aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2011-04-03 20:41:40 -0700
committerFriendika <info@friendika.com>2011-04-03 20:41:40 -0700
commit9b50b0e16f2046b91cb4c734c56024524d8b178b (patch)
tree524efc50013a7fd50960adc9092090a2270263ea
parentb500da74b675bc3f88e392573d6602f3e7d94e03 (diff)
downloadvolse-hubzilla-9b50b0e16f2046b91cb4c734c56024524d8b178b.tar.gz
volse-hubzilla-9b50b0e16f2046b91cb4c734c56024524d8b178b.tar.bz2
volse-hubzilla-9b50b0e16f2046b91cb4c734c56024524d8b178b.zip
Public exposure warning on affected network group pages. config-able so a plugin can shut it up.
-rw-r--r--boot.php4
-rw-r--r--include/group.php17
-rw-r--r--index.php4
-rw-r--r--mod/network.php8
4 files changed, 26 insertions, 7 deletions
diff --git a/boot.php b/boot.php
index 3dfd06bf1..94699a273 100644
--- a/boot.php
+++ b/boot.php
@@ -2,7 +2,7 @@
set_time_limit(0);
-define ( 'FRIENDIKA_VERSION', '2.1.936' );
+define ( 'FRIENDIKA_VERSION', '2.1.938' );
define ( 'DFRN_PROTOCOL_VERSION', '2.2' );
define ( 'DB_UPDATE_VERSION', 1046 );
@@ -2022,7 +2022,7 @@ function contact_block() {
intval($shown)
);
if(count($r)) {
- $o .= '<h4 class="contact-h4">' . sprintf(tt('%d Contact','%d Contacts', $total),$total) . '</h4><div id="contact-block">';
+ $o .= '<h4 class="contact-h4">' . sprintf( tt('%d Contact','%d Contacts', $total),$total) . '</h4><div id="contact-block">';
foreach($r as $rr) {
$redirect_url = $a->get_baseurl() . '/redir/' . $rr['id'];
if(local_user() && ($rr['uid'] == local_user())
diff --git a/include/group.php b/include/group.php
index 793e854be..07cd45f19 100644
--- a/include/group.php
+++ b/include/group.php
@@ -110,7 +110,7 @@ function group_get_members($gid) {
LEFT JOIN `contact` ON `contact`.`id` = `group_member`.`contact-id`
WHERE `gid` = %d AND `group_member`.`uid` = %d",
intval($gid),
- intval($_SESSION['uid'])
+ intval(local_user())
);
if(count($r))
$ret = $r;
@@ -118,6 +118,21 @@ function group_get_members($gid) {
return $ret;
}
+function group_public_members($gid) {
+ $ret = 0;
+ if(intval($gid)) {
+ $r = q("SELECT `contact`.`id` AS `contact-id` FROM `group_member`
+ LEFT JOIN `contact` ON `contact`.`id` = `group_member`.`contact-id`
+ WHERE `gid` = %d AND `group_member`.`uid` = %d AND `contact`.`network` != 'dfrn' ",
+ intval($gid),
+ intval(local_user())
+ );
+ if(count($r))
+ $ret = count($r);
+ }
+ return $ret;
+}
+
function group_side($every="contacts",$each="group") {
diff --git a/index.php b/index.php
index 9412c1e3b..074c1c53a 100644
--- a/index.php
+++ b/index.php
@@ -42,10 +42,6 @@ if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
} else {
$lang = ((isset($a->config['system']['language'])) ? $a->config['system']['language'] : 'en');
}
-if(x($_POST,'system_language'))
-if(x($_SESSION,'language'))
- $lang = $_SESSION['language'];
-
load_translation_table($lang);
diff --git a/mod/network.php b/mod/network.php
index 39679b48a..a304c211f 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -54,6 +54,14 @@ function network_content(&$a, $update = 0) {
}
if(! $update) {
+ if(group) {
+ if(($t = group_public_members($group)) && (! get_pconfig(local_user(),'system','nowarn_insecure'))) {
+ $plural_form = sprintf( tt('%d member', '%d members', $t), $t);
+ notice( sprintf( t('Warning: This group contains %s from an insecure network.'), $plural_form ) . EOL);
+ notice( t('Private messages to this group are at risk of public disclosure.') . EOL);
+ }
+ }
+
$o .= '<script> $(document).ready(function() { $(\'#nav-network-link\').addClass(\'nav-selected\'); });</script>';
$_SESSION['return_url'] = $a->cmd;