diff options
| author | zotlabs <mike@macgirvin.com> | 2017-09-10 15:56:37 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-09-10 15:56:37 -0700 |
| commit | 20ae69ab7babe8d526de7d4c584aa5cd2f836e1f (patch) | |
| tree | 538d1c25bad65ebd8ca07144aa1c0d0d625c407f | |
| parent | 5877e28d729489a9ba75397bcbe86c8a811c87e8 (diff) | |
| parent | 67024c023aed13070296c6e44644e489ff5f2417 (diff) | |
| download | volse-hubzilla-20ae69ab7babe8d526de7d4c584aa5cd2f836e1f.tar.gz volse-hubzilla-20ae69ab7babe8d526de7d4c584aa5cd2f836e1f.tar.bz2 volse-hubzilla-20ae69ab7babe8d526de7d4c584aa5cd2f836e1f.zip | |
Merge branch 'dev' of https://github.com/redmatrix/hubzilla into dev_merge
| -rwxr-xr-x | .gitignore | 3 | ||||
| -rw-r--r-- | Zotlabs/Module/Display.php | 13 | ||||
| -rw-r--r-- | Zotlabs/Module/Magic.php | 30 | ||||
| -rw-r--r-- | Zotlabs/Module/Owa.php | 53 | ||||
| -rw-r--r-- | Zotlabs/Module/Rmagic.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Wfinger.php | 42 | ||||
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 8 | ||||
| -rw-r--r-- | Zotlabs/Web/WebServer.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Zot/Finger.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Zot/Verify.php | 16 | ||||
| -rw-r--r-- | doc/context/en/appman/help.html | 4 | ||||
| -rw-r--r-- | doc/context/en/apps/edit/help.html | 4 | ||||
| -rw-r--r-- | doc/context/en/apps/help.html | 6 | ||||
| -rw-r--r-- | doc/context/en/channel/help.html | 4 | ||||
| -rw-r--r-- | doc/context/en/wiki/help.html | 10 | ||||
| -rw-r--r-- | include/channel.php | 2 | ||||
| -rw-r--r-- | include/connections.php | 2 | ||||
| -rw-r--r-- | include/import.php | 5 | ||||
| -rwxr-xr-x | include/items.php | 6 | ||||
| -rwxr-xr-x | include/oembed.php | 11 | ||||
| -rw-r--r-- | include/text.php | 4 | ||||
| -rw-r--r-- | include/zid.php | 77 | ||||
| -rw-r--r-- | install/schema_mysql.sql | 2 | ||||
| -rw-r--r-- | install/update.php | 2 | ||||
| -rw-r--r-- | view/css/bootstrap-red.css | 4 | ||||
| -rw-r--r-- | view/css/conversation.css | 2 | ||||
| -rw-r--r-- | view/js/main.js | 8 | ||||
| -rw-r--r-- | view/theme/redbasic/css/style.css | 2 |
28 files changed, 291 insertions, 41 deletions
diff --git a/.gitignore b/.gitignore index 050902f17..0e5233eaf 100755 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,7 @@ *.rej # OSX .DS_Store files .DS_Store -# version scripts (repo master only) +# version scripts (repo master only) .version* Thumbs.db @@ -27,6 +27,7 @@ custom/ /store/ # site apps apps/ +!doc/context/*/apps # default startpage home.html # page header plugin diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 11c75219d..0ea55102e 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -133,7 +133,14 @@ class Display extends \Zotlabs\Web\Controller { if((! $update) && (! $load)) { $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); - + + //if the target item is not a post (eg a like) we want to address its thread parent + $mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']); + + //if we got a decoded hash we must encode it again before handing to javascript + if($decoded) + $mid = 'b64.' . base64url_encode($mid); + $o .= '<div id="live-display"></div>' . "\r\n"; $o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1)) . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n"; @@ -165,8 +172,7 @@ class Display extends \Zotlabs\Web\Controller { '$dend' => '', '$dbegin' => '', '$verb' => '', - //if the target item is not a post (eg a like) want to address its thread parent - '$mid' => (($target_item['verb'] == ACTIVITY_POST) ? $item_hash : $target_item['thr_parent']) + '$mid' => $mid )); head_add_link([ @@ -323,6 +329,7 @@ class Display extends \Zotlabs\Web\Controller { $r = q("SELECT id, item_deleted FROM item WHERE mid = '%s' LIMIT 1", dbesc($item_hash) ); + if($r) { if(intval($r[0]['item_deleted'])) { notice( t('Item has been removed.') . EOL ); diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index bf3198067..d1550ec89 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -17,6 +17,7 @@ class Magic extends \Zotlabs\Web\Controller { $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); $parsed = parse_url($dest); @@ -132,12 +133,31 @@ class Magic extends \Zotlabs\Web\Controller { if(local_channel()) { $channel = \App::get_channel(); + // OpenWebAuth + + if($owa) { + + $headers = []; + $headers['Accept'] = 'application/x-zot+json' ; + $headers['X-Open-Web-Auth'] = random_string(); + $headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], + 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); + $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]); + + if($x['success']) { + $j = json_decode($x['body'],true); + if($j['success'] && $j['token']) { + $x = strpbrk($dest,'?