diff options
author | Simon L'nu <simon.lnu@gmail.com> | 2012-03-19 03:41:26 -0400 |
---|---|---|
committer | Simon L'nu <simon.lnu@gmail.com> | 2012-03-19 03:41:26 -0400 |
commit | 236eaf6ed09df34e62cf487712d909cb8a3b35d1 (patch) | |
tree | 86518b59c0318d8057a1a8503c6354ebaa96dae3 | |
parent | 5e2a9c99a64dc75dd70320859b093d132e823f1f (diff) | |
parent | 283bc51acf479eebd54145eb639c681980f6717b (diff) | |
download | volse-hubzilla-236eaf6ed09df34e62cf487712d909cb8a3b35d1.tar.gz volse-hubzilla-236eaf6ed09df34e62cf487712d909cb8a3b35d1.tar.bz2 volse-hubzilla-236eaf6ed09df34e62cf487712d909cb8a3b35d1.zip |
Merge branch 'master', remote-tracking branch 'remotes/upstream/master'
* remotes/upstream/master:
Existing photos could not be used as profile photos anymore - should be fixed now. And some extra logging in the CSRF-Protection to make debugging easier
community discovery cont., cleanup of DB debugging
* master:
-rwxr-xr-x | include/dba.php | 24 | ||||
-rwxr-xr-x | include/delivery.php | 3 | ||||
-rwxr-xr-x | include/items.php | 31 | ||||
-rwxr-xr-x | include/notifier.php | 4 | ||||
-rwxr-xr-x | include/poller.php | 2 | ||||
-rwxr-xr-x | include/security.php | 20 | ||||
-rwxr-xr-x | mod/dfrn_poll.php | 6 | ||||
-rwxr-xr-x | mod/photos.php | 2 | ||||
-rwxr-xr-x | view/atom_feed.tpl | 1 | ||||
-rwxr-xr-x | view/atom_feed_dfrn.tpl | 3 |
10 files changed, 66 insertions, 30 deletions
diff --git a/include/dba.php b/include/dba.php index 7455b6b3e..5beea7a3a 100755 --- a/include/dba.php +++ b/include/dba.php @@ -1,5 +1,7 @@ <?php +require_once('include/datetime.php'); + /** * * MySQL database class @@ -104,19 +106,17 @@ class dba { logger('dba: ' . $str ); } - else { - /** - * If dbfail.out exists, we will write any failed calls directly to it, - * regardless of any logging that may or may nor be in effect. - * These usually indicate SQL syntax errors that need to be resolved. - */ + /** + * If dbfail.out exists, we will write any failed calls directly to it, + * regardless of any logging that may or may nor be in effect. + * These usually indicate SQL syntax errors that need to be resolved. + */ - if($result === false) { - logger('dba: ' . printable($sql) . ' returned false.'); - if(file_exists('dbfail.out')) - file_put_contents('dbfail.out', printable($sql) . ' returned false' . "\n", FILE_APPEND); - } + if($result === false) { + logger('dba: ' . printable($sql) . ' returned false.'); + if(file_exists('dbfail.out')) + file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n", FILE_APPEND); } if(($result === true) || ($result === false)) @@ -140,7 +140,7 @@ class dba { if($this->debug) - logger('dba: ' . printable(print_r($r, true)), LOGGER_DATA); + logger('dba: ' . printable(print_r($r, true))); return($r); } diff --git a/include/delivery.php b/include/delivery.php index 44a482ca2..532dcd699 100755 --- a/include/delivery.php +++ b/include/delivery.php @@ -256,7 +256,8 @@ function delivery_run($argv, $argc){ '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => $birthday + '$birthday' => $birthday, + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') )); foreach($items as $item) { diff --git a/include/items.php b/include/items.php index 5e1fec557..5a297c83e 100755 --- a/include/items.php +++ b/include/items.php @@ -28,7 +28,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone` + $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick) @@ -156,7 +156,8 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '') + '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''), + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') )); call_hooks('atom_feed', $atom); @@ -1404,6 +1405,19 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) } + $community_page = 0; + $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community'); + if($rawtags) { + $community_page = intval($rawtags[0]['data']); + } + if(is_array($contact) && intval($contact['forum']) != $community_page) { + q("update contact set forum = %d where id = %d limit 1", + intval($community_page), + intval($contact['id']) + ); + $contact['forum'] = (string) $community_page; + } + // process any deleted entries @@ -1987,6 +2001,19 @@ function local_delivery($importer,$data) { // NOTREACHED } + + $community_page = 0; + $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community'); + if($rawtags) { + $community_page = intval($rawtags[0]['data']); + } + if(intval($importer['forum']) != $community_page) { + q("update contact set forum = %d where id = %d limit 1", + intval($community_page), + intval($importer['id']) + ); + $importer['forum'] = (string) $community_page; + } logger('local_delivery: feed item count = ' . $feed->get_item_quantity()); diff --git a/include/notifier.php b/include/notifier.php index 07edc7046..d63ad7ae7 100755 --- a/include/notifier.php +++ b/include/notifier.php @@ -337,7 +337,9 @@ function notifier_run($argv, $argc){ '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => $birthday + '$birthday' => $birthday, + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') + )); if($mail) { diff --git a/include/poller.php b/include/poller.php index 3bc98e36f..8262c1d60 100755 --- a/include/poller.php +++ b/include/poller.php @@ -232,7 +232,7 @@ function poller_run($argv, $argc){ $importer_uid = $contact['uid']; - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `contact`.