diff options
| author | Mario Vavti <mario@mariovavti.com> | 2019-03-08 11:52:57 +0100 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2019-03-08 11:52:57 +0100 |
| commit | 8ecdde6cb573ace776b472046388bb046dc59451 (patch) | |
| tree | f568af943a17c3156adf2d34477cd424bc24bd94 /Zotlabs/Module | |
| parent | 90fd323ac54619766feedf699e5f53fce04fc295 (diff) | |
| parent | 5b3824917d591b27c4797971c8253ed67b41dc5a (diff) | |
| download | volse-hubzilla-8ecdde6cb573ace776b472046388bb046dc59451.tar.gz volse-hubzilla-8ecdde6cb573ace776b472046388bb046dc59451.tar.bz2 volse-hubzilla-8ecdde6cb573ace776b472046388bb046dc59451.zip | |
Merge branch '4.0RC'
Diffstat (limited to 'Zotlabs/Module')
38 files changed, 931 insertions, 328 deletions
diff --git a/Zotlabs/Module/Admin.php b/Zotlabs/Module/Admin.php index 8ccdaf4f5..88b84b9d2 100644 --- a/Zotlabs/Module/Admin.php +++ b/Zotlabs/Module/Admin.php @@ -86,7 +86,7 @@ class Admin extends \Zotlabs\Web\Controller { // list total user accounts, expirations etc. $accounts = array(); - $r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN account_expires > %s THEN 1 ELSE NULL END) AS expiring, COUNT(CASE WHEN account_expires < %s AND account_expires > '%s' THEN 1 ELSE NULL END) AS expired, COUNT(CASE WHEN (account_flags & %d)>0 THEN 1 ELSE NULL END) AS blocked FROM account", + $r = q("SELECT COUNT(CASE WHEN account_id > 0 THEN 1 ELSE NULL END) AS total, COUNT(CASE WHEN account_expires > %s THEN 1 ELSE NULL END) AS expiring, COUNT(CASE WHEN account_expires < %s AND account_expires > '%s' THEN 1 ELSE NULL END) AS expired, COUNT(CASE WHEN (account_flags & %d)>0 THEN 1 ELSE NULL END) AS blocked FROM account", db_utcnow(), db_utcnow(), dbesc(NULL_DATE), diff --git a/Zotlabs/Module/Admin/Addons.php b/Zotlabs/Module/Admin/Addons.php index b35922aef..b8e3e3a2e 100644 --- a/Zotlabs/Module/Admin/Addons.php +++ b/Zotlabs/Module/Admin/Addons.php @@ -375,6 +375,9 @@ class Addons { if($files) { foreach($files as $file) { if (is_dir($file)){ + if($file == 'addon/addon_common/') + continue; + list($tmp, $id) = array_map('trim', explode('/', $file)); $info = get_plugin_info($id); $enabled = in_array($id,\App::$plugins); @@ -476,4 +479,4 @@ class Addons { return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name']))); } -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 09b038729..55c8ca928 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -119,7 +119,7 @@ class Site { del_config('system', 'admininfo'); } else { require_once('include/text.php'); - linkify_tags($a, $admininfo, local_channel()); + linkify_tags($admininfo, local_channel()); set_config('system', 'admininfo', $admininfo); } set_config('system','siteinfo',$siteinfo); diff --git a/Zotlabs/Module/Affinity.php b/Zotlabs/Module/Affinity.php new file mode 100644 index 000000000..f0d99f1e7 --- /dev/null +++ b/Zotlabs/Module/Affinity.php @@ -0,0 +1,94 @@ +<?php + +namespace Zotlabs\Module; + +use App; +use Zotlabs\Lib\Apps; +use Zotlabs\Lib\Libsync; + +class Affinity extends \Zotlabs\Web\Controller { + + function post() { + + if(! local_channel()) + return; + + if(! Apps::system_app_installed(local_channel(),'Affinity Tool')) + return; + + check_form_security_token_redirectOnErr('affinity', 'affinity'); + + $cmax = intval($_POST['affinity_cmax']); + if($cmax < 0 || $cmax > 99) + $cmax = 99; + + $cmin = intval($_POST['affinity_cmin']); + if($cmin < 0 || $cmin > 99) + $cmin = 0; + + $lock = intval($_POST['affinity_lock']); + + set_pconfig(local_channel(),'affinity','cmin',$cmin); + set_pconfig(local_channel(),'affinity','cmax',$cmax); + set_pconfig(local_channel(),'affinity','lock',$lock); + + info( t('Affinity Tool settings updated.') . EOL); + + Libsync::build_sync_packet(); + + } + + + function get() { + + if(! local_channel()) + return; + + $desc = t('This app presents a slider control in your connection editor and also on your network page. The slider represents your degree of friendship (affinity) with each connection. It allows you to zoom in or out and display conversations from only your closest friends or everybody in your stream.'); + if(! Apps::system_app_installed(local_channel(),'Affinity Tool')) { + //Do not display any associated widgets at this point + App::$pdl = ''; + + $o = '<b>' . t('Affinity Tool App') . ' (' . t('Not Installed') . '):</b><br>'; + $o .= $desc; + return $o; + } + + $text = t('The numbers below represent the minimum and maximum slider default positions for your network/stream page as a percentage.'); + + $content = '<div class="section-content-info-wrapper">' . $text . '</div>'; + + $cmax = intval(get_pconfig(local_channel(),'affinity','cmax')); + $cmax = (($cmax) ? $cmax : 99); + $content .= replace_macros(get_markup_template('field_input.tpl'), array( + '$field' => array('affinity_cmax', t('Default maximum affinity level'), $cmax, t('0-99 default 99')) + )); + + $cmin = intval(get_pconfig(local_channel(),'affinity','cmin')); + $cmin = (($cmin) ? $cmin : 0); + $content .= replace_macros(get_markup_template('field_input.tpl'), array( + '$field' => array('affinity_cmin', t('Default minimum affinity level'), $cmin, t('0-99 - default 0')) + )); + + $lock = intval(get_pconfig(local_channel(),'affinity','lock',1)); + + $content .= replace_macros(get_markup_template('field_checkbox.tpl'), array( + '$field' => array('affinity_lock', t('Persistent affinity levels'), $lock, t('If disabled the max and min levels will be reset to default after page reload'), ['No','Yes']) + )); + + $tpl = get_markup_template("settings_addon.tpl"); + + $o = replace_macros($tpl, array( + '$action_url' => 'affinity', + '$form_security_token' => get_form_security_token("affinity"), + '$title' => t('Affinity Tool Settings'), + '$content' => $content, + '$baseurl' => z_root(), + '$submit' => t('Submit'), + )); + + return $o; + } + + +} diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index b66de158b..3f0e93de5 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -10,9 +10,13 @@ require_once('include/channel.php'); require_once('include/conversation.php'); require_once('include/acl_selectors.php'); +/** + * @brief Provides the Cards module. + * + */ class Cards extends Controller { - function init() { + public function init() { if(argc() > 1) $which = argv(1); @@ -20,14 +24,15 @@ class Cards extends Controller { return; profile_load($which); - } /** * {@inheritDoc} - * @see \Zotlabs\Web\Controller::get() + * @see \\Zotlabs\\Web\\Controller::get() + * + * @return string Parsed HTML from template 'cards.tpl' */ - function get($update = 0, $load = false) { + public function get($update = 0, $load = false) { if(observer_prohibited(true)) { return login(); @@ -99,7 +104,6 @@ class Cards extends Controller { } - if(perm_is_allowed($owner, $ob_hash, 'write_pages')) { $x = [ @@ -110,7 +114,7 @@ class Cards extends Controller { 'nickname' => $channel['channel_address'], 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel_acl, false, + 'acl' => (($is_owner) ? populate_acl($channel_acl, false, PermissionDescription::fromGlobalPermission('view_pages')) : ''), 'permissions' => $channel_acl, 'showacl' => (($is_owner) ? true : false), diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 5f221ef20..5fdefd805 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -6,6 +6,8 @@ namespace Zotlabs\Module; use App; use Zotlabs\Web\Controller; use Zotlabs\Lib\PermissionDescription; +use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Lib\Libzot; require_once('include/items.php'); require_once('include/security.php'); @@ -44,6 +46,48 @@ class Channel extends Controller { $channel = App::get_channel(); if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $which = $channel['channel_address']; + $profile = argv(1); + } + + $channel = channelx_by_nick($which); + if(! $channel) { + http_status_exit(404, 'Not found'); + } + + // handle zot6 channel discovery + + if(Libzot::is_zot_request()) { + + $sigdata = HTTPSig::verify(file_get_contents('php://input')); + + if($sigdata && $sigdata['signer'] && $sigdata['header_valid']) { + $data = json_encode(Libzot::zotinfo([ 'address' => $channel['channel_address'], 'target_url' => $sigdata['signer'] ])); + $s = q("select site_crypto, hubloc_sitekey from site left join hubloc on hubloc_url = site_url where hubloc_id_url = '%s' and hubloc_network = 'zot6' limit 1", + dbesc($sigdata['signer']) + ); + + if($s) { + $data = json_encode(crypto_encapsulate($data,$s[0]['hubloc_sitekey'],Libzot::best_algorithm($s[0]['site_crypto']))); + } + } + else { + $data = json_encode(Libzot::zotinfo([ 'address' => $channel['channel_address'] ])); + } + + $headers = [ + 'Content-Type' => 'application/x-zot+json', + 'Digest' => HTTPSig::generate_digest_header($data), + '(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'] + ]; + $h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel)); + HTTPSig::set_headers($h); + echo $data; + killme(); + } + + + if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { $which = $channel['channel_address']; $profile = argv(1); } diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index 779c7e646..2e653d030 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -106,7 +106,7 @@ class Chanview extends \Zotlabs\Web\Controller { if (\App::$poi) { $url = \App::$poi['xchan_url']; - if(\App::$poi['xchan_network'] === 'zot') { + if(in_array(\App::$poi['xchan_network'], ['zot', 'zot6'])) { $is_zot = true; } if(local_channel()) { diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 3d7ee449a..a587324df 