mod_display - no fun. Not working at all. But a bit of progress.

author: friendica <info@friendica.com> 2013-02-10 04:55:29 -0800
committer: friendica <info@friendica.com> 2013-02-10 04:55:29 -0800
commit: 99c5f88963227a48544747e9dc8b13550b88c0f2 (patch)
tree: 115070a6941baf51a5388be67b312e499f800e2c
parent: 260a012b02c4941655e897735eeac09dadcf98c4 (diff)
download: volse-hubzilla-99c5f88963227a48544747e9dc8b13550b88c0f2.tar.gz
volse-hubzilla-99c5f88963227a48544747e9dc8b13550b88c0f2.tar.bz2
volse-hubzilla-99c5f88963227a48544747e9dc8b13550b88c0f2.zip
12 files changed, 207 insertions, 117 deletions
diff --git a/include/conversation.php b/include/conversation.php
index 4758721a5..fe4ac54f5 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -409,6 +409,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
                 . ((x($_GET,'cmin'))   ? '&cmin='   . $_GET['cmin']   : '')
                 . ((x($_GET,'cmax'))   ? '&cmax='   . $_GET['cmax']   : '')
                 . ((x($_GET,'file'))   ? '&file='   . $_GET['file']   : '')
+                . ((x($_GET,'uri'))    ? '&uri='    . $_GET['uri']   : '')
 
                 . "'; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
         }
@@ -435,8 +436,8 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
 	}
 
 	elseif($mode === 'display') {
-		$profile_owner = $a->profile['uid'];
-		$page_writeable = ($profile_owner == local_user());
+		$profile_owner = local_user();
+		$page_writeable = false;
 
 	      $live_update_div = '<div id="live-display"></div>' . "\r\n";
 
diff --git a/include/security.php b/include/security.php
index 9f4058f88..8477ea6de 100644
--- a/include/security.php
+++ b/include/security.php
@@ -214,13 +214,13 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
 				$gs .= '|<' . $g . '>';
 		} 
 		$sql = sprintf(
-			" AND ( NOT (deny_cid like '<%s>' OR deny_gid REGEXP '%s')
-			  AND ( allow_cid like '<%s>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+			" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+			  AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
 			  )
 			",
-			dbesc(protect_sprintf( '%' . $remote_user . '%')),
+			dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
 			dbesc($gs),
-			dbesc(protect_sprintf( '%' . $remote_user . '%')),
+			dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
 			dbesc($gs)
 		);
 	}
@@ -269,19 +269,43 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 				$gs .= '|<' . $g . '>';
 		} 
 		$sql = sprintf(
-			" AND ( NOT (deny_cid like '<%s>' OR deny_gid REGEXP '%s')
-			  AND ( allow_cid like '<%s>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+			" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+			  AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
 			  )
 			",
-			dbesc(protect_sprintf( '%' . $remote_user . '%')),
+			dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
 			dbesc($gs),
-			dbesc(protect_sprintf( '%' . $remote_user . '%')),
+			dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
 			dbesc($gs)
 		);
 	}
 	return $sql;
 }
 
+function public_permissions_sql($observer_hash) {
+
+	$observer = get_app()->get_observer();
+	$groups = init_groups_visitor($observer_hash);
+
+	$gs = '<<>>'; // should be impossible to match
+
+	if(is_array($groups) && count($groups)) {
+		foreach($groups as $g)
+			$gs .= '|<' . $g . '>';
+	} 
+	$sql = sprintf(
+		" OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+		  AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+		  ))
+		",
+		dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
+		dbesc($gs),
+		dbesc(protect_sprintf( '%<' . $observer_hash . '>%')),
+		dbesc($gs)
+	);
+
+	return $sql;
+}
 
