diff options
author | friendica <info@friendica.com> | 2012-05-27 21:01:58 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2012-05-27 21:01:58 -0700 |
commit | 2bd1004587fc8d928b9458b2383b656df115578c (patch) | |
tree | a41cbc9032e4bff8872ced3683ded42af0e5da0d | |
parent | 08941d42856984a3076e972804ac016400341f91 (diff) | |
download | volse-hubzilla-2bd1004587fc8d928b9458b2383b656df115578c.tar.gz volse-hubzilla-2bd1004587fc8d928b9458b2383b656df115578c.tar.bz2 volse-hubzilla-2bd1004587fc8d928b9458b2383b656df115578c.zip |
rework the way private photos are embedded to avoid url differences and also check the permissions if possible to make sure that nothing sneaks by.
-rw-r--r-- | boot.php | 2 | ||||
-rw-r--r-- | include/delivery.php | 2 | ||||
-rw-r--r-- | include/items.php | 88 | ||||
-rw-r--r-- | include/notifier.php | 2 | ||||
-rw-r--r-- | mod/settings.php | 1 | ||||
-rw-r--r-- | util/messages.po | 116 |
6 files changed, 142 insertions, 69 deletions
@@ -9,7 +9,7 @@ require_once('include/nav.php'); require_once('include/cache.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); -define ( 'FRIENDICA_VERSION', '3.0.1355' ); +define ( 'FRIENDICA_VERSION', '3.0.1356' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DB_UPDATE_VERSION', 1144 ); diff --git a/include/delivery.php b/include/delivery.php index 61b0bd33a..32943d5da 100644 --- a/include/delivery.php +++ b/include/delivery.php @@ -288,7 +288,7 @@ function delivery_run($argv, $argc){ if($normal_mode) { if($item_id == $item['id'] || $item['id'] == $item['parent']) - $atom .= atom_entry($item,'text',null,$owner,true); + $atom .= atom_entry($item,'text',null,$owner,true,(($top_level) ? $contact['id'] : 0)); } else $atom .= atom_entry($item,'text',null,$owner,true); diff --git a/include/items.php b/include/items.php index e5b640fd2..f45b40cc0 100644 --- a/include/items.php +++ b/include/items.php @@ -2832,7 +2832,7 @@ function atom_author($tag,$name,$uri,$h,$w,$photo) { return $o; } -function atom_entry($item,$type,$author,$owner,$comment = false) { +function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) { $a = get_app(); @@ -2844,7 +2844,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid']) - $body = fix_private_photos($item['body'],$owner['uid']); + $body = fix_private_photos($item['body'],$owner['uid'],$item,$cid); else $body = $item['body']; @@ -2927,14 +2927,17 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { return $o; } -function fix_private_photos($s,$uid) { +function fix_private_photos($s,$uid, $item = null, $cid = 0) { $a = get_app(); - logger('fix_private_photos'); + + logger('fix_private_photos', LOGGER_DEBUG); + $site = substr($a->get_baseurl(),strpos($a->get_baseurl,'://')); if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) { $image = $matches[1]; - logger('fix_private_photos: found photo ' . $image); - if(stristr($image ,$a->get_baseurl() . '/photo/')) { + logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG); + if(stristr($image , $site . '/photo/')) { + $replace = false; $i = basename($image); $i = str_replace('.jpg','',$i); $x = strpos($i,'-'); @@ -2947,8 +2950,39 @@ function fix_private_photos($s,$uid) { intval($uid) ); if(count($r)) { - logger('replacing photo'); - $s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s); + + // Check to see if we should replace this photo link with an embedded image + // 1. No need to do so if the photo is public + // 2. If there's a contact-id provided, see if they're in the access list + // for the photo. If so, embed it. + // 3. Otherwise, if we have an item, see if the item permissions match the photo + // permissions, regardless of order but first check to see if they're an exact + // match to save some processing overhead. + + // Currently we only embed one private photo per message so as not to hit import + // size limits at the receiving end. + + // To embed multiples, we would need to parse out the embedded photos on message + // receipt and limit size based only on the text component. Would also need to + // ignore all photos during bbcode translation and item localisation, as these + // will hit internal regex backtrace limits. + + if(has_permissions($r[0])) { + if($cid) { + $recips = enumerate_permissions($r[0]); + if(in_array($cid, $recips)) { + $replace = true; + } + } + elseif($item) { + if(compare_permissions($item,$r[0])) + $replace = true; + } + } + if($replace) { + logger('replacing photo'); + $s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s); + } } } logger('fix_private_photos: replaced: ' . $s, LOGGER_DATA); @@ -2958,6 +2992,44 @@ function fix_private_photos($s,$uid) { } +function has_permissions($obj) { + if(($obj['allow_cid'] != '') || ($obj['allow_gid'] != '') || ($obj['deny_cid'] != '') || ($obj['deny_gid'] != '')) + return true; + return false; +} + +function compare_permissions($obj1,$obj2) { + // first part is easy. Check that these are exactly the same. + if(($obj1['allow_cid'] == $obj2['allow_cid']) + && ($obj1['allow_gid'] == $obj2['allow_gid']) + && ($obj1['deny_cid'] == $obj2['deny_cid']) + && ($obj1['deny_gid'] == $obj2['deny_gid'])) + return true; + + // This is harder. Parse all the permissions and compare the resulting set. + + $recipients1 = enumerate_permissions($obj1); + $recipients2 = enumerate_permissions($obj2); + sort($recipients1); + sort($recipients2); + if($recipients1 == $recipients2) + return true; + return false; +} + +// returns an array of contact-ids that are allowed to see this object + +function enumerate_permissions($obj) { + require_once('include/group.php'); + $allow_people = expand_acl($obj['allow_cid']); + $allow_groups = expand_groups(expand_acl($obj['allow_gid'])); + $deny_people = expand_acl($obj['deny_cid']); + $deny_groups = expand_groups(expand_acl($obj['deny_gid'])); + $recipients = array_unique(array_merge($allow_people,$allow_groups)); + $deny = array_unique(array_merge($deny_people,$deny_groups)); + $recipients = array_diff($recipients,$deny); + return $recipients; +} function item_getfeedtags($item) { $ret = array(); diff --git a/include/notifier.php b/include/notifier.php index cb4fb2a31..070e7a436 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -345,7 +345,7 @@ function notifier_run($argv, $argc){ if($mail) { $public_message = false; // mail is not public - $body = fix_private_photos($item['body'],$owner['uid']); + $body = fix_private_photos($item['body'],$owner['uid'],null,$message[0]['contact-id']); $atom .= replace_macros($mail_template, array( '$name' => xmlify($owner['name']), diff --git a/mod/settings.php b/mod/settings.php index 40fa55eea..e6eb4011f 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -15,6 +15,7 @@ function get_theme_config_file($theme){ } function settings_init(&$a) { + // These lines provide the javascript needed by the acl selector $a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "';" ; diff --git a/util/messages.po b/util/messages.po index 2f6a1c406..f07c1d11f 100644 --- a/util/messages.po +++ b/util/messages.po @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: 3.0.1355\n" +"Project-Id-Version: 3.0.1356\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2012-05-26 10:00-0700\n" +"POT-Creation-Date: 2012-05-27 10:00-0700\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -221,7 +221,7 @@ msgid "link to source" msgstr "" #: ../../mod/events.php:324 ../../view/theme/diabook/theme.php:126 -#: ../../include/nav.php:52 ../../boot.php:1523 +#: ../../include/nav.php:52 ../../boot.php:1520 msgid "Events" msgstr "" @@ -271,7 +271,7 @@ msgid "Description:" msgstr "" #: ../../mod/events.php:423 ../../include/event.php:37 -#: ../../include/bb2diaspora.php:260 ../../boot.php:1103 +#: ../../include/bb2diaspora.php:265 ../../boot.php:1100 msgid "Location:" msgstr "" @@ -346,7 +346,7 @@ msgstr "" msgid "No" msgstr "" -#: ../../mod/photos.php:43 ../../boot.php:1517 +#: ../../mod/photos.php:43 ../../boot.php:1514 msgid "Photo Albums" msgstr "" @@ -551,7 +551,7 @@ msgstr "" #: ../../mod/photos.php:1295 ../../mod/photos.php:1335 #: ../../mod/photos.php:1366 ../../include/conversation.php:558 -#: ../../boot.php:517 +#: ../../boot.php:514 msgid "Comment" msgstr "" @@ -1135,7 +1135,7 @@ msgid "" msgstr "" #: ../../mod/localtime.php:12 ../../include/event.php:11 -#: ../../include/bb2diaspora.php:238 +#: ../../include/bb2diaspora.php:243 msgid "l F d, Y \\@ g:i A" msgstr "" @@ -1181,7 +1181,7 @@ msgid "is interested in:" msgstr "" #: ../../mod/match.php:58 ../../mod/suggest.php:59 -#: ../../include/contact_widgets.php:9 ../../boot.php:1047 +#: ../../include/contact_widgets.php:9 ../../boot.php:1044 msgid "Connect" msgstr "" @@ -1708,7 +1708,7 @@ msgstr "" #: ../../addon/facebook/facebook.php:1178 #: ../../addon/public_server/public_server.php:62 #: ../../addon/testdrive/testdrive.php:67 ../../include/items.php:2738 -#: ../../boot.php:697 +#: ../../boot.php:694 msgid "Administrator" msgstr "" @@ -1718,7 +1718,7 @@ msgid "" "Password reset failed." msgstr "" -#: ../../mod/lostpass.php:83 ../../boot.php:829 +#: ../../mod/lostpass.php:83 ../../boot.php:826 msgid "Password Reset" msgstr "" @@ -2384,7 +2384,7 @@ msgstr "" msgid "Invalid contact." msgstr "" -#: ../../mod/notes.php:44 ../../boot.php:1529 +#: ../../mod/notes.php:44 ../../boot.php:1526 msgid "Personal Notes" msgstr "" @@ -2635,7 +2635,7 @@ msgstr "" #: ../../mod/profperm.php:103 ../../view/theme/diabook/theme.php:123 #: ../../include/profile_advanced.php:7 ../../include/profile_advanced.php:74 -#: ../../include/nav.php:50 ../../boot.php:1508 +#: ../../include/nav.php:50 ../../boot.php:1505 msgid "Profile" msgstr "" @@ -2807,7 +2807,7 @@ msgstr "" msgid "Choose a nickname: " msgstr "" -#: ../../mod/register.php:546 ../../include/nav.php:81 ../../boot.php:795 +#: ../../mod/register.php:546 ../../include/nav.php:81 ../../boot.php:792 msgid "Register" msgstr "" @@ -2850,7 +2850,7 @@ msgid "Access denied." msgstr "" #: ../../mod/fbrowser.php:23 ../../view/theme/diabook/theme.php:125 -#: ../../include/nav.php:51 ../../boot.php:1514 +#: ../../include/nav.php:51 ../../boot.php:1511 msgid "Photos" msgstr "" @@ -3633,7 +3633,7 @@ msgstr "" msgid "FTP Password" msgstr "" -#: ../../mod/profile.php:21 ../../boot.php:960 +#: ../../mod/profile.php:21 ../../boot.php:957 msgid "Requested profile is not available." msgstr "" @@ -3703,8 +3703,8 @@ msgid "" "Account not found and OpenID registration is not permitted on this site." msgstr "" -#: ../../mod/openid.php:93 ../../include/auth.php:97 -#: ../../include/auth.php:160 +#: ../../mod/openid.php:93 ../../include/auth.php:99 +#: ../../include/auth.php:162 msgid "Login failed." msgstr "" @@ -4051,23 +4051,23 @@ msgstr "" msgid "Edit/Manage Profiles" msgstr "" -#: ../../mod/profiles.php:630 ../../boot.php:1069 +#: ../../mod/profiles.php:630 ../../boot.php:1066 msgid "Change profile photo" msgstr "" -#: ../../mod/profiles.php:631 ../../boot.php:1070 +#: ../../mod/profiles.php:631 ../../boot.php:1067 msgid "Create New Profile" msgstr "" -#: ../../mod/profiles.php:642 ../../boot.php:1080 +#: ../../mod/profiles.php:642 ../../boot.php:1077 msgid "Profile Image" msgstr "" -#: ../../mod/profiles.php:644 ../../boot.php:1083 +#: ../../mod/profiles.php:644 ../../boot.php:1080 msgid "visible to everybody" msgstr "" -#: ../../mod/profiles.php:645 ../../boot.php:1084 +#: ../../mod/profiles.php:645 ../../boot.php:1081 msgid "Edit visibility" msgstr "" @@ -4675,7 +4675,7 @@ msgstr "" #: ../../addon/page/page.php:63 ../../addon/showmore/showmore.php:87 #: ../../include/contact_widgets.php:188 ../../include/conversation.php:470 -#: ../../boot.php:518 +#: ../../boot.php:515 msgid "show more" msgstr "" @@ -4691,7 +4691,7 @@ msgstr "" #: ../../addon/communityhome/communityhome.php:34 #: ../../addon/communityhome/twillingham/communityhome.php:28 #: ../../addon/communityhome/twillingham/communityhome.php:34 -#: ../../include/nav.php:64 ../../boot.php:816 +#: ../../include/nav.php:64 ../../boot.php:813 msgid "Login" msgstr "" @@ -5868,7 +5868,7 @@ msgstr "" msgid "Set colour scheme" msgstr "" -#: ../../include/profile_advanced.php:17 ../../boot.php:1105 +#: ../../include/profile_advanced.php:17 ../../boot.php:1102 msgid "Gender:" msgstr "" @@ -5889,11 +5889,11 @@ msgstr "" msgid "Age:" msgstr "" -#: ../../include/profile_advanced.php:37 ../../boot.php:1108 +#: ../../include/profile_advanced.php:37 ../../boot.php:1105 msgid "Status:" msgstr "" -#: ../../include/profile_advanced.php:45 ../../boot.php:1110 +#: ../../include/profile_advanced.php:45 ../../boot.php:1107 msgid "Homepage:" msgstr "" @@ -6249,11 +6249,11 @@ msgstr "" msgid "Ask me" msgstr "" -#: ../../include/event.php:17 ../../include/bb2diaspora.php:244 +#: ../../include/event.php:17 ../../include/bb2diaspora.php:249 msgid "Starts:" msgstr "" -#: ../../include/event.php:27 ../../include/bb2diaspora.php:252 +#: ../../include/event.php:27 ../../include/bb2diaspora.php:257 msgid "Finishes:" msgstr "" @@ -6477,7 +6477,7 @@ msgstr "" msgid "Contacts not in any group" msgstr "" -#: ../../include/nav.php:46 ../../boot.php:815 +#: ../../include/nav.php:46 ../../boot.php:812 msgid "Logout" msgstr "" @@ -6485,7 +6485,7 @@ msgstr "" msgid "End this session" msgstr "" -#: ../../include/nav.php:49 ../../boot.php:1502 +#: ../../include/nav.php:49 ../../boot.php:1499 msgid "Status" msgstr "" @@ -6565,11 +6565,11 @@ msgstr "" msgid "Manage other pages" msgstr "" -#: ../../include/nav.php:138 ../../boot.php:1063 +#: ../../include/nav.php:138 ../../boot.php:1060 msgid "Profiles" msgstr "" -#: ../../include/nav.php:138 ../../boot.php:1063 +#: ../../include/nav.php:138 ../../boot.php:1060 msgid "Manage/edit profiles" msgstr "" @@ -6652,13 +6652,13 @@ msgstr "" msgid "Logged out." msgstr "" -#: ../../include/auth.php:113 +#: ../../include/auth.php:115 msgid "" "We encountered a problem while logging in with the OpenID you provided. " "Please check the correct spelling of the ID." msgstr "" -#: ../../include/auth.php:113 +#: ../../include/auth.php:115 msgid "The error message was:" msgstr "" @@ -7236,96 +7236,96 @@ msgstr "" msgid "permissions" msgstr "" -#: ../../boot.php:516 +#: ../../boot.php:513 msgid "Delete this item?" msgstr "" -#: ../../boot.php:519 +#: ../../boot.php:516 msgid "show fewer" msgstr "" -#: ../../boot.php:692 +#: ../../boot.php:689 #, php-format msgid "Update %s failed. See error logs." msgstr "" -#: ../../boot.php:694 +#: ../../boot.php:691 #, php-format msgid "Update Error at %s" msgstr "" -#: ../../boot.php:794 +#: ../../boot.php:791 msgid "Create a New Account" msgstr "" -#: ../../boot.php:818 +#: ../../boot.php:815 msgid "Nickname or Email address: " msgstr "" -#: ../../boot.php:819 +#: ../../boot.php:816 msgid "Password: " msgstr "" -#: ../../boot.php:822 +#: ../../boot.php:819 msgid "Or login using OpenID: " msgstr "" -#: ../../boot.php:828 +#: ../../boot.php:825 msgid "Forgot your password?" msgstr "" -#: ../../boot.php:995 +#: ../../boot.php:992 msgid "Edit profile" msgstr "" -#: ../../boot.php:1055 +#: ../../boot.php:1052 msgid "Message" msgstr "" -#: ../../boot.php:1171 ../../boot.php:1247 +#: ../../boot.php:1168 ../../boot.php:1244 msgid "g A l F d" msgstr "" -#: ../../boot.php:1172 ../../boot.php:1248 +#: ../../boot.php:1169 ../../boot.php:1245 msgid "F d" msgstr "" -#: ../../boot.php:1217 ../../boot.php:1288 +#: ../../boot.php:1214 ../../boot.php:1285 msgid "[today]" msgstr "" -#: ../../boot.php:1229 +#: ../../boot.php:1226 msgid "Birthday Reminders" msgstr "" -#: ../../boot.php:1230 +#: ../../boot.php:1227 msgid "Birthdays this week:" msgstr "" -#: ../../boot.php:1281 +#: ../../boot.php:1278 msgid "[No description]" msgstr "" -#: ../../boot.php:1299 +#: ../../boot.php:1296 msgid "Event Reminders" msgstr "" -#: ../../boot.php:1300 +#: ../../boot.php:1297 msgid "Events this week:" msgstr "" -#: ../../boot.php:1505 +#: ../../boot.php:1502 msgid "Status Messages and Posts" msgstr "" -#: ../../boot.php:1511 +#: ../../boot.php:1508 msgid "Profile Details" msgstr "" -#: ../../boot.php:1526 +#: ../../boot.php:1523 msgid "Events and Calendar" msgstr "" -#: ../../boot.php:1532 +#: ../../boot.php:1529 msgid "Only You Can See This" msgstr "" |