']+)/i', $body, $o) ? $o[1] : 'AUTO');
$cp = (preg_match('/meta.+content=["\']text\/html; charset=([^"\']+)/i', $body, $o) ? $o[1] : 'AUTO');
$body = mb_convert_encoding($body, 'UTF-8', $cp);
$body = mb_convert_encoding($body, 'HTML-ENTITIES', "UTF-8");
@ -444,8 +456,9 @@ class Linkinfo extends \Zotlabs\Web\Controller {
while (strpos($text, " "))
$text = trim(str_replace(" ", " ", $text));
$siteinfo["text"] = html_entity_decode(substr($text,0,350), ENT_QUOTES, "UTF-8").'...';
$text = substr(html_entity_decode($text, ENT_QUOTES, "UTF-8"), 0, 350);
$siteinfo["text"] = rtrim(substr($text, 0, strrpos($text, " ")), "?.,:;!-") . '...';
}
}

2
Zotlabs/Module/Lockview.php
View File

@ -76,7 +76,7 @@ class Lockview extends \Zotlabs\Web\Controller {
killme();
}
if(($item['item_private'] == 1) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid']))
if(intval($item['item_private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid']))
&& (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) {
// if the post is private, but public_policy is blank ("visible to the internet"), and there aren't any

7
Zotlabs/Module/Magic.php
View File

@ -1,6 +1,8 @@
<?php
namespace Zotlabs\Module;
use Zotlabs\Web\HTTPSig;
@require_once('include/zot.php');
@ -152,10 +154,9 @@ class Magic extends \Zotlabs\Web\Controller {
$headers['Accept'] = 'application/x-zot+json' ;
$headers['X-Open-Web-Auth'] = random_string();
$headers['Host'] = $parsed['host'];
$headers['Digest'] = 'SHA-256=' . \Zotlabs\Web\HTTPSig::generate_digest($data,false);
$headers['Digest'] = HTTPSig::generate_digest_header($data);
$headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], 'acct:' . channel_reddress($channel),true,'sha512');
$x = z_post_url($basepath . '/owa',$data,$redirects,[ 'headers' => $headers ]);
if($x['success']) {

6
Zotlabs/Module/Owa.php
View File

@ -2,6 +2,8 @@
namespace Zotlabs\Module;
use Zotlabs\Web\HTTPSig;
/**
* OpenWebAuth verifier and token generator
* See https://macgirvin.com/wiki/mike/OpenWebAuth/Home
@ -25,7 +27,7 @@ class Owa extends \Zotlabs\Web\Controller {
continue;
}
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
$sigblock = HTTPSig::parse_sigheader($_SERVER[$head]);
if($sigblock) {
$keyId = $sigblock['keyId'];
@ -65,7 +67,7 @@ class Owa extends \Zotlabs\Web\Controller {
if ($r) {
foreach($r as $hubloc) {
$verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']);
$verified = HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']);
if($verified && $verified['header_signed'] && $verified['header_valid']) {
logger('OWA header: ' . print_r($verified,true),LOGGER_DATA);
logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);

4
Zotlabs/Module/Photo.php
View File

@ -169,7 +169,7 @@ class Photo extends \Zotlabs\Web\Controller {
);
call_hooks('cache_url_hook', $cache);
if(! $cache['status']) {
$url = htmlspecialchars_decode($r[0]['display_path']);
$url = html_entity_decode($r[0]['display_path'], ENT_QUOTES);
// SSLify if needed
if(strpos(z_root(),'https:') !== false && strpos($url,'https:') === false)
$url = z_root() . '/sslify/' . $filename . '?f=&url=' . urlencode($url);
@ -222,7 +222,7 @@ class Photo extends \Zotlabs\Web\Controller {
if(! $data)
killme();
$etag = md5($data . $modified);
$etag = '"' . md5($data . $modified) . '"';
if($modified == 0)
$modified = time();

3
Zotlabs/Module/Ping.php
View File

@ -282,8 +282,8 @@ class Ping extends \Zotlabs\Web\Controller {
if(strpos($message, $tt['xname']) === 0)
$message = substr($message, strlen($tt['xname']) + 1);
$mid = basename($tt['link']);
$mid = ((strpos($mid, 'b64.') === 0) ? @base64url_decode(substr($mid, 4)) : $mid);
if(in_array($tt['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) {
// we need the thread parent
@ -291,7 +291,6 @@ class Ping extends \Zotlabs\Web\Controller {
dbesc($mid),
intval(local_channel())
);
$b64mid = ((strpos($r[0]['thr_parent'], 'b64.') === 0) ? $r[0]['thr_parent'] : 'b64.' . base64url_encode($r[0]['thr_parent']));
}
else {

2
Zotlabs/Module/Share.php
View File

@ -106,7 +106,7 @@ class Share extends \Zotlabs\Web\Controller {
$arr['owner_xchan'] = $item['author_xchan'];
$arr['obj'] = Activity::encode_item($item);
$arr['obj_type'] = $item['obj_type'];
$arr['verb'] = 'Announce';
$arr['verb'] = ACTIVITY_SHARE;
$post = item_store($arr);

8
Zotlabs/Module/Zfinger.php
View File

@ -1,6 +1,7 @@
<?php
namespace Zotlabs\Module;
use Zotlabs\Web\HTTPSig;
class Zfinger extends \Zotlabs\Web\Controller {
@ -23,10 +24,9 @@ class Zfinger extends \Zotlabs\Web\Controller {
$ret = json_encode($x);
if($chan) {
$hash = \Zotlabs\Web\HTTPSig::generate_digest($ret,false);
$headers['Digest'] = 'SHA-256=' . $hash;
\Zotlabs\Web\HTTPSig::create_sig('',$headers,$chan['channel_prvkey'],
'acct:' . $chan['channel_address'] . '@' . \App::get_hostname(),true);
$headers['Digest'] = HTTPSig::generate_digest_header($ret);
$h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],'acct:' . channel_reddress($chan));
HTTPSig::set_headers($h);
}
else {
foreach($headers as $k => $v) {

2
Zotlabs/Module/Zot_probe.php
View File

@ -3,7 +3,7 @@
namespace Zotlabs\Module;
use Zotlabs\Lib\Zotfinger;
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
class Zot_probe extends \Zotlabs\Web\Controller {

10
Zotlabs/Photo/PhotoDriver.php
View File

@ -502,13 +502,17 @@ abstract class PhotoDriver {
*
* @param array $arr
* @param scale int
* @return boolean|array
* @return boolean
*/
public function storeThumbnail($arr, $scale = 0) {
// We only process thumbnails here
if($scale == 0)
return false;
$arr['imgscale'] = $scale;
if(boolval(get_config('system','filesystem_storage_thumbnails', 0)) && $scale > 0) {
if(boolval(get_config('system','filesystem_storage_thumbnails', 0))) {
$channel = channelx_by_n($arr['uid']);
$arr['os_storage'] = 1;
$arr['os_syspath'] = 'store/' . $channel['channel_address'] . '/' . $arr['os_path'] . '-' . $scale;

378
Zotlabs/Web/HTTPSig.php
View File

@ -2,11 +2,17 @@
namespace Zotlabs\Web;
use Zotlabs\Lib\ActivityStreams;
use Zotlabs\Lib\Webfinger;
use Zotlabs\Web\HTTPHeaders;
use Zotlabs\Lib\Libzot;
/**
* @brief Implements HTTP Signatures per draft-cavage-http-signatures-07.
* @brief Implements HTTP Signatures per draft-cavage-http-signatures-10.
*
* @see https://tools.ietf.org/html/draft-cavage-http-signatures-07
* @see https://tools.ietf.org/html/draft-cavage-http-signatures-10
*/
class HTTPSig {
/**
@ -15,41 +21,32 @@ class HTTPSig {
* @see https://tools.ietf.org/html/rfc5843
*
* @param string $body The value to create the digest for
* @param boolean $set (optional, default true)
* If set send a Digest HTTP header
* @return string The generated digest of $body
* @param string $alg hash algorithm (one of 'sha256','sha512')
* @return string The generated digest header string for $body
*/
static function generate_digest($body, $set = true) {
$digest = base64_encode(hash('sha256', $body, true));
if($set) {
header('Digest: SHA-256=' . $digest);
static function generate_digest_header($body,$alg = 'sha256') {
$digest = base64_encode(hash($alg, $body, true));
switch($alg) {
case 'sha512':
return 'SHA-512=' . $digest;
case 'sha256':
default:
return 'SHA-256=' . $digest;
break;
}
return $digest;
}
// See draft-cavage-http-signatures-08
static function verify($data,$key = '') {
$body = $data;
$headers = null;
$spoofable = false;
$result = [
'signer' => '',
'header_signed' => false,
'header_valid' => false,
'content_signed' => false,
'content_valid' => false
];
static function find_headers($data,&$body) {
// decide if $data arrived via controller submission or curl
if(is_array($data) && $data['header']) {
if(! $data['success'])
return $result;
return [];
$h = new \Zotlabs\Web\HTTPHeaders($data['header']);
$h = new HTTPHeaders($data['header']);
$headers = $h->fetcharr();
$body = $data['body'];
$headers['(request-target)'] = $data['request_target'];
@ -57,9 +54,7 @@ class HTTPSig {
else {
$headers = [];
$headers['(request-target)'] =
strtolower($_SERVER['REQUEST_METHOD']) . ' ' .
$_SERVER['REQUEST_URI'];
$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
$headers['content-type'] = $_SERVER['CONTENT_TYPE'];
$headers['content-length'] = $_SERVER['CONTENT_LENGTH'];
@ -71,9 +66,35 @@ class HTTPSig {
}
}
// logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL);
//logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL);
// logger('headers: ' . print_r($headers,true), LOGGER_ALL);
//logger('headers: ' . print_r($headers,true), LOGGER_ALL);
return $headers;
}
// See draft-cavage-http-signatures-10
static function verify($data,$key = '') {
$body = $data;
$headers = null;
$result = [
'signer' => '',
'portable_id' => '',
'header_signed' => false,
'header_valid' => false,
'content_signed' => false,
'content_valid' => false
];
$headers = self::find_headers($data,$body);
if(! $headers)
return $result;
$sig_block = null;
@ -85,7 +106,7 @@ class HTTPSig {
}
if(! $sig_block) {
logger('no signature provided.');
logger('no signature provided.', LOGGER_DEBUG);
return $result;
}
@ -103,9 +124,6 @@ class HTTPSig {
if(array_key_exists($h,$headers)) {
$signed_data .= $h . ': ' . $headers[$h] . "\n";
}
if(strpos($h,'.')) {
$spoofable = true;
}
if($h === 'date') {
$d = new \DateTime($headers[$h]);
$d->setTimeZone(new \DateTimeZone('UTC'));
@ -128,63 +146,89 @@ class HTTPSig {
$algorithm = 'sha512';
}
if($key && function_exists($key)) {
$result['signer'] = $sig_block['keyId'];
$key = $key($sig_block['keyId']);
}
if(! $key) {
$result['signer'] = $sig_block['keyId'];
$key = self::get_activitypub_key($sig_block['keyId']);
}
if(! $key)
if(! array_key_exists('keyId',$sig_block))
return $result;
$x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm);
$result['signer'] = $sig_block['keyId'];
$key = self::get_key($key,$result['signer']);
if(! ($key && $key['public_key'])) {
return $result;
}
$x = rsa_verify($signed_data,$sig_block['signature'],$key['public_key'],$algorithm);
logger('verified: ' . $x, LOGGER_DEBUG);
if(! $x)
if(! $x) {
logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key'));
$sig_block['signature'] = base64_encode($sig_block['signature']);
logger('affected sigblock: ' . print_r($sig_block,true));
logger('signed_data: ' . print_r($signed_data,true));
logger('headers: ' . print_r($headers,true));
logger('server: ' . print_r($_SERVER,true));
return $result;
}
if(! $spoofable)
$result['header_valid'] = true;
$result['portable_id'] = $key['portable_id'];
$result['header_valid'] = true;
if(in_array('digest',$signed_headers)) {
$result['content_signed'] = true;
$digest = explode('=', $headers['digest']);
$digest = explode('=', $headers['digest'], 2);
if($digest[0] === 'SHA-256')
$hashalg = 'sha256';
if($digest[0] === 'SHA-512')
$hashalg = 'sha512';
// The explode operation will have stripped the '=' padding, so compare against unpadded base64
if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) {
if(base64_encode(hash($hashalg,$body,true)) === $digest[1]) {
$result['content_valid'] = true;
}
logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false'));
}
if(in_array('x-zot-digest',$signed_headers)) {
$result['content_signed'] = true;
$digest = explode('=', $headers['x-zot-digest']);
if($digest[0] === 'SHA-256')
$hashalg = 'sha256';
if($digest[0] === 'SHA-512')
$hashalg = 'sha512';
// The explode operation will have stripped the '=' padding, so compare against unpadded base64
if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) {
$result['content_valid'] = true;
}
}
logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false'));
return $result;
}
static function get_key($key,$id) {
if($key) {
if(function_exists($key)) {
return $key($id);
}
return [ 'public_key' => $key ];
}
if(strpos($id,'#') === false) {
$key = self::get_webfinger_key($id);
}
if(! $key) {
$key = self::get_activitystreams_key($id);
}
return $key;
}
function convertKey($key) {
if(strstr($key,'RSA ')) {
return rsatopem($key);
}
elseif(substr($key,0,5) === 'data:') {
return convert_salmon_key($key);
}
else {
return $key;
}
}
/**
* @brief
*
@ -192,57 +236,131 @@ class HTTPSig {
* @return boolean|string
* false if no pub key found, otherwise return the pub key
*/
function get_activitypub_key($id) {
if(strpos($id,'acct:') === 0) {
$x = q("select xchan_pubkey from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
dbesc(str_replace('acct:','',$id))
);
}
else {
$x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ",
dbesc($id)
);
}
function get_activitystreams_key($id) {
// remove fragment
$url = ((strpos($id,'#')) ? substr($id,0,strpos($id,'#')) : $id);
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1",
dbesc(str_replace('acct:','',$url)),
dbesc($url)
);
if($x && $x[0]['xchan_pubkey']) {
return ($x[0]['xchan_pubkey']);
return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ];
}
if(function_exists('as_fetch'))
$r = as_fetch($id);
$r = ActivityStreams::fetch($id);
if($r) {
$j = json_decode($r,true);
if(array_key_exists('publicKey',$r) && array_key_exists('publicKeyPem',$r['publicKey']) && array_key_exists('id',$r['publicKey'])) {
if($r['publicKey']['id'] === $id || $r['id'] === $id) {
$portable_id = ((array_key_exists('owner',$r['publicKey'])) ? $r['publicKey']['owner'] : EMPTY_STR);
return [ 'public_key' => self::convertKey($r['publicKey']['publicKeyPem']), 'portable_id' => $portable_id, 'hubloc' => [] ];
}
}
}
return false;
}
if(array_key_exists('publicKey',$j) && array_key_exists('publicKeyPem',$j['publicKey'])) {
if((array_key_exists('id',$j['publicKey']) && $j['publicKey']['id'] !== $id) && $j['id'] !== $id)
return false;
return($j['publicKey']['publicKeyPem']);
function get_webfinger_key($id) {
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1",
dbesc(str_replace('acct:','',$id)),
dbesc($id)
);
if($x && $x[0]['xchan_pubkey']) {
return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ];
}
$wf = Webfinger::exec($id);
$key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ];
if($wf) {
if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) {
$key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']);
}
if(array_key_exists('links', $wf) && is_array($wf['links'])) {
foreach($wf['links'] as $l) {
if(! (is_array($l) && array_key_exists('rel',$l))) {
continue;
}
if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) {
$key['public_key'] = self::convertKey($l['href']);
}
}
}
}
return false;
return (($key['public_key']) ? $key : false);
}
function get_zotfinger_key($id) {
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1",
dbesc(str_replace('acct:','',$id)),
dbesc($id)
);
if($x && $x[0]['xchan_pubkey']) {
return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ];
}
$wf = Webfinger::exec($id);
$key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ];
if($wf) {
if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) {
$key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']);
}
if(array_key_exists('links', $wf) && is_array($wf['links'])) {
foreach($wf['links'] as $l) {
if(! (is_array($l) && array_key_exists('rel',$l))) {
continue;
}
if($l['rel'] === 'http://purl.org/zot/protocol/6.0' && array_key_exists('href',$l) && $l['href'] !== EMPTY_STR) {
$z = \Zotlabs\Lib\Zotfinger::exec($l['href']);
if($z) {
$i = Libzot::import_xchan($z['data']);
if($i['success']) {
$key['portable_id'] = $i['hash'];
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' limit 1",
dbesc($l['href'])
);
if($x) {
$key['hubloc'] = $x[0];
}
}
}
}
if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) {
$key['public_key'] = self::convertKey($l['href']);
}
}
}
}
return (($key['public_key']) ? $key : false);
}
/**
* @brief
*
* @param string $request
* @param array $head
* @param string $prvkey
* @param string $keyid (optional, default 'Key')
* @param boolean $send_headers (optional, default false)
* If set send a HTTP header
* @param string $keyid (optional, default '')
* @param boolean $auth (optional, default false)
* @param string $alg (optional, default 'sha256')
* @param string $crypt_key (optional, default null)
* @param string $crypt_algo (optional, default 'aes256ctr')
* @param array $encryption [ 'key', 'algorithm' ] or false
* @return array
*/
static function create_sig($request, $head, $prvkey, $keyid = 'Key', $send_headers = false, $auth = false,
$alg = 'sha256', $crypt_key = null, $crypt_algo = 'aes256ctr') {
static function create_sig($head, $prvkey, $keyid = EMPTY_STR, $auth = false, $alg = 'sha256', $encryption = false ) {
$return_headers = [];
@ -253,14 +371,15 @@ class HTTPSig {
$algorithm = 'rsa-sha512';
}
$x = self::sign($request,$head,$prvkey,$alg);
$x = self::sign($head,$prvkey,$alg);
$headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm
. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
$headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
if($crypt_key) {
$x = crypto_encapsulate($headerval,$crypt_key,$crypt_algo);
$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
if($encryption) {
$x = crypto_encapsulate($headerval,$encryption['key'],$encryption['algorithm']);
if(is_array($x)) {
$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
}
}
if($auth) {
@ -272,43 +391,52 @@ class HTTPSig {
if($head) {
foreach($head as $k => $v) {
if($send_headers) {
header($k . ': ' . $v);
}
else {
$return_headers[] = $k . ': ' . $v;
// strip the request-target virtual header from the output headers
if($k === '(request-target)') {
continue;
}
$return_headers[] = $k . ': ' . $v;
}
}
if($send_headers) {
header($sighead);
}
else {
$return_headers[] = $sighead;
}
$return_headers[] = $sighead;
return $return_headers;
}
/**
* @brief set headers
*
* @param array $headers
* @return void
*/
static function set_headers($headers) {
if($headers && is_array($headers)) {
foreach($headers as $h) {
header($h);
}
}
}
/**
* @brief
*
* @param string $request
* @param array $head
* @param string $prvkey
* @param string $alg (optional) default 'sha256'
* @return array
*/
static function sign($request, $head, $prvkey, $alg = 'sha256') {
static function sign($head, $prvkey, $alg = 'sha256') {
$ret = [];
$headers = '';
$fields = '';
if($request) {
$headers = '(request-target)' . ': ' . trim($request) . "\n";
$fields = '(request-target)';
}
logger('signing: ' . print_r($head,true), LOGGER_DATA);
if($head) {
foreach($head as $k => $v) {
@ -340,11 +468,8 @@ class HTTPSig {
* - \e array \b headers
* - \e string \b signature
*/
static function parse_sigheader($header) {
if(is_array($header)) {
btlogger('is_array: ' . print_r($header,true));
}
static function parse_sigheader($header) {
$ret = [];
$matches = [];
@ -381,6 +506,7 @@ class HTTPSig {
* - \e string \b alg
* - \e string \b data
*/
static function decrypt_sigheader($header, $prvkey = null) {
$iv = $key = $alg = $data = null;