&'); + $args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : ''); + goaway($dest . $args); + } + } + goaway($dest); + } + + $token = random_string(); -// $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); - -// $channel['token'] = $token; -// $channel['token_sig'] = $token_sig; - + \Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']); $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel)) diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php new file mode 100644 index 000000000..4b0d855c5 --- /dev/null +++ b/Zotlabs/Module/Owa.php @@ -0,0 +1,53 @@ +<?php + +namespace Zotlabs\Module; + +/** + * OpenWebAuth verifier and token generator + * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home + * Requests to this endpoint should be signed using HTTP Signatures + * using the 'Authorization: Signature' authentication method + * If the signature verifies a token is returned. + * + * This token may be exchanged for an authenticated cookie. + */ + +class Owa extends \Zotlabs\Web\Controller { + + function init() { + + $ret = [ 'success' => false ]; + + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { + if($head !== 'HTTP_AUTHORIZATION') { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; + continue; + } + + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + if($sigblock) { + $keyId = $sigblock['keyId']; + + if($keyId) { + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where hubloc_addr = '%s' limit 1", + dbesc(str_replace('acct:','',$keyId)) + ); + if($r) { + $hubloc = $r[0]; + $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); + if($verified && $verified['header_signed'] && $verified['header_valid']) { + $ret['success'] = true; + $token = random_string(32); + \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); + $ret['token'] = $token; + } + } + } + } + } + } + json_return_and_die($ret,'application/x-zot+json'); + } +} diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 9fcc72441..0c4eb9ae4 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -18,7 +18,7 @@ class Rmagic extends \Zotlabs\Web\Controller { if($r[0]['hubloc_url'] === z_root()) goaway(z_root() . '/login'); $dest = z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string); - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&dest=' . $dest); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest); } } } @@ -63,7 +63,7 @@ class Rmagic extends \Zotlabs\Web\Controller { else $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string)); - goaway($url . '/magic' . '?f=&dest=' . $dest); + goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest); } } } diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 07a7b7735..d0c4d73d2 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -30,9 +30,15 @@ class Wfinger extends \Zotlabs\Web\Controller { $resource = $_REQUEST['resource']; logger('webfinger: ' . $resource,LOGGER_DEBUG); + + $root_resource = false; + + if(strcasecmp(rtrim($resource,'/'),z_root()) === 0) + $root_resource = true; + $r = null; - if($resource) { + if(($resource) && (! $root_resource)) { if(strpos($resource,'acct:') === 0) { $channel = str_replace('acct:','',$resource); @@ -60,7 +66,25 @@ class Wfinger extends \Zotlabs\Web\Controller { header('Access-Control-Allow-Origin: *'); + + if($root_resource) { + $result['subject'] = $resource; + $result['properties'] = [ + 'https://w3id.org/security/v1#publicKeyPem' => get_config('system','pubkey') + ]; + $result['links'] = [ + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + ]; + + + + } + if($resource && $r) { $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", @@ -84,7 +108,8 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['properties'] = [ 'http://webfinger.net/ns/name' => $r[0]['channel_name'], - 