 
 /*
diff --git a/js/main.js b/js/main.js
index 6c5095087..ed8d4ec3f 100644
--- a/js/main.js
+++ b/js/main.js
@@ -269,12 +269,8 @@
 				if($('#live-network').length)   { src = 'network'; liveUpdate(); }
 				if($('#live-channel').length)   { src = 'channel'; liveUpdate(); }
 				if($('#live-community').length) { src = 'community'; liveUpdate(); }
-				if($('#live-display').length) {
-					if(liking) {
-						liking = 0;
-						window.location.href=window.location.href 
-					}
-				}
+				if($('#live-display').length)   { src = 'display'; liveUpdate(); }
+
 				if($('#live-photos').length) { 
 					if(liking) {
 						liking = 0;
diff --git a/mod/channel.php b/mod/channel.php
index f3e247399..7869e54db 100644
--- a/mod/channel.php
+++ b/mod/channel.php
@@ -247,6 +247,7 @@ function channel_content(&$a, $update = 0, $load = false) {
 			'$order' => '',
 			'$file' => '',
 			'$cats' => (($category) ? $category : ''),
+			'$uri' => '',
 			'$dend' => $datequery,
 			'$dbegin' => $datequery2
 		));
diff --git a/mod/display.php b/mod/display.php
index 1fdac9c2c..2ececb262 100644
--- a/mod/display.php
+++ b/mod/display.php
@@ -1,7 +1,7 @@
 <?php
 
 
-function display_content(&$a) {
+function display_content(&$a, $update = 0, $load = false) {
 
 	if(intval(get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
 		notice( t('Public access denied.') . EOL);
@@ -14,13 +14,16 @@ function display_content(&$a) {
 	require_once('include/acl_selectors.php');
 	require_once('include/items.php');
 
-	$o = '<div id="live-display"></div>' . "\r\n";
+//	$o = '<div id="live-display"></div>' . "\r\n";
 
 	$a->page['htmlhead'] .= replace_macros(get_markup_template('display-head.tpl'), array());
 
 
-	if(argc() > 1)
+	if(argc() > 1 && argv(1) !== 'load')
 		$item_hash = argv(1);
+	if($_REQUEST['uri'])
+		$item_hash = $_REQUEST['uri'];
+
 
 	if(! $item_hash) {
 		$a->error = 404;
@@ -37,135 +40,128 @@ function display_content(&$a) {
 	// and if that fails, look for a copy of the post that has no privacy restrictions.  
 	// If we find the post, but we don't find a copy that we're allowed to look at, this fact needs to be reported.
 
-// FIXME - on the short term, we'll only do the first query.
+	// find a copy of the item somewhere
 
 	$target_item = null;
-
-	if(local_user()) {
-		$r = q("select * from item where uri = '%s' and uid = %d limit 1",
-			dbesc($item_hash),
-			intval(local_user())
-		);
-		if($r) {
-			$owner = local_user();
-			$observer_is_owner = true;		
-			$target_item = $r[0];
-		}
+dbg(1);
+	$r = q("select uri, parent_uri from item where uri = '%s' limit 1",
+		dbesc($item_hash)
+	);
+dbg(0);
+	if($r) {
+		$target_item = $r[0];
 	}
 
+	if((! $update) && (! $load)) {
+
+
+		$o .= '<div id="live-display"></div>' . "\r\n";
+		$o .= "<script> var profile_uid = " . intval(local_user())
+			. "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
+
+		$a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
+			'$baseurl' => z_root(),
+			'$pgtype' => 'display',
+			'$uid' => '0',
+			'$gid' => '0',
+			'$cid' => '0',
+			'$cmin' => '0',
+			'$cmax' => '99',
+			'$star' => '0',
+			'$liked' => '0',
+			'$conv' => '0',
+			'$spam' => '0',
+			'$nouveau' => '0',
+			'$wall' => '0',
+			'$page' => (($a->pager['page'] != 1) ? $a->pager['page'] : 1),
+			'$search' => '',
+			'$order' => '',
+			'$file' => '',
+			'$cats' => '',
+			'$dend' => '',
+			'$dbegin' => '',
+			'$uri' => $item_hash
+		));
 
-	// Checking for visitors is a bit harder, we'll look for this item from any of their friends that they've auth'd
-	// against and see if any of them are writeable.
-	// This will be messy.
 