7
Zotlabs/Zot/Finger.php
View File

@ -2,6 +2,8 @@
namespace Zotlabs\Zot;
use Zotlabs\Web\HTTPSig;
/**
* @brief Finger
*
@ -95,8 +97,7 @@ class Finger {
$headers['X-Zot-Nonce'] = random_string();
$headers['Host'] = $parsed_host;
$xhead = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false);
$xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel));
$retries = 0;
@ -129,7 +130,7 @@ class Finger {
$x = json_decode($result['body'], true);
$verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''));
$verify = HTTPSig::verify($result,(($x) ? $x['key'] : ''));
if($x && (! $verify['header_valid'])) {
$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);

5
Zotlabs/Zot6/Finger.php
View File

@ -88,8 +88,7 @@ class Finger {
$headers = [];
$headers['X-Zot-Channel'] = $channel['channel_address'] . '@' . \App::get_hostname();
$headers['X-Zot-Nonce'] = random_string();
$xhead = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false);
$xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel));
$retries = 0;
@ -122,7 +121,7 @@ class Finger {
$x = json_decode($result['body'], true);
$verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''));
$verify = HTTPSig::verify($result,(($x) ? $x['key'] : ''));
if($x && (! $verify['header_valid'])) {
$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);

536
Zotlabs/Zot6/HTTPSig.php
View File

@ -1,536 +0,0 @@
<?php
namespace Zotlabs\Zot6;
use Zotlabs\Lib\ActivityStreams;
use Zotlabs\Lib\Webfinger;
use Zotlabs\Web\HTTPHeaders;
use Zotlabs\Lib\Libzot;
/**
* @brief Implements HTTP Signatures per draft-cavage-http-signatures-10.
*
* @see https://tools.ietf.org/html/draft-cavage-http-signatures-10
*/
class HTTPSig {
/**
* @brief RFC5843
*
* @see https://tools.ietf.org/html/rfc5843
*
* @param string $body The value to create the digest for
* @param string $alg hash algorithm (one of 'sha256','sha512')
* @return string The generated digest header string for $body
*/
static function generate_digest_header($body,$alg = 'sha256') {
$digest = base64_encode(hash($alg, $body, true));
switch($alg) {
case 'sha512':
return 'SHA-512=' . $digest;
case 'sha256':
default:
return 'SHA-256=' . $digest;
break;
}
}
static function find_headers($data,&$body) {
// decide if $data arrived via controller submission or curl
if(is_array($data) && $data['header']) {
if(! $data['success'])
return [];
$h = new HTTPHeaders($data['header']);
$headers = $h->fetcharr();
$body = $data['body'];
$headers['(request-target)'] = $data['request_target'];
}
else {
$headers = [];
$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
$headers['content-type'] = $_SERVER['CONTENT_TYPE'];
$headers['content-length'] = $_SERVER['CONTENT_LENGTH'];
foreach($_SERVER as $k => $v) {
if(strpos($k,'HTTP_') === 0) {
$field = str_replace('_','-',strtolower(substr($k,5)));
$headers[$field] = $v;
}
}
}
//logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL);
//logger('headers: ' . print_r($headers,true), LOGGER_ALL);
return $headers;
}
// See draft-cavage-http-signatures-10
static function verify($data,$key = '') {
$body = $data;
$headers = null;
$result = [
'signer' => '',
'portable_id' => '',
'header_signed' => false,
'header_valid' => false,
'content_signed' => false,
'content_valid' => false
];
$headers = self::find_headers($data,$body);
if(! $headers)
return $result;
$sig_block = null;
if(array_key_exists('signature',$headers)) {
$sig_block = self::parse_sigheader($headers['signature']);
}
elseif(array_key_exists('authorization',$headers)) {
$sig_block = self::parse_sigheader($headers['authorization']);
}
if(! $sig_block) {
logger('no signature provided.', LOGGER_DEBUG);
return $result;
}
// Warning: This log statement includes binary data
// logger('sig_block: ' . print_r($sig_block,true), LOGGER_DATA);
$result['header_signed'] = true;
$signed_headers = $sig_block['headers'];
if(! $signed_headers)
$signed_headers = [ 'date' ];
$signed_data = '';
foreach($signed_headers as $h) {
if(array_key_exists($h,$headers)) {
$signed_data .= $h . ': ' . $headers[$h] . "\n";
}
if($h === 'date') {
$d = new \DateTime($headers[$h]);
$d->setTimeZone(new \DateTimeZone('UTC'));
$dplus = datetime_convert('UTC','UTC','now + 1 day');
$dminus = datetime_convert('UTC','UTC','now - 1 day');
$c = $d->format('Y-m-d H:i:s');
if($c > $dplus || $c < $dminus) {
logger('bad time: ' . $c);
return $result;
}
}
}
$signed_data = rtrim($signed_data,"\n");
$algorithm = null;
if($sig_block['algorithm'] === 'rsa-sha256') {
$algorithm = 'sha256';
}
if($sig_block['algorithm'] === 'rsa-sha512') {
$algorithm = 'sha512';
}
if(! array_key_exists('keyId',$sig_block))
return $result;
$result['signer'] = $sig_block['keyId'];
$key = self::get_key($key,$result['signer']);
if(! ($key && $key['public_key'])) {
return $result;
}
$x = rsa_verify($signed_data,$sig_block['signature'],$key['public_key'],$algorithm);
logger('verified: ' . $x, LOGGER_DEBUG);
if(! $x) {
logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key'));
$sig_block['signature'] = base64_encode($sig_block['signature']);
logger('affected sigblock: ' . print_r($sig_block,true));
logger('signed_data: ' . print_r($signed_data,true));
logger('headers: ' . print_r($headers,true));
logger('server: ' . print_r($_SERVER,true));
return $result;
}
$result['portable_id'] = $key['portable_id'];
$result['header_valid'] = true;
if(in_array('digest',$signed_headers)) {
$result['content_signed'] = true;
$digest = explode('=', $headers['digest'], 2);
if($digest[0] === 'SHA-256')
$hashalg = 'sha256';
if($digest[0] === 'SHA-512')
$hashalg = 'sha512';
if(base64_encode(hash($hashalg,$body,true)) === $digest[1]) {
$result['content_valid'] = true;
}
logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false'));
}
return $result;
}
static function get_key($key,$id) {
if($key) {
if(function_exists($key)) {
return $key($id);
}
return [ 'public_key' => $key ];
}
if(strpos($id,'#') === false) {
$key = self::get_webfinger_key($id);
}
if(! $key) {
$key = self::get_activitystreams_key($id);
}
return $key;
}
function convertKey($key) {
if(strstr($key,'RSA ')) {
return rsatopem($key);
}
elseif(substr($key,0,5) === 'data:') {
return convert_salmon_key($key);
}
else {
return $key;
}
}
/**
* @brief
*
* @param string $id
* @return boolean|string
* false if no pub key found, otherwise return the pub key
*/
function get_activitystreams_key($id) {
// remove fragment
$url = ((strpos($id,'#')) ? substr($id,0,strpos($id,'#')) : $id);
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1",
dbesc(str_replace('acct:','',$url)),
dbesc($url)
);
if($x && $x[0]['xchan_pubkey']) {
return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ];
}
$r = ActivityStreams::fetch($id);
if($r) {
if(array_key_exists('publicKey',$r) && array_key_exists('publicKeyPem',$r['publicKey']) && array_key_exists('id',$r['publicKey'])) {
if($r['publicKey']['id'] === $id || $r['id'] === $id) {
$portable_id = ((array_key_exists('owner',$r['publicKey'])) ? $r['publicKey']['owner'] : EMPTY_STR);
return [ 'public_key' => self::convertKey($r['publicKey']['publicKeyPem']), 'portable_id' => $portable_id, 'hubloc' => [] ];
}
}
}
return false;
}
function get_webfinger_key($id) {
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1",
dbesc(str_replace('acct:','',$id)),
dbesc($id)
);
if($x && $x[0]['xchan_pubkey']) {
return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ];
}
$wf = Webfinger::exec($id);
$key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ];
if($wf) {
if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) {
$key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']);
}
if(array_key_exists('links', $wf) && is_array($wf['links'])) {
foreach($wf['links'] as $l) {
if(! (is_array($l) && array_key_exists('rel',$l))) {
continue;
}
if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) {
$key['public_key'] = self::convertKey($l['href']);
}
}
}
}
return (($key['public_key']) ? $key : false);
}
function get_zotfinger_key($id) {
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1",
dbesc(str_replace('acct:','',$id)),
dbesc($id)
);
if($x && $x[0]['xchan_pubkey']) {
return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ];
}
$wf = Webfinger::exec($id);
$key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ];
if($wf) {
if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) {
$key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']);
}
if(array_key_exists('links', $wf) && is_array($wf['links'])) {
foreach($wf['links'] as $l) {
if(! (is_array($l) && array_key_exists('rel',$l))) {
continue;
}
if($l['rel'] === 'http://purl.org/zot/protocol/6.0' && array_key_exists('href',$l) && $l['href'] !== EMPTY_STR) {
$z = \Zotlabs\Lib\Zotfinger::exec($l['href']);
if($z) {
$i = Libzot::import_xchan($z['data']);
if($i['success']) {
$key['portable_id'] = $i['hash'];
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' limit 1",
dbesc($l['href'])
);
if($x) {
$key['hubloc'] = $x[0];
}
}
}
}
if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) {
$key['public_key'] = self::convertKey($l['href']);
}
}
}
}
return (($key['public_key']) ? $key : false);
}
/**
* @brief
*
* @param array $head
* @param string $prvkey
* @param string $keyid (optional, default '')
* @param boolean $auth (optional, default false)
* @param string $alg (optional, default 'sha256')
* @param array $encryption [ 'key', 'algorithm' ] or false
* @return array
*/
static function create_sig($head, $prvkey, $keyid = EMPTY_STR, $auth = false, $alg = 'sha256', $encryption = false ) {
$return_headers = [];
if($alg === 'sha256') {
$algorithm = 'rsa-sha256';
}
if($alg === 'sha512') {
$algorithm = 'rsa-sha512';
}
$x = self::sign($head,$prvkey,$alg);
$headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
if($encryption) {
$x = crypto_encapsulate($headerval,$encryption['key'],$encryption['algorithm']);
if(is_array($x)) {
$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
}
}
if($auth) {
$sighead = 'Authorization: Signature ' . $headerval;
}
else {
$sighead = 'Signature: ' . $headerval;
}
if($head) {
foreach($head as $k => $v) {
// strip the request-target virtual header from the output headers
if($k === '(request-target)') {
continue;
}
$return_headers[] = $k . ': ' . $v;
}
}
$return_headers[] = $sighead;
return $return_headers;
}
/**
* @brief set headers
*
* @param array $headers
* @return void
*/
static function set_headers($headers) {
if($headers && is_array($headers)) {
foreach($headers as $h) {
header($h);
}
}
}
/**
* @brief
*
* @param array $head
* @param string $prvkey
* @param string $alg (optional) default 'sha256'
* @return array
*/
static function sign($head, $prvkey, $alg = 'sha256') {
$ret = [];
$headers = '';
$fields = '';
logger('signing: ' . print_r($head,true), LOGGER_DATA);
if($head) {
foreach($head as $k => $v) {
$headers .= strtolower($k) . ': ' . trim($v) . "\n";
if($fields)
$fields .= ' ';
$fields .= strtolower($k);
}
// strip the trailing linefeed
$headers = rtrim($headers,"\n");
}
$sig = base64_encode(rsa_sign($headers,$prvkey,$alg));
$ret['headers'] = $fields;
$ret['signature'] = $sig;
return $ret;
}
/**
* @brief
*
* @param string $header
* @return array associate array with
* - \e string \b keyID
* - \e string \b algorithm
* - \e array \b headers
* - \e string \b signature
*/
static function parse_sigheader($header) {
$ret = [];
$matches = [];
// if the header is encrypted, decrypt with (default) site private key and continue
if(preg_match('/iv="(.*?)"/ism',$header,$matches))
$header = self::decrypt_sigheader($header);
if(preg_match('/keyId="(.*?)"/ism',$header,$matches))
$ret['keyId'] = $matches[1];
if(preg_match('/algorithm="(.*?)"/ism',$header,$matches))
$ret['algorithm'] = $matches[1];
if(preg_match('/headers="(.*?)"/ism',$header,$matches))
$ret['headers'] = explode(' ', $matches[1]);
if(preg_match('/signature="(.*?)"/ism',$header,$matches))
$ret['signature'] = base64_decode(preg_replace('/\s+/','',$matches[1]));
if(($ret['signature']) && ($ret['algorithm']) && (! $ret['headers']))
$ret['headers'] = [ 'date' ];
return $ret;
}
/**
* @brief
*
* @param string $header
* @param string $prvkey (optional), if not set use site private key
* @return array|string associative array, empty string if failue
* - \e string \b iv
* - \e string \b key
* - \e string \b alg
* - \e string \b data
*/
static function decrypt_sigheader($header, $prvkey = null) {
$iv = $key = $alg = $data = null;
if(! $prvkey) {
$prvkey = get_config('system', 'prvkey');
}
$matches = [];
if(preg_match('/iv="(.*?)"/ism',$header,$matches))
$iv = $matches[1];
if(preg_match('/key="(.*?)"/ism',$header,$matches))
$key = $matches[1];
if(preg_match('/alg="(.*?)"/ism',$header,$matches))
$alg = $matches[1];
if(preg_match('/data="(.*?)"/ism',$header,$matches))
$data = $matches[1];
if($iv && $key && $alg && $data) {
return crypto_unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
}
return '';
}
}

