diff options
author | Mario <mario@mariovavti.com> | 2021-03-25 14:00:49 +0100 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2021-03-25 14:00:49 +0100 |
commit | b50f1657c3e5772dd6235ce98c55e71630b0c626 (patch) | |
tree | ad1d7b2b00d012163de2163f9d5902f21618a2de /Zotlabs | |
parent | bc1cc65ff20c97db0323d02ab652b239b4c60eb6 (diff) | |
parent | 19b96e37fb2a0fe89e2b6ae537781007bb392532 (diff) | |
download | volse-hubzilla-b50f1657c3e5772dd6235ce98c55e71630b0c626.tar.gz volse-hubzilla-b50f1657c3e5772dd6235ce98c55e71630b0c626.tar.bz2 volse-hubzilla-b50f1657c3e5772dd6235ce98c55e71630b0c626.zip |
Merge branch 'air' of https://framagit.org/hubzilla/core into air
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Lib/Libsync.php | 3 | ||||
-rw-r--r-- | Zotlabs/Module/Cdav.php | 41 | ||||
-rw-r--r-- | Zotlabs/Module/Display.php | 51 |
3 files changed, 46 insertions, 49 deletions
diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php index 7e97e4c70..5455aa2ea 100644 --- a/Zotlabs/Lib/Libsync.php +++ b/Zotlabs/Lib/Libsync.php @@ -716,6 +716,9 @@ class Libsync { dbesc($sender['hash']) ); + if(!$xisting) + $xisting = []; + // See if a primary is specified $has_primary = false; diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index fe697a526..a7d2b1169 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -135,7 +135,7 @@ class Cdav extends Controller { $auth = new \Zotlabs\Storage\BasicAuth(); $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'CalDAV/CardDAV'); - if (local_channel()) { + if(local_channel()) { logger('loggedin'); @@ -153,9 +153,9 @@ class Cdav extends Controller { $auth->observer = $channel['channel_hash']; $principalUri = 'principals/' . $channel['channel_address']; - if(!cdav_principal($principalUri)) { + if(! cdav_principal($principalUri)) { $this->activate($pdo, $channel); - if(!cdav_principal($principalUri)) { + if(! cdav_principal($principalUri)) { return; } } @@ -168,21 +168,24 @@ class Cdav extends Controller { if($httpmethod === 'PUT' || $httpmethod === 'DELETE') { + $channel = channelx_by_nick(argv(2)); + $principalUri = 'principals/' . $channel['channel_address']; $httpuri = $_SERVER['REQUEST_URI']; logger("debug: method: " . $httpmethod, LOGGER_DEBUG); logger("debug: uri: " . $httpuri, LOGGER_DEBUG); - if(strpos($httpuri, 'cdav/addressbooks')) { + if(strpos($httpuri, 'cdav/addressbooks') !== false) { $sync = 'addressbook'; $cdavtable = 'addressbooks'; } - elseif(strpos($httpuri, 'cdav/calendars')) { + elseif(strpos($httpuri, 'cdav/calendars') !== false) { $sync = 'calendar'; $cdavtable = 'calendarinstances'; } - else + else { $sync = false; + } if($sync) { @@ -191,14 +194,13 @@ class Cdav extends Controller { logger("debug: body: " . $httpbody, LOGGER_DEBUG); - if($x = get_cdav_id($principalUri, explode("/", $httpuri)[4], $cdavtable)) { + if($x = get_cdav_id($principalUri, argv(3), $cdavtable)) { $cdavdata = $this->get_cdav_data($x['id'], $cdavtable); - $etag = (isset($_SERVER['HTTP_IF_MATCH']) ? $_SERVER['HTTP_IF_MATCH'] : false); // delete - if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag) + if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag) { Libsync::build_sync_packet($channel['channel_id'], [ $sync => [ 'action' => 'delete_card', @@ -206,18 +208,18 @@ class Cdav extends Controller { 'carduri' => $uri ] ]); + } else { - if($etag) { + if($etag && $cdavdata['etag'] !== $etag) { // update - if($cdavdata['etag'] !== $etag) - Libsync::build_sync_packet($channel['channel_id'], [ - $sync => [ - 'action' => 'update_card', - 'uri' => $cdavdata['uri'], - 'carduri' => $uri, - 'card' => $httpbody - ] - ]); + Libsync::build_sync_packet($channel['channel_id'], [ + $sync => [ + 'action' => 'update_card', + 'uri' => $cdavdata['uri'], + 'carduri' => $uri, + 'card' => $httpbody + ] + ]); } else { // new @@ -235,7 +237,6 @@ class Cdav extends Controller { } } - $principalBackend = new \Sabre\DAVACL\PrincipalBackend\PDO($pdo); $carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo); $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo); diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 15dfb0dc9..eb97e77a0 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -247,69 +247,62 @@ class Display extends \Zotlabs\Web\Controller { if($noscript_content || $load) { - $r = null; - require_once('include/channel.php'); $sys = get_sys_channel(); - $sysid = $sys['channel_id']; + // in case somebody turned off public access to sys channel content using permissions + // make that content unsearchable by ensuring the owner uid can't match + $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0; + + $r = null; if(local_channel()) { - $r = q("SELECT item.id as item_id from item WHERE uid = %d and mid = '%s' $item_normal limit 1", + $r = q("SELECT item.id AS item_id FROM item WHERE uid = %d AND mid = '%s' $item_normal LIMIT 1", intval(local_channel()), dbesc($target_item['parent_mid']) ); } - if($r === null) { - // in case somebody turned off public access to sys channel content using permissions - // make that content unsearchable by ensuring the owner uid can't match - - if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) - $sysid = 0; - - $r = q("SELECT item.id as item_id from item + if(!$r) { + $r = q("SELECT item.id AS item_id FROM item WHERE ((mid = '%s' - AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' + AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) - and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + AND uid IN ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR uid = %d ))) OR (mid = '%s' $sql_extra )) $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid), + intval($sys_id), dbesc($target_item['parent_mid']) ); } } elseif($update && !$load) { - $r = null; - require_once('include/channel.php'); $sys = get_sys_channel(); - $sysid = $sys['channel_id']; + // in case somebody turned off public access to sys channel content using permissions + // make that content unsearchable by ensuring the owner uid can't match + $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0; + + $r = null; if(local_channel()) { $r = q("SELECT item.parent AS item_id from item WHERE uid = %d - and parent_mid = '%s' + AND parent_mid = '%s' $item_normal_update $simple_update - limit 1", + LIMIT 1", intval(local_channel()), dbesc($target_item['parent_mid']) ); } - if($r === null) { - // in case somebody turned off public access to sys channel content using permissions - // make that content unsearchable by ensuring the owner_xchan can't match - - if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) - $sysid = 0; + if(! $r) { $r = q("SELECT item.id as item_id from item WHERE ((parent_mid = '%s' - AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' + AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR uid = %d ))) OR @@ -317,14 +310,14 @@ class Display extends \Zotlabs\Web\Controller { $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid), + intval($sys_id), dbesc($target_item['parent_mid']) ); } } else { - $r = array(); + $r = []; } if($r) { |