Merge branch 'master' of git://github.com/friendika/friendika

17 files changed, 97 insertions, 60 deletions

diff --git a/INSTALL.txt b/INSTALL.txt
index 577f3f354..70e4f24ef 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -17,7 +17,7 @@ hosting provider prior to installation.
 	- Apache with mod-rewrite enabled and "Options All" so you can use a 
 local .htaccess file
 
-	- PHP > 5.1. The later the better. You'll need 5.3 for encryption of key
+	- PHP 5.2+. The later the better. You'll need 5.3 for encryption of key
 exchange conversations
 encryption support
 		- PHP *command line* access with register_argc_argv set to true in the 
@@ -67,6 +67,12 @@ database was not installed correctly. You might wish to move/rename
 .htconfig.php to another name and empty (called 'dropping') the database 
 tables, so that you can start fresh.  
 
+****************************************************************************
+****************************************************************************
+********          THIS NEXT STEP IS IMPORTANT!!!!                ***********
+****************************************************************************
+****************************************************************************
+
 7. Set up a cron job or scheduled task to run the poller once every 5-10 
 minutes to pick up the recent "public" postings of your friends. Example:
 
diff --git a/boot.php b/boot.php
index 9715f9cfd..85e159883 100644
--- a/boot.php
+++ b/boot.php
@@ -2,8 +2,8 @@
 
 set_time_limit(0);
 
-define ( 'BUILD_ID',               1031   );
-define ( 'FRIENDIKA_VERSION',      '2.01.1000' );
+define ( 'BUILD_ID',               1032   );
+define ( 'FRIENDIKA_VERSION',      '2.01.1003' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.0'  );
 
 define ( 'EOL',                    "<br />\r\n"     );
@@ -910,7 +910,6 @@ function xmlify($str) {
 			case "'" :
 				$buffer .= '&apos;';
 				break;
-
 			case "\"" :
 				$buffer .= '&quot;';
 				break;
@@ -946,6 +945,11 @@ function unxmlify($s) {
 
 if(! function_exists('hex2bin')) {
 function hex2bin($s) {
+	if(! ctype_xdigit($s)) {
+		logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true));
+		return($s);
+	}
+
 	return(pack("H*",$s));
 }}
 
@@ -2164,11 +2168,12 @@ function get_birthdays() {
 
 		foreach($r as $rr) {
 			$now = strtotime('now');
-			$today = (((strtotime($rr['start']) < $now) && (strtotime($rr['finish']) > $now)) ? true : false); 
+			$today = (((strtotime($rr['start'] . ' +00:00') < $now) && (strtotime($rr['finish'] . ' +00:00') > $now)) ? true : false); 
 
 			$o .= '<div class="birthday-list" id="birthday-' . $rr['eid'] . '"><a class="sparkle" href="' 
 			. $a->get_baseurl() . '/redir/'  . $rr['cid'] . '">' . $rr['name'] . '</a> ' 
-			. day_translate(datetime_convert('UTC', $a->timezone, $rr['start'], $bd_format)) . (($today) ?  ' ' . t('[today]') : '') ;
+			. day_translate(datetime_convert('UTC', $a->timezone, $rr['start'], $bd_format)) . (($today) ?  ' ' . t('[today]') : '')
+			. '</div>' ;
 		}
 
 		$o .= '</div>';
diff --git a/include/html2bbcode.php b/include/html2bbcode.php
index 688c01452..65cbcec41 100644
--- a/include/html2bbcode.php
+++ b/include/html2bbcode.php
@@ -11,6 +11,9 @@ function html2bbcode($s) {
 
 	$htmltags = array(
 		'/\n/is',
+		'/\<pre\>(.*?)\<\/pre\>/is',
+		'/\<p(.*?)\>/is',
+		'/\<\/p\>/is',
 		'/\<b\>(.*?)\<\/b\>/is',
 		'/\<i\>(.*?)\<\/i\>/is',
 		'/\<u\>(.*?)\<\/u\>/is',
@@ -33,6 +36,9 @@ function html2bbcode($s) {
 