1
Zotlabs/Zot6/Receiver.php
View File

@ -4,6 +4,7 @@ namespace Zotlabs\Zot6;
use Zotlabs\Lib\Config;
use Zotlabs\Lib\Libzot;
use Zotlabs\Web\HTTPSig;
class Receiver {

53
boot.php
View File

@ -50,7 +50,7 @@ require_once('include/attach.php');
require_once('include/bbcode.php');
define ( 'PLATFORM_NAME', 'hubzilla' );
define ( 'STD_VERSION', '4.2.1' );
define ( 'STD_VERSION', '4.4' );
define ( 'ZOT_REVISION', '6.0a' );
define ( 'DB_UPDATE_VERSION', 1234 );
@ -80,12 +80,12 @@ define ( 'DIRECTORY_MODE_STANDALONE', 0x0100); // A detached (off the grid) hub
// point to go out and find the rest of the world.
define ( 'DIRECTORY_REALM', 'RED_GLOBAL');
define ( 'DIRECTORY_FALLBACK_MASTER', 'https://zotadel.net');
define ( 'DIRECTORY_FALLBACK_MASTER', 'https://hub.netzgemeinde.eu');
$DIRECTORY_FALLBACK_SERVERS = array(
'https://zotadel.net',
'https://hub.netzgemeinde.eu',
'https://zotsite.net',
'https://hub.netzgemeinde.eu'
'https://hub.libranet.de'
);
@ -468,7 +468,7 @@ define ( 'NAMESPACE_YMEDIA', 'http://search.yahoo.com/mrss/' );
define ( 'ACTIVITYSTREAMS_JSONLD_REV', 'https://www.w3.org/ns/activitystreams' );
define ( 'ZOT_APSCHEMA_REV', '/apschema/v1.5' );
define ( 'ZOT_APSCHEMA_REV', '/apschema/v1.8' );
/**
* activity stream defines
*/
@ -896,6 +896,49 @@ class App {
if(x($_GET,'q'))
self::$cmd = escape_tags(trim($_GET['q'],'/\\'));
// Serve raw files from the file system in certain cases.
$filext = pathinfo(self::$cmd, PATHINFO_EXTENSION);
$serve_rawfiles=[
'jpg'=>'image/jpeg',
'jpeg'=>'image/jpeg',
'gif'=>'image/gif',
'png'=>'image/png',
'ico'=>'image/vnd.microsoft.icon',
'css'=>'text/css',
'js'=>'text/javascript',
'htm'=>'text/html',
'html'=>'text/html',
'map'=>'application/octet-stream',
'ttf'=>'font/ttf',
'woff'=>'font/woff',
'woff2'=>'font/woff2',
'svg'=>'image/svg+xml'];
if (array_key_exists($filext, $serve_rawfiles) && file_exists(self::$cmd)) {
$staticfilecwd = getcwd();
$staticfilerealpath = realpath(self::$cmd);
if(strpos($staticfilerealpath,$staticfilecwd) !== 0) {
http_status_exit(404,'not found');
}
$staticfileetag = '"'.md5($staticfilerealpath.filemtime(self::$cmd)).'"';
header("ETag: ".$staticfileetag);
header("Cache-control: max-age=2592000");
if(isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
// If HTTP_IF_NONE_MATCH is same as the generated ETag => content is the same as browser cache
// So send a 304 Not Modified response header and exit
if($_SERVER['HTTP_IF_NONE_MATCH'] == $staticfileetag) {
http_status_exit(304,'not modified');
}
}
header("Content-type: ".$serve_rawfiles[$filext]);
$handle = fopen(self::$cmd, "rb");
fpassthru($handle);
fclose($handle);
killme();
}
// unix style "homedir"
if((substr(self::$cmd, 0, 1) === '~') || (substr(self::$cmd, 0, 1) === '@'))

22
composer.lock generated
View File

@ -8,16 +8,16 @@
"packages": [
{
"name": "blueimp/jquery-file-upload",
"version": "v9.30.0",
"version": "v9.31.0",
"source": {
"type": "git",
"url": "https://github.com/vkhramtsov/jQuery-File-Upload.git",
"reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558"
"reference": "2485bf016e1085f0cd8308723064458cb0af5729"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/1fceec556879403e5c1ae32a7c448aa12b8c3558",
"reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558",
"url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/2485bf016e1085f0cd8308723064458cb0af5729",
"reference": "2485bf016e1085f0cd8308723064458cb0af5729",
"shasum": ""
},
"type": "library",
@ -59,7 +59,7 @@
"upload",
"widget"
],
"time": "2019-04-22T09:21:57+00:00"
"time": "2019-05-24T07:59:46+00:00"
},
{
"name": "bshaffer/oauth2-server-php",
@ -957,16 +957,16 @@
},
{
"name": "sabre/xml",
"version": "1.5.0",
"version": "1.5.1",
"source": {
"type": "git",
"url": "https://github.com/sabre-io/xml.git",
"reference": "59b20e5bbace9912607481634f97d05a776ffca7"
"reference": "a367665f1df614c3b8fefc30a54de7cd295e444e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sabre-io/xml/zipball/59b20e5bbace9912607481634f97d05a776ffca7",
"reference": "59b20e5bbace9912607481634f97d05a776ffca7",
"url": "https://api.github.com/repos/sabre-io/xml/zipball/a367665f1df614c3b8fefc30a54de7cd295e444e",
"reference": "a367665f1df614c3b8fefc30a54de7cd295e444e",
"shasum": ""
},
"require": {
@ -978,7 +978,7 @@
"sabre/uri": ">=1.0,<3.0.0"
},
"require-dev": {
"phpunit/phpunit": "*",
"phpunit/phpunit": "~4.8|~5.7",
"sabre/cs": "~1.0.0"
},
"type": "library",
@ -1016,7 +1016,7 @@
"dom",
"xml"
],
"time": "2016-10-09T22:57:52+00:00"
"time": "2019-01-09T13:51:57+00:00"
},
{
"name": "simplepie/simplepie",

7
doc/context/ru/connections/help.html Normal file
View File

@ -0,0 +1,7 @@
<dl class="dl-horizontal">
<dd>На этой странице отображается список всех подключений этого канала. Список можно отсортировать и отфильтровать с помощью кнопки <a href='#' onclick='contextualHelpFocus(".section-title-wrapper", 0); return false;' title="Нажмите чтобы выделить элемент..."><button class='btn btn-outline-secondary btn-sm'><i class="fa fa-filter"></i></button></a> рядом с кнопкой поиска.</dd>
<dt>Сведения о контакте</dt>
<dd>Каждая запись в списке показывает информацию о конкретном контакте. Полупрозрачное изображение профиля указывает на заархивированное соединение.</dd>
<dt>Статус контакта</dt>
<dd>Контакт может находиться в разных состояниях: <ul><li>Заархивирован</li><li>Игнорируется</li><li>Заблокирован</li><li>Скрыт</li></ul></dd>
</dl>

9
doc/context/ru/network/help.html Normal file
View File

@ -0,0 +1,9 @@
<dl class="dl-horizontal">
<dd>Здесь отображается поток сообщений и бесед, обычно упорядоченных по последнему обновлению. Данная страница имеет гибкие настройки.</dd>
<dt><a href='#' onclick='contextualHelpFocus("#profile-jot-wrapper", 0); return false;' title="Нажмите чтобы выделить элемент...">Создать заметку</a></dt>
<dd>В верхней части страницы есть текстовое поле с надписью "Поделиться". Нажатие на это поле открывает редактор сообщений. Внешний ид редактора сообщений настраивается, однако по умолчанию редактор имеет поля для текста заметки и необязательного поля "Заголовок". Кнопки под полем для ввода текста слева служат для форматирования текста, вставки ссылок, изображений и других данных. Кнопки справа обеспечивают предварительный просмотр сообщения, настройку разрешений для публикации и кнопку <button class='btn btn-outline-secondary btn-sm'>Отправить</button> для её отправки.</dd>
<dt><a href='#' onclick='contextualHelpFocus("#group-sidebar", 1); return false;' title="Нажмите чтобы выделить элемент...">Группы конфиденциальности</a></dt>
<dd>Созданные вами группы конфиденциальности отображаются на боковой панели. Их выбор фильтрует сообщения по публикациям, которые созданы каналами в выбранной группе.</dd>
<dt><a href='#' onclick='$("#dbtn-acl").click(); return false;' title="Нажмите чтобы выделить элемент...">Разрешения публикации</a></dt>
<dd>Список контроля доступа (ACL) используется для того, чтобы указать, кто будет видеть вашу новую публикацию. При нажатии кнопки ACL рядом с кнопкой <button class='btn btn-outline-secondary btn-sm'>Поделиться</button> появится диалоговое окно, в котором вы можете выбрать, какие каналы и / или группы конфиденциальности могут видеть сообщение. Вы также можете выбрать, кому явно отказано в доступе. Например, вы планируете сюрприз для друга. Вы можете отправить сообщение с приглашением всем в вашей группе "Друзья" <i>кроме</i> друга, которого вы хотите поздравить. В этом случае публикацию увидят все члены группы "Друзья", кроме этого человека.</dd>
</dl>

4
include/account.php
View File

@ -672,6 +672,8 @@ function service_class_allows($uid, $property, $usage = false) {
return true; // No service class set => everything is allowed
$limit = engr_units_to_bytes($limit);
if($limit == 0)
return true; // 0 means no limits
if($usage === false) {
// We use negative values for not allowed properties in a subscriber plan
return ((x($limit)) ? (bool) $limit : true);
@ -759,7 +761,7 @@ function service_class_fetch($uid, $property) {
if(! is_array($arr) || (! count($arr)))
return false;
return((array_key_exists($property, $arr)) ? $arr[$property] : false);
return((array_key_exists($property, $arr) && $arr[$property] != 0) ? $arr[$property] : false);
}
/**

