diff options
author | Friendika <info@friendika.com> | 2011-04-03 20:41:40 -0700 |
---|---|---|
committer | Friendika <info@friendika.com> | 2011-04-03 20:41:40 -0700 |
commit | 9b50b0e16f2046b91cb4c734c56024524d8b178b (patch) | |
tree | 524efc50013a7fd50960adc9092090a2270263ea | |
parent | b500da74b675bc3f88e392573d6602f3e7d94e03 (diff) | |
download | volse-hubzilla-9b50b0e16f2046b91cb4c734c56024524d8b178b.tar.gz volse-hubzilla-9b50b0e16f2046b91cb4c734c56024524d8b178b.tar.bz2 volse-hubzilla-9b50b0e16f2046b91cb4c734c56024524d8b178b.zip |
Public exposure warning on affected network group pages. config-able so a plugin can shut it up.
-rw-r--r-- | boot.php | 4 | ||||
-rw-r--r-- | include/group.php | 17 | ||||
-rw-r--r-- | index.php | 4 | ||||
-rw-r--r-- | mod/network.php | 8 |
4 files changed, 26 insertions, 7 deletions
@@ -2,7 +2,7 @@ set_time_limit(0); -define ( 'FRIENDIKA_VERSION', '2.1.936' ); +define ( 'FRIENDIKA_VERSION', '2.1.938' ); define ( 'DFRN_PROTOCOL_VERSION', '2.2' ); define ( 'DB_UPDATE_VERSION', 1046 ); @@ -2022,7 +2022,7 @@ function contact_block() { intval($shown) ); if(count($r)) { - $o .= '<h4 class="contact-h4">' . sprintf(tt('%d Contact','%d Contacts', $total),$total) . '</h4><div id="contact-block">'; + $o .= '<h4 class="contact-h4">' . sprintf( tt('%d Contact','%d Contacts', $total),$total) . '</h4><div id="contact-block">'; foreach($r as $rr) { $redirect_url = $a->get_baseurl() . '/redir/' . $rr['id']; if(local_user() && ($rr['uid'] == local_user()) diff --git a/include/group.php b/include/group.php index 793e854be..07cd45f19 100644 --- a/include/group.php +++ b/include/group.php @@ -110,7 +110,7 @@ function group_get_members($gid) { LEFT JOIN `contact` ON `contact`.`id` = `group_member`.`contact-id` WHERE `gid` = %d AND `group_member`.`uid` = %d", intval($gid), - intval($_SESSION['uid']) + intval(local_user()) ); if(count($r)) $ret = $r; @@ -118,6 +118,21 @@ function group_get_members($gid) { return $ret; } +function group_public_members($gid) { + $ret = 0; + if(intval($gid)) { + $r = q("SELECT `contact`.`id` AS `contact-id` FROM `group_member` + LEFT JOIN `contact` ON `contact`.`id` = `group_member`.`contact-id` + WHERE `gid` = %d AND `group_member`.`uid` = %d AND `contact`.`network` != 'dfrn' ", + intval($gid), + intval(local_user()) + ); + if(count($r)) + $ret = count($r); + } + return $ret; +} + function group_side($every="contacts",$each="group") { @@ -42,10 +42,6 @@ if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { } else { $lang = ((isset($a->config['system']['language'])) ? $a->config['system']['language'] : 'en'); } -if(x($_POST,'system_language')) -if(x($_SESSION,'language')) - $lang = $_SESSION['language']; - load_translation_table($lang); diff --git a/mod/network.php b/mod/network.php index 39679b48a..a304c211f 100644 --- a/mod/network.php +++ b/mod/network.php @@ -54,6 +54,14 @@ function network_content(&$a, $update = 0) { } if(! $update) { + if(group) { + if(($t = group_public_members($group)) && (! get_pconfig(local_user(),'system','nowarn_insecure'))) { + $plural_form = sprintf( tt('%d member', '%d members', $t), $t); + notice( sprintf( t('Warning: This group contains %s from an insecure network.'), $plural_form ) . EOL); + notice( t('Private messages to this group are at risk of public disclosure.') . EOL); + } + } + $o .= '<script> $(document).ready(function() { $(\'#nav-network-link\').addClass(\'nav-selected\'); });</script>'; $_SESSION['return_url'] = $a->cmd; |