 	$bbtags = array(
 		'',
+		'[code]$1[/code]',
+		'',
+		"\n",
 		'[b]$1[/b]',
 		'[i]$1[/i]',
 		'[u]$1[/u]',
diff --git a/include/items.php b/include/items.php
index 1a5ca5a1f..1fdbc6fc2 100644
--- a/include/items.php
+++ b/include/items.php
@@ -35,6 +35,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
 	else
 		killme();
 
+
 	/**
 	 *
 	 * Determine the next birthday, but only if the birthday is published
@@ -380,7 +381,7 @@ function get_atom_elements($feed,$item) {
 
 	// It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust 
 	// the content type. Our own network only emits text normally, though it might have been converted to 
-	// html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will
+	// html if we used a pubsubhubbub transport. But if we see even one html tag in our text, we will
 	// have to assume it is all html and needs to be purified.
 
 	// It doesn't matter all that much security wise - because before this content is used anywhere, we are 
@@ -389,7 +390,7 @@ function get_atom_elements($feed,$item) {
 	// html.
 
 
-	if(strpos($res['body'],'<')) {
+	if((strpos($res['body'],'<')) || (strpos($res['body'],'>'))) {
 
 		$res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
 			'[youtube]$1[/youtube]', $res['body']);
@@ -403,11 +404,12 @@ function get_atom_elements($feed,$item) {
 
 		$purifier = new HTMLPurifier($config);
 		$res['body'] = $purifier->purify($res['body']);
-	}
 
+		$res['body'] = html2bbcode($res['body']);
+	}
+	else
+		$res['body'] = escape_tags($res['body']);
 	
-	$res['body'] = html2bbcode($res['body']);
-
 
 	$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
 	if($allow && $allow[0]['data'] == 1)
@@ -495,7 +497,7 @@ function get_atom_elements($feed,$item) {
 				$body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data'];
 			// preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events
 			$res['object'] .= '<orig>' . xmlify($body) . '</orig>' . "\n";
-			if(strpos($body,'<')) {
+			if((strpos($body,'<')) || (strpos($body,'>'))) {
 
 				$body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
 					'[youtube]$1[/youtube]', $body);
@@ -505,9 +507,11 @@ function get_atom_elements($feed,$item) {
 
 				$purifier = new HTMLPurifier($config);
 				$body = $purifier->purify($body);
+				$body = html2bbcode($body);
 			}
+			else
+				$body = escape_tags($body);
 
-			$body = html2bbcode($body);
 			$res['object'] .= '<content>' . $body . '</content>' . "\n";
 		}
 
@@ -534,7 +538,7 @@ function get_atom_elements($feed,$item) {
 				$body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data'];
 			// preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events
 			$res['object'] .= '<orig>' . xmlify($body) . '</orig>' . "\n";
-			if(strpos($body,'<')) {
+			if((strpos($body,'<')) || (strpos($body,'>'))) {
 
 				$body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
 					'[youtube]$1[/youtube]', $body);
@@ -544,9 +548,11 @@ function get_atom_elements($feed,$item) {
 
 				$purifier = new HTMLPurifier($config);
 				$body = $purifier->purify($body);
+				$body = html2bbcode($body);
 			}
+			else
+				$body = escape_tags($body);
 
-			$body = html2bbcode($body);
 			$res['target'] .= '<content>' . $body . '</content>' . "\n";
 		}
 
