aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-09-04 08:18:41 +0000
committerMario <mario@mariovavti.com>2021-09-04 08:18:41 +0000
commit529824d010cf88c409d5ce894b72060caccae580 (patch)
tree034260ebb84edef72f87a450ab3915e4726e3368 /Zotlabs
parentc47e21f3a74e4290bd206c1f7edb377e809d7e42 (diff)
downloadvolse-hubzilla-529824d010cf88c409d5ce894b72060caccae580.tar.gz
volse-hubzilla-529824d010cf88c409d5ce894b72060caccae580.tar.bz2
volse-hubzilla-529824d010cf88c409d5ce894b72060caccae580.zip
more unpack_link_id()
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Display.php39
-rw-r--r--Zotlabs/Module/Dreport.php18
-rw-r--r--Zotlabs/Module/Hq.php21
-rw-r--r--Zotlabs/Module/Oep.php7
-rw-r--r--Zotlabs/Module/Pubstream.php20
-rw-r--r--Zotlabs/Widget/Pinned.php58
6 files changed, 75 insertions, 88 deletions
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index e6caa9906..5ffb1346c 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -1,6 +1,8 @@
<?php
namespace Zotlabs\Module;
+use App;
+
require_once("include/bbcode.php");
require_once('include/security.php');
require_once('include/conversation.php');
@@ -34,11 +36,12 @@ class Display extends \Zotlabs\Web\Controller {
}
}
- if($_REQUEST['mid'])
- $item_hash = $_REQUEST['mid'];
+ if($_REQUEST['mid']) {
+ $item_hash = unpack_link_id($_REQUEST['mid']);
+ }
- if(! $item_hash) {
- \App::$error = 404;
+ if(!$item_hash) {
+ App::$error = 404;
notice( t('Item not found.') . EOL);
return;
}
@@ -47,7 +50,7 @@ class Display extends \Zotlabs\Web\Controller {
if(local_channel() && (! $update)) {
- $channel = \App::get_channel();
+ $channel = App::get_channel();
$channel_acl = array(
'allow_cid' => $channel['channel_allow_cid'],
@@ -92,10 +95,10 @@ class Display extends \Zotlabs\Web\Controller {
$target_item = null;
- if(strpos($item_hash,'b64.') === 0)
- $decoded = @base64url_decode(substr($item_hash,4));
- if($decoded)
- $item_hash = $decoded;
+ if ($item_hash === false) {
+ notice(t('Malformed message id.') . EOL);
+ return;
+ }
$r = q("select id, uid, mid, parent, parent_mid, thr_parent, verb, item_type, item_deleted, author_xchan, item_blocked from item where mid = '%s' limit 1",
dbesc($item_hash)
@@ -110,7 +113,7 @@ class Display extends \Zotlabs\Web\Controller {
);
if($x) {
// not yet ready for prime time
-// \App::$poi = $x[0];
+// App::$poi = $x[0];
}
//if the item is to be moderated redirect to /moderate
@@ -189,17 +192,15 @@ class Display extends \Zotlabs\Web\Controller {
// if the target item is not a post (eg a like) we want to address its thread parent
//$mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']);
- $mid = $target_item['mid'];
// if we got a decoded hash we must encode it again before handing to javascript
- if($decoded)
- $mid = 'b64.' . base64url_encode($mid);
+ $mid = gen_link_id($target_item['mid']);
$o .= '<div id="live-display"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1))
- . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n";
+ . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; </script>\r\n";
- \App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
+ App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
'$baseurl' => z_root(),
'$pgtype' => 'display',
'$uid' => '0',
@@ -215,7 +216,7 @@ class Display extends \Zotlabs\Web\Controller {
'$dm' => '0',
'$nouveau' => '0',
'$wall' => '0',
- '$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
+ '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
