Merge branch 'dev' into sabre32

8 files changed, 86 insertions, 10 deletions

diff --git a/Zotlabs/Daemon/CurlAuth.php b/Zotlabs/Daemon/CurlAuth.php
new file mode 100644
index 000000000..be12bc779
--- /dev/null
+++ b/Zotlabs/Daemon/CurlAuth.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace Zotlabs\Daemon;
+
+// generate a curl compatible cookie file with an authenticated session for the given channel_id. 
+// If this file is then used with curl and the destination url is sent through zid() or manually 
+// manipulated to add a zid, it should allow curl to provide zot magic-auth across domains.
+
+// Handles expiration of stale cookies currently by deleting them and rewriting the file.  
+
+class CurlAuth {
+
+	static public function run($argc,$argv) {
+
+		if($argc != 2)
+			killme();
+
+		\App::$session->start();
+
+		$_SESSION['authenticated'] = 1;
+		$_SESSION['uid'] = $argv[1];
+
+		$x = session_id();
+
+		$f = 'store/[data]/cookie_' . $argv[1];
+		$c = 'store/[data]/cookien_' . $argv[1];
+
+		$e = file_exists($f);
+
+		$output = '';
+
+		if($e) {
+			$lines = file($f);
+			if($lines) {
+				foreach($lines as $line) {
+					if(strlen($line) > 0 && $line[0] != '#' && substr_count($line, "\t") == 6) {
+						$tokens = explode("\t", $line);
+						$tokens = array_map('trim', $tokens);
+						if($tokens[4] > time()) {
+							$output .= $line . "\n";
+						}
+					}
+					else
+						$output .= $line;
+				}
+			}
+		}
+		$t = time() + (24 * 3600);
+		file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tTRUE\t$t\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0));
+
+		file_put_contents($c,$x);
+
+		killme();
+	}
+}
\ No newline at end of file
diff --git a/Zotlabs/Lib/SuperCurl.php b/Zotlabs/Lib/SuperCurl.php
index 40ca1addb..fd47c399c 100644
--- a/Zotlabs/Lib/SuperCurl.php
+++ b/Zotlabs/Lib/SuperCurl.php
@@ -26,6 +26,7 @@ class SuperCurl {
 
 	private $request_method = 'GET';
 	private $upload = false;
+	private $cookies = false;
 
 
     private function set_data($s) {
@@ -62,6 +63,11 @@ class SuperCurl {
 					case 'http_auth':
 						$this->auth = $v;
 						break;
+					case 'magicauth':
+						$this->magicauth = $v;
+						\Zotlabs\Daemon\Master::Summon([ 'CurlAuth', $v ]);
+						sleep(2);
+						break;
 					case 'custom':
 						$this->request_method = $v;
 						break;
@@ -90,8 +96,17 @@ class SuperCurl {
 
 	function exec() {
 		$opts = $this->curlopts;
+		$url = $this->url;
 		if($this->auth)
 			$opts['http_auth'] = $this->auth;
+		if($this->magicauth) {
+			$opts['cookiejar']  = 'store/[data]/cookie_' . $this->magicauth;
+			$opts['cookiefile'] = 'store/[data]/cookie_' . $this->magicauth;
+			$opts['cookie'] = 'PHPSESSID=' . trim(file_get_contents('store/[data]/cookien_' . $this->magicauth));
+			$c = channelx_by_n($this->magicauth);
+			if($c)
+				$url = zid($this->url,$c['channel_address'] . '@' . \App::get_hostname());
+		}	
 		if($this->custom)
 			$opts['custom'] = $this->custom;
 		if($this->headers)
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php
index f724ac95d..6625b7b52 100644
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -418,7 +418,7 @@ class ThreadItem {
 			if(($nb_children > $visible_comments) || ($thread_level > 1)) {
 				$result['children'][0]['comment_firstcollapsed'] = true;
 				$result['children'][0]['num_comments'] = $comment_count_txt;
-				$result['children'][0]['hide_text'] = t('[+] show all');
+				$result['children'][0]['hide_text'] = sprintf( t('%s show all'), '<i class="fa fa-chevron-down"></i>');
 				if($thread_level > 1) {
 					$result['children'][$nb_children - 1]['comment_lastcollapsed'] = true;
 				}
diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php
index 9887b8203..886958b37 100644
--- a/Zotlabs/Module/Cover_photo.php
+++ b/Zotlabs/Module/Cover_photo.php
@@ -50,7 +50,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 		
 		check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo');
 	        