@@ -571,7 +577,7 @@ function encode_rel_links($links) {
 		if($link['attribs']['']['type'])
 			$o .= 'type="' . $link['attribs']['']['type'] . '" ';
 		if($link['attribs']['']['href'])
-			$o .= 'type="' . $link['attribs']['']['href'] . '" ';
+			$o .= 'href="' . $link['attribs']['']['href'] . '" ';
 		if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['width'])
 			$o .= 'media:width="' . $link['attribs'][NAMESPACE_MEDIA]['width'] . '" ';
 		if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['height'])
@@ -782,8 +788,8 @@ function dfrn_deliver($owner,$contact,$atom) {
 		return (($res->status) ? $res->status : 3);
 
 	$postvars     = array();
-	$sent_dfrn_id = hex2bin($res->dfrn_id);
-	$challenge    = hex2bin($res->challenge);
+	$sent_dfrn_id = hex2bin((string) $res->dfrn_id);
+	$challenge    = hex2bin((string) $res->challenge);
 	$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
 
 	$final_dfrn_id = '';
diff --git a/include/notifier.php b/include/notifier.php
index 7791b9bd4..39640e51a 100644
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -181,7 +181,7 @@
 			'$feed_title'   => xmlify($owner['name']),
 			'$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', $updated . '+00:00' , ATOM_TIME)) ,
 			'$hub'          => $hubxml,
-			'$salmon'       => '',   // private feed, we don't use salmon here
+			'$salmon'       => '',  // private feed, we don't use salmon here
 			'$name'         => xmlify($owner['name']),
 			'$profile_page' => xmlify($owner['url']),
 			'$photo'        => xmlify($owner['photo']),
@@ -207,7 +207,6 @@
 		));
 	}
 	else {
-
 		if($followup) {
 			foreach($items as $item) {  // there is only one item
 				if($item['id'] == $item_id) {
@@ -224,7 +223,13 @@
 					continue;
 
 				$atom   .= atom_entry($item,'text',$contact,$owner,true);
-				$slaps[] = atom_entry($item,'html',$contact,$owner,true);
+
+				// There's a problem here - we *were* going to use salmon to provide semi-authenticated
+				// communication to OStatus, but unless we're the item author they won't verify.
+				// commented out for now, though we'll still send local replies (and any mentions 
+				// that they contain) upstream. Rethinking the problem space.
+ 
+//				$slaps[] = atom_entry($item,'html',$contact,$owner,true);
 			}
 		}
 	}
@@ -232,7 +237,7 @@
 
 	logger('notifier: ' . $atom, LOGGER_DATA);
 
-	logger('notifier: slaps: ' . print_r($slaps,true), LOGGER_DATA);
+//	logger('notifier: slaps: ' . print_r($slaps,true), LOGGER_DATA);
 
 	if($followup)
 		$recip_str = $parent['contact-id'];
@@ -324,14 +329,12 @@
 		
 	// send additional slaps to mentioned remote tags (@foo@example.com)
 
-	if(count($slaps) && count($url_recipients) && $notify_hub) {
+	if($slap && count($url_recipients) && $followup && $notify_hub) {
 		foreach($url_recipients as $url) {
-			logger('notifier: urldelivery: ' . $url);
-			foreach($slaps as $slappy) {
-				if($url) {
-					$deliver_status = slapper($owner,$url,$slappy);
-					// TODO: redeliver/queue these items on failure, though there is no contact record
-				}
+			if($url) {
+				logger('notifier: urldelivery: ' . $url);
+				$deliver_status = slapper($owner,$url,$slap);
+				// TODO: redeliver/queue these items on failure, though there is no contact record
 			}
 		}
 	}
diff --git a/include/poller.php b/include/poller.php
index 28e421f5f..fc45ff9c3 100644
--- a/include/poller.php
+++ b/include/poller.php
@@ -186,8 +186,8 @@
 
 			$postvars = array();
 
-			$sent_dfrn_id = hex2bin($res->dfrn_id);
-			$challenge    = hex2bin($res->challenge);
+			$sent_dfrn_id = hex2bin((string) $res->dfrn_id);
+			$challenge    = hex2bin((string) $res->challenge);
 