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -8,6 +8,7 @@ namespace Zotlabs\Module; */ use Zotlabs\Lib\Apps; +use Zotlabs\Lib\Libzot; require_once('include/socgraph.php'); require_once('include/selectors.php'); @@ -100,7 +101,8 @@ class Connedit extends \Zotlabs\Web\Controller { } - $profile_id = $_POST['profile_assign']; + $profile_id = ((array_key_exists('profile_assign',$_POST)) ? $_POST['profile_assign'] : $orig_record[0]['abook_profile']); + if($profile_id) { $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND uid = %d LIMIT 1", dbesc($profile_id), @@ -112,18 +114,23 @@ class Connedit extends \Zotlabs\Web\Controller { } } - $abook_incl = escape_tags($_POST['abook_incl']); - $abook_excl = escape_tags($_POST['abook_excl']); - + $abook_incl = ((array_key_exists('abook_incl',$_POST)) ? escape_tags($_POST['abook_incl']) : $orig_record[0]['abook_incl']); + $abook_excl = ((array_key_exists('abook_excl',$_POST)) ? escape_tags($_POST['abook_excl']) : $orig_record[0]['abook_excl']); + + $hidden = intval($_POST['hidden']); $priority = intval($_POST['poll']); if($priority > 5 || $priority < 0) $priority = 0; + if(! array_key_exists('closeness',$_POST)) { + $_POST['closeness'] = 80; + } $closeness = intval($_POST['closeness']); - if($closeness < 0) - $closeness = 99; + if($closeness < 0 || $closeness > 99) { + $closeness = 80; + } $rating = intval($_POST['rating']); if($rating < (-10)) @@ -230,6 +237,8 @@ class Connedit extends \Zotlabs\Web\Controller { } $abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']); + + $r = q("UPDATE abook SET abook_profile = '%s', abook_closeness = %d, abook_pending = %d, abook_incl = '%s', abook_excl = '%s' @@ -475,6 +484,10 @@ class Connedit extends \Zotlabs\Web\Controller { if(! zot_refresh($orig_record[0],\App::get_channel())) notice( t('Refresh failed - channel is currently unavailable.') ); } + elseif($orig_record[0]['xchan_network'] === 'zot6') { + if(! Libzot::refresh($orig_record[0],\App::get_channel())) + notice( t('Refresh failed - channel is currently unavailable.') ); + } else { // if you are on a different network we'll force a refresh of the connection basic info @@ -697,7 +710,7 @@ class Connedit extends \Zotlabs\Web\Controller { $tpl = get_markup_template("abook_edit.tpl"); - if(feature_enabled(local_channel(),'affinity')) { + if(Apps::system_app_installed(local_channel(),'Affinity Tool')) { $sections['affinity'] = [ 'label' => t('Affinity'), @@ -728,9 +741,12 @@ class Connedit extends \Zotlabs\Web\Controller { } $slider_tpl = get_markup_template('contact_slider.tpl'); + + $slideval = intval($contact['abook_closeness']); + $slide = replace_macros($slider_tpl,array( '$min' => 1, - '$val' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 99), + '$val' => $slideval, '$labels' => $label_str, )); } @@ -887,7 +903,7 @@ class Connedit extends \Zotlabs\Web\Controller { '$inherited' => t('inherited'), '$submit' => t('Submit'), '$lbl_vis2' => sprintf( t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), - '$close' => $contact['abook_closeness'], + '$close' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 80), '$them' => t('Their Settings'), '$me' => t('My Settings'), '$perms' => $perms, diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index e3691702d..04e5f9fce 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -178,8 +178,7 @@ class Display extends \Zotlabs\Web\Controller { $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); - - + $simple_update = (($update) ? " AND item_unseen = 1 " : ''); if($update && $_SESSION['loadtime']) @@ -314,7 +313,7 @@ class Display extends \Zotlabs\Web\Controller { } } - if(! $r) { + if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index 76e07b147..2c125b7a9 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -17,9 +17,17 @@ class Dreport extends \Zotlabs\Web\Controller { $mid = ((argc() > 1) ? argv(1) : ''); + if(strpos($mid,'b64.') === 0) + $mid = @base64url_decode(substr($mid,4)); + + if($mid === 'push') { $table = 'push'; $mid = ((argc() > 2) ? argv(2) : ''); + + if(strpos($mid,'b64.') === 0) + $mid = @base64url_decode(substr($mid,4)); + if($mid) { $i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ", dbesc($mid), @@ -38,6 +46,9 @@ class Dreport extends \Zotlabs\Web\Controller { if($mid === 'mail') { $table = 'mail'; $mid = ((argc() > 2) ? argv(2) : ''); + if(strpos($mid,'b64.') === 0) + $mid = @base64url_decode(substr($mid,4)); + } @@ -69,8 +80,9 @@ class Dreport extends \Zotlabs\Web\Controller { return; } - $r = q("select * from dreport where dreport_xchan = '%s' and dreport_mid = '%s'", + $r = q("select * from dreport where (dreport_xchan = '%s' or dreport_xchan = '%s') and dreport_mid = '%s'", dbesc($channel['channel_hash']), + dbesc($channel['channel_portable_id']), dbesc($mid) ); @@ -80,7 +92,6 @@ class Dreport extends \Zotlabs\Web\Controller { } for($x = 0; $x < count($r); $x++ ) { - $r[$x]['name'] = escape_tags(substr($r[$x]['dreport_recip'],strpos($r[$x]['dreport_recip'],' '))); // This has two purposes: 1. make the delivery report strings translateable, and // 2. assign an ordering to item delivery results so we can group them and provide @@ -138,14 +149,14 @@ class Dreport extends \Zotlabs\Web\Controller { $entries = array(); foreach($r as $rr) { $entries[] = [ - 'name' => $rr['name'], + 'name' => escape_tags($rr['dreport_name'] ?: $rr['dreport_recip']), 'result' => escape_tags($rr['dreport_result']), 'time' => escape_tags(datetime_convert('UTC',date_default_timezone_get(),$rr['dreport_time'])) ]; } $o = replace_macros(get_markup_template('dreport.tpl'), array( - '$title' => sprintf( t('Delivery report for %1$s'),substr($mid,0,32)) . '...', + '$title' => sprintf( t('Delivery report for %1$s'),basename($mid)) . '...', '$table' => $table, '$mid' => urlencode($mid), '$options' => t('Options'), @@ -162,9 +173,9 @@ class Dreport extends \Zotlabs\Web\Controller { private static function dreport_gravity_sort($a,$b) { if($a['gravity'] == $b['gravity']) { - if($a['name'] === $b['name']) + if($a['dreport_name'] === $b['dreport_name']) return strcmp($a['dreport_time'],$b['dreport_time']); - return strcmp($a['name'],$b['name']); + return strcmp($a['dreport_name'],$b['dreport_name']); } return (($a['gravity'] > $b['gravity']) ? 1 : (-1)); } diff --git a/Zotlabs/Module/Embed.php b/Zotlabs/Module/Embed.php new file mode 100644 index 000000000..77b9254dd --- /dev/null +++ b/Zotlabs/Module/Embed.php @@ -0,0 +1,22 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/security.php'); +require_once('include/bbcode.php'); + + +class Embed extends \Zotlabs\Web\Controller { + + function init() { + + $post_id = ((argc() > 1) ? intval(argv(1)) : 0); + + if(! $post_id) + killme(); + + echo '[share=' . $post_id . '][/share]'; + killme(); + + } + +} diff --git a/Zotlabs/Module/Embedphotos.php b/Zotlabs/Module/Embedphotos.php index bcbb0e116..2df14c239 100644 --- a/Zotlabs/Module/Embedphotos.php +++ b/Zotlabs/Module/Embedphotos.php @@ -3,8 +3,10 @@ namespace Zotlabs\Module; /** - * @brief + * @brief Embedphoto endpoint. * + * Provide an AJAX endpoint to fill the embedPhotoModal with folders and photos + * selection. */ class Embedphotos extends \Zotlabs\Web\Controller { @@ -13,42 +15,42 @@ class Embedphotos extends \Zotlabs\Web\Controller { } /** + * @brief This is the POST destination for the embedphotos button. * - * This is the POST destination for the embedphotos button - * + * @return string A JSON string. */ - function post() { + public function post() { if (argc() > 1 && argv(1) === 'album') { // API: /embedphotos/album - $name = (x($_POST,'name') ? $_POST['name'] : null ); - if(!$name) { + $name = (x($_POST, 'name') ? $_POST['name'] : null ); + if (!$name) { json_return_and_die(array('errormsg' => 'Error retrieving album', 'status' => false)); } $album = $this->embedphotos_widget_album(array('channel' => \App::get_channel(), 'album' => $name)); json_return_and_die(array('status' => true, 'content' => $album)); } - if(argc() > 1 && argv(1) === 'albumlist') { + if (argc() > 1 && argv(1) === 'albumlist') { // API: /embedphotos/albumlist - $album_list = $this->embedphotos_album_list($a); + $album_list = $this->embedphotos_album_list(); json_return_and_die(array('status' => true, 'albumlist' => $album_list)); } - if(argc() > 1 && argv(1) === 'photolink') { + if (argc() > 1 && argv(1) === 'photolink') { // API: /embedphotos/photolink - $href = (x($_POST,'href') ? $_POST['href'] : null ); - if(!$href) { + $href = (x($_POST, 'href') ? $_POST['href'] : null ); + if (!$href) { json_return_and_die(array('errormsg' => 'Error retrieving link ' . $href, 'status' => false)); } - $resource_id = array_pop(explode("/", $href)); + $resource_id = array_pop(explode('/', $href)); $r = q("SELECT obj from item where resource_type = 'photo' and resource_id = '%s' limit 1", dbesc($resource_id) ); - if(!$r) { + if (!