aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2018-09-20 12:10:39 +0200
committerMario Vavti <mario@mariovavti.com>2018-09-20 12:10:39 +0200
commita6db822a696afe808d9c8cb34af1075a42fffada (patch)
tree6692324758d22afa7d0588a8262d53eabde99ee7
parentad8226d549f40a1ae1ea47a83778afffb9230042 (diff)
parent1b2732705782a6369bdff0c00b650dfc5c1353a9 (diff)
downloadvolse-hubzilla-a6db822a696afe808d9c8cb34af1075a42fffada.tar.gz
volse-hubzilla-a6db822a696afe808d9c8cb34af1075a42fffada.tar.bz2
volse-hubzilla-a6db822a696afe808d9c8cb34af1075a42fffada.zip
Merge branch 'dev' of https://framagit.org/hubzilla/core into dev
-rw-r--r--doc/hook/attach_delete.bb11
-rw-r--r--doc/hook/content_security_policy.bb39
-rw-r--r--doc/hook/dreport_process.bb7
-rw-r--r--doc/hook/dropdown_extras.bb17
-rw-r--r--doc/hook/permit_hook.bb0
-rw-r--r--doc/hooklist.bb29
-rwxr-xr-xinclude/plugin.php19
7 files changed, 115 insertions, 7 deletions
diff --git a/doc/hook/attach_delete.bb b/doc/hook/attach_delete.bb
new file mode 100644
index 000000000..3b63f28d3
--- /dev/null
+++ b/doc/hook/attach_delete.bb
@@ -0,0 +1,11 @@
+[h2]attach_delete[/h2]
+
+Invoked when an attachment is deleted using attach_delete().
+
+[code]
+$arr = ['channel_id' => $channel_id, 'resource' => $resource, 'is_photo'=>$is_photo];
+call_hooks("attach_delete",$arr);
+[/code]
+
+
+See include/attach.php
diff --git a/doc/hook/content_security_policy.bb b/doc/hook/content_security_policy.bb
new file mode 100644
index 000000000..96b8095ae
--- /dev/null
+++ b/doc/hook/content_security_policy.bb
@@ -0,0 +1,39 @@
+[h2]content_security_policy[/h2]
+
+Called to modify CSP settings prior to the output of the Content-Security-Policy header.
+
+This hook permits addons to modify the content-security-policy if necessary to allow loading of foreign js libraries or css styles.
+
+[code]
+if(App::$config['system']['content_security_policy']) {
+ $cspsettings = Array (
+ 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"),
+ 'style-src' => Array ("'self'","'unsafe-inline'")
+ );
+ call_hooks('content_security_policy',$cspsettings);
+
+ // Legitimate CSP directives (cxref: https://content-security-policy.com/)
+ $validcspdirectives=Array(
+ "default-src", "script-src", "style-src",
+ "img-src", "connect-src", "font-src",
+ "object-src", "media-src", 'frame-src',
+ 'sandbox', 'report-uri', 'child-src',
+ 'form-action', 'frame-ancestors', 'plugin-types'
+ );
+ $cspheader = "Content-Security-Policy:";
+ foreach ($cspsettings as $cspdirective => $csp) {
+ if (!in_array($cspdirective,$validcspdirectives)) {
+ logger("INVALID CSP DIRECTIVE: ".$cspdirective,LOGGER_DEBUG);
+ continue;
+ }
+ $cspsettingsarray=array_unique($cspsettings[$cspdirective]);
+ $cspsetpolicy = implode(' ',$cspsettingsarray);
+ if ($cspsetpolicy) {
+ $cspheader .= " ".$cspdirective." ".$cspsetpolicy.";";
+ }
+ }
+ header($cspheader);
+}
+[/code]
+
+see: boot.php
diff --git a/doc/hook/dreport_process.bb b/doc/hook/dreport_process.bb
new file mode 100644
index 000000000..3ad331f41
--- /dev/null
+++ b/doc/hook/dreport_process.bb
@@ -0,0 +1,7 @@
+[h2]dreport_process[/h2]
+
+Called for each delivery report received
+
+Passed a delivery_report array.
+
+see: include/zot.php
diff --git a/doc/hook/dropdown_extras.bb b/doc/hook/dropdown_extras.bb
new file mode 100644
index 000000000..6d7110a76
--- /dev/null
+++ b/doc/hook/dropdown_extras.bb
@@ -0,0 +1,17 @@
+[h2]dropdown_extras[/h2]
+
+Modify the dropdown menu available through the cog of items as displayed by conv_item.tpl
+
+This hook allows plugins to add arbitrary html to the cog dropdown of thread items displayed with the conv_item.tpl template.
+
+It is fed an array of ['item' => $item, 'dropdown_extras' => '']. Any additions to the cog menu should be prepended/appended to
+the ['dropdown_extras'] element.