'$search' => '',
'$xchan' => '',
@@ -233,7 +234,7 @@ class Display extends \Zotlabs\Web\Controller {
head_add_link([
'rel' => 'alternate',
'type' => 'application/json+oembed',
- 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+ 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string),
'title' => 'oembed'
]);
@@ -355,7 +356,7 @@ class Display extends \Zotlabs\Web\Controller {
}
$o .= '</noscript>';
- \App::$page['title'] = (($items[0]['title']) ? $items[0]['title'] . " - " . \App::$page['title'] : \App::$page['title']);
+ App::$page['title'] = (($items[0]['title']) ? $items[0]['title'] . " - " . App::$page['title'] : App::$page['title']);
$o .= conversation($items, 'display', $update, 'client');
}
@@ -368,7 +369,7 @@ class Display extends \Zotlabs\Web\Controller {
'$version' => xmlify(\Zotlabs\Lib\System::get_project_version()),
'$generator' => xmlify(\Zotlabs\Lib\System::get_platform_name()),
'$generator_uri' => 'https://hubzilla.org',
- '$feed_id' => xmlify(\App::$cmd),
+ '$feed_id' => xmlify(App::$cmd),
'$feed_title' => xmlify(t('Article')),
'$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)),
'$author' => '',
diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php
index 8906a4f81..42f337b76 100644
--- a/Zotlabs/Module/Dreport.php
+++ b/Zotlabs/Module/Dreport.php
@@ -12,24 +12,12 @@ class Dreport extends \Zotlabs\Web\Controller {
}
$table = 'item';
-
$channel = \App::get_channel();
+ $mid = ((argc() > 1) ? unpack_link_id(argv(1)) : '');
- $mid = ((argc() > 1) ? argv(1) : '');
- $encoded_mid = '';
-
- if(strpos($mid,'b64.') === 0) {
- $encoded_mid = $mid;
- $mid = @base64url_decode(substr($mid,4));
- }
if($mid === 'push') {
$table = 'push';
- $mid = ((argc() > 2) ? argv(2) : '');
-
- if(strpos($mid,'b64.') === 0) {
- $encoded_mid = $mid;
- $mid = @base64url_decode(substr($mid,4));
- }
+ $mid = ((argc() > 2) ? unpack_link_id(argv(2)) : '');
if($mid) {
$i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
@@ -43,7 +31,7 @@ class Dreport extends \Zotlabs\Web\Controller {
}
}
sleep(3);
- goaway(z_root() . '/dreport/' . (($encoded_mid) ? $encoded_mid : $mid));
+ goaway(z_root() . '/dreport/' . gen_link_id($mid));
}
if(! $mid) {
diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php
index 8c126d154..4e9e75357 100644
--- a/Zotlabs/Module/Hq.php
+++ b/Zotlabs/Module/Hq.php
@@ -31,7 +31,12 @@ class Hq extends \Zotlabs\Web\Controller {
}
if(isset($_REQUEST['mid'])) {
- $item_hash = $_REQUEST['mid'];
+ $item_hash = unpack_link_id($_REQUEST['mid']);
+ }
+
+ if($item_hash === false) {
+ notice(t('Malformed message id.') . EOL);
+ return;
}
$item_normal = item_normal();
@@ -45,18 +50,12 @@ class Hq extends \Zotlabs\Web\Controller {
intval(local_channel())
);
if($r[0]['mid']) {
- $item_hash = 'b64.' . base64url_encode($r[0]['mid']);
+ $item_hash = $r[0]['mid'];
}
}
if($item_hash) {
- if(strpos($item_hash,'b64.') === 0)
- $decoded = @base64url_decode(substr($item_hash,4));
-
- if($decoded)
- $item_hash = $decoded;
-
$target_item = null;
$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid = '%s' limit 1",
@@ -124,10 +123,10 @@ class Hq extends \Zotlabs\Web\Controller {
if($target_item) {
// if the target item is not a post (eg a like) we want to address its thread parent
//$mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']);
- $mid = $target_item['mid'];
+
// if we got a decoded hash we must encode it again before handing to javascript
- if($decoded)