$r) { json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false)); } $obj = json_decode($r[0]['obj'], true); - if(x($obj,'body')) { + if (x($obj, 'body')) { $photolink = $obj['body']; - } elseif (x($obj,'bbcode')) { + } elseif (x($obj, 'bbcode')) { $photolink = $obj['bbcode']; } else { json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false)); @@ -58,48 +60,51 @@ class Embedphotos extends \Zotlabs\Web\Controller { } /** - * Copied from include/widgets.php::widget_album() with a modification to get the profile_uid from - * the input array as in widget_item() + * @brief Get photos from an album. + * + * @see \\Zotlabs\\Widget\\Album::widget() * - * @param array $args - * @return string with HTML + * @param array $args associative array with + * * \e array \b channel + * * \e string \b album + * @return string with HTML code from 'photo_album.tpl' */ - function embedphotos_widget_album($args) { - + protected function embedphotos_widget_album($args) { $channel_id = 0; - if(array_key_exists('channel', $args)) + + if (array_key_exists('channel', $args)) { $channel = $args['channel']; - $channel_id = intval($channel['channel_id']); - if(! $channel_id) + $channel_id = intval($channel['channel_id']); + } + if (! $channel_id) $channel_id = \App::$profile_uid; - if(! $channel_id) + if (! $channel_id) return ''; - $owner_uid = $channel_id; require_once('include/security.php'); $sql_extra = permissions_sql($channel_id); - if(! perm_is_allowed($channel_id,get_observer_hash(),'view_storage')) + if (! perm_is_allowed($channel_id, get_observer_hash(), 'view_storage')) return ''; - if($args['album']) + if (isset($args['album'])) $album = (($args['album'] === '/') ? '' : $args['album']); - if($args['title']) + if (isset($args['title'])) $title = $args['title']; /** - * This may return incorrect permissions if you have multiple directories of the same name. + * @note This may return incorrect permissions if you have multiple directories of the same name. * It is a limitation of the photo table using a name for a photo album instead of a folder hash */ - if($album) { + if ($album) { require_once('include/attach.php'); $x = q("select hash from attach where filename = '%s' and uid = %d limit 1", dbesc($album), - intval($owner_uid) + intval($channel_id) ); - if($x) { - $y = attach_can_view_folder($owner_uid,get_observer_hash(),$x[0]['hash']); - if(! $y) + if ($x) { + $y = attach_can_view_folder($channel_id, get_observer_hash(), $x[0]['hash']); + if (! $y) return ''; } } @@ -110,30 +115,33 @@ class Embedphotos extends \Zotlabs\Web\Controller { (SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) $sql_extra GROUP BY resource_id) ph ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale) ORDER BY created $order", - intval($owner_uid), + intval($channel_id), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE) ); - $photos = array(); - if(count($r)) { + $photos = []; + if (count($r)) { $twist = 'rotright'; - foreach($r as $rr) { - if($twist == 'rotright') + foreach ($r as $rr) { + if ($twist == 'rotright') $twist = 'rotleft'; else $twist = 'rotright'; + $ph = photo_factory(''); + $phototypes = $ph->supportedTypes(); + $ext = $phototypes[$rr['mimetype']]; $imgalt_e = $rr['filename']; $desc_e = $rr['description']; - $imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id'] + $imagelink = (z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $rr['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '')); - $photos[] = array( + $photos[] = [ 'id' => $rr['id'], 'twist' => ' ' . $twist . rand(2,4), 'link' => $imagelink, @@ -143,35 +151,43 @@ class Embedphotos extends \Zotlabs\Web\Controller { 'desc'=> $desc_e, 'ext' => $ext, 'hash'=> $rr['resource_id'], - 'unknown' => t('Unknown') - ); + 'unknown' => t('Unknown'), + ]; } } $tpl = get_markup_template('photo_album.tpl'); - $o .= replace_macros($tpl, array( + $o = replace_macros($tpl, [ '$photos' => $photos, '$album' => (($title) ? $title : $album), '$album_id' => rand(), - '$album_edit' => array(t('Edit Album'), $album_edit), + '$album_edit' => array(t('Edit Album'), false), '$can_post' => false, '$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$profile['channel_address'] . '/upload/' . bin2hex($album)), '$order' => false, - '$upload_form' => $upload_form, - '$no_fullscreen_btn' => true - )); + '$upload_form' => '', + '$no_fullscreen_btn' => true, + ]); return $o; } - function embedphotos_album_list($a) { + /** + * @brief Get albums observer is allowed to see. + * + * @see photos_albums_list() + * + * @return NULL|array + */ + protected function embedphotos_album_list() { require_once('include/photos.php'); $p = photos_albums_list(\App::get_channel(), \App::get_observer()); - if($p['success']) { + + if ($p['success']) { return $p['albums']; - } else { - return null; } + + return null; } } diff --git a/Zotlabs/Module/Events.php b/Zotlabs/Module/Events.php index 7e5204e62..e883db49f 100644 --- a/Zotlabs/Module/Events.php +++ b/Zotlabs/Module/Events.php @@ -97,8 +97,8 @@ class Events extends \Zotlabs\Web\Controller { $type = escape_tags(trim($_POST['type'])); require_once('include/text.php'); - linkify_tags($a, $desc, local_channel()); - linkify_tags($a, $location, local_channel()); + linkify_tags($desc, local_channel()); + linkify_tags($location, local_channel()); //$action = ($event_hash == '') ? 'new' : "event/" . $event_hash; diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index 23bd63f95..2c247cd65 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -5,6 +5,8 @@ namespace Zotlabs\Module; * */ + + class Filestorage extends \Zotlabs\Web\Controller { function post() { @@ -71,14 +73,6 @@ class Filestorage extends \Zotlabs\Web\Controller { return; } - // Since we have ACL'd files in the wild, but don't have ACL here yet, we - // need to return for anyone other than the owner, despite the perms check for now. - - $is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false); - if(! ($is_owner || is_site_admin())){ - info( t('Permission Denied.') . EOL ); - return; - } if(argc() > 3 && argv(3) === 'delete') { @@ -101,18 +95,31 @@ class Filestorage extends \Zotlabs\Web\Controller { } $file = intval(argv(2)); - $r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1", + $r = q("SELECT hash, creator FROM attach WHERE id = %d AND uid = %d LIMIT 1", dbesc($file), intval($owner) ); if(! $r) { + notice( t('File not found.') . EOL); + if($json_return) json_return_and_die([ 'success' => false ]); - notice( t('File not found.') . EOL); goaway(z_root() . '/cloud/' . $which); } + if(local_channel() !== $owner) { + if($r[0]['creator'] && $r[0]['creator'] !== $ob_hash) { + notice( t('Permission denied.') . EOL); + + if($json_return) + json_return_and_die([ 'success' => false ]); + + goaway(z_root() . '/cloud/' . $which); + } + } + + $f = $r[0]; $channel = channelx_by_n($owner); @@ -134,6 +141,19 @@ class Filestorage extends \Zotlabs\Web\Controller { goaway(dirname($url)); } + + + + // Since we have ACL'd files in the wild, but don't have ACL here yet, we + // need to return for anyone other than the owner, despite the perms check for now. + + $is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false); + if(! ($is_owner || is_site_admin())){ + info( t('Permission Denied.') . EOL ); + return; + } + + if(argc() > 3 && argv(3) === 'edit') { require_once('include/acl_selectors.php'); if(! $perms['write_storage']) { diff --git a/Zotlabs/Module/Group.php b/Zotlabs/Module/Group.php index c8ccaa2cb..12edf8428 100644 --- a/Zotlabs/Module/Group.php +++ b/Zotlabs/Module/Group.php @@ -66,6 +66,9 @@ class Group extends Controller { $groupname = notags(trim($_POST['groupname'])); $public = intval($_POST['public']); + $hookinfo = [ 'pgrp_extras' => '', 'group'=>$group['id'] ]; + call_hooks ('privacygroup_extras_post',$hookinfo); + if((strlen($groupname)) && (($groupname != $group['gname']) || ($public != $group['visible']))) { $r = q("UPDATE pgrp SET gname = '%s', visible = %d WHERE uid = %d AND id = %d", dbesc($groupname), @@ -75,6 +78,8 @@ class Group extends Controller { ); if($r) info( t('Privacy group updated.') . EOL ); + + build_sync_packet(local_channel(),null,true); } @@ -127,6 +132,10 @@ class Group extends Controller { $i++; } + $hookinfo = [ 'pgrp_extras' => '', 'group'=>argv(1) ]; + call_hooks ('privacygroup_extras',$hookinfo); + $pgrp_extras = $hookinfo['pgrp_extras']; + $tpl = get_markup_template('privacy_groups.tpl'); $o = replace_macros($tpl, [ '$title' => t('Privacy Groups'), @@ -136,6 +145,7 @@ class Group extends Controller { // new group form '$gname' => array('groupname',t('Privacy group name')), '$public' => array('public',t('Members are visible to other channels'), false), + '$pgrp_extras' => $pgrp_extras, '$form_security_token' => get_form_security_token("group_edit"), '$submit' => t('Submit'), @@ -166,8 +176,11 @@ class Group extends Controller { ); if($r) $result = group_rmv(local_channel(),$r[0]['gname']); - if($result) + if($result) { + $hookinfo = [ 'pgrp_extras' => '', 'group'=>$argv(2) ]; + call_hooks ('privacygroup_extras_drop',$hookinfo); info( t('Privacy group removed.') . EOL); + } else notice( t('Unable to remove privacy group.') . EOL); } @@ -230,6 +243,10 @@ class Group extends Controller { } } + $hookinfo = [ 'pgrp_extras' => '', 'group'=>$group['id'] ]; + call_hooks ('privacygroup_extras',$hookinfo); + $pgrp_extras = $hookinfo['pgrp_extras']; + $context = $context + array( '$title' => sprintf(t('Privacy Group: %s'), $group['gname']), '$details_label' => t('Edit'), @@ -240,6 +257,7 @@ class Group extends Controller { '$form_security_token_edit' => get_form_security_token('group_edit'), '$delete' => t('Delete Group'), '$form_security_token_drop' => get_form_security_token("group_drop"), + '$pgrp_extras' => $pgrp_extras, ); } @@ -283,6 +301,7 @@ class Group extends Controller { $context['$groupeditor'] = $groupeditor; $context['$desc'] = t('Click a channel to toggle membership'); + $context['$pgrp_extras'] = $pgrp_extras; if($change) { $tpl = get_markup_template('groupeditor.tpl'); diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php new file mode 100644 index 000000000..15abfa2a3 --- /dev/null +++ b/Zotlabs/Module/Id.php @@ -0,0 +1,119 @@ +<?php + +namespace