+
+[code]
+$dropdown_extras_arr = [ 'item' => $item , 'dropdown_extras' => '' ];
+call_hooks('dropdown_extras',$dropdown_extras_arr);
+$dropdown_extras = $dropdown_extras_arr['dropdown_extras'];
+[/code]
+
+see: Zotlabs/Lib/ThreadItem.php
+see: view/tpl/conv_item.tpl
diff --git a/doc/hook/permit_hook.bb b/doc/hook/permit_hook.bb
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/doc/hook/permit_hook.bb
diff --git a/doc/hooklist.bb b/doc/hooklist.bb
index 4b36fa3e0..1b48df6e6 100644
--- a/doc/hooklist.bb
+++ b/doc/hooklist.bb
@@ -52,6 +52,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
[zrl=[baseurl]/help/hook/app_menu]app_menu[/zrl]
Called when generating the app_menu dropdown (may be obsolete)
+[zrl=[baseurl]/help/hook/attach_delete]attach_delete[/zrl]
+ Called when attachments are deleted from the attach table
+
[zrl=[baseurl]/help/hook/atom_author]atom_author[/zrl]
Called when generating an author or owner element for an Atom ActivityStream feed
@@ -113,7 +116,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
Validate the email provided in an account registration
[zrl=[baseurl]/help/hook/check_account_invite]check_account_invite[/zrl]
- Validate an invitation code when using site invitations
+ Validate an invitation code when using site invitations
[zrl=[baseurl]/help/hook/check_account_password]check_account_password[/zrl]
Used to provide policy control over account passwords (minimum length, character set inclusion, etc.)
@@ -137,7 +140,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
Called when posting to the features/addon settings page
[zrl=[baseurl]/help/hook/construct_page]construct_page[/zrl]
- General purpose hook to provide content to certain page regions. Called when constructing the Comanche page.
+ General purpose hook to provide content to certain page regions. Called when constructing the Comanche page.
[zrl=[baseurl]/help/hook/contact_block_end]contact_block_end[/zrl]
Called when generating the sidebar "Connections" widget
@@ -151,8 +154,11 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
[zrl=[baseurl]/help/hook/contact_select_options]contact_select_options[/zrl]
Deprecated/unused
+[zrl=[baseurl]/help/hook/content_security_policy]content_security_policy[/zrl]
+ Called prior to output of the Content-Security-Policy header
+
[zrl=[baseurl]/help/hook/conversation_start]conversation_start[/zrl]
- Called in the beginning of rendering a conversation (message or message collection or stream)
+ Called in the beginning of rendering a conversation (message or message collection or stream)
[zrl=[baseurl]/help/hook/cover_photo_content_end]cover_photo_content_end[/zrl]
Called after a cover photo has been uplaoded
@@ -183,7 +189,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
[zrl=[baseurl]/help/hook/display_item]display_item[/zrl]
Called for each item being displayed in a conversation thread
-
+
[zrl=[baseurl]/help/hook/display_settings]display_settings[/zrl]
Called from settings module when displaying the 'display settings' section
@@ -202,6 +208,12 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
[zrl=[baseurl]/help/hook/dreport_is_storable]dreport_is_storable[/zrl]
called before storing a dreport record to determine whether to store it
+[zrl=[baseurl]/help/hook/dreport_process]dreport_process[/zrl]
+ called for each valid delivery report
+
+[zrl=[baseurl]/help/hook/dropdown_extras]dropdown_extras[/zrl]
+ Add additional items to the dropdown cog when item/threads are displayed.
+
[zrl=[baseurl]/help/hook/drop_item]drop_item[/zrl]
called when an 'item' is removed
@@ -260,7 +272,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
called to generate the HTML for displaying a map location by text location
[zrl=[baseurl]/help/hook/get_all_api_perms]get_all_api_perms[/zrl]
- Called when retrieving the permissions for API uses
+ Called when retrieving the permissions for API uses
[zrl=[baseurl]/help/hook/get_all_perms]get_all_perms[/zrl]
called when get_all_perms() is used
@@ -446,7 +458,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
Called when probing a URL to generate post content from it
[zrl=[baseurl]/help/hook/pdl_selector]pdl_selector[/zrl]
- Called when creating a layout selection in a form
+ Called when creating a layout selection in a form
[zrl=[baseurl]/help/hook/perm_is_allowed]perm_is_allowed[/zrl]
Called during perm_is_allowed() to determine if a permission is allowed for this channel and observer
@@ -457,6 +469,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
[zrl=[baseurl]/help/hook/permissions_update]permissions_update[/zrl]
Called when a permissions refresh is transmitted
+[zrl=[baseurl]/help/hook/permit_hook]permit_hook[/zrl]
+ Called before a registered hook is actually executed to determine if it should be allowed or blocked
+
[zrl=[baseurl]/help/hook/personal_xrd]personal_xrd[/zrl]
Called when generating the personal XRD for "old webfinger" (Diaspora)
@@ -540,7 +555,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
[zrl=[baseurl]/help/hook/queue_deliver]queue_deliver[/zrl]
Called when delivering a queued message
-
+
[zrl=[baseurl]/help/hook/register_account]register_account[/zrl]
Called when an account has been created
diff --git a/include/plugin.php b/include/plugin.php
index 9757be356..fdc62b3a7 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -458,6 +458,25 @@ function call_hooks($name, &$data = null) {
if (isset(App::$hooks[$name])) {
foreach(App::$hooks[$name] as $hook) {
+
+ if ($name != 'permit_hook') { // avoid looping
+ $checkhook = [
+ 'name'=>$name,
+ 'hook'=>$hook,
+ 'data'=>$data,
+ // Note: Since PHP uses COPY-ON-WRITE
+ // for variables, there is no cost to
+ // passing the $data structure (unless
+ // the permit_hook processors change the
+ // information it contains.
+ 'permit'=>true
+ ];
+ call_hooks('permit_hook',$checkhook);
+ if (!$checkhook['permit']) {
+ continue;
+ }
+ $data = $checkhook['data'];
+ }
$origfn = $hook[1];
if($hook[0])
@include_once($hook[0]);