- $mid = 'b64.' . base64url_encode($mid);
+ $mid = gen_link_id($target_item['mid']);
+
}
else {
$mid = '';
diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php
index 346bef519..8e048a487 100644
--- a/Zotlabs/Module/Oep.php
+++ b/Zotlabs/Module/Oep.php
@@ -77,8 +77,11 @@ class Oep extends \Zotlabs\Web\Controller {
$res = $matches[2];
}
- if(strpos($res,'b64.') === 0) {
- $res = base64url_decode(substr($res,4));
+ $res = unpack_link_id($res);
+
+ if ($res === false) {
+ notice(t('Malformed message id.') . EOL);
+ return;
}
$item_normal = item_normal();
diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php
index 32023d6cc..e1a95be67 100644
--- a/Zotlabs/Module/Pubstream.php
+++ b/Zotlabs/Module/Pubstream.php
@@ -42,19 +42,16 @@ class Pubstream extends \Zotlabs\Web\Controller {
$site_firehose = false;
}
- $mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : '');
- $hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
-
-
- if(strpos($mid,'b64.') === 0)
- $decoded = @base64url_decode(substr($mid,4));
- if($decoded)
- $mid = $decoded;
+ $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : '');
+ if ($mid === false) {
+ notice(t('Malformed message id.') . EOL);
+ return;
+ }
+ $hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
$item_normal = item_normal();
$item_normal_update = item_normal_update();
-
- $net = ((array_key_exists('net',$_REQUEST)) ? escape_tags($_REQUEST['net']) : '');
+ $net = ((array_key_exists('net',$_REQUEST)) ? escape_tags($_REQUEST['net']) : '');
$title = replace_macros(get_markup_template("section_title.tpl"),array(
'$title' => (($hashtags) ? '#' . htmlspecialchars($hashtags, ENT_COMPAT,'UTF-8') : '')
@@ -115,8 +112,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
. "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
//if we got a decoded hash we must encode it again before handing to javascript
- if($decoded)
- $mid = 'b64.' . base64url_encode($mid);
+ $mid = gen_link_id($mid);
\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
'$baseurl' => z_root(),
diff --git a/Zotlabs/Widget/Pinned.php b/Zotlabs/Widget/Pinned.php
index cad139a91..66d06bbd3 100644
--- a/Zotlabs/Widget/Pinned.php
+++ b/Zotlabs/Widget/Pinned.php
@@ -40,15 +40,15 @@ class Pinned {
$observer = \App::get_observer();
foreach($items as $item) {
-
- $midb64 = 'b64.' . base64url_encode($item['mid']);
-
+
+ $midb64 = gen_link_id($item['mid']);
+
if(isset($observer['xchan_hash']) && in_array($observer['xchan_hash'], get_pconfig($item['uid'], 'pinned_hide', $midb64, [])))
continue;
-
+
$author = channelx_by_hash($item['author_xchan']);
$owner = channelx_by_hash($item['owner_xchan']);
-
+
$profile_avatar = $author['xchan_photo_m'];
$profile_link = chanlink_hash($item['author_xchan']);
$profile_name = $author['xchan_name'];
@@ -71,7 +71,7 @@ class Pinned {
$isevent = true;
}
}
-
+
$consensus = (intval($item['item_consensus']) ? true : false);
if($consensus) {
$conv_responses['agree'] = [ 'title' => t('Agree','title') ];
@@ -87,7 +87,7 @@ class Pinned {
$verified = (intval($item['item_verified']) ? t('Message signature validated') : '');
$forged = ((! intval($item['item_verified']) && $item['sig']) ? t('Message signature incorrect') : '');
-
+
$shareable = ((local_channel() && \App::$profile_uid == local_channel() && $item['item_private'] != 1) ? true : false);
if ($shareable) {
// This actually turns out not to be possible in some protocol stacks without opening up hundreds of new issues.