Zotlabs\Module; + +/** + * + * Controller for responding to x-zot: protocol requests + * x-zot:_jkfRG85nJ-714zn-LW_VbTFW8jSjGAhAydOcJzHxqHkvEHWG2E0RbA_pbch-h4R63RG1YJZifaNzgccoLa3MQ/453c1678-1a79-4af7-ab65-6b012f6cab77 + * + */ + +use Zotlabs\Lib\Activity; +use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\LDSignatures; +use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\Controller; +use Zotlabs\Lib\Libzot; +use Zotlabs\Lib\ThreadListener; +use Zotlabs\Lib\IConfig; +use Zotlabs\Lib\Enotify; +use App; + +require_once('include/attach.php'); +require_once('include/bbcode.php'); +require_once('include/security.php'); + + +class Id extends Controller { + + function init() { + + if(Libzot::is_zot_request()) { + + $conversation = false; + + $request_portable_id = argv(1); + if(argc() > 2) { + $item_id = argv(2); + } + + $portable_id = EMPTY_STR; + + $sigdata = HTTPSig::verify(EMPTY_STR); + if($sigdata['portable_id'] && $sigdata['header_valid']) { + $portable_id = $sigdata['portable_id']; + } + + + $chan = channelx_by_hash($request_portable_id); + + if($chan) { + $channel_id = $chan['channel_id']; + if(! $item_id) { + $handler = new Channel(); + App::$argc = 2; + App::$argv[0] = 'channel'; + App::$argv[1] = $chan['channel_address']; + $handler->init(); + } + } + else { + http_status_exit(404, 'Not found'); + } + + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + + $sql_extra = item_permissions_sql(0); + + $r = q("select * from item where uuid = '%s' $item_normal $sql_extra and uid = %d limit 1", + dbesc($item_id), + intval($channel_id) + ); + if(! $r) { + + $r = q("select * from item where uuid = '%s' $item_normal and uid = %d limit 1", + dbesc($item_id), + intval($channel_id) + ); + if($r) { + http_status_exit(403, 'Forbidden'); + } + http_status_exit(404, 'Not found'); + } + + if(! perm_is_allowed($chan['channel_id'],get_observer_hash(),'view_stream')) + http_status_exit(403, 'Forbidden'); + + xchan_query($r,true); + $items = fetch_post_tags($r,true); + + $i = Activity::encode_item($items[0]); + + if(! $i) + http_status_exit(404, 'Not found'); + + $x = array_merge(['@context' => [ + ACTIVITYSTREAMS_JSONLD_REV, + 'https://w3id.org/security/v1', + z_root() . ZOT_APSCHEMA_REV + ]], $i); + + $headers = []; + $headers['Content-Type'] = 'application/x-zot+json' ; + $ret = json_encode($x, JSON_UNESCAPED_SLASHES); + $headers['Digest'] = HTTPSig::generate_digest_header($ret); + $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; + $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],channel_url($chan)); + HTTPSig::set_headers($h); + echo $ret; + killme(); + + } + + } + +} + + diff --git a/Zotlabs/Module/Impel.php b/Zotlabs/Module/Impel.php index 0c372bd96..e05027d9f 100644 --- a/Zotlabs/Module/Impel.php +++ b/Zotlabs/Module/Impel.php @@ -133,9 +133,11 @@ class Impel extends \Zotlabs\Web\Controller { $arr['author_xchan'] = (($j['author_xchan']) ? $j['author_xchan'] : get_observer_hash()); $arr['mimetype'] = (($j['mimetype']) ? $j['mimetype'] : 'text/bbcode'); - if(! $j['mid']) - $j['mid'] = item_message_id(); - + if(! $j['mid']) { + $j['uuid'] = item_message_id(); + $j['mid'] = z_root() . '/item/' . $j['uuid']; + } + $arr['uuid'] = $j['uuid']; $arr['mid'] = $arr['parent_mid'] = $j['mid']; diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 2ee639874..ebcf632ef 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -2,6 +2,23 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\IConfig; +use Zotlabs\Lib\Enotify; +use Zotlabs\Web\Controller; +use Zotlabs\Daemon\Master; +use Zotlabs\Lib\Activity; +use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\LDSignatures; +use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Lib\Libzot; +use Zotlabs\Lib\ThreadListener; +use App; + +require_once('include/crypto.php'); +require_once('include/items.php'); +require_once('include/security.php'); + + /** * * This is the POST destination for most all locally posted @@ -17,16 +34,146 @@ namespace Zotlabs\Module; * */ -require_once('include/crypto.php'); -require_once('include/items.php'); -require_once('include/attach.php'); -require_once('include/bbcode.php'); -require_once('include/security.php'); +class Item extends Controller { + + + function init() { + + if(Libzot::is_zot_request()) { + + $conversation = false; + + $item_id = argv(1); + + if(! $item_id) + http_status_exit(404, 'Not found'); + + + $portable_id = EMPTY_STR; + + $sigdata = HTTPSig::verify(EMPTY_STR); + if($sigdata['portable_id'] && $sigdata['header_valid']) { + $portable_id = $sigdata['portable_id']; + } + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + + $sql_extra = item_permissions_sql(0); + + $r = q("select * from item where mid = '%s' $item_normal $sql_extra limit 1", + dbesc(z_root() . '/item/' . $item_id) + ); + if(! $r) { + + + $r = q("select * from item where mid = '%s' $item_normal limit 1", + dbesc(z_root() . '/item/' . $item_id) + ); + if($r) { + http_status_exit(403, 'Forbidden'); + } + http_status_exit(404, 'Not found'); + } + + + $items = q("select parent as item_id from item where mid = '%s' and uid = %d $item_normal $sql_extra ", + dbesc($r[0]['parent_mid']), + intval($r[0]['uid']) + ); + if(! $items) { + http_status_exit(404, 'Not found'); + } + + $r = $items; + + $parents_str = ids_to_querystr($r,'item_id'); + + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal $sql_extra ", + dbesc($parents_str) + ); + + if(! $items) { + http_status_exit(404, 'Not found'); + } + + $r = $items; + xchan_query($r,true); + $items = fetch_post_tags($r,true); + + $observer = App::get_observer(); + $parent = $items[0]; + $recips = (($parent['owner']['xchan_network'] === 'activitypub') ? get_iconfig($parent['id'],'activitypub','recips', []) : []); + $to = (($recips && array_key_exists('to',$recips) && is_array($recips['to'])) ? $recips['to'] : null); + $nitems = []; + foreach($items as $i) { + + $mids = []; + + if(intval($i['item_private'])) { + if(! $observer) { + continue; + } + // ignore private reshare, possibly from hubzilla + if($i['verb'] === 'Announce') { + if(! in_array($i['thr_parent'],$mids)) { + $mids[] = $i['thr_parent']; + } + continue; + } + // also ignore any children of the private reshares + if(in_array($i['thr_parent'],$mids)) { + continue; + } + + if((! $to) || (! in_array($observer['xchan_url'],$to))) { + continue; + } + + } + $nitems[] = $i; + } + + if(! $nitems) + http_status_exit(404, 'Not found'); + + $chan = channelx_by_n($nitems[0]['uid']); + + if(! $chan) + http_status_exit(404, 'Not found'); + + if(! perm_is_allowed($chan['channel_id'],get_observer_hash(),'view_stream')) + http_status_exit(403, 'Forbidden'); + + $i = Activity::encode_item_collection($nitems,'conversation/' . $item_id,'OrderedCollection',( defined('NOMADIC') ? false : true)); + if($portable_id) { + ThreadListener::store(z_root() . '/item/' . $item_id,$portable_id); + } + + if(! $i) + http_status_exit(404, 'Not found'); + + $x = array_merge(['@context' => [ + ACTIVITYSTREAMS_JSONLD_REV, + 'https://w3id.org/security/v1', + z_root() . ZOT_APSCHEMA_REV + ]], $i); + + $headers = []; + $headers['Content-Type'] = 'application/x-zot+json' ; + $x['signature'] = LDSignatures::sign($x,$chan); + $ret = json_encode($x, JSON_UNESCAPED_SLASHES); + $headers['Digest'] = HTTPSig::generate_digest_header($ret); + $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; + $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],channel_url($chan)); + HTTPSig::set_headers($h); + echo $ret; + killme(); + + } + } -use \Zotlabs\Lib as Zlib; -class Item extends \Zotlabs\Web\Controller { function post() { @@ -392,6 +539,7 @@ class Item extends \Zotlabs\Web\Controller { $verb = $orig_post['verb']; $app = $orig_post['app']; $title = escape_tags(trim($_REQUEST['title'])); + $summary = trim($_REQUEST['summary']); $body = trim($_REQUEST['body']); $item_flags = $orig_post['item_flags']; @@ -454,6 +602,7 @@ class Item extends \Zotlabs\Web\Controller { $coord = notags(trim($_REQUEST['coord'])); $verb = notags(trim($_REQUEST['verb'])); $title = escape_tags(trim($_REQUEST['title'])); + $summary = trim($_REQUEST['summary']); $body = trim($_REQUEST['body']); $body .= trim($_REQUEST['attachment']); $postopts = ''; @@ -505,12 +654,14 @@ class Item extends \Zotlabs\Web\Controller { && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false); if($preview) { + $summary = z_input_filter($summary,$mimetype,$execflag); $body = z_input_filter($body,$mimetype,$execflag); } - $arr = [ 'profile_uid' => $profile_uid, 'content' => $body, 'mimetype' => $mimetype ]; + $arr = [ 'profile_uid' => $profile_uid, 'summary' => $summary, 'content' => $body, 'mimetype' => $mimetype ]; call_hooks('post_content',$arr); + $summary = $arr['summary']; $body = $arr['content']; $mimetype = $arr['mimetype']; @@ -531,10 +682,24 @@ class Item extends \Zotlabs\Web\Controller { // we may need virtual or template classes to implement the possible alternatives + if(strpos($body,'[/summary]') !== false) { + $match = ''; + $cnt = preg_match("/\[summary\](.*?)\[\/summary\]/ism",$body,$match); + if($cnt) { + $summary .= $match[1]; + } + $body_content = preg_replace("/^(.*?)\[summary\](.*?)\[\/summary\](.*?)