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'] + 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], + 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'] ]; foreach($aliases as $alias) @@ -124,6 +149,13 @@ class Wfinger extends \Zotlabs\Web\Controller { 'rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr'], ], + + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + [ 'rel' => 'magic-public-key', @@ -136,14 +168,16 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['zot'] = zotinfo( [ 'address' => $r[0]['xchan_addr'] ]); } } - else { + + if(! $result) { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request'); killme(); } $arr = [ 'channel' => $r[0], 'request' => $_REQUEST, 'result' => $result ]; call_hooks('webfinger',$arr); - + + json_return_and_die($arr['result'],'application/jrd+json'); } diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 2b139a2a1..fee8aaa41 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -91,6 +91,9 @@ class HTTPSig { if($sig_block['algorithm'] === 'rsa-sha256') { $algorithm = 'sha256'; } + if($sig_block['algorithm'] === 'rsa-sha512') { + $algorithm = 'sha512'; + } if(! $key) { $result['signer'] = $sig_block['keyId']; @@ -113,6 +116,8 @@ class HTTPSig { $digest = explode('=', $headers['digest']); if($digest[0] === 'SHA-256') $hashalg = 'sha256'; + if($digest[0] === 'SHA-512') + $hashalg = 'sha512'; // The explode operation will have stripped the '=' padding, so compare against unpadded base64 if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) { @@ -164,6 +169,9 @@ class HTTPSig { if($alg === 'sha256') { $algorithm = 'rsa-sha256'; } + if($alg === 'sha512') { + $algorithm = 'rsa-sha512'; + } $x = self::sign($request,$head,$prvkey,$alg); diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index a66384c40..8431a2e0e 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -70,6 +70,12 @@ class WebServer { } } + if((x($_REQUEST,'owt')) && (! \App::$install)) { + $token = $_REQUEST['owt']; + \App::$query_string = strip_query_param(\App::$query_string,'owt'); + owt_init($token); + } + if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login')) require('include/auth.php'); diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index dab7d9e01..348171bdc 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -123,7 +123,7 @@ class Finger { $x = json_decode($result['body'], true); $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : '')); - + if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); if($signed_token) { diff --git a/Zotlabs/Zot/Verify.php b/Zotlabs/Zot/Verify.php index 06bd3188c..1d9e6de3f 100644 --- a/Zotlabs/Zot/Verify.php +++ b/Zotlabs/Zot/Verify.php @@ -31,6 +31,22 @@ class Verify { return false; } + + function get_meta($type,$channel_id,$token) { + $r = q("select id, meta from verify where vtype = '%s' and channel = %d and token = '%s' limit 1", + dbesc($type), + intval($channel_id), + dbesc($token) + ); + if($r) { + q("delete from verify where id = %d", + intval($r[0]['id']) + ); + return $r[0]['meta']; + } + return false; + } + function purge($type,$interval) { q("delete from verify where vtype = '%s' and created < %s - INTERVAL %s", dbesc($type), diff --git a/doc/context/en/appman/help.html b/doc/context/en/appman/help.html new file mode 100644 index 000000000..27cb03624 --- /dev/null +++ b/doc/context/en/appman/help.html @@ -0,0 +1,4 @@ +<dl class="dl-horizontal"> + <dt>General</dt> + <dd>Edit individual properties of the app you selected. Categories allow you to sort your apps to help you find them in the list more easily. Support for custom apps you or your administrator may choose to create includes fields such as "Price of app" and "Location for purchase" that are not applicable to core Hubzilla apps.</dd> +</dl>
\ No newline at end of file diff --git a/doc/context/en/apps/edit/help.html b/doc/context/en/apps/edit/help.html new file mode 100644 index 000000000..1d378f962 --- /dev/null +++ b/doc/context/en/apps/edit/help.html @@ -0,0 +1,4 @@ +<dl class="dl-horizontal"> + <dt>General</dt> + <dd>Edit or delete your apps using the control buttons beside each app icon in the list.</dd> +</dl>