 			$final_dfrn_id = '';
 
diff --git a/mod/message.php b/mod/message.php
index 251b5a414..9cc2e2826 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -270,7 +270,7 @@ function message_content(&$a) {
 				'$sparkle' => $sparkle,
 				'$from_photo' => $message['from-photo'],
 				'$subject' => $message['title'],
-				'$body' => bbcode($message['body']),
+				'$body' => smilies(bbcode($message['body'])),
 				'$delete' => t('Delete message'),
 				'$to_name' => $message['name'],
 				'$date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A')
diff --git a/mod/network.php b/mod/network.php
index 08607fa18..5073b8a61 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -115,6 +115,10 @@ function network_content(&$a, $update = 0) {
 		$o = '<h4>' . t('Group: ') . $r[0]['name'] . '</h4>' . $o;
 	}
 
+	if((! $group) && (! $update))
+		$o .= get_birthdays();
+
+
 	$r = q("SELECT COUNT(*) AS `total`
 		FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
 		WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
diff --git a/mod/profile.php b/mod/profile.php
index 9b8388177..bcd2b64e3 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -230,7 +230,7 @@ function profile_content(&$a, $update = 0) {
 
 
 	if($is_owner && ! $update)
-			$o .= get_birthdays();
+		$o .= get_birthdays();
 
 	$cmnt_tpl = load_view_file('view/comment_item.tpl');
 
diff --git a/mod/salmon.php b/mod/salmon.php
index 2ae6aa628..8c7d921c8 100644
--- a/mod/salmon.php
+++ b/mod/salmon.php
@@ -199,7 +199,12 @@ function salmon_post(&$a) {
 
 	$hub = '';
 
-	// consume_feed will only accept a follow activity from this person if there is no contact record.
+	/**
+	 *
+	 * anti-spam measure: consume_feed will accept a follow activity from 
+	 * this person (and nothing else) if there is no existing contact record.
+	 *
+	 */
 
 	$contact_rec = ((count($r)) ? $r[0] : null);
 
diff --git a/update.php b/update.php
index ae0e35531..7aacffb40 100644
--- a/update.php
+++ b/update.php
@@ -302,3 +302,18 @@ function update_1030() {
 
 }
 
+function update_1031() {
+	// Repair any bad links that slipped into the item table
+	$r = q("SELECT `id`, `object` FROM `item` WHERE `object` != '' ");
+	if($r && count($r)) {
+		foreach($r as $rr) {
+			if(strstr($rr['object'],'type=&quot;http')) {
+				q("UPDATE `item` SET `object` = '%s' WHERE `id` = %d LIMIT 1",
+					dbesc(str_replace('type=&quot;http','href=&quot;http',$rr['object'])),
+					intval($rr['id'])
+				);
+			}
+		}
+	}
+}
+	
diff --git a/view/en/profile_advanced.php b/view/en/profile_advanced.php
index 82c66adec..9aee6c262 100644
--- a/view/en/profile_advanced.php
+++ b/view/en/profile_advanced.php
@@ -39,8 +39,8 @@ EOT;
 
 $o .= '<div id="advanced-profile-dob">' 
 	. ((intval($a->profile['dob'])) 
-		? datetime_convert('UTC',date_default_timezone_get(),$a->profile['dob'],'j F, Y')
-		: datetime_convert('UTC',date_default_timezone_get(),'2001-' . substr($a->profile['dob'],6),'j F')) 
+		? day_translate(datetime_convert('UTC',date_default_timezone_get(),$a->profile['dob'],'j F, Y'))
+		: day_translate(datetime_convert('UTC',date_default_timezone_get(),'2001-' . substr($a->profile['dob'],6),'j F'))) 
 	. "</div>\r\n</div>";
 
 $o .= '<div id="advanced-profile-dob-end"></div>';
diff --git a/view/it/profile_advanced.php b/view/it/profile_advanced.php
index 50bb0dd28..899fd56b2 100644
--- a/view/it/profile_advanced.php
+++ b/view/it/profile_advanced.php
@@ -39,8 +39,8 @@ EOT;
 