$/ism", '',$body); + $body = trim($body_content); + } + + $summary = cleanup_bbcode($summary); + $body = cleanup_bbcode($body); // Look for tags and linkify them - $results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid); + + $results = linkify_tags($summary, ($uid) ? $uid : $profile_uid); + $results = linkify_tags($body, ($uid) ? $uid : $profile_uid); if($results) { @@ -579,6 +744,9 @@ class Item extends \Zotlabs\Web\Controller { if(! $preview) { fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); + fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($summary,'[/crypt]')) ? $_POST['media_str'] : $summary),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); + + fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); } @@ -616,9 +784,9 @@ class Item extends \Zotlabs\Web\Controller { if(preg_match_all('/(\[share=(.*?)\](.*?)\[\/share\])/',$body,$match)) { + // process share by id - $verb = ACTIVITY_SHARE; $i = 0; foreach($match[2] as $mtch) { $reshare = new \Zotlabs\Lib\Share($mtch); @@ -711,7 +879,8 @@ class Item extends \Zotlabs\Web\Controller { $notify_type = (($parent) ? 'comment-new' : 'wall-new' ); if(! $mid) { - $mid = (($message_id) ? $message_id : item_message_id()); + $uuid = (($message_id) ? $message_id : item_message_id()); + $mid = z_root() . '/item/' . $uuid; } @@ -736,7 +905,7 @@ class Item extends \Zotlabs\Web\Controller { // fix permalinks for cards if($webpage == ITEM_TYPE_CARD) { - $plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : substr($mid,0,16)); + $plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : $uuid); } if(($parent_item) && ($parent_item['item_type'] == ITEM_TYPE_CARD)) { $r = q("select v from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.iid = %d limit 1", @@ -748,7 +917,7 @@ class Item extends \Zotlabs\Web\Controller { } if($webpage == ITEM_TYPE_ARTICLE) { - $plink = z_root() . '/articles/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : substr($mid,0,16)); + $plink = z_root() . '/articles/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : $uuid); } if(($parent_item) && ($parent_item['item_type'] == ITEM_TYPE_ARTICLE)) { $r = q("select v from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.iid = %d limit 1", @@ -760,12 +929,13 @@ class Item extends \Zotlabs\Web\Controller { } if ((! $plink) && ($item_thread_top)) { - $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid; + $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . gen_link_id($mid); $plink = substr($plink,0,190); } $datarray['aid'] = $channel['channel_account_id']; $datarray['uid'] = $profile_uid; + $datarray['uuid'] = $uuid; $datarray['owner_xchan'] = (($owner_hash) ? $owner_hash : $owner_xchan['xchan_hash']); $datarray['author_xchan'] = $observer['xchan_hash']; $datarray['created'] = $created; @@ -778,6 +948,7 @@ class Item extends \Zotlabs\Web\Controller { $datarray['parent_mid'] = $parent_mid; $datarray['mimetype'] = $mimetype; $datarray['title'] = $title; + $datarray['summary'] = $summary; $datarray['body'] = $body; $datarray['app'] = $app; $datarray['location'] = $location; @@ -887,12 +1058,12 @@ class Item extends \Zotlabs\Web\Controller { $datarray['title'] = mb_substr($datarray['title'],0,191); if($webpage) { - Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage), - (($pagetitle) ? $pagetitle : substr($datarray['mid'],0,16)),true); + IConfig::Set($datarray,'system', webpage_to_namespace($webpage), + (($pagetitle) ? $pagetitle : basename($datarray['mid'])), true); } elseif($namespace) { - Zlib\IConfig::Set($datarray,'system', $namespace, - (($remote_id) ? $remote_id : substr($datarray['mid'],0,16)),true); + IConfig::Set($datarray,'system', $namespace, + (($remote_id) ? $remote_id : basename($datarray['mid'])), true); } @@ -924,7 +1095,7 @@ class Item extends \Zotlabs\Web\Controller { } } if(! $nopush) - \Zotlabs\Daemon\Master::Summon(array('Notifier', 'edit_post', $post_id)); + Master::Summon([ 'Notifier', 'edit_post', $post_id ]); if($api_source) @@ -959,7 +1130,7 @@ class Item extends \Zotlabs\Web\Controller { // otherwise it will happen during delivery if(($datarray['owner_xchan'] != $datarray['author_xchan']) && (intval($parent_item['item_wall']))) { - Zlib\Enotify::submit(array( + Enotify::submit(array( 'type' => NOTIFY_COMMENT, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], @@ -977,7 +1148,7 @@ class Item extends \Zotlabs\Web\Controller { $parent = $post_id; if(($datarray['owner_xchan'] != $datarray['author_xchan']) && ($datarray['item_type'] == ITEM_TYPE_POST)) { - Zlib\Enotify::submit(array( + Enotify::submit(array( 'type' => NOTIFY_WALL, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], @@ -1039,7 +1210,7 @@ class Item extends \Zotlabs\Web\Controller { call_hooks('post_local_end', $datarray); if(! $nopush) - \Zotlabs\Daemon\Master::Summon(array('Notifier', $notify_type, $post_id)); + Master::Summon([ 'Notifier', $notify_type, $post_id ]); logger('post_complete'); diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index fd192538e..3d1f503b6 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -1,6 +1,8 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Activity; + require_once('include/security.php'); require_once('include/bbcode.php'); require_once('include/items.php'); @@ -374,10 +376,13 @@ class Like extends \Zotlabs\Web\Controller { } } - $mid = item_message_id(); + $uuid = item_message_id(); $arr = array(); + $arr['uuid'] = $uuid; + $arr['mid'] = z_root() . '/item/' . $uuid; + if($extended_like) { $arr['item_thread_top'] = 1; $arr['item_origin'] = 1; @@ -400,6 +405,7 @@ class Like extends \Zotlabs\Web\Controller { $object = json_encode(array( 'type' => $objtype, 'id' => $item['mid'], + 'asld' => Activity::fetch_item( [ 'id' => $item['mid'] ] ), 'parent' => (($item['thr_parent']) ? $item['thr_parent'] : $item['parent_mid']), 'link' => $links, 'title' => $item['title'], @@ -479,7 +485,6 @@ class Like extends \Zotlabs\Web\Controller { } - $arr['mid'] = $mid; $arr['aid'] = (($extended_like) ? $ch[0]['channel_account_id'] : $owner_aid); $arr['uid'] = $owner_uid; diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index d38c1d88c..3202d38a5 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -34,7 +34,7 @@ class Mail extends \Zotlabs\Web\Controller { } else { $body = cleanup_bbcode($body); - $results = linkify_tags($a, $body, local_channel()); + $results = linkify_tags($body, local_channel()); if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { $attachments = array(); @@ -111,7 +111,7 @@ class Mail extends \Zotlabs\Web\Controller { } require_once('include/text.php'); - linkify_tags($a, $body, local_channel()); + linkify_tags($body, local_channel()); if(! $recipient) { diff --git a/Zotlabs/Module/Mood.php b/Zotlabs/Module/Mood.php index 16ef0b171..453f08f9f 100644 --- a/Zotlabs/Module/Mood.php +++ b/Zotlabs/Module/Mood.php @@ -70,7 +70,8 @@ class Mood extends Controller { $poster = App::get_observer(); - $mid = item_message_id(); + $uuid = item_message_id(); + $mid = z_root() . '/item/' . $uuid; $action = sprintf( t('%1$s is %2$s','mood'), '[zrl=' . $poster['xchan_url'] . ']' . $poster['xchan_name'] . '[/zrl]' , $verbs[$verb]); @@ -78,6 +79,7 @@ class Mood extends Controller { $arr['aid'] = get_account_id(); $arr['uid'] = $uid; + $arr['uuid'] = $uuid; $arr['mid'] = $mid; $arr['parent_mid'] = (($parent_mid) ? $parent_mid : $mid); $arr['author_xchan'] = $poster['xchan_hash']; diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index b93faa612..2019082ed 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -1,6 +1,8 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Group; +use Zotlabs\Lib\Apps; use App; require_once('include/items.php'); @@ -114,8 +116,8 @@ class Network extends \Zotlabs\Web\Controller { $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); } - $default_cmin = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmin',0) : (-1)); - $default_cmax = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmax',99) : (-1)); + $default_cmin = ((Apps::system_app_installed(local_channel(),'Affinity Tool')) ? get_pconfig(local_channel(),'affinity','cmin',0) : (-1)); + $default_cmax = ((Apps::system_app_installed(local_channel(),'Affinity Tool')) ? get_pconfig(local_channel(),'affinity','cmax',99) : (-1)); $cid = ((x($_GET,'cid')) ? intval($_GET['cid']) : 0); $star = ((x($_GET,'star')) ? intval($_GET['star']) : 0); @@ -132,6 +134,13 @@ class Network extends \Zotlabs\Web\Controller { $deftag = ''; + if (Apps::system_app_installed(local_channel(),'Affinity Tool')) { + $affinity_locked = intval(get_pconfig(local_channel(),'affinity','lock',1)); + if ($affinity_locked) { + set_pconfig(local_channel(),'affinity','cmin',$cmin); + set_pconfig(local_channel(),'affinity','cmax',$cmax); + } + } if(x($_GET,'search') || $file || (!$pf && $cid) || $hashtags || $verb || $category || $conv || $unseen) $nouveau = true; diff --git a/Zotlabs/Module/Nojs.php b/Zotlabs/Module/Nojs.php deleted file mode 100644 index 5f3d80ecd..000000000 --- a/Zotlabs/Module/Nojs.php +++ /dev/null @@ -1,15 +0,0 @@ -<?php -namespace Zotlabs\Module; - - -class Nojs extends \Zotlabs\Web\Controller { - - function init() { - $n = ((argc() > 1) ? intval(argv(1)) : 1); - setcookie('jsdisabled', $n, 0, '/'); - $p = hex2bin($_GET['redir']); - $hasq = strpbrk($p,'?