6
include/api_auth.php
View File

@ -96,11 +96,15 @@ function api_login(&$a){
if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) {
$r = q("select * from hubloc where hubloc_addr = '%s' limit 1",
$r = q("select * from hubloc where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) limit 1",
dbesc($keyId),
dbesc($keyId)
);
if($r) {
$c = channelx_by_hash($r[0]['hubloc_hash']);
if (! $c) {
$c = channelx_by_portid($r[0]['hubloc_hash']);
}
if($c) {
$a = q("select * from account where account_id = %d limit 1",
intval($c['channel_account_id'])

4
include/api_zot.php
View File

@ -6,8 +6,8 @@
api_register_func('api/export/basic','api_export_basic', true);
api_register_func('api/red/channel/export/basic','api_export_basic', true);
api_register_func('api/z/1.0/channel/export/basic','api_export_basic', true);
api_register_func('api/red/item/export/page','api_item_export_page', true);
api_register_func('api/z/1.0/item/export/page','api_item_export_page', true);
api_register_func('api/red/item/export_page','api_item_export_page', true);
api_register_func('api/z/1.0/item/export_page','api_item_export_page', true);
api_register_func('api/red/channel/list','api_channel_list', true);
api_register_func('api/z/1.0/channel/list','api_channel_list', true);
api_register_func('api/red/channel/stream','api_channel_stream', true);

4
include/channel.php
View File

@ -1161,7 +1161,7 @@ function channel_export_items_date($channel_id, $start, $finish) {
$ret['relocate'] = [ 'channel_address' => $ch['channel_address'], 'url' => z_root()];
}
$r = q("select * from item where ( item_wall = 1 or item_type != %d ) and item_deleted = 0 and uid = %d and created >= '%s' and created <= '%s' and resource_type = '' order by created",
$r = q("select * from item where ( item_wall = 1 or item_type != %d ) and item_deleted = 0 and uid = %d and created >= '%s' and created <= '%s' and resource_type != 'photo' order by created",
intval(ITEM_TYPE_POST),
intval($channel_id),
dbesc($start),
@ -1223,7 +1223,7 @@ function channel_export_items_page($channel_id, $start, $finish, $page = 0, $lim
$ret['relocate'] = [ 'channel_address' => $ch['channel_address'], 'url' => z_root()];
}
$r = q("select * from item where ( item_wall = 1 or item_type != %d ) and item_deleted = 0 and uid = %d and resource_type = '' and created >= '%s' and created <= '%s' order by created limit %d offset %d",
$r = q("select * from item where ( item_wall = 1 or item_type != %d ) and item_deleted = 0 and uid = %d and resource_type != 'photo' and created >= '%s' and created <= '%s' order by created limit %d offset %d",
intval(ITEM_TYPE_POST),
intval($channel_id),
dbesc($start),

35
include/dir_fns.php
View File

@ -329,13 +329,36 @@ function update_directory_entry($ud) {
if ($ud['ud_addr'] && (! ($ud['ud_flags'] & UPDATE_FLAGS_DELETED))) {
$success = false;
$x = zot_finger($ud['ud_addr'], '');
if ($x['success']) {
$j = json_decode($x['body'], true);
if ($j)
$success = true;
$y = import_xchan($j, 0, $ud);
// directory migration phase 1 (Macgirvin - 29-JUNE-2019)
// fetch zot6 info (if available) as well as historical zot info (if available)
// Once this has been running for > 1 month on the primary directory we can deprecate the historical info and
// modify the directory search to only return zot6 entries, and also modify this function
// to *only* fetch the zot6 entries.
// Otherwise we'll be showing duplicates or have a mostly empty directory for a good chunk of
// the transition period. Directory server load will likely increase "moderately" during this transition.
// The one month counter begins when the primary directory has upgraded to a release which uses this code.
// Hubzilla channels running traditional zot which have not upgraded can or will be dropped from the directory or
// "not found" at the end of the transition period as the directory will only serve zot6 entries at that time.
$uri = \Zotlabs\Lib\Webfinger::zot_url($ud['ud_addr']);
if($uri) {
$record = \Zotlabs\Lib\Zotfinger::exec($uri);
// Check the HTTP signature
$hsig = $record['signature'];
if($hsig && $hsig['signer'] === $url && $hsig['header_valid'] === true && $hsig['content_valid'] === true) {
$x = \Zotlabs\Zot\Libzot::import_xchan($record['data'], 0, $ud);
if($x['success']) {
$success = true;
}
}
}
$x = \Zotlabs\Zot\Finger::run($ud['ud_addr'], '');
if ($x['success']) {
import_xchan($x, 0, $ud);
$success = true;
}
if (! $success) {
q("update updates set ud_last = '%s' where ud_addr = '%s'",

8
include/import.php
View File

@ -2,6 +2,8 @@
use Zotlabs\Lib\IConfig;
use Zotlabs\Web\HTTPSig;
require_once('include/menu.php');
require_once('include/perm_upgrade.php');
@ -1329,7 +1331,7 @@ function sync_files($channel, $files) {
$headers = [];
$headers['Accept'] = 'application/x-zot+json' ;
$headers['Sigtoken'] = random_string();
$headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], 'acct:' . channel_reddress($channel),true,'sha512');
$x = z_post_url($fetch_url,$parr,$redirects,[ 'filep' => $fp, 'headers' => $headers]);
fclose($fp);
@ -1390,7 +1392,7 @@ function sync_files($channel, $files) {
$p['content'] = (($p['content'])? base64_decode($p['content']) : '');
}
if (intval($p['imgscale']) && ((intval($p['os_storage'])) || (! $p['content']))) {
if(intval($p['imgscale'])) {
$time = datetime_convert();
@ -1415,7 +1417,7 @@ function sync_files($channel, $files) {
$headers = [];
$headers['Accept'] = 'application/x-zot+json' ;
$headers['Sigtoken'] = random_string();
$headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel),true,'sha512');
$x = z_post_url($fetch_url,$parr,$redirects,[ 'filep' => $fp, 'headers' => $headers]);
fclose($fp);

28
include/items.php
View File

@ -1988,11 +1988,12 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
unset($arr['iconfig']);
}
if(strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid) || strlen($public_policy))
$private = 1;
else
$private = $arr['item_private'];
$private = intval($arr['item_private']);
if (! $private) {
if (strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid)) {
$private = 1;
}
}
$arr['parent'] = $parent_id;
$arr['allow_cid'] = $allow_cid;
@ -2011,7 +2012,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
// find the item we just created
$r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d and revision = %d ORDER BY id ASC ",
$arr['mid'], // already dbesc'd
dbesc($arr['mid']),
intval($arr['uid']),
intval($arr['revision'])
);
@ -2032,7 +2033,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
if(count($r) > 1) {
logger('item_store: duplicated post occurred. Removing duplicates.');
q("DELETE FROM item WHERE mid = '%s' AND uid = %d AND id != %d ",
$arr['mid'],
dbesc($arr['mid']),
intval($arr['uid']),
intval($current_post)
);
@ -3721,13 +3722,12 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL) {
if(! $interactive)
$ok_to_delete = true;
// owner deletion
if(local_channel() && local_channel() == $item['uid'])
// admin deletion
if(is_site_admin())
$ok_to_delete = true;
// sys owned item, requires site admin to delete
$sys = get_sys_channel();
if(is_site_admin() && $sys['channel_id'] == $item['uid'])
// owner deletion
if(local_channel() && local_channel() == $item['uid'])
$ok_to_delete = true;
// author deletion
@ -4615,12 +4615,12 @@ function set_linkified_perms($linkified, &$str_contact_allow, &$str_group_allow,
if(strpos($access_tag,'cid:') === 0) {
$str_contact_allow .= '<' . substr($access_tag,4) . '>';
$access_tag = '';
$private = 1;
$private = 2;
}
elseif(strpos($access_tag,'gid:') === 0) {
$str_group_allow .= '<' . substr($access_tag,4) . '>';
$access_tag = '';
$private = 1;
$private = 2;
}
}
}

11
include/network.php
View File

@ -1183,12 +1183,12 @@ function discover_by_webbie($webbie, $protocol = '') {
*/
function webfinger_rfc7033($webbie, $zot = false) {
if(strpos($webbie,'@')) {
if(filter_var($webbie, FILTER_VALIDATE_EMAIL)) {
$lhs = substr($webbie,0,strpos($webbie,'@'));
$rhs = substr($webbie,strpos($webbie,'@')+1);
$resource = urlencode('acct:' . $webbie);
}
else {
elseif(filter_var($webbie, FILTER_VALIDATE_URL)) {
$m = parse_url($webbie);
if($m) {
if($m['scheme'] !== 'https')
@ -1197,9 +1197,10 @@ function webfinger_rfc7033($webbie, $zot = false) {
$rhs = $m['host'] . (($m['port']) ? ':' . $m['port'] : '');
$resource = urlencode($webbie);
}
else
return false;
}
else
return false;
logger('fetching url from resource: ' . $rhs . ':' . $webbie);
$counter = 0;
@ -1217,7 +1218,7 @@ function webfinger_rfc7033($webbie, $zot = false) {
function old_webfinger($webbie) {
$host = '';
if(strstr($webbie,'@'))
if(filter_var($webbie, FILTER_VALIDATE_EMAIL))
$host = substr($webbie,strpos($webbie,'@') + 1);
if(strlen($host)) {

8
include/photos.php
View File

@ -261,7 +261,7 @@ function photo_upload($channel, $observer, $args) {
$r0 = $ph->save($p);
$link[0] = array(
'rel' => 'alternate',
'type' => 'text/html',
'type' => $type,
'href' => z_root() . '/photo/' . $photo_hash . '-0.' . $ph->getExt(),
'width' => $width,
'height' => $height
@ -280,7 +280,7 @@ function photo_upload($channel, $observer, $args) {
$r1 = $ph->storeThumbnail($p, PHOTO_RES_1024);
$link[1] = array(
'rel' => 'alternate',
'type' => 'text/html',
'type' => $type,
'href' => z_root() . '/photo/' . $photo_hash . '-1.' . $ph->getExt(),
'width' => $ph->getWidth(),
'height' => $ph->getHeight()
@ -294,7 +294,7 @@ function photo_upload($channel, $observer, $args) {
$r2 = $ph->storeThumbnail($p, PHOTO_RES_640);
$link[2] = array(
'rel' => 'alternate',
'type' => 'text/html',
'type' => $type,
'href' => z_root() . '/photo/' . $photo_hash . '-2.' . $ph->getExt(),
'width' => $ph->getWidth(),
'height' => $ph->getHeight()
@ -308,7 +308,7 @@ function photo_upload($channel, $observer, $args) {
$r3 = $ph->storeThumbnail($p, PHOTO_RES_320);
$link[3] = array(
'rel' => 'alternate',
'type' => 'text/html',
'type' => $type,
'href' => z_root() . '/photo/' . $photo_hash . '-3.' . $ph->getExt(),
'width' => $ph->getWidth(),
'height' => $ph->getHeight()

21
include/socgraph.php
View File

@ -1,5 +1,10 @@
<?php /** @file */
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\Libzotdir;
use Zotlabs\Lib\Zotfinger;
require_once('include/dir_fns.php');
require_once('include/zot.php');
@ -122,7 +127,7 @@ function poco_load($xchan = '', $url = null) {
$profile_url = $url['value'];
continue;
}
if($url['type'] == 'zot') {
if(in_array($url['type'], ['zot','zot6'] )) {
$network = $url['type'];
$address = str_replace('acct:' , '', $url['value']);
continue;
@ -151,6 +156,18 @@ function poco_load($xchan = '', $url = null) {
if(($x !== false) && (! count($x))) {
if($address) {
if($network === 'zot6') {
$j = Zotfinger::exec($profile_url);
if(is_array($j) && array_path_exists('signature/signer',$j) && $j['signature']['signer'] === $profile_url && intval($j['signature']['header_valid'])) {
Libzot::import_xchan($j['data']);
}
$x = q("select xchan_hash from xchan where xchan_hash = '%s' limit 1",
dbesc($hash)
);
if(! $x) {
continue;
}
}
if($network === 'zot') {
$j = Zotlabs\Zot\Finger::run($address,null);
if($j['success']) {
@ -402,7 +419,7 @@ function poco($a,$extended = false) {
$sql_extra ",
intval($channel_id)
);
$rooms = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " )>0 and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d",
$rooms = q("select * from menu_item where ( mitem_flags & " . intval(MENU_ITEM_CHATROOM) . " ) > 0 and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and mitem_channel_id = %d",
intval($channel_id)
);
}

17
include/text.php
View File

@ -1572,7 +1572,9 @@ function format_hashtags(&$item) {
$term = htmlspecialchars($t['term'], ENT_COMPAT, 'UTF-8', false) ;
if(! trim($term))
continue;
if($t['url'] && strpos($item['body'], $t['url']))
if(empty($t['url']))
continue;
if(strpos($item['body'], $t['url']) || stripos($item['body'], '#' . $t['term']))
continue;
if($s)
$s .= ' ';
@ -2456,8 +2458,8 @@ function magic_link($s) {
* @param boolean $escape (optional) default false
*/
function stringify_array_elms(&$arr, $escape = false) {
for($x = 0; $x < count($arr); $x ++)
$arr[$x] = "'" . (($escape) ? dbesc($arr[$x]) : $arr[$x]) . "'";
foreach($arr as $k => $v)
$arr[$k] = "'" . (($escape) ? dbesc($v) : $v) . "'";
}
@ -3105,6 +3107,15 @@ function item_url_replace($channel,&$item,$old,$new,$oldnick = '') {
if($oldnick)
$item['llink'] = str_replace('/' . $oldnick . '/' ,'/' . $channel['channel_address'] . '/' ,$item['llink']);
if($item['term']) {
for($x = 0; $x < count($item['term']); $x ++) {
$item['term'][$x]['url'] = str_replace($old,$new,$item['term'][$x]['url']);
if ($oldnick) {
$item['term'][$x]['url'] = str_replace('/' . $oldnick . '/' ,'/' . $channel['channel_address'] . '/' ,$item['term'][$x]['url']);
}
}
}
}