\ No newline at end of file diff --git a/doc/context/en/apps/help.html b/doc/context/en/apps/help.html new file mode 100644 index 000000000..ad6daade5 --- /dev/null +++ b/doc/context/en/apps/help.html @@ -0,0 +1,6 @@ +<dl class="dl-horizontal"> + <dt>General</dt> + <dd>This page shows you what apps are available to your channel, including both core apps and those supplied by addons. To add an app to the <a href='#' onclick='contextualHelpFocus("#app-menu", 1); return false;' title="Click to open...">app menu</a> "star" the app in the list below.</dd> + <dt>Manage Apps</dt> + <dd>Press the "Manage Apps" button to open a page where you can edit the name, categories, and other properties of your apps.</dd> +</dl>
\ No newline at end of file diff --git a/doc/context/en/channel/help.html b/doc/context/en/channel/help.html index 6e3181cbf..0c5b99754 100644 --- a/doc/context/en/channel/help.html +++ b/doc/context/en/channel/help.html @@ -3,6 +3,4 @@ <dd>This is the home page of a channel. It is similar to someone's profile "wall" in a social network context. Posts created by the channel are displayed according to the observer's viewing permissions.</dd> <dt>Create a Post</dt> <dd>If you have permission to create posts on the channel page, then you will see the post editor at the top.</dd> - <dt><a href='#' onclick='contextualHelpFocus("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt> - <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd> -</dl>
\ No newline at end of file +</dl> diff --git a/doc/context/en/wiki/help.html b/doc/context/en/wiki/help.html index 5ac9b22ae..5dee85375 100644 --- a/doc/context/en/wiki/help.html +++ b/doc/context/en/wiki/help.html @@ -1,12 +1,10 @@ <dl class="dl-horizontal"> <dt>General</dt> <dd>Each wiki is a collection of pages, composed as Markdown-formatted text files.</dd> - <dt><a href='#' onclick='contextualHelpFocus("#wikis-index", 1); return false;' title="Click to highlight element...">Wiki List</a></dt> + <dt>Wiki List</dt> <dd>Wikis owned by the channel <i>that you have permission to view</i> are listed in the side panel.</dd> - <dt><a href='#' onclick='contextualHelpFocus("#wiki-get-history", 0); return false;' title="Click to highlight element...">Page History</a></dt> + <dt>Page History</dt> <dd>Every revision of a page is saved to allow quick reversion. Click the <b>History</b> tab to view a history of page revisions, including the date and author of each. The revert button will load the selected revision but will not automatically save the page.</dd> - <dt><a href='#' onclick='contextualHelpFocus("#wiki_page_list", 1); return false;' title="Click to highlight element...">Pages</a></dt> + <dt>Pages</dt> <dd>The list of pages in the wiki are listed in the <b>Wiki Pages</b> panel. Prior to saving page edits using the <b>Page</b> control dropdown menu, you may <a href='#' onclick='contextualHelpFocus("#id_commitMsg", 0); return false;' title="Click to highlight element...">enter a custom message</a> to be displayed in the <a href='#' onclick='contextualHelpFocus("#wiki-get-history", 0); return false;' title="Click to highlight element..."><b>Page History</b></a> viewer along with the revision.</dd> - <dt><a href='#' onclick='contextualHelpFocus("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt> - <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd> -</dl>
\ No newline at end of file +</dl> diff --git a/include/channel.php b/include/channel.php index 41feca362..213676f52 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1633,7 +1633,7 @@ function zid_init() { $query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); $dest = '/' . urlencode($query); if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&dest=' . z_root() . $dest); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&dest=' . z_root() . $dest); } else logger('zid_init: no hubloc found.'); diff --git a/include/connections.php b/include/connections.php index 8df795190..a9f906649 100644 --- a/include/connections.php +++ b/include/connections.php @@ -115,7 +115,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { App::$profile_uid = $xchan['channel_id']; $url = (($observer) - ? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] + ? z_root() . '/magic?f=&owa=1&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] : $xchan['xchan_url'] ); diff --git a/include/import.php b/include/import.php index 2199400af..4d38c8061 100644 --- a/include/import.php +++ b/include/import.php @@ -602,6 +602,11 @@ function import_items($channel, $items, $sync = false, $relocate = null) { if(! $item) continue; + // deprecated + + if(array_key_exists('diaspora_meta',$item)) + unset($item['diaspora_meta']); + if($relocate && $item['mid'] === $item['parent_mid']) { item_url_replace($channel,$item,$relocate['url'],z_root(),$relocate['channel_address']); } diff --git a/include/items.php b/include/items.php index d10d43687..f286015fe 100755 --- a/include/items.php +++ b/include/items.php @@ -2004,17 +2004,17 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { $arr = $translate['item']; } - if((x($arr,'obj')) && is_array($arr['obj'])) { + if((array_key_exists('obj',$arr)) && is_array($arr['obj'])) { activity_sanitise($arr['obj']); $arr['obj'] = json_encode($arr['obj']); } - if((x($arr,'target')) && is_array($arr['target'])) { + if((array_key_exists('target',$arr)) && is_array($arr['target'])) { activity_sanitise($arr['target']); $arr['target'] = json_encode($arr['target']); } - if((x($arr,'attach')) && is_array($arr['attach'])) { + if((array_key_exists('attach',$arr)) && is_array($arr['attach'])) { activity_sanitise($arr['attach']); $arr['attach'] = json_encode($arr['attach']); } diff --git a/include/oembed.php b/include/oembed.php index 460e0244e..f662d84c7 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -225,6 +225,17 @@ function oembed_fetch_url($embedurl){ if($j['html']) { $orig = $j['html']; $allow_position = (($is_matrix) ? true : false); + + // some sites wrap their entire embed in an iframe + // which we will purify away and which we provide anyway. + // So if we see this, grab the frame src url and use that + // as the embed content - which will still need to be purified. + + if(preg_match('#<iframe(.*?)src=[\'\"](.?*)[\'\"]#',$matches,$j['html'])) { + $x = z_fetch_url($matches[2]); + $j['html'] = $x['body']; + } + $j['html'] = purify_html($j['html'],$allow_position); if($j['html'] != $orig) { logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO); diff --git a/include/text.php b/include/text.php index a3c2bbc08..51d711021 100644 --- a/include/text.php +++ b/include/text.php @@ -987,7 +987,7 @@ function chanlink_cid($d) { function magiclink_url($observer,$myaddr,$url) { return (($observer) - ? z_root() . '/magic?f=&dest=' . $url . '&addr=' . $myaddr + ? z_root() . '/magic?f=&owa=1&dest=' . $url . '&addr=' . $myaddr : $url ); } @@ -1389,7 +1389,7 @@ function theme_attachments(&$item) { if(is_foreigner($item['author_xchan'])) $url = $r['href']; else - $url = z_root() . '/magic?f=&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; + $url = z_root() . '/magic?f=&owa=1&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; //$s .= '<a href="' . $url . '" title="' . $title . '" class="attachlink" >' . $icon . '</a>'; $attaches[] = array('label' => $label, 'url' => $url, 'icon' => $icon, 'title' => $title); diff --git a/include/zid.php b/include/zid.php index ee43fd7c8..ce9f70385 100644 --- a/include/zid.php +++ b/include/zid.php @@ -81,6 +81,10 @@ function zid($s,$address = '') { } +function strip_query_param($s,$param) { + return preg_replace('/[\?&]' . $param . '=(.*?)(&|$)/ism','$2',$s); +} + function strip_zids($s) { return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s); } @@ -230,3 +234,76 @@ function red_zrlify_img_callback($matches) { return $matches[0]; } +function owt_init($token) { + + \Zotlabs\Zot\Verify::purge('owt','3 MINUTE'); + + $ob_hash = \Zotlabs\Zot\Verify::get_meta('owt',0,$token); + + if($ob_hash === false) { + return; + } + + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' order by hubloc_id desc", + dbesc($ob_hash) + ); + + if(! $r) { + // finger them if they can't be found. + $j = \Zotlabs\Zot\Finger::run($ob_hash, null); + if ($j['success']) { + import_xchan($j); + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' order by hubloc_id desc", + dbesc($ob_hash) + ); + } + } + if(! $r) { + logger('owt: unable to finger ' . $ob_hash); + return; + } + $hubloc = $r[0]; + + $_SESSION['authenticated'] = 1; + + $delegate_success = false; + if($_REQUEST['delegate']) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", + dbesc($_REQUEST['delegate']) + ); + if ($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],$hubloc['xchan_hash'],'delegate'); + if($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = $hubloc['xchan_hash']; + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + require_once('include/security.php'); + // this will set the local_channel authentication in the session + change_channel($r[0]['channel_id']); + $delegate_success = true; + } + } + } + + if (! $delegate_success) { + // normal visitor (remote_channel) login session credentials + $_SESSION['visitor_id'] = $hubloc['xchan_hash']; + $_SESSION['my_url'] = $hubloc['xchan_url']; + $_SESSION['my_address'] = $hubloc['hubloc_addr']; + $_SESSION['remote_hub'] = $hubloc['hubloc_url']; + $_SESSION['DNT'] = 1; + } + + $arr = array('xchan' => $hubloc, 'url' => \App::$query_string, 'session' => $_SESSION); + call_hooks('magic_auth_success',$arr); + \App::set_observer($hubloc); + require_once('include/security.php'); + \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + if(! get_config('system','hide_owa_greeting')) + info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name'])); + logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); + + +}
\ No newline at end of file diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql index a9950ce21..0988bfa4a 100644 --- a/install/schema_mysql.sql +++ b/install/schema_mysql.sql @@ -652,7 +652,7 @@ CREATE TABLE IF NOT EXISTS `item` ( KEY `received` (`received`), KEY `uid_commented` (`uid`, `commented`), KEY `uid_created` (`uid`, `created`), - KEY `uid_item_unseen` (`uid`, `item_unseen`); + KEY `uid_item_unseen` (`uid`, `item_unseen`), KEY `aid` (`aid`), KEY `owner_xchan` (`owner_xchan`), KEY `author_xchan` (`author_xchan`), diff --git a/install/update.php b/install/update.php index b99e4dd9d..ce9a50913 100644 --- a/install/update.php +++ b/install/update.php @@ -2985,7 +2985,7 @@ function update_r1193() { $r1 = q("CREATE INDEX item_uid_unseen ON item (uid, item_unseen)"); } else { - $r1 = q("ALTER TABLE item ADD INDEX uid_item_unseen (uid, item_unseen);"); + $r1 = q("ALTER TABLE item ADD INDEX uid_item_unseen (uid, item_unseen)"); } if($r1) diff --git a/view/css/bootstrap-red.css b/view/css/bootstrap-red.css index a3a8ce0be..e0018989d 100644 --- a/view/css/bootstrap-red.css +++ b/view/css/bootstrap-red.css @@ -71,10 +71,6 @@ nav .dropdown-menu { min-width: auto; } -code { - white-space: normal; -} - label { font-weight: bold; } diff --git a/view/css/conversation.css b/view/css/conversation.css index dcabb5f3c..a5a847676 100644 --- a/view/css/conversation.css +++ b/view/css/conversation.css @@ -1,3 +1,4 @@ + /* jot */ .jothidden input[type="text"] { @@ -273,6 +274,7 @@ code { font-size: 1em; padding: 1em 1.5em; display: block; + white-space: pre-wrap; } code.inline-code { diff --git a/view/js/main.js b/view/js/main.js index ce7a1a07e..cdba8a25d 100644 --- a/view/js/main.js +++ b/view/js/main.js @@ -699,9 +699,11 @@ function updateConvItems(mode,data) { // auto-scroll to a particular comment in a thread (designated by mid) when in single-thread mode // use the same method to generate the submid as we use in ThreadItem, // base64_encode + replace(['+','='],['','']); - var submid = bParam_mid; - var submid_encoded = ((submid.length) ? submid : 'abcdefg'); - submid_encoded = window.btoa(submid_encoded); + + var submid = ((bParam_mid.length) ? bParam_mid : 'abcdefg'); + var encoded = ((submid.substr(0,4) == 'b64.') ? true : false); + var submid_encoded = ((encoded) ? submid.substr(4) : window.btoa(submid)); + submid_encoded = submid_encoded.replace(/[\+\=]/g,''); if($('.item_' + submid_encoded).length && !$('.item_' + submid_encoded).hasClass('toplevel_item') && mode == 'replace') { if($('.collapsed-comments').length) { diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css index 621fa2781..3e457c621 100644 --- a/view/theme/redbasic/css/style.css +++ b/view/theme/redbasic/css/style.css @@ -136,6 +136,7 @@ input, optgroup, select, textarea { pre code { border: none; + padding: 1em 1.5em; } code { @@ -147,6 +148,7 @@ pre { background: #F5F5F5; color: #333; border:1px solid #ccc; + border-radius: $radius; } .heart { |