&'); - goaway(z_root() . (($p) ? '/' . $p : '') . (($hasq) ? '' : '?f=' ) . '&jsdisabled=' . $n); - - } -} diff --git a/Zotlabs/Module/Notes.php b/Zotlabs/Module/Notes.php index 178a6bce0..7572f7420 100644 --- a/Zotlabs/Module/Notes.php +++ b/Zotlabs/Module/Notes.php @@ -1,28 +1,31 @@ <?php -namespace Zotlabs\Module; /** @file */ +namespace Zotlabs\Module; use App; use Zotlabs\Web\Controller; use Zotlabs\Lib\Apps; +/** + * @brief Notes Module controller. + */ class Notes extends Controller { function post() { - + if(! local_channel()) return EMPTY_STR; if(! Apps::system_app_installed(local_channel(), 'Notes')) return EMPTY_STR; - + $ret = array('success' => true); if(array_key_exists('note_text',$_REQUEST)) { $body = escape_tags($_REQUEST['note_text']); - + // I've had my notes vanish into thin air twice in four years. - // Provide a backup copy if there were contents previously + // Provide a backup copy if there were contents previously // and there are none being saved now. - + if(! $body) { $old_text = get_pconfig(local_channel(),'notes','text'); if($old_text) @@ -40,11 +43,9 @@ class Notes extends Controller { logger('notes saved.', LOGGER_DEBUG); json_return_and_die($ret); - } function get() { - if(! local_channel()) return EMPTY_STR; @@ -61,7 +62,6 @@ class Notes extends Controller { $arr = ['app' => true]; return $w->widget($arr); - } - + } diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index c0d8e15e5..3977ac8dd 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -456,7 +456,7 @@ class Oep extends \Zotlabs\Web\Controller { if(preg_match('|//(.*?)/(.*?)/(.*?)/album/|',$url,$matches)) { $chn = $matches[3]; - $res = hex2bin(basename($url)); + $res = basename($url); } if(! ($chn && $res)) diff --git a/Zotlabs/Module/Pconfig.php b/Zotlabs/Module/Pconfig.php index bf8e32dff..06b94b34f 100644 --- a/Zotlabs/Module/Pconfig.php +++ b/Zotlabs/Module/Pconfig.php @@ -24,7 +24,7 @@ class Pconfig extends \Zotlabs\Web\Controller { $aj = intval($_POST['aj']); // Do not store "serialized" data received in the $_POST - if (preg_match('|^a:[0-9]+:{.*}$|s',$v) || preg_match('O:8:"stdClass":[0-9]+:{.*}$|s',$v)) { + if (preg_match('|^a:[0-9]+:{.*}$|s',$v) || preg_match('|O:8:"stdClass":[0-9]+:{.*}$|s',$v)) { return; } @@ -48,7 +48,7 @@ class Pconfig extends \Zotlabs\Web\Controller { } - function get() { + function get() { if(! local_channel()) { return login(); diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 30e8340e2..96a4e1f40 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -1,19 +1,20 @@ <?php + + namespace Zotlabs\Module; require_once('include/security.php'); require_once('include/attach.php'); require_once('include/photo/photo_driver.php'); - class Photo extends \Zotlabs\Web\Controller { function init() { - $prvcachecontrol = false; $streaming = null; $channel = null; $person = 0; + $renew = false; switch(argc()) { case 4: @@ -29,7 +30,15 @@ class Photo extends \Zotlabs\Web\Controller { killme(); // NOTREACHED } - + + $cache_mode = array( + 'on' => false, + 'age' => 86400, + 'exp' => true, + 'leak' => false + ); + call_hooks('cache_mode_hook', $cache_mode); + $observer_xchan = get_observer_hash(); $ismodified = $_SERVER['HTTP_IF_MODIFIED_SINCE']; @@ -106,13 +115,14 @@ class Photo extends \Zotlabs\Web\Controller { License link: http://creativecommons.org/licenses/by/3.0/ */ + // @FIXME It seems this part doesn't work because we are not setting such cookie $cookie_value = false; if (isset($_COOKIE['devicePixelRatio'])) { $cookie_value = intval($_COOKIE['devicePixelRatio']); } else { // Force revalidation of cache on next request - $cache_directive = 'no-cache'; + // $prvcachecontrol = 'no-cache'; $status = 'no cookie'; } @@ -129,27 +139,42 @@ class Photo extends \Zotlabs\Web\Controller { $resolution = 1; } - $r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", + $r = q("SELECT uid, photo_usage, display_path FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution) ); if($r) { - $allowed = (-1); - if(intval($r[0]['photo_usage'])) { + $u = intval($r[0]['photo_usage']); + if($u) { $allowed = 1; - if(intval($r[0]['photo_usage']) === PHOTO_COVER) + if($u === PHOTO_COVER) if($resolution < PHOTO_RES_COVER_1200) $allowed = (-1); - if(intval($r[0]['photo_usage']) === PHOTO_PROFILE) + if($u === PHOTO_PROFILE) if(! in_array($resolution,[4,5,6])) $allowed = (-1); + if($u === PHOTO_CACHE) { + // Validate cache + $cache = array( + 'resid' => $photo, + 'status' => false + ); + if($cache_mode['on']) + call_hooks('cache_url_hook', $cache); + if(! $cache['status']) { + $url = htmlspecialchars_decode($r[0]['display_path']); + if(strpos(z_root(),'https:') !== false && strpos($url,'https:') === false) + $url = z_root() . '/sslify/' . $filename . '?f=&url=' . urlencode($url); + header("Location: " . $url); + killme(); + } + } } - if($allowed === (-1)) { + if($allowed === (-1)) $allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo); - } $channel = channelx_by_n($r[0]['uid']); @@ -158,18 +183,21 @@ class Photo extends \Zotlabs\Web\Controller { dbesc($photo), intval($resolution) ); - + $exists = (($e) ? true : false); - + if($exists && $allowed) { + $expires = strtotime($e[0]['expires'] . 'Z'); $data = dbunescbin($e[0]['content']); $filesize = $e[0]['filesize']; $mimetype = $e[0]['mimetype']; $modified = strtotime($e[0]['edited'] . 'Z'); - if(intval($e[0]['os_storage'])) + + if(intval($e[0]['os_storage'])) { $streaming = $data; + } if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '') - $prvcachecontrol = true; + $prvcachecontrol = 'no-store, no-cache, must-revalidate'; } else { if(! $allowed) { @@ -180,9 +208,9 @@ class Photo extends \Zotlabs\Web\Controller { } } - } else { + } + else http_status_exit(404,'not found'); - } } header_remove('Pragma'); @@ -225,24 +253,14 @@ class Photo extends \Zotlabs\Web\Controller { $mimetype = $ph->getType(); } } - - // @FIXME Seems never invoked - // Writing in cachefile - if (isset($cachefile) && $cachefile != '') { - file_put_contents($cachefile, $data); - $modified = filemtime($cachefile); - } - - header("Content-type: " . $mimetype); - - if($prvcachecontrol) { + if(isset($prvcachecontrol)) { // it is a private photo that they have no permission to view. // tell the browser not to cache it, in case they authenticate // and subsequently have permission to see it - header("Cache-Control: no-store, no-cache, must-revalidate"); + header("Cache-Control: " . $prvcachecontrol); } else { @@ -255,18 +273,23 @@ class Photo extends \Zotlabs\Web\Controller { // This has performance considerations but we highly recommend you // leave it alone. - $cache = get_config('system','photo_cache_time', 86400); // 1 day by default + $maxage = $cache_mode['age']; - header("Expires: " . gmdate("D, d M Y H:i:s", time() + $cache) . " GMT"); - header("Cache-Control: max-age=" . $cache); + if($cache_mode['exp'] || (! isset($expires)) || (isset($expires) && $expires - 60 < time())) + $expires = time() + $maxage; + else + $maxage = $expires - time(); + + header("Expires: " . gmdate("D, d M Y H:i:s", $expires) . " GMT"); + header("Cache-Control: max-age=" . $maxage); } + header("Content-type: " . $mimetype); header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); // If it's a file resource, stream it. - if($streaming && $channel) { if(strpos($streaming,'store') !== false) $istream = fopen($streaming,'rb'); diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 3833d5088..a761dbd14 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -422,7 +422,7 @@ class Photos extends \Zotlabs\Web\Controller { require_once('include/text.php'); $profile_uid = \App::$profile['profile_uid']; - $results = linkify_tags($a, $rawtags, (local_channel()) ? local_channel() : $profile_uid); + $results = linkify_tags($rawtags, (local_channel()) ? local_channel() : $profile_uid); $success = $results['success']; $post_tags = array(); diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index de4075ba9..33e7d8a9d 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -354,20 +354,20 @@ class Profiles extends \Zotlabs\Web\Controller { require_once('include/text.php'); - linkify_tags($a, $likes, local_channel()); - linkify_tags($a, $dislikes, local_channel()); - linkify_tags($a, $about, local_channel()); - linkify_tags($a, $interest, local_channel()); - linkify_tags($a, $interest, local_channel()); - linkify_tags($a, $contact, local_channel()); - linkify_tags($a, $channels, local_channel()); - linkify_tags($a, $music, local_channel()); - linkify_tags($a, $book, local_channel()); - linkify_tags($a, $tv, local_channel()); - linkify_tags($a, $film, local_channel()); - linkify_tags($a, $romance, local_channel()); - linkify_tags($a, $work, local_channel()); - linkify_tags($a, $education, local_channel()); + linkify_tags($likes, local_channel()); + linkify_tags($dislikes, local_channel()); + linkify_tags($about, local_channel()); + linkify_tags($interest, local_channel()); + linkify_tags($interest, local_channel()); + linkify_tags($contact, local_channel()); + linkify_tags($channels, local_channel()); + linkify_tags($music, local_channel()); + linkify_tags($book, local_channel()); + linkify_tags($tv, local_channel()); + linkify_tags($film, local_channel()); + linkify_tags($romance, local_channel()); + linkify_tags($work, local_channel()); + linkify_tags($education, local_channel()); $with = ((x($_POST,'with')) ? escape_tags(trim($_POST['with'])) : ''); diff --git a/Zotlabs/Module/React.php b/Zotlabs/Module/React.php index fbb760786..3920301f5 100644 --- a/Zotlabs/Module/React.php +++ b/Zotlabs/Module/React.php @@ -44,6 +44,7 @@ class React extends \Zotlabs\Web\Controller { return; } + $uuid = item_message_id(); $n = array(); $n['aid'] = $channel['channel_account_id']; @@ -52,7 +53,8 @@ class React extends \Zotlabs\Web\Controller { $n['item_type'] = $i[0]['item_type']; $n['parent'] = $postid; $n['parent_mid'] = $i[0]['mid']; - $n['mid'] = item_message_id(); + $n['uuid'] = $uuid; + $n['mid'] = z_root() . '/item/' . $uuid; $n['verb'] = ACTIVITY_REACT . '#' . $emoji; $n['body'] = "\n\n[zmg=32x32]" . z_root() . '/images/emoji/' . $emoji . '.png[/zmg]' . "\n\n"; $n['author_xchan'] = $channel['channel_hash']; diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 33a6689ca..8c1e5cdab 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -14,6 +14,15 @@ class Rmagic extends \Zotlabs\Web\Controller { $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", dbesc($me) ); + if(! $r) { + $w = discover_by_webbie($me); + if($w) { + $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", + dbesc($me) + ); + } + } + if($r) { if($r[0]['hubloc_url'] === z_root()) goaway(z_root() . '/login'); @@ -49,7 +58,16 @@ class Rmagic extends \Zotlabs\Web\Controller { $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", dbesc($address) ); + if(! $r) { + $w = discover_by_webbie($address); + if($w) { + $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", + dbesc($address) + ); + } + } } + if($r) { $url = $r[0]['hubloc_url']; } diff --git a/Zotlabs/Module/Settings/Featured.php b/Zotlabs/Module/Settings/Featured.php index 542a05363..d5d740aff 100644 --- a/Zotlabs/Module/Settings/Featured.php +++ b/Zotlabs/Module/Settings/Featured.php @@ -10,20 +10,6 @@ class Featured { call_hooks('feature_settings_post', $_POST); - if($_POST['affinity_slider-submit']) { - $cmax = intval($_POST['affinity_cmax']); - if($cmax < 0 || $cmax > 99) - $cmax = 99; - $cmin = intval($_POST['affinity_cmin']); - if($cmin < 0 || $cmin > 99) - $cmin = 0; - set_pconfig(local_channel(),'affinity','cmin',$cmin); - set_pconfig(local_channel(),'affinity','cmax',$cmax); - - info( t('Affinity Slider settings updated.') . EOL); - - } - build_sync_packet(); return; } @@ -37,30 +23,10 @@ class Featured { if(! $r) $settings_addons = t('No feature settings configured'); - if(feature_enabled(local_channel(),'affinity')) { - - $cmax = intval(get_pconfig(local_channel(),'affinity','cmax')); - $cmax = (($cmax) ? $cmax : 99); - $setting_fields .= replace_macros(get_markup_template('field_input.tpl'), array( - '$field' => array('affinity_cmax', t('Default maximum affinity level'), $cmax, t('0-99 default 99')) - )); - $cmin = intval(get_pconfig(local_channel(),'affinity','cmin')); - $cmin = (($cmin) ? $cmin : 0); - $setting_fields .= replace_macros(get_markup_template('field_input.tpl'), array( - '$field' => array('affinity_cmin', t('Default minimum affinity level'), $cmin, t('0-99 - default 0')) - )); - - $settings_addons .= replace_macros(get_markup_template('generic_addon_settings.tpl'), array( - '$addon' => array('affinity_slider', '' . t('Affinity Slider Settings'), '', t('Submit')), - '$content' => $setting_fields - )); - } - call_hooks('feature_settings', $settings_addons); $this->sortpanels($settings_addons); - $tpl = get_markup_template("settings_addons.tpl"); $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_featured"), diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index c0716ca7c..ce0538099 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -39,12 +39,12 @@ class Setup extends \Zotlabs\Web\Controller { ini_set('display_errors', '1'); // $baseurl/setup/testrewrite to test if rewrite in .htaccess is working - if (argc() == 2 && argv(1) == "testrewrite") { + if(argc() == 2 && argv(1) == 'testrewrite') { echo 'ok'; killme(); } - if (x($_POST, 'pass')) { + if(x($_POST, 'pass')) { $this->install_wizard_pass = intval($_POST['pass']); } else { $this->install_wizard_pass = 1; @@ -63,7 +63,6 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 3: - $urlpath = \App::get_path(); $dbhost = trim($_POST['dbhost']); $dbport = intval(trim($_POST['dbport'])); $dbuser = trim($_POST['dbuser']); @@ -89,7 +88,6 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 4: - $urlpath = \App::get_path(); $dbhost = trim($_POST['dbhost']); $dbport = intval(trim($_POST['dbport'])); $dbuser = trim($_POST['dbuser']); @@ -162,7 +160,6 @@ class Setup extends \Zotlabs\Web\Controller { * * @return string parsed HTML output */ - function get() { $o = ''; @@ -213,10 +210,10 @@ class Setup extends \Zotlabs\Web\Controller { } if(x(\App::$data, 'txt') && strlen(\App::$data['txt'])) { - $db_return_text .= $this->manual_config($a); + $db_return_text .= $this->manual_config(); } - if ($db_return_text != "") { + if($db_return_text != '') { $tpl = get_markup_template('install.tpl'); return replace_macros($tpl, array( '$title' => $install_title, @@ -242,7 +239,7 @@ class Setup extends \Zotlabs\Web\Controller { $this->check_keys($checks); - if (x($_POST, 'phpath')) + if(x($_POST, 'phpath')) $phpath = notags(trim($_POST['phpath'])); $this->check_php($phpath, $checks); @@ -278,7 +275,6 @@ class Setup extends \Zotlabs\Web\Controller { $dbtype = intval(trim($_POST['dbtype'])); $phpath = trim($_POST['phpath']); $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); $tpl = get_markup_template('install_db.tpl'); $o .= replace_macros($tpl, array( @@ -320,7 +316,6 @@ class Setup extends \Zotlabs\Web\Controller { $phpath = trim($_POST['phpath']); $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); $timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles'); @@ -363,12 +358,12 @@ class Setup extends \Zotlabs\Web\Controller { * @param string $help optional help string */ function check_add(&$checks, $title, $status, $required, $help = '') { - $checks[] = array( + $checks[] = [ 'title' => $title, 'status' => $status, 'required' => $required, 'help' => $help - ); + ]; } /** @@ -380,12 +375,12 @@ class Setup extends \Zotlabs\Web\Controller { function check_php(&$phpath, &$checks) { $help = ''; - if(version_compare(PHP_VERSION, '5.5') < 0) { - $help .= t('PHP version 5.5 or greater is required.'); + if(version_compare(PHP_VERSION, '7.1') < 0) { + $help .= t('PHP version 7.1 or greater is required.'); $this->check_add($checks, t('PHP version'), false, false, $help); } - if (strlen($phpath)) { + if(strlen($phpath)) { $passed = file_exists($phpath); } elseif(function_exists('shell_exec')) { @@ -419,6 +414,7 @@ class Setup extends \Zotlabs\Web\Controller { $result = trim(shell_exec($cmd)); else $help .= t('Unable to check command line PHP, as shell_exec() is disabled. This is required.') . EOL; + $passed2 = (($result == $str) ? true : false); if(!$passed2) { $help .= t('The command line version of PHP on your system does not have "register_argc_argv" enabled.'). EOL; @@ -441,13 +437,18 @@ class Setup extends \Zotlabs\Web\Controller { require_once 'include/environment.php'; $help = ''; + $mem_warning = ''; $result = getPhpiniUploadLimits(); + if($result['post_max_size'] < 4194304 || $result['max_upload_filesize'] < 4194304) { + $mem_warning = '<strong>' .t('This is not sufficient to upload larger images or files. You should be able to upload at least 4 MB at once.') . '</strong>'; + } $help = sprintf(t('Your max allowed total upload size is set to %s. Maximum size of one file to upload is set to %s. You are allowed to upload up to %d files at once.'), userReadableSize($result['post_max_size']), userReadableSize($result['max_upload_filesize']), $result['max_file_uploads'] ); + $help .= $mem_warning; $help .= '<br><br>' . t('You can adjust these settings in the server php.ini file.'); $this->check_add($checks, t('PHP upload limits'), true, false, $help); @@ -462,7 +463,7 @@ class Setup extends \Zotlabs\Web\Controller { $help = ''; $res = false; - if (function_exists('openssl_pkey_new')) { + if(function_exists('openssl_pkey_new')) { $res = openssl_pkey_new(array( 'digest_alg' => 'sha1', 'private_key_bits' => 4096, @@ -472,7 +473,7 @@ class Setup extends \Zotlabs\Web\Controller { // Get private key - if (! $res) { + if(! $res) { $help .= t('Error: the "openssl_pkey_new" function on this system is not able to generate encryption keys'). EOL; $help .= t('If running under Windows, please see "http://www.php.net/manual/en/openssl.installation.php".'); } @@ -503,7 +504,7 @@ class Setup extends \Zotlabs\Web\Controller { $this->check_add($ck_funcs, t('zip PHP module'), true, true); if(function_exists('apache_get_modules')){ - if (! in_array('mod_rewrite', apache_get_modules())) { + if(! in_array('mod_rewrite', apache_get_modules())) { $this->check_add($ck_funcs, t('Apache mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.')); } else { $this->check_add($ck_funcs, t('Apache mod_rewrite module'), true, true); @@ -572,7 +573,7 @@ class Setup extends \Zotlabs\Web\Controller { $fname = '.htconfig.php'; - if((file_exists($fname) && is_writable($fname)) || + if((file_exists($fname) && is_writable($fname)) || (! (file_exists($fname) && is_writable('.')))) { $this->check_add($checks, t('.htconfig.php is writable'), $status, true, $help); return; @@ -638,7 +639,7 @@ class Setup extends \Zotlabs\Web\Controller { $url = z_root() . '/setup/testrewrite'; - if (function_exists('curl_init')){ + if(function_exists('curl_init')){ $test = z_fetch_url($url); if(! $test['success']) { if(strstr($url,'https://')) { @@ -661,14 +662,13 @@ class Setup extends \Zotlabs\Web\Controller { $help .= t('If your certificate is not recognized, members of other sites (who may themselves have valid certificates) will get a warning message on their own site complaining about security issues.') . EOL; $help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL; $help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL; - $help .