-//	$nick = (($a->argc > 1) ? $a->argv[1] : '');
-//	profile_load($a,$nick);
-//	profile_aside($a);
+	}
 
-//	$item_id = (($a->argc > 2) ? intval($a->argv[2]) : 0);
+	$sql_extra = public_permissions_sql(get_observer_hash());
 
-//	if(! $item_id) {
-//		$a->error = 404;
-//		notice( t('Item not found.') . EOL);
-//		return;
-//	}
 
-//	$groups = array();
+	if($load) {
 
-//	$contact = null;
-//	$remote_contact = false;
+		$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage']));
 
-//	$contact_id = 0;
+		if($load) {
+dbg(1);
+			$r = q("SELECT * from item
+				WHERE item_restrict = 0
+				AND ( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' 
+				AND `item`.`deny_gid`  = '' AND item_private = 0 ) 
+				and uid in ( " . stream_perms_api_uids() . " )
+				$sql_extra
+				and uri = '%s'
+				group by uri limit 1",
+				dbesc($target_item['parent_uri'])
+			);
+dbg(0);
+		}
+		else {
+			$r = array();
+		}
+	}
 
-//	if(is_array($_SESSION['remote'])) {
-//		foreach($_SESSION['remote'] as $v) {
-//			if($v['uid'] == $a->profile['uid']) {
-//				$contact_id = $v['cid'];
-//				break;
-//			}
-//		}
-//	}
-
-//	if($contact_id) {
-//		$groups = init_groups_visitor($contact_id);
-//		$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
-//			intval($contact_id),
-//			intval($a->profile['uid'])
-//		);
-//		if(count($r)) {
-//			$contact = $r[0];
-//			$remote_contact = true;
-//		}
-//	}
+	if($r) {
 
-//	if(! $remote_contact) {
+		$parents_str = ids_to_querystr($r,'id');
+		if($parents_str) {
+ dbg(1);
 
-//		if(local_user()) {
-//			$contact_id = $_SESSION['cid'];
-//			$contact = $a->contact;
-//		}
-//	}
+			$items = q("SELECT `item`.*, `item`.`id` AS `item_id` 
+				FROM `item`
+				WHERE item_restrict = 0 and parent in ( %s ) ",
+				dbesc($parents_str)
+			);
 
-//	$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
-//		intval($a->profile['uid'])
-//	);
+dbg(0);
+			xchan_query($items);
+			$items = fetch_post_tags($items);
+			$items = conv_sort($items,'created');
+		}
+	} else {
+		$items = array();
+	}
 
-//	$is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
 
 	if($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) {
 		notice( t('Access to this profile has been restricted.') . EOL);
 		return;
 	}
 	
-//	if ($is_owner)
-//		$celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
-
-//		$x = array(
-//			'is_owner' => true,
-//			'allow_location' => $a->user['allow_location'],
-//			'default_location' => $a->user['default-location'],
-//			'nickname' => $a->user['nickname'],
-//			'lockstate' => ( (is_array($a->user)) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))) ? 'lock' : 'unlock'),
-//			'acl' => populate_acl($a->user, $celeb),
-//			'bang' => '',
-//			'visitor' => 'block',
-//			'profile_uid' => local_user()
-//		);	
-//		$o .= status_editor($a,$x,true);
-
-
-// FIXME
-//	$sql_extra = item_permissions_sql($a->profile['uid']);
-
-	if($target_item) {
-		$r = q("SELECT * from item where parent = %d",
-			intval($target_item['parent'])
-		);
-	}
-
+	if($items) {
 
-	if($r) {
-
-		if((local_user()) && (local_user() == $owner)) {
+//		if((local_user()) && (local_user() == $owner)) {
 //			q("UPDATE `item` SET `unseen` = 0 
 //				WHERE `parent` = %d AND `unseen` = 1",
 //				intval($r[0]['parent'])
 //			);
-		}
+//		}
 
-		xchan_query($r);
-		$r = fetch_post_tags($r);
+//		xchan_query($items);
+//		$items = fetch_post_tags($items);
 
-		$o .= conversation($a,$r,'display', false);
+		$o .= conversation($a,$items,'display', $update, 'client');
 