@@ -102,9 +102,9 @@ class Pinned {
$is_new = boolval(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0);
$body = prepare_body($item,true);
-
+
$str = [
- 'item_type' => intval($item['item_type']),
+ 'item_type' => intval($item['item_type']),
'body' => $body['html'],
'tags' => $body['tags'],
'categories' => $body['categories'],
@@ -115,7 +115,7 @@ class Pinned {
'id' => $item['id'],
'mids' => json_encode([ $midb64 ]),
'isevent' => $isevent,
- 'attend' => $attend,
+ 'attend' => $attend,
'consensus' => $consensus,
'conlabels' => ($canvote ? $conlabels : []),
'canvote' => $canvote,
@@ -158,55 +158,55 @@ class Pinned {
'modal_dismiss' => t('Close'),
'responses' => $conv_responses
];
-
- $tpl = get_markup_template('pinned_item.tpl');
+
+ $tpl = get_markup_template('pinned_item.tpl');
$ret['html'] .= replace_macros($tpl, $str);
}
return $ret;
}
-
+
/*
* @brief List pinned items depend on type
*
* @param $types
* @return array of pinned items
*
- */
+ */
private function list($types) {
if(empty($types) || (! is_array($types)))
return [];
-
+
$item_types = array_intersect($this->allowed_types, $types);
if(empty($item_types))
return [];
-
+
$mids_list = [];
-
+
foreach($item_types as $type) {
-
+
$mids = get_pconfig($this->uid, 'pinned', $type, []);
foreach($mids as $mid) {
- if(! empty($mid) && strpos($mid,'b64.') === 0)
- $mids_list[] = @base64url_decode(substr($mid,4));
+ if(!empty($mid))
+ $mids_list[] = unpack_link_id($mid);
}
}
if(empty($mids_list))
return [];
-
+
$r = q("SELECT * FROM item WHERE mid IN ( '%s' ) AND uid = %d AND id = parent AND item_private = 0 ORDER BY created DESC",
dbesc(implode(",", $mids_list)),
intval($this->uid)
);
if($r)
return $r;
-
+
return [];
}
-
+
/*
* @brief List activities on item
*
@@ -214,7 +214,7 @@ class Pinned {
* @param array $conv_responses
* @return array
*
- */
+ */
private function activity($item, &$conv_responses) {
foreach(array_keys($conv_responses) as $verb) {
@@ -256,23 +256,23 @@ class Pinned {
unset($conv_responses[$verb]);
continue;
}
-
+
$conv_responses[$verb]['count'] = count($r);
$conv_responses[$verb]['button'] = get_response_button_text($verb, $conv_responses[$verb]['count']);
-
+
foreach($r as $rr) {
-
+
$author = q("SELECT * FROM xchan WHERE xchan_hash = '%s' LIMIT 1",
dbesc($rr['author_xchan'])
);
$name = (($author && $author[0]['xchan_name']) ? $author[0]['xchan_name'] : t('Unknown'));
$conv_responses[$verb]['list'][] = (($rr['author_xchan'] && $author && $author[0]['xchan_photo_s']) ?
- '<a class="dropdown-item" href="' . chanlink_hash($rr['author_xchan']) . '">' . '<img class="menu-img-1" src="' . zid($author[0]['xchan_photo_s']) . '" alt="' . urlencode($name) . '" /> ' . $name . '</a>' :
+ '<a class="dropdown-item" href="' . chanlink_hash($rr['author_xchan']) . '">' . '<img class="menu-img-1" src="' . zid($author[0]['xchan_photo_s']) . '" alt="' . urlencode($name) . '" /> ' . $name . '</a>' :
'<a class="dropdown-item" href="#" class="disabled">' . $name . '</a>'
);
}
}
-
+
$conv_responses['count'] = count($conv_responses);
}
}