2
include/xchan.php
View File

@ -1,6 +1,6 @@
<?php
use Zotlabs\Zot6\HTTPSig;
use Zotlabs\Web\HTTPSig;
use Zotlabs\Lib\Libzot;

35
include/zid.php
View File

@ -13,7 +13,7 @@ function is_matrix_url($url) {
if(array_key_exists($m['host'],$remembered))
return $remembered[$m['host']];
$r = q("select hubloc_url from hubloc where hubloc_host = '%s' and hubloc_network = 'zot' limit 1",
$r = q("select hubloc_url from hubloc where hubloc_host = '%s' and hubloc_network in ('zot', 'zot6') limit 1",
dbesc($m['host'])
);
if($r) {
@ -205,20 +205,25 @@ function zidify_text($s) {
*/
function red_zrl_callback($matches) {
$zrl = is_matrix_url($matches[2]);
$t = strip_zids($matches[2]);
if($t !== $matches[2]) {
$zrl = true;
$matches[2] = $t;
}
if($matches[1] === '#^')
$matches[1] = '';
if($zrl)
return $matches[1] . '#^[zrl=' . $matches[2] . ']' . $matches[2] . '[/zrl]';
return $matches[1] . '#^[url=' . $matches[2] . ']' . $matches[2] . '[/url]';
// Catch and exclude trailing punctuation
preg_match("/[.,;:!?)]*$/i", $matches[2], $pts);
$matches[2] = substr($matches[2], 0, strlen($matches[2])-strlen($pts[0]));
$zrl = is_matrix_url($matches[2]);
$t = strip_zids($matches[2]);
if($t !== $matches[2]) {
$zrl = true;
$matches[2] = $t;
}
if($matches[1] === '#^')
$matches[1] = '';
if($zrl)
return $matches[1] . '#^[zrl=' . $matches[2] . ']' . $matches[2] . '[/zrl]' . $pts[0];
return $matches[1] . '#^[url=' . $matches[2] . ']' . $matches[2] . '[/url]' . $pts[0];
}
/**

5
include/zot.php
View File

@ -303,9 +303,8 @@ function zot_zot($url, $data, $channel = null,$crypto = null) {
if($channel) {
$headers['X-Zot-Token'] = random_string();
$hash = \Zotlabs\Web\HTTPSig::generate_digest($data,false);
$headers['X-Zot-Digest'] = 'SHA-256=' . $hash;
$h = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,false,'sha512',(($crypto) ? $crypto['hubloc_sitekey'] : ''), (($crypto) ? zot_best_algorithm($crypto['site_crypto']) : ''));
$headers['X-Zot-Digest'] = \Zotlabs\Web\HTTPSig::generate_digest_header($data);
$h = \Zotlabs\Web\HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel),false,'sha512',(($crypto) ? $crypto['hubloc_sitekey'] : ''), (($crypto) ? zot_best_algorithm($crypto['site_crypto']) : ''));
}
$redirects = 0;

2
install/INSTALL.txt
View File

@ -83,7 +83,7 @@ web server platforms.
Example config scripts are available for these platforms in the install
directory. Apache and nginx have the most support.
- PHP 5.6 or later.
- PHP 7.1 or later.
- PHP *command line* access with register_argc_argv set to true in the
php.ini file - and with no hosting provider restrictions on the use of

584
library/cacert.pem
View File

@ -1,7 +1,7 @@
##
## Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Wed Jun 20 03:12:06 2018 GMT
## Certificate data from Mozilla as of: Sat Jul 13 19:29:28 2019 GMT
##
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates
@ -14,7 +14,7 @@
## Just configure this file as the SSLCACertificateFile.
##
## Conversion done with mk-ca-bundle.pl version 1.27.
## SHA256: c80f571d9f4ebca4a91e0ad3a546f263153d71afffc845c6f8f52ce9d1a2e8ec
## SHA256: 61eaa79ac46d923f2f74dfe401189424e96fa8736102b47ba2cdb4ea19af2cc8
##
@ -261,28 +261,6 @@ gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm
X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
-----END CERTIFICATE-----
Visa eCommerce Root
===================
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQG
EwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2Ug
QXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2
WhcNMjIwNjI0MDAxNjEyWjBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMm
VmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
bW1lcmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h2mCxlCfL
F9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4ElpF7sDPwsRROEW+1QK8b
RaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdVZqW1LS7YgFmypw23RuwhY/81q6UCzyr0
TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI
/k4+oKsGGelT84ATB+0tvz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzs
GHxBvfaLdXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
MB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUFAAOCAQEAX/FBfXxc
CLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcRzCSs00Rsca4BIGsDoo8Ytyk6feUW
YFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pz
zkWKsKZJ/0x9nXGIxHYdkFsd7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBu
YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
398znM/jra6O1I7mT1GvFpLgXPYHDw==
-----END CERTIFICATE-----
Comodo AAA Services root
========================
-----BEGIN CERTIFICATE-----
@ -2792,126 +2770,6 @@ GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn
dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
-----END CERTIFICATE-----
Certplus Root CA G1
===================
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUAMD4xCzAJBgNV
BAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTAe
Fw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhD
ZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHN
r49aiZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt6kuJPKNx
Qv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP0FG7Yn2ksYyy/yARujVj
BYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTv
LRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDEEW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2
z4QTd28n6v+WZxcIbekN1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc
4nBvCGrch2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCTmehd
4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV4EJQeIQEQWGw9CEj
jy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPOWftwenMGE9nTdDckQQoRb5fc5+R+
ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G
A1UdDgQWBBSowcCbkahDFXxdBie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHY
lwuBsTANBgkqhkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh
66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7/SMNkPX0XtPG
YX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BSS7CTKtQ+FjPlnsZlFT5kOwQ/
2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F
6ALEUz65noe8zDUa3qHpimOHZR4RKttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilX
CNQ314cnrUlZp5GrRHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWe
tUNy6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEVV/xuZDDC
VRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5g4VCXA9DO2pJNdWY9BW/
+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl++O/QmueD6i9a5jc2NvLi6Td11n0bt3+
qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo=
-----END CERTIFICATE-----
Certplus Root CA G2
===================
-----BEGIN CERTIFICATE-----
MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4xCzAJBgNVBAYT
AkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjAeFw0x
NDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0
cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IA
BM0PW1aC3/BFGtat93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uN
Am8xIk0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0PAQH/BAQD
AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMB8GA1Ud
IwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqGSM49BAMDA2gAMGUCMHD+sAvZ94OX7PNV
HdTcswYO/jOYnYs5kGuUIe22113WTNchp+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjl
vPl5adytRSv3tjFzzAalU5ORGpOucGpnutee5WEaXw==
-----END CERTIFICATE-----
OpenTrust Root CA G1
====================
-----BEGIN CERTIFICATE-----
MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNV
BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcx
MB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM
CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7fa
Yp6bwiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX/uMftk87
ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR077F9jAHiOH3BX2pfJLKO
YheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGPuY4zbGneWK2gDqdkVBFpRGZPTBKnjix9
xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLxp2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO
9z0M+Yo0FMT7MzUj8czxKselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq
3ywgsNw2TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+WG+Oi
n6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPwvFEVVJSmdz7QdFG9
URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYYEQRVzXR7z2FwefR7LFxckvzluFqr
TJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQUl0YhVyE12jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/Px
N3DlCPaTKbYwDQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E
PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kfgLMtMrpkZ2Cv
uVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbSFXJfLkur1J1juONI5f6ELlgK
n0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLh
X4SPgPL0DTatdrOjteFkdjpY3H1PXlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80
nR14SohWZ25g/4/Ii+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcm
GS3tTAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L9109S5zvE/
bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/KyPu1svf0OnWZzsD2097+o
4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJAwSQiumPv+i2tCqjI40cHLI5kqiPAlxA
OXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj1oxx
-----END CERTIFICATE-----
OpenTrust Root CA G2
====================
-----BEGIN CERTIFICATE-----
MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUAMEAxCzAJBgNV
BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcy
MB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM
CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+
Ntmh/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78eCbY2albz
4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/61UWY0jUJ9gNDlP7ZvyCV
eYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fEFY8ElggGQgT4hNYdvJGmQr5J1WqIP7wt
UdGejeBSzFfdNTVY27SPJIjki9/ca1TSgSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz
3GIZ38i1MH/1PCZ1Eb3XG7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj
3CzMpSZyYhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaHvGOz
9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4t/bQWVyJ98LVtZR0
0dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/gh7PU3+06yzbXfZqfUAkBXKJOAGT
y3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQUajn6QiL35okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59
M4PLuG53hq8wDQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz
Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0nXGEL8pZ0keI
mUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qTRmTFAHneIWv2V6CG1wZy7HBG
S4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpTwm+bREx50B1ws9efAvSyB7DH5fitIw6mVskp
EndI2S9G/Tvw/HRwkqWOOAgfZDC2t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ
6e18CL13zSdkzJTaTkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97kr
gCf2o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU3jg9CcCo
SmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eAiN1nE28daCSLT7d0geX0
YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14fWKGVyasvc0rQLW6aWQ9VGHgtPFGml4vm
u7JwqkwR3v98KzfUetF3NI/n+UL3PIEMS1IK
-----END CERTIFICATE-----
OpenTrust Root CA G3
====================
-----BEGIN CERTIFICATE-----
MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAxCzAJBgNVBAYT
AkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEczMB4X
DTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9w
ZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQA
IgNiAARK7liuTcpm3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5B
ta1doYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4GA1UdDwEB
/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAf
BgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAKBggqhkjOPQQDAwNpADBmAjEAj6jcnboM
BBf6Fek9LykBl7+BFjNAk2z8+e2AcG+qj9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta
3U1fJAuwACEl74+nBCZx4nxp5V2a+EEfOzmTk51V6s2N8fvB
-----END CERTIFICATE-----
ISRG Root X1
============
-----BEGIN CERTIFICATE-----
@ -3312,122 +3170,338 @@ BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe
N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm
m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
-----END CERTIFICATE-----
GlobalSign Root CA - R6
=======================
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
+AZxAeKCINT+b72x
MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX
R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i
YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss
grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE
3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF
vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM
PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+
azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O
WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy
CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP
0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN
b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV
HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN
nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0
lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY
BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym
Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr
3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1
0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T
uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK
oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t
JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=
-----END CERTIFICATE-----
OISTE WISeKey Global Root GC CA
===============================
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
pu/xO28QOG8=
MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD
SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo
MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa
Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL
ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh
bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr
VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab
NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E
AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk
AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9
-----END CERTIFICATE-----
GTS Root R1
===========
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQG
EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJv
b3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAG
A1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx
9vaMf/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7r
aKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnW
r4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqM
LnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly
4cpk9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr
06zqkUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92
wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om
3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNu
JLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEM
BQADggIBADiWCu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1
d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6ZXPYfcX3v73sv
fuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZRgyFmxhE+885H7pwoHyXa/6xm
ld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9b
gsiG1eGZbYwE8na6SfZu6W0eX6DvJ4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq
4BjFbkerQUIpm/ZgDdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWEr
tXvM+SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyyF62ARPBo
pY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9SQ98POyDGCBDTtWTurQ0
sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdwsE3PYJ/HQcu51OyLemGhmW/HGY0dVHLql
CFF1pkgl
-----END CERTIFICATE-----
GTS Root R2
===========
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQG
EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJv
b3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAG
A1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTuk
k3LvCvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo
7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWI
m8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5Gm
dFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbu
ak7MkogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscsz
cTJGr61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW
Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73Vululycsl
aVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy
5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEM
BQADggIBALZp8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT
vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiTz9D2PGcDFWEJ
+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiApJiS4wGWAqoC7o87xdFtCjMw
c3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvbpxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3Da
WsYDQvTtN6LwG1BUSw7YhN4ZKJmBR64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5r
n/WkhLx3+WuXrD5RRaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56Gtmwfu
Nmsk0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC5AwiWVIQ
7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiFizoHCBy69Y9Vmhh1fuXs
gWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLnyOd/xCxgXS/Dr55FBcOEArf9LAhST4Ld
o/DUhgkC
-----END CERTIFICATE-----
GTS Root R3
===========
-----BEGIN CERTIFICATE-----
MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJV
UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
UjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcq
hkjOPQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUU
Rout736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24Cej
QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP
0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFukfCPAlaUs3L6JbyO5o91lAFJekazInXJ0
glMLfalAvWhgxeG4VDvBNhcl2MG9AjEAnjWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOa
KaqW04MjyaR7YbPMAuhd
-----END CERTIFICATE-----
GTS Root R4
===========
-----BEGIN CERTIFICATE-----
MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJV
UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
UjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcq
hkjOPQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa
6zzuhXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqj
QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV
2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0CMRw3J5QdCHojXohw0+WbhXRIjVhLfoI
N+4Zba3bssx9BzT1YBkstTTZbyACMANxsbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11x
zPKwTdb+mciUqXWi4w==
-----END CERTIFICATE-----
UCA Global G2 Root
==================
-----BEGIN CERTIFICATE-----
MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG
EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x
NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU
cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT
oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV
8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS
h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o
LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/
R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe
KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa
4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc
OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97
8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo
5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5
1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A
Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9
yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX
c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo
jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk
bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x
ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn
RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A==
-----END CERTIFICATE-----
UCA Extended Validation Root
============================
-----BEGIN CERTIFICATE-----
MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG
EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u
IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G
A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs
iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF
Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu
eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR
59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH
0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR
el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv
B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth
WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS
NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS
3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL
BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR
ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM
aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4
dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb
+7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW
F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi
GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc
GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi
djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr
dhh2n1ax
-----END CERTIFICATE-----
Certigna Root CA
================
-----BEGIN CERTIFICATE-----
MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE
BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ
MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda
MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz
MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX
stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz
KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8
JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16
XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq
4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej
wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ
lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI
jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/
/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy
dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h
LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl
cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt
OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP
TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq
7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3
4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd
8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS
6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY
tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS
aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde
E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
-----END CERTIFICATE-----
emSign Root CA - G1
===================
-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET
MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl
ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx
ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk
aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN
LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1
cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW
DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ
6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH
hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2
vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q
NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q
+Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih
U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx
iN66zB+Afko=
-----END CERTIFICATE-----
emSign ECC Root CA - G3
=======================
-----BEGIN CERTIFICATE-----
MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG
A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg
MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4
MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11
ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g
RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc
58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr
MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D
CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7
jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj
-----END CERTIFICATE-----
emSign Root CA - C1
===================
-----BEGIN CERTIFICATE-----
MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx
EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp
Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE
BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD
ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up
ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/
Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX
OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V
I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms
lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+
XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp
/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1
NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9
wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ
BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI=
-----END CERTIFICATE-----
emSign ECC Root CA - C3
=======================
-----BEGIN CERTIFICATE-----
MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG
A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF
Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE
BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD
ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd
6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9
SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA
B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA
MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU
ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==
-----END CERTIFICATE-----
Hongkong Post Root CA 3
=======================
-----BEGIN CERTIFICATE-----
MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG
A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK
Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2
MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv
bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX
SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz
iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf
jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim
5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe
sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj
0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/
JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u
y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h
+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG
xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID
AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e
i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN
AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw
W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld
y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov
+BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc
eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw
9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7
nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY
hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB
60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq
dBb9HxEGmpv0
-----END CERTIFICATE-----

