Merge branch 'master' into openid

12 files changed, 16 insertions, 177 deletions

diff --git a/include/bbcode.php b/include/bbcode.php
index 6b8cb941f..aa6641ca2 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -864,7 +864,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) {
 	// fix any escaped ampersands that may have been converted into links
 	$Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text);
 
-	$Text = preg_replace("/\<(.*?)(src|href)=\"[^hfm#](.*?)\>/ism",'<$1$2="">',$Text);
+	$Text = preg_replace("/\<(.*?)(src|href)=\"[^zhfm#](.*?)\>/ism",'<$1$2="">',$Text);
 
 	$Text = bb_replace_images($Text,$saved_images);
 
diff --git a/include/photos.php b/include/photos.php
index 4841e649d..c2f5ed4ba 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -34,29 +34,11 @@ function photo_upload($channel, $observer, $args) {
 			$album = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y-m');
 	}
 
-	/**
-	 *
-	 * We create a wall item for every photo, but we don't want to
-	 * overwhelm the data stream with a hundred newly uploaded photos.
-	 * So we will make the first photo uploaded to this album in the last several hours
-	 * visible by default, the rest will become visible over time when and if
-	 * they acquire comments, likes, dislikes, and/or tags 
-	 *
-	 */
-
-	$r = q("SELECT * FROM photo WHERE album = '%s' AND uid = %d AND created > %s - INTERVAL %s ",
-		dbesc($album),
-		intval($channel_id),
-		db_utcnow(), db_quoteinterval('3 HOUR')
-	);
-	if((! $r) || ($album == t('Profile Photos')))
+	if(intval($args['visible']) || $args['visible'] === 'true')
 		$visible = 1;
 	else
 		$visible = 0;
 
-	if(intval($args['visible']) || $args['visible'] === 'true')
-		$visible = 1;
-
 	$str_group_allow   = perms2str(((is_array($args['group_allow']))   ? $args['group_allow']   : explode(',',$args['group_allow'])));
 	$str_contact_allow = perms2str(((is_array($args['contact_allow'])) ? $args['contact_allow'] : explode(',',$args['contact_allow'])));
 	$str_group_deny    = perms2str(((is_array($args['group_deny']))    ? $args['group_deny']    : explode(',',$args['group_deny'])));
diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql
index 4e481f5c0..3567085ce 100644
--- a/install/schema_mysql.sql
+++ b/install/schema_mysql.sql
@@ -33,7 +33,8 @@ CREATE TABLE IF NOT EXISTS `abook` (
   KEY `abook_profile` (`abook_profile`),
   KEY `abook_dob` (`abook_dob`),
   KEY `abook_connected` (`abook_connected`),
-  KEY `abook_rating` (`abook_rating`)
+  KEY `abook_rating` (`abook_rating`),
+  KEY `abook_channel_closeness` (`book_channel`,`abook_closeness`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
 
 -- --------------------------------------------------------
diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql
index 20285a352..bc72be445 100644
--- a/install/schema_postgres.sql
+++ b/install/schema_postgres.sql
@@ -29,6 +29,7 @@ CREATE TABLE "abook" (
   create index  "abook_dob" on abook  ("abook_dob");
   create index  "abook_connected" on abook  ("abook_connected");
   create index  "abook_rating" on abook  ("abook_rating");
+  create index  "abook_channel_closeness" on abook ("abook_channel", "abook_closeness");
 
 CREATE TABLE "account" (
   "account_id" serial  NOT NULL,
diff --git a/mod/admin.php b/mod/admin.php
index 5d8faf424..e991fee27 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -13,7 +13,7 @@
 function admin_post(&$a){
 	logger('admin_post', LOGGER_DEBUG);
 
-	if((!is_site_admin()) || ($_SESSION['delegate'])) {
+	if(! is_site_admin()) {
 		return;
 	}
 
@@ -80,7 +80,7 @@ function admin_content(&$a) {
 
 	logger('admin_content', LOGGER_DEBUG);
 
