aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-03-26 22:05:19 -0700
committerfriendica <info@friendica.com>2014-03-26 22:05:19 -0700
commit5a3903a40c508a6b5e9a90986564e5c4918223cc (patch)
treea06da99eeb144b36b0c610f99d1236129c9f5226
parenta00c581e272af71eb064a1a29edd3334d9148d9d (diff)
downloadvolse-hubzilla-5a3903a40c508a6b5e9a90986564e5c4918223cc.tar.gz
volse-hubzilla-5a3903a40c508a6b5e9a90986564e5c4918223cc.tar.bz2
volse-hubzilla-5a3903a40c508a6b5e9a90986564e5c4918223cc.zip
firehose testing (network?f=&fh=1) - some possible security bugs so testing purposes only
-rw-r--r--include/poller.php1
-rw-r--r--mod/community.php105
-rw-r--r--mod/network.php28
-rwxr-xr-xview/tpl/build_query.tpl2
4 files changed, 22 insertions, 114 deletions
diff --git a/include/poller.php b/include/poller.php
index d873058a6..9b8ac4165 100644
--- a/include/poller.php
+++ b/include/poller.php
@@ -176,6 +176,7 @@ function poller_run($argv, $argc){
if($r) {
$feedurl = $r[0]['site_url'] . '/zotfeed?f=&mindate=' . urlencode(datetime_convert('','','now - 15 days'));
$x = z_fetch_url($feedurl);
+
if(($x) && ($x['success'])) {
$total = 0;
$j = json_decode($x['body'],true);
diff --git a/mod/community.php b/mod/community.php
deleted file mode 100644
index e4c6e6b04..000000000
--- a/mod/community.php
+++ /dev/null
@@ -1,105 +0,0 @@
-<?php
-
-function community_init(&$a) {
- if(! local_user()) {
- unset($_SESSION['theme']);
- unset($_SESSION['mobile_theme']);
- }
-
-
-}
-
-
-function community_content(&$a, $update = 0) {
-
- $o = '';
-
- if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
- notice( t('Public access denied.') . EOL);
- return;
- }
-
- if(get_config('system','no_community_page')) {
- notice( t('Not available.') . EOL);
- return;
- }
-
- require_once("include/bbcode.php");
- require_once('include/security.php');
- require_once('include/conversation.php');
-
-
- $o .= '<h3>' . t('Community') . '</h3>';
- if(! $update) {
- nav_set_selected('community');
- $o .= '<div id="live-community"></div>' . "\r\n";
- $o .= "<script> var profile_uid = -1; var netargs = '/?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
- }
-
- if(x($a->data,'search'))
- $search = notags(trim($a->data['search']));
- else
- $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
-
-
- // Here is the way permissions work in this module...
- // Only public posts can be shown
- // OR your own posts if you are a logged in member
-
- if(! get_pconfig(local_user(),'system','alt_pager')) {
- $r = q("SELECT COUNT(distinct(`item`.`mid`)) AS `total`
- FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
- WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
- AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
- AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
- AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0"
- );
-
- if(count($r))
- $a->set_pager_total($r[0]['total']);
-
- if(! $r[0]['total']) {
- info( t('No results.') . EOL);
- return $o;
- }
-
- }
-
- $r = q("SELECT distinct(`item`.`mid`), `item`.*, `item`.`id` AS `item_id`,
- `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`,
- `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
- `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,
- `user`.`nickname`, `user`.`hidewall`
- FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
- LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
- WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
- AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
- AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
- AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 group by `item`.`mid`
- ORDER BY `received` DESC LIMIT %d, %d ",
- intval($a->pager['start']),
- intval($a->pager['itemspage'])
-
- );
-
- if(! count($r)) {
- info( t('No results.') . EOL);
- return $o;
- }
-
- // we behave the same in message lists as the search module
-
- $o .= conversation($a,$r,'community',$update);
-
- if(! get_pconfig(local_user(),'system','alt_pager')) {
- $o .= paginate($a);