-		if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) {
+		if((array_key_exists('cropfinal',$_POST)) && ($_POST['cropfinal'] == 1)) {
 	
 			// phase 2 - we have finished cropping
 	
diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php
index 30d7c83c6..1dcf84fb0 100644
--- a/Zotlabs/Module/New_channel.php
+++ b/Zotlabs/Module/New_channel.php
@@ -62,7 +62,7 @@ class New_channel extends \Zotlabs\Web\Controller {
 	
 	}
 	
-		function post() {
+	function post() {
 	
 		$arr = $_POST;
 	
@@ -96,7 +96,7 @@ class New_channel extends \Zotlabs\Web\Controller {
 	
 	}
 	
-		function get() {
+	function get() {
 	
 		$acc = \App::get_account();
 	
diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php
index 62c5e99ae..9359b80f8 100644
--- a/Zotlabs/Module/Profile_photo.php
+++ b/Zotlabs/Module/Profile_photo.php
@@ -53,7 +53,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 		
 		check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
 	        
-		if((array_key_exists('postfinal',$_POST)) && (intval($_POST['cropfinal']) == 1)) {
+		if((array_key_exists('cropfinal',$_POST)) && (intval($_POST['cropfinal']) == 1)) {
 	
 			// phase 2 - we have finished cropping
 	
@@ -90,12 +90,11 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 			$srcY = $_POST['ystart'];
 			$srcW = $_POST['xfinal'] - $srcX;
 			$srcH = $_POST['yfinal'] - $srcY;
-	
+
 			$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND imgscale = %d LIMIT 1",
 				dbesc($image_id),
 				dbesc(local_channel()),
 				intval($scale));
-	
 			if($r) {
 	
 				$base_image = $r[0];
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index 7cd1ee501..6afa4a94c 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -259,7 +259,8 @@ class Register extends \Zotlabs\Web\Controller {
 			'$email'        => $email,
 			'$pass1'        => $password,
 			'$pass2'        => $password2,
-			'$submit'       => ((UNO || $auto_create || $registration_is) ? t('Register') : t('Proceed to create your first channel'))
+			'$submit'       => t('Register'),
+			'$verify_note'  => t('This site may require email verification after submitting this form. If you are returned to a login page, please check your email for instructions.')
 		));
 	
 		return $o;
diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php
index c4878e217..c5d0ccc21 100644
--- a/Zotlabs/Module/Setup.php
+++ b/Zotlabs/Module/Setup.php
@@ -596,7 +596,7 @@ class Setup extends \Zotlabs\Web\Controller {
 	
 		if(! is_writable('store')) {
 			$status = false;
-			$help = t('Red uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL;
+			$help = t('This software uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL;
 			$help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL;
 		}
 	
@@ -639,6 +639,9 @@ class Setup extends \Zotlabs\Web\Controller {
 					$help .= t('If your certificate is not recognized, members of other sites (who may themselves have valid certificates) will get a warning message on their own site complaining about security issues.') . EOL;
 					$help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL;
 					$help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL;
+
+					$help .= t('If you are confident that the certificate is valid and signed by a trusted authority, check to see if you have failed to install an intermediate cert. These are not normally required by browsers, but are required for server-to-server communications.') . EOL;
+
 	
 					$this->check_add($checks, t('SSL certificate validation'), false, true, $help);
 				}
@@ -695,6 +698,7 @@ class Setup extends \Zotlabs\Web\Controller {
 		// install the standard theme
 		set_config('system', 'allowed_themes', 'redbasic');
 	
+
 		// Set a lenient list of ciphers if using openssl. Other ssl engines
 		// (e.g. NSS used in RedHat) require different syntax, so hopefully
 		// the default curl cipher list will work for most sites. If not,
@@ -704,7 +708,9 @@ class Setup extends \Zotlabs\Web\Controller {
 		// z_fetch_url() is also used to import shared links and other content
 		// so in theory most any cipher could show up and we should do our best
 		// to make the content available rather than tell folks that there's a
-		// weird SSL error which they can't do anything about.
+		// weird SSL error which they can't do anything about. This does not affect
+		// the SSL server, but is only a client negotiation to find something workable.
+		// Hence it will not make your system susceptible to POODL or other nasties.
 	
 		$x = curl_version();
 		if(stristr($x['ssl_version'],'openssl'))