-	if((!is_site_admin()) || ($_SESSION['delegate'])) {
+	if(! is_site_admin()) {
 		return login(false);
 	}
 
diff --git a/mod/delegate.php b/mod/delegate.php
deleted file mode 100644
index cc399b6e5..000000000
--- a/mod/delegate.php
+++ /dev/null
@@ -1,139 +0,0 @@
-<?php
-
-function delegate_content(&$a) {
-
-	if(! local_channel()) {
-		notice( t('Permission denied.') . EOL);
-		return;
-	}
-
-	if($a->argc > 2 && $a->argv[1] === 'add' && intval($a->argv[2])) {
-
-		// delegated admins can view but not change delegation permissions
-
-		if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
-			goaway($a->get_baseurl() . '/delegate');
-
-
-		$id = $a->argv[2];
-
-		$r = q("select `nickname` from user where uid = %d limit 1",
-			intval($id)
-		);
-		if(count($r)) {
-			$r = q("select id from contact where uid = %d and nurl = '%s' limit 1",
-				intval(local_channel()),
-				dbesc(normalise_link($a->get_baseurl() . '/channel/' . $r[0]['nickname']))
-			);
-			if(count($r)) {
-				q("insert into manage ( uid, mid ) values ( %d , %d ) ",
-					intval($a->argv[2]),
-					intval(local_channel())
-				);
-			}
-		}
-		goaway($a->get_baseurl() . '/delegate');
-	}
-
-	if($a->argc > 2 && $a->argv[1] === 'remove' && intval($a->argv[2])) {
-
-		// delegated admins can view but not change delegation permissions
-
-		if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
-			goaway($a->get_baseurl() . '/delegate');
-
-		q("delete from manage where uid = %d and mid = %d",
-			intval($a->argv[2]),
-			intval(local_channel())
-		);
-		goaway($a->get_baseurl() . '/delegate');
-
-	}
-
-	$full_managers = array();
-
-	// These people can manage this account/page with full privilege
-
-	$r = q("SELECT * FROM `user` WHERE `email` = '%s' AND `password` = '%s' ",
-		dbesc($a->user['email']),
-		dbesc($a->user['password'])
-	);
-	if(count($r))
-		$full_managers = $r;
-
-	$delegates = array();
-
-	// find everybody that currently has delegated management to this account/page
-
-	$r = q("select * from user where uid in ( select uid from manage where mid = %d ) ",
-		intval(local_channel())
-	);
-
-	if(count($r))
-		$delegates = $r;
-
-	$uids = array();
-
-	if(count($full_managers))
-		foreach($full_managers as $rr)
-			$uids[] = $rr['uid'];
-
-	if(count($delegates))
-		foreach($delegates as $rr)
-			$uids[] = $rr['uid'];
-
-	// find every contact who might be a candidate for delegation
-
-	$r = q("select nurl from contact where substring_index(contact.nurl,'/',3) = '%s' 
-		and contact.uid = %d and contact.self = 0 and network = '%s' ",
-		dbesc(normalise_link($a->get_baseurl())),
-		intval(local_channel()),
-		dbesc(NETWORK_DFRN)
-	); 
-
-	if(! count($r)) {
-		notice( t('No potential page delegates located.') . EOL);
-		return;
-	}
-
-	$nicknames = array();
-
-	if(count($r)) {
-		foreach($r as $rr) {
-			$nicknames[] = "'" . dbesc(basename($rr['nurl'])) . "'";
-		}
-	}
-
-	$potentials = array();
-
-	$nicks = implode(',',$nicknames);
-
-	// get user records for all potential page delegates who are not already delegates or managers
-
-	$r = q("select `uid`, `username`, `nickname` from user where nickname in ( $nicks )");
-
-	if(count($r))
-		foreach($r as $rr)
-			if(! in_array($rr['uid'],$uids))
-				$potentials[] = $rr;
-
-	$o = replace_macros(get_markup_template('delegate.tpl'),array(
-		'$header' => t('Delegate Page Management'),
-		'$base' => $a->get_baseurl(),
-		'$desc' => t('Delegates are able to manage all aspects of this account/page except for basic account settings. Please do not delegate your personal account to anybody that you do not trust completely.'),
-		'$head_managers' => t('Existing Page Managers'),
-		'$managers' => $full_managers,
-		'$head_delegates' => t('Existing Page Delegates'),
-		'$delegates' => $delegates,
-		'$head_potentials' => t('Potential Delegates'),
-		'$potentials' => $potentials,
-		'$remove' => t('Remove'),
-		'$add' => t('Add'),
-		'$none' => t('No entries.')
-	));
-
-
-	return $o;
-
-
-}
\ No newline at end of file
diff --git a/mod/network.php b/mod/network.php
index 161b06804..d24d665d8 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -342,9 +342,11 @@ function network_content(&$a, $update = 0, $load = false) {
 		$sys = get_sys_channel();
 		$uids = " and item.uid  = " . intval($sys['channel_id']) . " ";
 		$a->data['firehose'] = intval($sys['channel_id']);
+		$abook_uids = "";
 	}
 	else {
 		$uids = " and item.uid = " . local_channel() . " ";
+		$abook_uids = " and abook.abook_channel = " . local_channel() . " ";
 	}
 