- }
- else {
- $o .= alt_pager($a,count($r));
- }
-
- return $o;
-}
-
diff --git a/mod/network.php b/mod/network.php
index 191fe55ed..4508d41be 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -100,6 +100,7 @@ function network_content(&$a, $update = 0, $load = false) {
$spam = ((x($_GET,'spam')) ? intval($_GET['spam']) : 0);
$cmin = ((x($_GET,'cmin')) ? intval($_GET['cmin']) : 0);
$cmax = ((x($_GET,'cmax')) ? intval($_GET['cmax']) : 99);
+ $firehose = ((x($_GET,'fh')) ? intval($_GET['fh']) : 0);
$file = ((x($_GET,'file')) ? $_GET['file'] : '');
@@ -218,6 +219,7 @@ function network_content(&$a, $update = 0, $load = false) {
. ((x($_GET,'cmin')) ? '&cmin=' . $_GET['cmin'] : '')
. ((x($_GET,'cmax')) ? '&cmax=' . $_GET['cmax'] : '')
. ((x($_GET,'file')) ? '&file=' . $_GET['file'] : '')
+ . ((x($_GET,'fh')) ? '&fh=' . $_GET['fh'] : '')
. "'; var profile_page = " . $a->pager['page'] . ";</script>";
@@ -235,6 +237,7 @@ function network_content(&$a, $update = 0, $load = false) {
'$liked' => (($liked) ? $liked : '0'),
'$conv' => (($conv) ? $conv : '0'),
'$spam' => (($spam) ? $spam : '0'),
+ '$fh' => (($firehose) ? $firehose : '0'),
'$nouveau' => (($nouveau) ? $nouveau : '0'),
'$wall' => '0',
'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
@@ -316,6 +319,16 @@ function network_content(&$a, $update = 0, $load = false) {
}
+ if($firehose) {
+ require_once('include/identity.php');
+ $sys = get_sys_channel();
+ $uids = " and item.uid in ( " . intval(local_user()) . "," . intval($sys['channel_id']) . ") ";
+ }
+ else {
+ $uids = " and item.uid = " . local_user() . " ";
+ }
+
+
$simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : '');
if($load)
$simple_update = '';
@@ -354,12 +367,11 @@ function network_content(&$a, $update = 0, $load = false) {
$r = q("SELECT distinct item.id AS item_id FROM item
left join abook on item.author_xchan = abook.abook_xchan
- WHERE item.uid = %d AND item.item_restrict = 0
+ WHERE true $uids AND item.item_restrict = 0
AND item.parent = item.id
and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
- $sql_extra3 $sql_extra $sql_nets
+ $sql_extra3 $sql_extra $sql_nets group by item.mid
ORDER BY item.$ordering DESC $pager_sql ",
- intval(local_user()),
intval(ABOOK_FLAG_BLOCKED)
);
@@ -368,10 +380,9 @@ function network_content(&$a, $update = 0, $load = false) {
// update
$r = q("SELECT item.parent AS item_id FROM item
left join abook on item.author_xchan = abook.abook_xchan
- WHERE item.uid = %d AND item.item_restrict = 0 $simple_update
+ WHERE true $uids AND item.item_restrict = 0 $simple_update
and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
- $sql_extra3 $sql_extra $sql_nets ",
- intval(local_user()),
+ $sql_extra3 $sql_extra $sql_nets group by item.mid ",
intval(ABOOK_FLAG_BLOCKED)
);
@@ -388,10 +399,9 @@ function network_content(&$a, $update = 0, $load = false) {
$parents_str = ids_to_querystr($r,'item_id');
$items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item`
- WHERE `item`.`uid` = %d AND `item`.`item_restrict` = 0
+ WHERE true $uids AND `item`.`item_restrict` = 0
AND `item`.`parent` IN ( %s )
- $sql_extra ",
- intval(local_user()),
+ $sql_extra group by item.mid",
dbesc($parents_str)
);
diff --git a/view/tpl/build_query.tpl b/view/tpl/build_query.tpl
index 98a1c7846..204b5114a 100755
--- a/view/tpl/build_query.tpl
+++ b/view/tpl/build_query.tpl
@@ -16,6 +16,7 @@
var bParam_page = {{$page}};
var bParam_wall = {{$wall}};
var bParam_list = {{$list}};
+ var bParam_fh = {{$fh}};
var bParam_search = "{{$search}}";
var bParam_order = "{{$order}}";
@@ -40,6 +41,7 @@
if(bParam_new != 0) bCmd = bCmd + "&new=" + bParam_new;
if(bParam_wall != 0) bCmd = bCmd + "&wall=" + bParam_wall;
if(bParam_list != 0) bCmd = bCmd + "&list=" + bParam_list;
+ if(bParam_fh != 0) bCmd = bCmd + "&fh=" + bParam_fh;
if(bParam_search != "") bCmd = bCmd + "&search=" + bParam_search;
if(bParam_order != "") bCmd = bCmd + "&order=" + bParam_order;
if(bParam_file != "") bCmd = bCmd + "&file=" + bParam_file;