= t('If you are confident that the certificate is valid and signed by a trusted authority, check to see if you have failed to install an intermediate cert. These are not normally required by browsers, but are required for server-to-server communications.') . EOL; $this->check_add($checks, t('SSL certificate validation'), false, true, $help); } } - if ((! $test['success']) || ($test['body'] != "ok")) { + if((! $test['success']) || ($test['body'] != "ok")) { $status = false; $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true)); } @@ -682,10 +682,9 @@ class Setup extends \Zotlabs\Web\Controller { /** * @brief * - * @param App &$a * @return string with paresed HTML */ - function manual_config(&$a) { + function manual_config() { $data = htmlspecialchars(\App::$data['txt'], ENT_COMPAT, 'UTF-8'); $o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.'); $o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>"; @@ -695,14 +694,19 @@ class Setup extends \Zotlabs\Web\Controller { function load_database_rem($v, $i){ $l = trim($i); - if (strlen($l)>1 && ($l[0]=="-" || ($l[0]=="/" && $l[1]=="*"))){ + if(strlen($l)>1 && ($l[0]=="-" || ($l[0]=="/" && $l[1]=="*"))){ return $v; } else { return $v."\n".$i; } } - + /** + * @brief Executes the SQL install script and create database tables. + * + * @param dba_driver $db (unused) + * @return boolean|string false on success or error message as string + */ function load_database($db) { $str = file_get_contents(\DBA::$dba->get_install_script()); $arr = explode(';', $str); @@ -762,12 +766,12 @@ class Setup extends \Zotlabs\Web\Controller { /** * @brief * - * @param unknown $v + * @param array $v * @param array $c * @return array */ static private function check_passed($v, $c) { - if ($c['required']) + if($c['required']) $v = $v && $c['status']; return $v; diff --git a/Zotlabs/Module/Share.php b/Zotlabs/Module/Share.php index c6d0be051..53a06b072 100644 --- a/Zotlabs/Module/Share.php +++ b/Zotlabs/Module/Share.php @@ -1,6 +1,11 @@ <?php namespace Zotlabs\Module; +use App; +use Zotlabs\Daemon\Master; +use Zotlabs\Lib\Activity; + + require_once('include/security.php'); require_once('include/bbcode.php'); @@ -14,23 +19,23 @@ class Share extends \Zotlabs\Web\Controller { if(! $post_id) killme(); - echo '[share=' . $post_id . '][/share]'; - killme(); + if(! local_channel()) { + killme(); + } + $observer = App::get_observer(); - /** - * The remaining code is deprecated and handled in Zotlabs/Lib/Share.php at post - * submission time. - */ + $channel = App::get_channel(); - if(! (local_channel() || remote_channel())) - killme(); - $r = q("SELECT * from item left join xchan on author_xchan = xchan_hash WHERE id = %d LIMIT 1", intval($post_id) ); if(! $r) killme(); + + + + if(($r[0]['item_private']) && ($r[0]['xchan_network'] !== 'rss')) killme(); @@ -46,59 +51,86 @@ class Share extends \Zotlabs\Web\Controller { if($r[0]['mimetype'] !== 'text/bbcode') killme(); - - /** @FIXME eventually we want to post remotely via rpost on your home site */ - // When that works remove this next bit: - - if(! local_channel()) - killme(); - + xchan_query($r); - $is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false); - if($is_photo) { - $object = json_decode($r[0]['obj'],true); - $photo_bb = $object['body']; - } - - if (strpos($r[0]['body'], "[/share]") !== false) { - $pos = strpos($r[0]['body'], "[share"); - $o = substr($r[0]['body'], $pos); - } else { - $o = "[share author='" . urlencode($r[0]['author']['xchan_name']) . - "' profile='" . $r[0]['author']['xchan_url'] . - "' avatar='" . $r[0]['author']['xchan_photo_s'] . - "' link='" . $r[0]['plink'] . - "' auth='" . (($r[0]['author']['network'] === 'zot') ? 'true' : 'false') . - "' posted='" . $r[0]['created'] . - "' message_id='" . $r[0]['mid'] . - "']"; - if($r[0]['title']) - $o .= '[b]'.$r[0]['title'].'[/b]'."\r\n"; - $o .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']); - $o .= "[/share]"; - } - - if(local_channel()) { - echo $o; + $arr = []; + + $item = $r[0]; + + $owner_uid = $r[0]['uid']; + $owner_aid = $r[0]['aid']; + + $can_comment = false; + if((array_key_exists('owner',$item)) && intval($item['owner']['abook_self'])) + $can_comment = perm_is_allowed($item['uid'],$observer['xchan_hash'],'post_comments'); + else + $can_comment = can_comment_on_post($observer['xchan_hash'],$item); + + if(! $can_comment) { + notice( t('Permission denied') . EOL); killme(); } + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['owner_xchan']) + ); + + if($r) + $thread_owner = $r[0]; + else + killme(); - $observer = \App::get_observer(); - $parsed = $observer['xchan_url']; - if($parsed) { - $post_url = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '') - . '/rpost'; + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['author_xchan']) + ); + if($r) + $item_author = $r[0]; + else + killme(); - /** - * @FIXME we were probably called from JS so we don't know the return page. - * In fact we won't be able to load the remote page. - * we might need an iframe - */ + + $arr['aid'] = $owner_aid; + $arr['uid'] = $owner_uid; + + $arr['item_origin'] = 1; + $arr['item_wall'] = $item['item_wall']; + $arr['uuid'] = item_message_id(); + $arr['mid'] = z_root() . '/activity/' . $arr['uuid']; + $arr['parent_mid'] = $item['mid']; + + $mention = '@[zrl=' . $item['author']['xchan_url'] . ']' . $item['author']['xchan_name'] . '[/zrl]'; + $arr['body'] = sprintf( t('🔁 Repeated %1$s\'s %2$s'), $mention, Activity::activity_obj_mapper($item['obj_type'])); + + $arr['author_xchan'] = $channel['channel_hash']; + $arr['owner_xchan'] = $item['author_xchan']; + $arr['obj'] = Activity::encode_item($item); + $arr['obj_type'] = $item['obj_type']; + $arr['verb'] = 'Announce'; + + $post = item_store($arr); + + $post_id = $post['item_id']; + + $arr['id'] = $post_id; - $x = z_post_url($post_url, array('f' => '', 'body' => $o )); - killme(); + call_hooks('post_local_end', $arr); + + info( t('Post repeated') . EOL); + + $r = q("select * from item where id = %d", + intval($post_id) + ); + if($r) { + xchan_query($r); + $sync_item = fetch_post_tags($r); + build_sync_packet($channel['channel_id'], [ 'item' => [ encode_item($sync_item[0],true) ] ]); } + + Master::Summon([ 'Notifier','like',$post_id ]); + + killme(); + } } diff --git a/Zotlabs/Module/Sslify.php b/Zotlabs/Module/Sslify.php index 2891f3691..37be4423b 100644 --- a/Zotlabs/Module/Sslify.php +++ b/Zotlabs/Module/Sslify.php @@ -12,10 +12,16 @@ class Sslify extends \Zotlabs\Web\Controller { list($k,$v) = array_map("trim", explode(":", trim($l), 2)); $hdrs[strtolower($k)] = $v; } - if (array_key_exists('content-type', $hdrs)) { - $type = $hdrs['content-type']; - header('Content-Type: ' . $type); - } + + if (array_key_exists('content-type', $hdrs)) + header('Content-Type: ' . $hdrs['content-type']); + if (array_key_exists('last-modified', $hdrs)) + header('Last-Modified: ' . $hdrs['last-modified']); + if (array_key_exists('cache-control', $hdrs)) + header('Cache-Control: ' . $hdrs['cache-control']); + if (array_key_exists('expires', $hdrs)) + header('Expires: ' . $hdrs['expires']); + echo $x['body']; killme(); diff --git a/Zotlabs/Module/Subthread.php b/Zotlabs/Module/Subthread.php index 1a9caff6c..54343fdfa 100644 --- a/Zotlabs/Module/Subthread.php +++ b/Zotlabs/Module/Subthread.php @@ -106,8 +106,9 @@ class Subthread extends \Zotlabs\Web\Controller { - $mid = item_message_id(); - + $uuid = item_message_id(); + $mid = z_root() . '/item/' . $uuid; + $post_type = (($item['resource_type'] === 'photo') ? t('photo') : t('status')); $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink'])); @@ -145,6 +146,7 @@ class Subthread extends \Zotlabs\Web\Controller { $arr = array(); + $arr['uuid'] = $uuid; $arr['mid'] = $mid; $arr['aid'] = $owner_aid; $arr['uid'] = $owner_uid; diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php index 119990b57..3e49b9db4 100644 --- a/Zotlabs/Module/Viewsrc.php +++ b/Zotlabs/Module/Viewsrc.php @@ -25,10 +25,10 @@ class Viewsrc extends \Zotlabs\Web\Controller { notice( t('Item not found.') . EOL); } - $item_normal = item_normal(); + $item_normal = item_normal_search(); if(local_channel() && $item_id) { - $r = q("select id, item_flags, mimetype, item_obscured, body, llink, plink from item where uid in (%d , %d) and id = %d $item_normal limit 1", + $r = q("select id, mid, item_flags, mimetype, item_obscured, body, llink, plink from item where uid in (%d , %d) and id = %d $item_normal limit 1", intval(local_channel()), intval($sys['channel_id']), intval($item_id) @@ -53,7 +53,7 @@ class Viewsrc extends \Zotlabs\Web\Controller { if(is_ajax()) { echo '<div class="p-1">'; - echo '<div>id: ' . $r[0]['id'] . ' | <a href="' . $r[0]['plink'] . '" target="_blank">plink</a> | <a href="' . $r[0]['llink'] . '" target="_blank">llink</a></div>'; + echo '<div>id: ' . $r[0]['id'] . ' | <a href="' . $r[0]['plink'] . '" target="_blank">plink</a> | <a href="' . $r[0]['llink'] . '" target="_blank">llink</a><br>mid: ' . $r[0]['mid'] . '</div>'; echo '<hr>'; echo '<pre class="p-1">' . $o . '</pre>'; echo '</div>'; diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 1866bce40..03275abbc 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -43,6 +43,9 @@ class Wfinger extends \Zotlabs\Web\Controller { if(strpos($resource,'acct:') === 0) { $channel = str_replace('acct:','',$resource); + if(substr($channel,0,1) === '@' && strpos(substr($channel,1),'@')) { + $channel = substr($channel,1); + } if(strpos($channel,'@') !== false) { $host = substr($channel,strpos($channel,'@')+1); @@ -205,6 +208,12 @@ class Wfinger extends \Zotlabs\Web\Controller { ], [ + 'rel' => 'http://purl.org/zot/protocol/6.0', + 'type' => 'application/x-zot+json', + 'href' => channel_url($r[0]) + ], + + [ 'rel' => 'http://purl.org/openwebauth/v1', 'type' => 'application/x-zot+json', 'href' => z_root() . '/owa', |