 	if(get_pconfig(local_channel(),'system','network_list_mode'))
@@ -376,7 +378,7 @@ function network_content(&$a, $update = 0, $load = false) {
 
 		$items = q("SELECT item.*, item.id AS item_id, received FROM item
 			left join abook on item.author_xchan = abook.abook_xchan
-			WHERE true $uids AND item_restrict = 0
+			WHERE true $uids $abook_uids AND item_restrict = 0
 			and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
 			$simple_update
 			$sql_extra $sql_nets
@@ -407,7 +409,7 @@ function network_content(&$a, $update = 0, $load = false) {
 
 			$r = q("SELECT distinct item.id AS item_id, $ordering FROM item
 				left join abook on item.author_xchan = abook.abook_xchan
-				WHERE true $uids AND item.item_restrict = 0
+				WHERE true $uids $abook_uids AND item.item_restrict = 0
 				AND item.parent = item.id
 				and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
 				$sql_extra3 $sql_extra $sql_nets
@@ -421,7 +423,7 @@ function network_content(&$a, $update = 0, $load = false) {
 				// update
 				$r = q("SELECT item.parent AS item_id FROM item
 					left join abook on item.author_xchan = abook.abook_xchan
-					WHERE true $uids AND item.item_restrict = 0 $simple_update
+					WHERE true $uids $abook_uids AND item.item_restrict = 0 $simple_update
 					and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)
 					$sql_extra3 $sql_extra $sql_nets ",
 					intval(ABOOK_FLAG_BLOCKED)
diff --git a/mod/regmod.php b/mod/regmod.php
index bdb794347..c0a75ef48 100644
--- a/mod/regmod.php
+++ b/mod/regmod.php
@@ -13,7 +13,7 @@ function regmod_content(&$a) {
 		return $o;
 	}
 
-	if((!is_site_admin()) || (x($_SESSION,'submanage') && intval($_SESSION['submanage']))) {
+	if(! is_site_admin()) {
 		notice( t('Permission denied.') . EOL);
 		return '';
 	}
diff --git a/mod/removeaccount.php b/mod/removeaccount.php
index 70979ec15..f3fa53f75 100644
--- a/mod/removeaccount.php
+++ b/mod/removeaccount.php
@@ -5,7 +5,7 @@ function removeaccount_post(&$a) {
 	if(! local_channel())
 		return;
 
-	if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
+	if($_SESSION['delegate'])
 		return;
 
 	if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password']))))
diff --git a/mod/removeme.php b/mod/removeme.php
index ff955775a..b604bc7db 100644
--- a/mod/removeme.php
+++ b/mod/removeme.php
@@ -5,7 +5,7 @@ function removeme_post(&$a) {
 	if(! local_channel())
 		return;
 
-	if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
+	if($_SESSION['delegate'])
 		return;
 
 	if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password']))))
diff --git a/mod/settings.php b/mod/settings.php
index afc05f095..8752a47b2 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -49,9 +49,6 @@ function settings_post(&$a) {
 
 	 logger('mod_settings: ' . print_r($_REQUEST,true));
 
-	if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
-		return;
-
 
 	if((argc() > 1) && (argv(1) === 'oauth') && x($_POST,'remove')){
 		check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
@@ -573,11 +570,6 @@ function settings_content(&$a) {
 	if($channel)
 		head_set_icon($channel['xchan_photo_s']);
 
-//	if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) {
-//		notice( t('Permission denied.') . EOL );
-//		return;
-//	}
-	
 	$yes_no = array(t('No'),t('Yes'));
 		
 	if((argc() > 1) && (argv(1) === 'oauth')) {
diff --git a/version.inc b/version.inc
index 04354188a..4012103ea 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2015-03-10.967
+2015-03-11.968