 	}
+/*
 	else {
-		$r = q("SELECT `id`,`deleted` FROM `item` WHERE `id` = '%s' OR `uri` = '%s' LIMIT 1",
-			dbesc($item_id),
-			dbesc($item_id)
+		$r = q("SELECT `id`, item_flags FROM `item` WHERE `id` = '%s' OR `uri` = '%s' LIMIT 1",
+			dbesc($item_hash),
+			dbesc($item_hash)
 		);
-		if(count($r)) {
-			if($r[0]['deleted']) {
+		if($r) {
+			if($r[0]['item_flags'] & ITEM_DELETED) {
 				notice( t('Item has been removed.') . EOL );
 			}
 			else {	
@@ -177,7 +173,7 @@ function display_content(&$a) {
 		}
 
 	}
-
+*/
 	return $o;
 }
 
diff --git a/mod/network.php b/mod/network.php
index 127e7da7f..1a3989b69 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -515,6 +515,7 @@ function network_content(&$a, $update = 0, $load = false) {
 			'$file' => $file,
 			'$cats' => '',
 			'$dend' => $datequery,
+			'$uri' => '',
 			'$dbegin' => $datequery2
 		));
 	}
diff --git a/mod/search.php b/mod/search.php
index 7a0f4205d..f76254116 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -152,7 +152,7 @@ function search_content(&$a) {
 		// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
 		// because browser prefetching might change it on us. We have to deliver it with the page.
 
-		$o .= '<div id="live-channel"></div>' . "\r\n";
+		$o .= '<div id="live-search"></div>' . "\r\n";
 		$o .= "<script> var profile_uid = " . $a->profile['profile_uid'] 
 			. "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
 
@@ -175,6 +175,7 @@ function search_content(&$a) {
 			'$order' => '',
 			'$file' => '',
 			'$cats' => '',
+			'$uri' => '',
 			'$dend' => '',
 			'$dbegin' => ''
 		));
diff --git a/mod/update_display.php b/mod/update_display.php
new file mode 100644
index 000000000..e23b29399
--- /dev/null
+++ b/mod/update_display.php
@@ -0,0 +1,39 @@
+<?php
+
+// See update_profile.php for documentation
+
+require_once('mod/display.php');
+require_once('include/group.php');
+
+function update_display_content(&$a) {
+
+	$profile_uid = intval($_GET['p']);
+	$load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0);
+	header("Content-type: text/html");
+	echo "<!DOCTYPE html><html><body>\r\n";
+	echo (($_GET['msie'] == 1) ? '<div>' : '<section>');
+
+
+        $text = display_content($a,$profile_uid, $load);
+        $pattern = "/<img([^>]*) src=\"([^\"]*)\"/";
+        $replace = "<img\${1} dst=\"\${2}\"";
+        $text = preg_replace($pattern, $replace, $text);
+
+		$replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />';
+        $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i";
+        $text = preg_replace($pattern, $replace, $text);
+        $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i";
+        $text = preg_replace($pattern, $replace, $text);
+        $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i";
+        $text = preg_replace($pattern, $replace, $text);
+        $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i";
+        $text = preg_replace($pattern, $replace, $text);
+
+
+        echo str_replace("\t",'       ',$text);
+	echo (($_GET['msie'] == 1) ? '</div>' : '</section>');
+	echo "</body></html>\r\n";
+//	logger('update_display: ' . $text);
+	killme();
+
+}
+\ No newline at end of file
diff --git a/view/tpl/build_query.tpl b/view/tpl/build_query.tpl
index b7b0ac86c..f4795acb2 100644
--- a/view/tpl/build_query.tpl
+++ b/view/tpl/build_query.tpl
@@ -22,6 +22,7 @@
 	var bParam_cats = "$cats";
 	var bParam_dend = "$dend";
 	var bParam_dbegin = "$dbegin";
+	var bParam_uri = "$uri";
 