27
tests/unit/Web/HttpSigTest.php
View File

@ -43,45 +43,30 @@ class PermissionDescriptionTest extends UnitTestCase {
function testGenerate_digest($text, $digest) {
$this->assertSame(
$digest,
HTTPSig::generate_digest($text, false)
HTTPSig::generate_digest_header($text)
);
}
public function generate_digestProvider() {
return [
'empty body text' => [
'',
'47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
'SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
],
'sample body text' => [
'body text',
'2fu8kUkvuzuo5XyhWwORNOcJgDColXgxWkw1T5EXzPI='
'SHA-256=2fu8kUkvuzuo5XyhWwORNOcJgDColXgxWkw1T5EXzPI='
],
'NULL body text' => [
null,
'47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
'SHA-256=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='
],
];
}
function testGeneratedDigestsOfDifferentTextShouldNotBeEqual() {
$this->assertNotSame(
HTTPSig::generate_digest('text1', false),
HTTPSig::generate_digest('text2', false)
);
}
/**
* Process separation needed for header() check.
* @runInSeparateProcess
*/
function testGenerate_digestSendsHttpHeader() {
$ret = HTTPSig::generate_digest('body text', true);
$this->assertSame('2fu8kUkvuzuo5XyhWwORNOcJgDColXgxWkw1T5EXzPI=', $ret);
$this->assertContains(
'Digest: SHA-256=2fu8kUkvuzuo5XyhWwORNOcJgDColXgxWkw1T5EXzPI=',
xdebug_get_headers(),
'HTTP header Digest does not match'
HTTPSig::generate_digest_header('text1'),
HTTPSig::generate_digest_header('text2')
);
}

984
util/hmessages.po
View File

File diff suppressed because it is too large Load Diff

2
vendor/blueimp/jquery-file-upload/bower.json vendored
View File

@ -1,6 +1,6 @@
{
"name": "blueimp-file-upload",
"version": "9.30.0",
"version": "9.31.0",
"title": "jQuery File Upload",
"description": "File Upload widget with multiple file selection, drag&amp;drop support, progress bar, validation and preview images.",
"keywords": [

2
vendor/blueimp/jquery-file-upload/package.json vendored
View File

@ -1,6 +1,6 @@
{
"name": "blueimp-file-upload",
"version": "9.30.0",
"version": "9.31.0",
"title": "jQuery File Upload",
"description": "File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.",
"keywords": [

116
vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php vendored
View File

@ -43,9 +43,9 @@ class UploadHandler
const IMAGETYPE_PNG = 3;
protected $image_objects = array();
protected $response = array();
public function __construct($options = null, $initialize = true, $error_messages = null) {
$this->response = array();
$this->options = array(
'script_url' => $this->get_full_url().'/'.$this->basename($this->get_server_var('SCRIPT_NAME')),
'upload_dir' => dirname($this->get_server_var('SCRIPT_FILENAME')).'/files/',
@ -75,12 +75,12 @@ class UploadHandler
),
// By default, allow redirects to the referer protocol+host:
'redirect_allow_target' => '/^'.preg_quote(
parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_SCHEME)
.'://'
.parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_HOST)
.'/', // Trailing slash to not match subdomains by mistake
'/' // preg_quote delimiter param
).'/',
parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_SCHEME)
.'://'
.parse_url($this->get_server_var('HTTP_REFERER'), PHP_URL_HOST)
.'/', // Trailing slash to not match subdomains by mistake
'/' // preg_quote delimiter param
).'/',
// Enable to provide file downloads via GET requests to the PHP script:
// 1. Set to 1 to download files via readfile method through PHP
// 2. Set to 2 to send a X-Sendfile header for lighttpd/Apache
@ -151,21 +151,21 @@ class UploadHandler
'identify_bin' => 'identify',
'image_versions' => array(
// The empty image version key defines options for the original image.
// Keep in mind: these image manipulations are inherited by all other image versions from this point onwards.
// Keep in mind: these image manipulations are inherited by all other image versions from this point onwards.
// Also note that the property 'no_cache' is not inherited, since it's not a manipulation.
'' => array(
// Automatically rotate images based on EXIF meta data:
'auto_orient' => true
),
// You can add arrays to generate different versions.
// The name of the key is the name of the version (example: 'medium').
// The name of the key is the name of the version (example: 'medium').
// the array contains the options to apply.
/*
'medium' => array(
'max_width' => 800,
'max_height' => 600
),
*/
*/
'thumbnail' => array(
// Uncomment the following to use a defined directory for the thumbnails
// instead of a subdirectory based on the version identifier.
@ -223,13 +223,13 @@ class UploadHandler
protected function get_full_url() {
$https = !empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'], 'on') === 0 ||
!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;
strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;
return
($https ? 'https://' : 'http://').
(!empty($_SERVER['REMOTE_USER']) ? $_SERVER['REMOTE_USER'].'@' : '').
(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ($_SERVER['SERVER_NAME'].
($https && $_SERVER['SERVER_PORT'] === 443 ||
$_SERVER['SERVER_PORT'] === 80 ? '' : ':'.$_SERVER['SERVER_PORT']))).
($https && $_SERVER['SERVER_PORT'] === 443 ||
$_SERVER['SERVER_PORT'] === 80 ? '' : ':'.$_SERVER['SERVER_PORT']))).
substr($_SERVER['SCRIPT_NAME'],0, strrpos($_SERVER['SCRIPT_NAME'], '/'));
}
@ -377,7 +377,11 @@ class UploadHandler
public function get_config_bytes($val) {
$val = trim($val);
$last = strtolower($val[strlen($val)-1]);
$val = (int)$val;
if (is_numeric($val)) {
$val = (int)$val;
} else {
$val = (int)substr($val, 0, -1);
}
switch ($last) {
case 'g':
$val *= 1024;
@ -414,7 +418,7 @@ class UploadHandler
if ($this->options['max_file_size'] && (
$file_size > $this->options['max_file_size'] ||
$file->size > $this->options['max_file_size'])
) {
) {
$file->error = $this->get_error_message('max_file_size');
return false;
}
@ -424,9 +428,9 @@ class UploadHandler
return false;
}
if (is_int($this->options['max_number_of_files']) &&
($this->count_file_objects() >= $this->options['max_number_of_files']) &&
// Ignore additional chunks of existing files:
!is_file($this->get_upload_path($file->name))) {
($this->count_file_objects() >= $this->options['max_number_of_files']) &&
// Ignore additional chunks of existing files:
!is_file($this->get_upload_path($file->name))) {
$file->error = $this->get_error_message('max_number_of_files');
return false;
}
@ -451,7 +455,7 @@ class UploadHandler
unset($tmp);
}
}
if (!empty($img_width)) {
if (!empty($img_width) && !empty($img_height)) {
if ($max_width && $img_width > $max_width) {
$file->error = $this->get_error_message('max_width');
return false;
@ -488,7 +492,7 @@ class UploadHandler
}
protected function get_unique_filename($file_path, $name, $size, $type, $error,
$index, $content_range) {
$index, $content_range) {
while(is_dir($this->get_upload_path($name))) {
$name = $this->upcount_name($name);
}
@ -505,10 +509,10 @@ class UploadHandler
}
protected function fix_file_extension($file_path, $name, $size, $type, $error,
$index, $content_range) {
$index, $content_range) {
// Add missing file extension for known image types:
if (strpos($name, '.') === false &&
preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) {
preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) {
$name .= '.'.$matches[1];
}
if ($this->options['correct_image_extensions']) {
@ -538,7 +542,7 @@ class UploadHandler
}
protected function trim_file_name($file_path, $name, $size, $type, $error,
$index, $content_range) {
$index, $content_range) {
// Remove path information and dots around the filename, to prevent uploading
// into different directories or replacing hidden system files.
// Also remove control characters and spaces (\x00..\x20) around the filename:
@ -561,7 +565,7 @@ class UploadHandler
}
protected function get_file_name($file_path, $name, $size, $type, $error,
$index, $content_range) {
$index, $content_range) {
$name = $this->trim_file_name($file_path, $name, $size, $type, $error,
$index, $content_range);
return $this->get_unique_filename(
@ -795,25 +799,26 @@ class UploadHandler
// Handle transparency in GIF and PNG images:
switch ($type) {
case 'gif':
imagecolortransparent($new_img, imagecolorallocate($new_img, 0, 0, 0));
break;
case 'png':
imagecolortransparent($new_img, imagecolorallocate($new_img, 0, 0, 0));
case 'png':
imagealphablending($new_img, false);
imagesavealpha($new_img, true);
break;
}
$success = imagecopyresampled(
$new_img,
$src_img,
$dst_x,
$dst_y,
0,
0,
$new_width,
$new_height,
$img_width,
$img_height
) && $write_func($new_img, $new_file_path, $image_quality);
$new_img,
$src_img,
$dst_x,
$dst_y,
0,
0,
$new_width,
$new_height,
$img_width,
$img_height
) && $write_func($new_img, $new_file_path, $image_quality);
$this->gd_set_image_object($file_path, $new_img);
return $success;
}
@ -827,7 +832,12 @@ class UploadHandler
$image->setResourceLimit($type, $limit);
}
}
$image->readImage($file_path);
try {
$image->readImage($file_path);
} catch (ImagickException $e) {
error_log($e->getMessage());
return null;
}
$this->image_objects[$file_path] = $image;
}
return $this->image_objects[$file_path];
@ -884,6 +894,7 @@ class UploadHandler
$file_path,
!empty($options['crop']) || !empty($options['no_cache'])
);
if (is_null($image)) return false;
if ($image->getImageFormat() === 'GIF') {
// Handle animated GIFs:
$images = $image->coalesceImages();
@ -896,32 +907,28 @@ class UploadHandler
$image_oriented = false;
if (!empty($options['auto_orient'])) {
$image_oriented = $this->imagick_orient_image($image);
}
$image_resize = false;
}
$image_resize = false;
$new_width = $max_width = $img_width = $image->getImageWidth();
$new_height = $max_height = $img_height = $image->getImageHeight();
$new_height = $max_height = $img_height = $image->getImageHeight();
// use isset(). User might be setting max_width = 0 (auto in regular resizing). Value 0 would be considered empty when you use empty()
if (isset($options['max_width'])) {
$image_resize = true;
$new_width = $max_width = $options['max_width'];
$image_resize = true;
$new_width = $max_width = $options['max_width'];
}
if (isset($options['max_height'])) {
$image_resize = true;
$new_height = $max_height = $options['max_height'];
}
$image_strip = (isset($options['strip']) ? $options['strip'] : false);
if ( !$image_oriented && ($max_width >= $img_width) && ($max_height >= $img_height) && !$image_strip && empty($options["jpeg_quality"]) ) {
if ( !$image_oriented && ($max_width >= $img_width) && ($max_height >= $img_height) && !$image_strip && empty($options["jpeg_quality"]) ) {
if ($file_path !== $new_file_path) {
return copy($file_path, $new_file_path);
}
return true;
}
$crop = (isset($options['crop']) ? $options['crop'] : false);
if ($crop) {
$x = 0;
$y = 0;
@ -1111,14 +1118,14 @@ class UploadHandler
}
if (count($failed_versions)) {
$file->error = $this->get_error_message('image_resize')
.' ('.implode($failed_versions, ', ').')';
.' ('.implode($failed_versions, ', ').')';
}
// Free memory:
$this->destroy_image_object($file_path);
}
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$index = null, $content_range = null) {
$file = new \stdClass();
$file->name = $this->get_file_name($uploaded_file, $name, $size, $type, $error,
$index, $content_range);
@ -1319,8 +1326,7 @@ class UploadHandler
$json = json_encode($content);
$redirect = stripslashes($this->get_post_param('redirect'));
if ($redirect && preg_match($this->options['redirect_allow_target'], $redirect)) {
$this->header('Location: '.sprintf($redirect, rawurlencode($json)));
return;
return $this->header('Location: '.sprintf($redirect, rawurlencode($json)));
}
$this->head();
if ($this->get_server_var('HTTP_CONTENT_RANGE')) {
@ -1411,11 +1417,11 @@ class UploadHandler
$files[] = $this->handle_file_upload(
isset($upload['tmp_name']) ? $upload['tmp_name'] : null,
$file_name ? $file_name : (isset($upload['name']) ?
$upload['name'] : null),
$upload['name'] : null),
$size ? $size : (isset($upload['size']) ?
$upload['size'] : $this->get_server_var('CONTENT_LENGTH')),
$upload['size'] : $this->get_server_var('CONTENT_LENGTH')),
isset($upload['type']) ?
$upload['type'] : $this->get_server_var('CONTENT_TYPE'),
$upload['type'] : $this->get_server_var('CONTENT_TYPE'),
isset($upload['error']) ? $upload['error'] : null,
null,
$content_range

1
vendor/composer/autoload_classmap.php vendored
View File

@ -1431,7 +1431,6 @@ return array(
'Zotlabs\\Widget\\Wiki_pages' => $baseDir . '/Zotlabs/Widget/Wiki_pages.php',
'Zotlabs\\Widget\\Zcard' => $baseDir . '/Zotlabs/Widget/Zcard.php',
'Zotlabs\\Zot6\\Finger' => $baseDir . '/Zotlabs/Zot6/Finger.php',
'Zotlabs\\Zot6\\HTTPSig' => $baseDir . '/Zotlabs/Zot6/HTTPSig.php',
'Zotlabs\\Zot6\\IHandler' => $baseDir . '/Zotlabs/Zot6/IHandler.php',
'Zotlabs\\Zot6\\Receiver' => $baseDir . '/Zotlabs/Zot6/Receiver.php',
'Zotlabs\\Zot6\\Zot6Handler' => $baseDir . '/Zotlabs/Zot6/Zot6Handler.php',