 $o .= '<div id="advanced-profile-dob">' 
 	. ((intval($a->profile['dob'])) 
-		? datetime_convert('UTC',date_default_timezone_get(),$a->profile['dob'],'j F, Y')
-		: datetime_convert('UTC',date_default_timezone_get(),'2001-' . substr($a->profile['dob'],6),'j F')) 
+		? day_translate(datetime_convert('UTC',date_default_timezone_get(),$a->profile['dob'],'j F, Y'))
+		: day_translate(datetime_convert('UTC',date_default_timezone_get(),'2001-' . substr($a->profile['dob'],6),'j F'))) 
 	. "</div>\r\n</div>";
 
 $o .= '<div id="advanced-profile-dob-end"></div>';
diff --git a/view/theme/default/style.css b/view/theme/default/style.css
index fd14c6bdd..d9e93bbe6 100644
--- a/view/theme/default/style.css
+++ b/view/theme/default/style.css
@@ -1979,5 +1979,5 @@ a.mail-list-link {
 }
 
 #birthday-wrapper {
-	margin-bottom: 15px;
+	margin-bottom: 20px;
 }
diff --git a/view/theme/duepuntozero/shiny.jpg b/view/theme/duepuntozero/shiny.jpg
deleted file mode 100644
index 17c978816..000000000
--- a/view/theme/duepuntozero/shiny.jpg
+++ /dev/null
diff --git a/view/theme/duepuntozero/shiny.png b/view/theme/duepuntozero/shiny.png
new file mode 100644
index 000000000..994c0d05d
--- /dev/null
+++ b/view/theme/duepuntozero/shiny.png
diff --git a/view/theme/duepuntozero/style.css b/view/theme/duepuntozero/style.css
index 37670df01..b2bdb6e87 100644
--- a/view/theme/duepuntozero/style.css
+++ b/view/theme/duepuntozero/style.css
@@ -3,23 +3,10 @@
  * Fabio Comuni <fabrix.xm@gmail.com>
  */
 
-@font-face {
-  font-family: FreeSans;
-  font-style: normal;
-  font-weight: bold;
-  src: local('FreeSansBold'), url('FreeSansBold.otf');
-}
-@font-face {
-  font-family: FreeSans;
-  font-style: normal;
-  font-weight: normal;
-  src: local('FreeSans'), url('FreeSans.otf');
-}
 
- 
 /* generals */
 body {
-	font-family: /*FreeSans,*/ helvetica,arial,clean,sans-serif;
+	font-family: helvetica,arial,freesans,clean,sans-serif;
 	font-size: 12px;
 	background-color: #ffffff;
 	background-image: url(head.jpg);
@@ -209,10 +196,10 @@ footer {
 }
 
 
-.shiny {
-    background-image: url(shiny.jpg);
-    background-repeat: repeat-x;
-    background-position: left bottom;
+div.wall-item-content-wrapper.shiny {
+  background-image: url('shiny.png');
+  background-position: -5px 30px;
+  background-repeat:no-repeat;
 }
 
 /* from defautlt */
@@ -801,7 +788,7 @@ input#dfrn-url {
 
 .wall-item-content-wrapper.comment {
 	margin-left: 50px;
-	background: #CCCCCC;
+	background: #EEEEEE;
 }
 
 .wall-item-photo-wrapper {
@@ -879,7 +866,7 @@ input#dfrn-url {
 
 .comment-edit-wrapper {
 	margin-top: 15px;
-	background: #CCCCCC;
+	background: #f3f3f3;
 	margin-left: 50px;
 }
 
@@ -1876,5 +1863,5 @@ a.mail-list-link {
 }
 
 #birthday-wrapper {
-	margin-bottom: 15px;
+	margin-bottom: 20px;
 }