 	function buildCmd() {
 		var udargs = ((page_load) ? "/load" : "");
@@ -42,6 +43,7 @@
 		if(bParam_cats != "") bCmd = bCmd + "&cats=" + bParam_cats;
 		if(bParam_dend != "") bCmd = bCmd + "&dend=" + bParam_dend;
 		if(bParam_dbegin != "") bCmd = bCmd + "&dbegin=" + bParam_dbegin;
+		if(bParam_uri != "") bCmd = bCmd + "&uri=" + bParam_uri;
 		if(bParam_page != 1) bCmd = bCmd + "&page=" + bParam_page;
 		return(bCmd);
 	}
diff --git a/view/tpl/rmagic.tpl b/view/tpl/rmagic.tpl
new file mode 100644
index 000000000..f16abe975
--- /dev/null
+++ b/view/tpl/rmagic.tpl
@@ -0,0 +1,11 @@
+<h3>$title</h3>
+
+<form action="rmagic" method="post" >
+
+	<label for="rmagic-address" id="label-rmagic-address" class="rmagic-label">$desc</label>
+	<input type="text" maxlength="255" size="32" name="address" id="rmagic-address" class="rmagic-input" value="" />
+
+	<input type="submit" name="submit" id="rmagic-submit-button" value="$submit" />
+	<div id="rmagic-submit-end" class="rmagic-field-end"></div>
+
+</form>
diff --git a/view/tpl/smarty3/build_query.tpl b/view/tpl/smarty3/build_query.tpl
index 5520fb5b9..6df7f6589 100644
--- a/view/tpl/smarty3/build_query.tpl
+++ b/view/tpl/smarty3/build_query.tpl
@@ -27,6 +27,7 @@
 	var bParam_cats = "{{$cats}}";
 	var bParam_dend = "{{$dend}}";
 	var bParam_dbegin = "{{$dbegin}}";
+	var bParam_uri = "{{$uri}}";
 
 	function buildCmd() {
 		var udargs = ((page_load) ? "/load" : "");
@@ -47,6 +48,7 @@
 		if(bParam_cats != "") bCmd = bCmd + "&cats=" + bParam_cats;
 		if(bParam_dend != "") bCmd = bCmd + "&dend=" + bParam_dend;
 		if(bParam_dbegin != "") bCmd = bCmd + "&dbegin=" + bParam_dbegin;
+		if(bParam_uri != "") bCmd = bCmd + "&uri=" + bParam_uri;
 		if(bParam_page != 1) bCmd = bCmd + "&page=" + bParam_page;
 		return(bCmd);
 	}
diff --git a/view/tpl/smarty3/rmagic.tpl b/view/tpl/smarty3/rmagic.tpl
new file mode 100644
index 000000000..7e4e563d9
--- /dev/null
+++ b/view/tpl/smarty3/rmagic.tpl
@@ -0,0 +1,16 @@
+{{*
+ *	AUTOMATICALLY GENERATED TEMPLATE
+ *	DO NOT EDIT THIS FILE, CHANGES WILL BE OVERWRITTEN
+ *
+ *}}
+<h3>{{$title}}</h3>
+
+<form action="rmagic" method="post" >
+
+	<label for="rmagic-address" id="label-rmagic-address" class="rmagic-label">{{$desc}}</label>
+	<input type="text" maxlength="255" size="32" name="address" id="rmagic-address" class="rmagic-input" value="" />
+
+	<input type="submit" name="submit" id="rmagic-submit-button" value="{{$submit}}" />
+	<div id="rmagic-submit-end" class="rmagic-field-end"></div>
+
+</form>
author	friendica <info@friendica.com>	2013-02-10 04:55:29 -0800
committer	friendica <info@friendica.com>	2013-02-10 04:55:29 -0800
commit	99c5f88963227a48544747e9dc8b13550b88c0f2 (patch)
tree	115070a6941baf51a5388be67b312e499f800e2c
parent	260a012b02c4941655e897735eeac09dadcf98c4 (diff)
download	volse-hubzilla-99c5f88963227a48544747e9dc8b13550b88c0f2.tar.gz volse-hubzilla-99c5f88963227a48544747e9dc8b13550b88c0f2.tar.bz2 volse-hubzilla-99c5f88963227a48544747e9dc8b13550b88c0f2.zip