1
vendor/composer/autoload_static.php vendored
View File

@ -1599,7 +1599,6 @@ class ComposerStaticInit7b34d7e50a62201ec5d5e526a5b8b35d
'Zotlabs\\Widget\\Wiki_pages' => __DIR__ . '/../..' . '/Zotlabs/Widget/Wiki_pages.php',
'Zotlabs\\Widget\\Zcard' => __DIR__ . '/../..' . '/Zotlabs/Widget/Zcard.php',
'Zotlabs\\Zot6\\Finger' => __DIR__ . '/../..' . '/Zotlabs/Zot6/Finger.php',
'Zotlabs\\Zot6\\HTTPSig' => __DIR__ . '/../..' . '/Zotlabs/Zot6/HTTPSig.php',
'Zotlabs\\Zot6\\IHandler' => __DIR__ . '/../..' . '/Zotlabs/Zot6/IHandler.php',
'Zotlabs\\Zot6\\Receiver' => __DIR__ . '/../..' . '/Zotlabs/Zot6/Receiver.php',
'Zotlabs\\Zot6\\Zot6Handler' => __DIR__ . '/../..' . '/Zotlabs/Zot6/Zot6Handler.php',

26
vendor/composer/installed.json vendored
View File

@ -1,20 +1,20 @@
[
{
"name": "blueimp/jquery-file-upload",
"version": "v9.30.0",
"version_normalized": "9.30.0.0",
"version": "v9.31.0",
"version_normalized": "9.31.0.0",
"source": {
"type": "git",
"url": "https://github.com/vkhramtsov/jQuery-File-Upload.git",
"reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558"
"reference": "2485bf016e1085f0cd8308723064458cb0af5729"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/1fceec556879403e5c1ae32a7c448aa12b8c3558",
"reference": "1fceec556879403e5c1ae32a7c448aa12b8c3558",
"url": "https://api.github.com/repos/vkhramtsov/jQuery-File-Upload/zipball/2485bf016e1085f0cd8308723064458cb0af5729",
"reference": "2485bf016e1085f0cd8308723064458cb0af5729",
"shasum": ""
},
"time": "2019-04-22T09:21:57+00:00",
"time": "2019-05-24T07:59:46+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
@ -984,17 +984,17 @@
},
{
"name": "sabre/xml",
"version": "1.5.0",
"version_normalized": "1.5.0.0",
"version": "1.5.1",
"version_normalized": "1.5.1.0",
"source": {
"type": "git",
"url": "https://github.com/sabre-io/xml.git",
"reference": "59b20e5bbace9912607481634f97d05a776ffca7"
"reference": "a367665f1df614c3b8fefc30a54de7cd295e444e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sabre-io/xml/zipball/59b20e5bbace9912607481634f97d05a776ffca7",
"reference": "59b20e5bbace9912607481634f97d05a776ffca7",
"url": "https://api.github.com/repos/sabre-io/xml/zipball/a367665f1df614c3b8fefc30a54de7cd295e444e",
"reference": "a367665f1df614c3b8fefc30a54de7cd295e444e",
"shasum": ""
},
"require": {
@ -1006,10 +1006,10 @@
"sabre/uri": ">=1.0,<3.0.0"
},
"require-dev": {
"phpunit/phpunit": "*",
"phpunit/phpunit": "~4.8|~5.7",
"sabre/cs": "~1.0.0"
},
"time": "2016-10-09T22:57:52+00:00",
"time": "2019-01-09T13:51:57+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {

6
vendor/sabre/xml/CHANGELOG.md vendored
View File

@ -1,6 +1,12 @@
ChangeLog
=========
1.5.1 (2019-01-09)
------------------
* #161: Prevent infinite loop on empty xml elements
1.5.0 (2016-10-09)
------------------

2
vendor/sabre/xml/composer.json vendored
View File

@ -45,7 +45,7 @@
},
"require-dev": {
"sabre/cs": "~1.0.0",
"phpunit/phpunit" : "*"
"phpunit/phpunit" : "~4.8|~5.7"
},
"config" : {
"bin-dir" : "bin/"

33
vendor/sabre/xml/lib/Deserializer/functions.php vendored
View File

@ -66,9 +66,20 @@ function keyValue(Reader $reader, $namespace = null) {
return [];
}
if (!$reader->read()) {
$reader->next();
return [];
}
if (Reader::END_ELEMENT === $reader->nodeType) {
$reader->next();
return [];
}
$values = [];
$reader->read();
do {
if ($reader->nodeType === Reader::ELEMENT) {
@ -79,7 +90,9 @@ function keyValue(Reader $reader, $namespace = null) {
$values[$clark] = $reader->parseCurrentElement()['value'];
}
} else {
$reader->read();
if (!$reader->read()) {
break;
}
}
} while ($reader->nodeType !== Reader::END_ELEMENT);
@ -144,7 +157,17 @@ function enum(Reader $reader, $namespace = null) {
$reader->next();
return [];
}
$reader->read();
if (!$reader->read()) {
$reader->next();
return [];
}
if (Reader::END_ELEMENT === $reader->nodeType) {
$reader->next();
return [];
}
$currentDepth = $reader->depth;
$values = [];
@ -204,7 +227,9 @@ function valueObject(Reader $reader, $className, $namespace) {
$reader->next();
}
} else {
$reader->read();
if (!$reader->read()) {
break;
}
}
} while ($reader->nodeType !== Reader::END_ELEMENT);

3
vendor/sabre/xml/lib/Service.php vendored
View File

@ -138,7 +138,8 @@ class Service {
* @param string|string[] $rootElementName
* @param string|resource $input
* @param string|null $contextUri
* @return void
* @throws ParseException
* @return array|object|string
*/
function expect($rootElementName, $input, $contextUri = null) {

1
view/css/cdav_calendar.css
View File

@ -33,5 +33,6 @@ main.fullscreen .fc td:last-child {
.bootstrap-tagsinput {
width: 100%;
padding: 6px 12px;
margin-bottom: 0px !important;
}

26214
view/de-de/hmessages.po
View File

File diff suppressed because it is too large Load Diff

5621
view/de-de/hstrings.php
View File

File diff suppressed because it is too large Load Diff

977
view/es-es/hmessages.po
View File

File diff suppressed because it is too large Load Diff

22
view/es-es/hstrings.php
View File

@ -107,6 +107,7 @@ App::$strings["Link to source"] = "Enlace a la fuente";
App::$strings["Event title"] = "Título del evento";
App::$strings["Start date and time"] = "Fecha y hora de comienzo";
App::$strings["End date and time"] = "Fecha y hora de finalización";
App::$strings["Timezone:"] = "Zona horaria: ";
App::$strings["Description"] = "Descripción";
App::$strings["Location"] = "Ubicación";
App::$strings["Previous"] = "Anterior";
@ -165,6 +166,7 @@ App::$strings["Some permissions may be inherited from your channel's <a href=\"s
App::$strings["You must be logged in to see this page."] = "Debe haber iniciado sesión para poder ver esta página.";
App::$strings["Posts and comments"] = "Publicaciones y comentarios";
App::$strings["Only posts"] = "Solo publicaciones";
App::$strings["This is the home page of %s."] = "Esta es la página personal de %s.";
App::$strings["Insufficient permissions. Request redirected to profile page."] = "Permisos insuficientes. Petición redirigida a la página del perfil.";
App::$strings["Search Results For:"] = "Buscar resultados para:";
App::$strings["Reset form"] = "Reiniciar el formulario";
@ -260,7 +262,6 @@ App::$strings["Edit Description"] = "Editar la descripción";
App::$strings["Edit Location"] = "Modificar la dirección";
App::$strings["Preview"] = "Previsualizar";
App::$strings["Permission settings"] = "Configuración de permisos";
App::$strings["Timezone:"] = "Zona horaria: ";
App::$strings["Advanced Options"] = "Opciones avanzadas";
App::$strings["l, F j"] = "l j F";
App::$strings["Edit event"] = "Editar evento";
@ -940,7 +941,6 @@ App::$strings["Client key starts with"] = "La \"client key\" empieza por";
App::$strings["No name"] = "Sin nombre";
App::$strings["Remove authorization"] = "Eliminar autorización";
App::$strings["Permissions denied."] = "Permisos denegados.";
App::$strings["Import"] = "Importar";
App::$strings["Authorize application connection"] = "Autorizar una conexión de aplicación";
App::$strings["Return to your app and insert this Security Code:"] = "Vuelva a su aplicación e introduzca este código de seguridad: ";
App::$strings["Please login to continue."] = "Por favor inicie sesión para continuar.";
@ -1567,7 +1567,7 @@ App::$strings["Connect"] = "Conectar";
App::$strings["Public Forum:"] = "Foro público:";
App::$strings["Keywords: "] = "Palabras clave:";
App::$strings["Don't suggest"] = "No sugerir:";
App::$strings["Common connections (estimated):"] = "Conexiones comunes (estimadas): ";
App::$strings["Common connections (estimated):"] = "Conexiones comunes (estimadas): ";
App::$strings["Global Directory"] = "Directorio global:";
App::$strings["Local Directory"] = "Directorio local:";
App::$strings["Finding:"] = "Encontrar:";
@ -1914,6 +1914,7 @@ App::$strings["Please visit %s to approve or reject the suggestion."] = "Por fav
App::$strings["[\$Projectname:Notify]"] = "[\$Projectname:Aviso]";
App::$strings["created a new post"] = "ha creado una nueva entrada";
App::$strings["commented on %s's post"] = "ha comentado la entrada de %s";
App::$strings["repeated %s's post"] = "repetida la entrada de %s";
App::$strings["edited a post dated %s"] = "ha editado una entrada fechada el %s";
App::$strings["edited a comment dated %s"] = "ha editado un comentario fechado el %s";
App::$strings["Wiki updated successfully"] = "El wiki se ha actualizado con éxito";
@ -2284,8 +2285,10 @@ App::$strings["This app looks in posts for the words/text you specify below, and
App::$strings["Comma separated list of keywords to hide"] = "Lista separada por comas de palabras clave para ocultar";
App::$strings["Word, /regular-expression/, lang=xx, lang!=xx"] = "Palabra, /expresión regular/, lang=xx, lang!=xx";
App::$strings["NSFW"] = "NSFW";
App::$strings["Not allowed."] = "No permitido/a.";
App::$strings["Max queueworker threads"] = "Máximo de hilos en la cola";
App::$strings["Assume workers dead after ___ seconds"] = "Asumir que el proceso de trabajo está muerto después de ___ segundos";
App::$strings["Pause before starting next task: (microseconds. Minimum 100 = .0001 seconds)"] = "Haga una pausa antes de comenzar la siguiente tarea: (microsegundos. Mínimo 100 =.0001 segundos)";
App::$strings["Queueworker Settings"] = "Configuración del gestor de procesos de trabajo en cola";
App::$strings["Insane Journal Crosspost Connector Settings saved."] = "Se han guardado los ajustes del Conector de publicación cruzada de InsaneJournal.";
App::$strings["Insane Journal Crosspost Connector App"] = "App Ajustes del Conector de publicación cruzada de InsaneJournal";
@ -2520,7 +2523,7 @@ App::$strings["Your channel has been upgraded to \$Projectname version"] = "Su c
App::$strings["Please have a look at the"] = "Por favor, eche un vistazo a la ";
App::$strings["git history"] = "historial del git";
App::$strings["change log"] = "lista de cambios";
App::$strings["for further infos."] = "para más información.";
App::$strings["for further info."] = "para más información.";
App::$strings["Upgrade Info"] = "Información de actualización";
App::$strings["Do not show this again"] = "No mostrar esto de nuevo";
App::$strings["Access Denied"] = "Acceso denegado";
@ -3100,6 +3103,7 @@ App::$strings["activity"] = "la/su actividad";
App::$strings["a-z, 0-9, -, and _ only"] = "a-z, 0-9, -, and _ only";
App::$strings["Design Tools"] = "Herramientas de diseño web";
App::$strings["Pages"] = "Páginas";
App::$strings["Import"] = "Importar";
App::$strings["Import website..."] = "Importar un sitio web...";
App::$strings["Select folder to import"] = "Seleccionar la carpeta que se va a importar";
App::$strings["Import from a zipped folder:"] = "Importar desde una carpeta comprimida: ";
@ -3304,6 +3308,9 @@ App::$strings["Like this thing"] = "Me gusta esto";
App::$strings["l F d, Y \\@ g:i A"] = "l d de F, Y \\@ G:i";
App::$strings["Starts:"] = "Comienza:";
App::$strings["Finishes:"] = "Finaliza:";
App::$strings["l F d, Y"] = "l F d, Y";
App::$strings["Start:"] = "Iniciar: ";
App::$strings["End:"] = "Finalizar: ";
App::$strings["This event has been added to your calendar."] = "Este evento ha sido añadido a su calendario.";
App::$strings["Not specified"] = "Sin especificar";
App::$strings["Needs Action"] = "Necesita de una intervención";
@ -3346,6 +3353,8 @@ App::$strings["Embedding disabled"] = "Incrustación deshabilitada";
App::$strings["OpenWebAuth: %1\$s welcomes %2\$s"] = "OpenWebAuth: %1\$s da la bienvenida a %2\$s";
App::$strings["Start calendar week on Monday"] = "Comenzar el calendario semanal por el lunes";
App::$strings["Default is Sunday"] = "Por defecto es domingo";
App::$strings["Event Timezone Selection"] = "Selección del huso horario del evento";
App::$strings["Allow event creation in timezones other than your own."] = "Permitir la creación de eventos en husos horarios distintos del suyo.";
App::$strings["Search by Date"] = "Buscar por fecha";
App::$strings["Ability to select posts by date ranges"] = "Capacidad de seleccionar entradas por rango de fechas";
App::$strings["Tag Cloud"] = "Nube de etiquetas";
@ -3386,11 +3395,6 @@ App::$strings["Suppress Duplicate Posts/Comments"] = "Prevenir entradas o coment
App::$strings["Prevent posts with identical content to be published with less than two minutes in between submissions."] = "Prevenir que entradas con contenido idéntico se publiquen con menos de dos minutos de intervalo.";
App::$strings["Auto-save drafts of posts and comments"] = "Guardar automáticamente borradores de entradas y comentarios";
App::$strings["Automatically saves post and comment drafts in local browser storage to help prevent accidental loss of compositions"] = "Guarda automáticamente los borradores de comentarios y publicaciones en el almacenamiento del navegador local para ayudar a evitar la pérdida accidental de composiciones.";
App::$strings["Events"] = "Eventos";
App::$strings["Smart Birthdays"] = "Cumpleaños inteligentes";
App::$strings["Make birthday events timezone aware in case your friends are scattered across the planet."] = "Enlazar los eventos de cumpleaños con el huso horario en el caso de que sus amigos estén dispersos por el mundo.";
App::$strings["Event Timezone Selection"] = "Selección del huso horario del evento";
App::$strings["Allow event creation in timezones other than your own."] = "Permitir la creación de eventos en husos horarios distintos del suyo.";
App::$strings["Manage"] = "Gestionar";
App::$strings["Navigation Channel Select"] = "Navegación por el selector de canales";
App::$strings["Change channels directly from within the navigation dropdown menu"] = "Cambiar de canales directamente desde el menú de navegación desplegable";