`uid` = `user`.`uid` WHERE `user`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1", intval($importer_uid) ); if(! count($r)) diff --git a/include/security.php b/include/security.php index 45473445a..19e91eb63 100755 --- a/include/security.php +++ b/include/security.php @@ -299,16 +299,16 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are, * so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types). */ -function get_form_security_token($typename = "") { +function get_form_security_token($typename = '') { $a = get_app(); $timestamp = time(); - $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $timestamp . $typename); + $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $timestamp . $typename); - return $timestamp . "." . $sec_hash; + return $timestamp . '.' . $sec_hash; } -function check_form_security_token($typename = "", $formname = 'form_security_token') { +function check_form_security_token($typename = '', $formname = 'form_security_token') { if (!x($_REQUEST, $formname)) return false; $hash = $_REQUEST[$formname]; @@ -316,10 +316,10 @@ function check_form_security_token($typename = "", $formname = 'form_security_to $a = get_app(); - $x = explode(".", $hash); + $x = explode('.', $hash); if (time() > (IntVal($x[0]) + $max_livetime)) return false; - $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $x[0] . $typename); + $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename); return ($sec_hash == $x[1]); } @@ -327,15 +327,19 @@ function check_form_security_token($typename = "", $formname = 'form_security_to function check_form_security_std_err_msg() { return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before subitting it.') . EOL; } -function check_form_security_token_redirectOnErr($err_redirect, $typename = "", $formname = 'form_security_token') { +function check_form_security_token_redirectOnErr($err_redirect, $typename = '', $formname = 'form_security_token') { if (!check_form_security_token($typename, $formname)) { $a = get_app(); + logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); + logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); notice( check_form_security_std_err_msg() ); goaway($a->get_baseurl() . $err_redirect ); } } -function check_form_security_token_ForbiddenOnErr($typename = "", $formname = 'form_security_token') { +function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') { if (!check_form_security_token($typename, $formname)) { + logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); + logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); header('HTTP/1.1 403 Forbidden'); killme(); } diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index b12e07132..fe5cd4906 100755 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -199,7 +199,7 @@ function dfrn_poll_post(&$a) { $ptype = ((x($_POST,'type')) ? $_POST['type'] : ''); $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); $perm = ((x($_POST,'perm')) ? $_POST['perm'] : 'r'); - + if($ptype === 'profile-check') { if((strlen($challenge)) && (strlen($sec))) { @@ -358,8 +358,8 @@ function dfrn_poll_post(&$a) { intval($contact_id) ); } - } - + } + header("Content-type: application/atom+xml"); $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction); echo $o; diff --git a/mod/photos.php b/mod/photos.php index e40ae0d74..4406780d3 100755 --- a/mod/photos.php +++ b/mod/photos.php @@ -1069,7 +1069,7 @@ function photos_content(&$a) { if($can_post && ($ph[0]['uid'] == $owner_uid)) { $tools = array( 'edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . (($cmd === 'edit') ? '' : '/edit'), (($cmd === 'edit') ? t('View photo') : t('Edit photo'))), - 'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource-id'], t('Use as profile photo')), + 'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource-id'] . '?form_security_token=' . get_form_security_token('profile_photo'), t('Use as profile photo')), ); // lock diff --git a/view/atom_feed.tpl b/view/atom_feed.tpl index 72cf8e4fd..2feb547ee 100755 --- a/view/atom_feed.tpl +++ b/view/atom_feed.tpl @@ -16,6 +16,7 @@ <link rel="license" href="http://creativecommons.org/licenses/by/3.0/" /> $hub $salmon + $community <updated>$feed_updated</updated> diff --git a/view/atom_feed_dfrn.tpl b/view/atom_feed_dfrn.tpl index 3d6bcc5b5..0bae62b52 100755 --- a/view/atom_feed_dfrn.tpl +++ b/view/atom_feed_dfrn.tpl @@ -12,10 +12,11 @@ <id>$feed_id</id> <title>$feed_title</title> - <generator uri="http://friendika.com" version="$version">Friendika</generator> + <generator uri="http://friendica.com" version="$version">Friendica</generator> <link rel="license" href="http://creativecommons.org/licenses/by/3.0/" /> $hub $salmon + $community <updated>$feed_updated</updated> |