24614
view/ru/hmessages.po
View File

File diff suppressed because it is too large Load Diff

5580
view/ru/hstrings.php
View File

File diff suppressed because it is too large Load Diff

62
view/tpl/cdav_calendar.tpl
View File

@ -58,7 +58,7 @@ $(document).ready(function() {
dayNamesShort: aStr['dayNamesShort'],
allDayText: aStr['allday'],
snapDuration: '00:15:00',
snapDuration: '00:05:00',
dateClick: function(info) {
if(new_event.id) {
@ -69,6 +69,14 @@ $(document).ready(function() {
allday = info.allDay;
if(allday) {
$('#id_dtstart_wrapper, #id_dtend_wrapper, #id_timezone_select_wrapper').hide();
}
else {
$('#id_dtstart_wrapper, #id_dtend_wrapper, #id_timezone_select_wrapper').show();
}
var dtend = new Date(info.date.toUTCString());
if(allday) {
dtend.setDate(dtend.getDate() + 1);
@ -85,14 +93,14 @@ $(document).ready(function() {
$('#id_description').attr('disabled', false);
$('#id_location').attr('disabled', false);
$('#calendar_select').val($("#calendar_select option:first").val()).attr('disabled', false);
$('#id_dtstart').val(info.date.toUTCString());
$('#id_dtend').val(dtend ? dtend.toUTCString() : '');
$('#id_dtstart').val(info.date.toUTCString().slice(0, -4));
$('#id_dtend').val(dtend ? dtend.toUTCString().slice(0, -4) : '');
$('#id_description').val('');
$('#id_location').val('');
$('#event_submit').val('create_event').html('{{$create}}');
$('#event_delete').hide();
new_event = { id: new_event_id, title: 'New event', start: $('#id_dtstart').val(), end: $('#id_dtend').val(), allDay: info.allDay, editable: true, color: '#bbb' };
new_event = { id: new_event_id, title: 'New event', start: info.date.toUTCString(), end: dtend ? dtend.toUTCString() : '', allDay: info.allDay, editable: true, color: '#bbb' };
calendar.addEvent(new_event);
},
@ -114,6 +122,13 @@ $(document).ready(function() {
$('#l2s').remove();
}
if(event.allDay) {
$('#id_dtstart_wrapper, #id_dtend_wrapper, #id_timezone_select_wrapper').hide();
}
else {
$('#id_dtstart_wrapper, #id_dtend_wrapper, #id_timezone_select_wrapper').show();
}
if(event.publicId == new_event_id) {
$('#calendar_select').trigger('change');
$('#event_submit').show();
@ -149,8 +164,8 @@ $(document).ready(function() {
$('#id_timezone_select').val(event.extendedProps.timezone);
$('#id_location').val(event.extendedProps.location);
$('#id_categories').tagsinput('add', event.extendedProps.categories);
$('#id_dtstart').val(dtstart.toUTCString());
$('#id_dtend').val(dtend.toUTCString());
$('#id_dtstart').val(dtstart.toUTCString().slice(0, -4));
$('#id_dtend').val(dtend.toUTCString().slice(0, -4));
$('#id_description').val(event.extendedProps.description);
$('#id_location').val(event.extendedProps.location);
$('#event_submit').val('update_event').html('{{$update}}');
@ -202,8 +217,8 @@ $(document).ready(function() {
var dtend = new Date(info.event._instance.range.end);
$('#id_title').val(event.title);
$('#id_dtstart').val(dtstart.toUTCString());
$('#id_dtend').val(dtend.toUTCString());
$('#id_dtstart').val(dtstart.toUTCString().slice(0, -4));
$('#id_dtend').val(dtend.toUTCString().slice(0, -4));
event_id = event.extendedProps.item ? event.extendedProps.item.id : 0;
event_xchan = event.extendedProps.item ? event.extendedProps.item.event_xchan : '';
@ -217,8 +232,8 @@ $(document).ready(function() {
'preview': 0,
'summary': event.title,
'timezone_select': event.extendedProps.timezone,
'dtstart': dtstart.toUTCString(),
'dtend': dtend.toUTCString(),
'dtstart': dtstart.toUTCString().slice(0, -4),
'dtend': dtend.toUTCString().slice(0, -4),
'adjust': event.allDay ? 0 : 1,
'categories': event.extendedProps.categories,
'desc': event.extendedProps.description,
@ -234,8 +249,8 @@ $(document).ready(function() {
'id[]': event.extendedProps.calendar_id,
'uri': event.extendedProps.uri,
'timezone_select': event.extendedProps.timezone,
'dtstart': dtstart ? dtstart.toUTCString() : '',
'dtend': dtend ? dtend.toUTCString() : '',
'dtstart': dtstart ? dtstart.toUTCString().slice(0, -4) : '',
'dtend': dtend ? dtend.toUTCString().slice(0, -4) : '',
'allday': event.allDay ? 1 : 0
})
.fail(function() {
@ -251,8 +266,8 @@ $(document).ready(function() {
var dtend = new Date(info.event._instance.range.end);
$('#id_title').val(event.title);
$('#id_dtstart').val(dtstart.toUTCString());
$('#id_dtend').val(dtend.toUTCString());
$('#id_dtstart').val(dtstart.toUTCString().slice(0, -4));
$('#id_dtend').val(dtend.toUTCString().slice(0, -4));
event_id = event.extendedProps.item ? event.extendedProps.item.id : 0;
event_xchan = event.extendedProps.item ? event.extendedProps.item.event_xchan : '';
@ -266,8 +281,8 @@ $(document).ready(function() {
'preview': 0,
'summary': event.title,
'timezone_select': event.extendedProps.timezone,
'dtstart': dtstart.toUTCString(),
'dtend': dtend.toUTCString(),
'dtstart': dtstart.toUTCString().slice(0, -4),
'dtend': dtend.toUTCString().slice(0, -4),
'adjust': event.allDay ? 0 : 1,
'categories': event.extendedProps.categories,
'desc': event.extendedProps.description,
@ -283,8 +298,8 @@ $(document).ready(function() {
'id[]': event.extendedProps.calendar_id,
'uri': event.extendedProps.uri,
'timezone_select': event.extendedProps.timezone,
'dtstart': dtstart ? dtstart.toUTCString() : '',
'dtend': dtend ? dtend.toUTCString() : '',
'dtstart': dtstart ? dtstart.toUTCString().slice(0, -4) : '',
'dtend': dtend ? dtend.toUTCString().slice(0, -4) : '',
'allday': event.allDay ? 1 : 0
})
.fail(function() {
@ -352,8 +367,8 @@ $(document).ready(function() {
$('#calendar_select').val('channel_calendar').attr('disabled', true);
$('#id_title').val(resource.summary);
$('#id_dtstart').val(new Date(resource.dtstart).toUTCString());
$('#id_dtend').val(new Date(resource.dtend).toUTCString());
$('#id_dtstart').val(new Date(resource.dtstart).toUTCString().slice(0, -4));
$('#id_dtend').val(new Date(resource.dtend).toUTCString().slice(0, -4));
$('#id_categories').tagsinput('add', '{{$categories}}'),
$('#id_description').val(resource.description);
$('#id_location').val(resource.location);
@ -366,20 +381,21 @@ $(document).ready(function() {
}
if(default_view === 'dayGridMonth');
$('#id_dtstart_wrapper, #id_dtend_wrapper').hide();
$('#id_dtstart_wrapper, #id_dtend_wrapper, #id_timezone_select_wrapper').hide();
});
function changeView(viewName) {
calendar.changeView(viewName);
$('#title').text(calendar.view.title);
$('#view_selector').html(views[calendar.view.type]);
if(viewName === 'dayGridMonth') {
$('#id_dtstart_wrapper, #id_dtend_wrapper').hide();
$('#id_dtstart_wrapper, #id_dtend_wrapper, #id_timezone_select_wrapper').hide();
}
else {
$('#id_dtstart_wrapper, #id_dtend_wrapper').show();
$('#id_dtstart_wrapper, #id_dtend_wrapper, #id_timezone_select_wrapper').show();
}
return;

6
view/tpl/conv_item.tpl
View File

@ -9,12 +9,12 @@
<div class="wall-item-outside-wrapper{{if $item.is_comment}} comment{{/if}}{{if $item.previewing}} preview{{/if}}" data-mid="{{$item.mid}}" id="wall-item-outside-wrapper-{{$item.id}}" >
<div class="clearfix wall-item-content-wrapper{{if $item.is_comment}} comment{{/if}}" id="wall-item-content-wrapper-{{$item.id}}">
{{if $item.photo}}
<div class="wall-photo-item{{if $item.is_new && !$item.title}} wall-item-head-new rounded-top{{/if}}" id="wall-photo-item-{{$item.id}}">
<div class="wall-photo-item" id="wall-photo-item-{{$item.id}}">
{{$item.photo}}
</div>
{{/if}}
{{if $item.event}}
<div class="wall-event-item{{if $item.is_new && !$item.title}} wall-item-head-new rounded-top{{/if}}" id="wall-event-item-{{$item.id}}">
<div class="wall-event-item" id="wall-event-item-{{$item.id}}">
{{$item.event}}
</div>
{{/if}}
@ -26,7 +26,7 @@
<hr class="m-0">
{{/if}}
{{/if}}
<div class="p-2 clearfix wall-item-head{{if $item.is_new && !$item.title && !$item.event && !$item.is_comment && !$item.photo}} wall-item-head-new rounded-top{{/if}}" >
<div class="p-2 clearfix wall-item-head{{if !$item.title && !$item.event && !$item.photo}} rounded-top{{/if}}{{if $item.is_new && !$item.event && !$item.is_comment}} wall-item-head-new{{/if}}" >
{{if $item.thr_parent}}
<a href="javascript:doscroll('{{$item.thr_parent}}',{{$item.parent}});" title="{{$item.top_hint}}" class="float-right"><i class="fa fa-angle-double-up">&nbsp;&nbsp;&nbsp;</i></a>
{{/if}}

6
view/tpl/conv_list.tpl
View File

@ -9,12 +9,12 @@
<div class="wall-item-outside-wrapper{{if $item.is_comment}} comment{{/if}}{{if $item.previewing}} preview{{/if}}" id="wall-item-outside-wrapper-{{$item.id}}" >
<div class="clearfix wall-item-content-wrapper{{if $item.is_comment}} comment{{/if}}" id="wall-item-content-wrapper-{{$item.id}}">
{{if $item.photo}}
<div class="wall-photo-item{{if $item.is_new && !$item.title}} wall-item-head-new rounded-top{{/if}}" id="wall-photo-item-{{$item.id}}">
<div class="wall-photo-item" id="wall-photo-item-{{$item.id}}">
{{$item.photo}}
</div>
{{/if}}
{{if $item.event}}
<div class="wall-event-item{{if $item.is_new && !$item.title}} wall-item-head-new rounded-top{{/if}}" id="wall-event-item-{{$item.id}}">
<div class="wall-event-item" id="wall-event-item-{{$item.id}}">
{{$item.event}}
</div>
{{/if}}
@ -26,7 +26,7 @@
<hr class="m-0">
{{/if}}
{{/if}}
<div class="p-2 clearfix wall-item-head{{if $item.is_new && !$item.title && !$item.event && !$item.is_comment && !$item.photo}} wall-item-head-new rounded-top{{/if}}">
<div class="p-2 clearfix wall-item-head{{if !$item.title && !$item.event && !$item.photo}} rounded-top{{/if}}{{if $item.is_new && !$item.event && !$item.is_comment}} wall-item-head-new{{/if}}">
<div class="wall-item-info" id="wall-item-info-{{$item.id}}" >
<div class="wall-item-photo-wrapper{{if $item.owner_url}} wwfrom{{/if}} h-card p-author" id="wall-item-photo-wrapper-{{$item.id}}">
<img src="{{$item.thumb}}" class="fakelink wall-item-photo{{$item.sparkle}} u-photo p-name" id="wall-item-photo-{{$item.id}}" alt="{{$item.name}}" data-toggle="dropdown" /></a>

2
view/tpl/field_select_grouped.tpl
View File

@ -1,4 +1,4 @@
<div class='form-group field select'>
<div id='id_{{$field.0}}_wrapper' class='form-group field select'>
<label for='id_{{$field.0}}'>{{$field.1}}</label>
<select class="form-control" name='{{$field.0}}' id='id_{{$field.0}}'>
{{foreach $field.4 as $group=>$opts}}

2
view/tpl/search_item.tpl
View File

@ -20,7 +20,7 @@
<hr class="m-0">
{{/if}}
{{/if}}
<div class="p-2 clearfix wall-item-head{{if $item.is_new && !$item.title && !$item.event && !$item.is_comment}} wall-item-head-new rounded-top{{/if}}">
<div class="p-2 clearfix wall-item-head{{if !$item.title && !$item.event && !$item.photo}} rounded-top{{/if}}{{if $item.is_new && !$item.event && !$item.is_comment}} wall-item-head-new{{/if}}" >
<div class="wall-item-info" id="wall-item-info-{{$item.id}}" >
<div class="wall-item-photo-wrapper{{if $item.owner_url}} wwfrom{{/if}}" id="wall-item-photo-wrapper-{{$item.id}}">
<img src="{{$item.thumb}}" class="fakelink wall-item-photo{{$item.sparkle}} u-photo p-name" id="wall-item-photo-{{$item.id}}" alt="{{$item.name}}" data-toggle="dropdown" />