aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-01-25 20:27:50 +0000
committerMario <mario@mariovavti.com>2021-01-25 20:27:50 +0000
commit0e9d99c603d84b76c4774aa39dc782992bd91cdc (patch)
tree36e20b9a53119b19d1ba8782a1838194d546d768 /Zotlabs
parent77793e17c04b1f67c10a83e7877c36a8b11ddbaa (diff)
downloadvolse-hubzilla-0e9d99c603d84b76c4774aa39dc782992bd91cdc.tar.gz
volse-hubzilla-0e9d99c603d84b76c4774aa39dc782992bd91cdc.tar.bz2
volse-hubzilla-0e9d99c603d84b76c4774aa39dc782992bd91cdc.zip
expose manual public item import from searchbar, set commen_policy in Activity::store() to what we get if we get something otherwise default to authenticated, comments by the owner have the relay flag set and therefor $perm will be not be set to post_comments - always check if we own the parent in lib/libzot (not only if $perm = send_stream) if otherwise not allowed
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Lib/Activity.php24
-rw-r--r--Zotlabs/Lib/Libzot.php15
-rw-r--r--Zotlabs/Module/Network.php2
-rw-r--r--Zotlabs/Module/Search.php285
4 files changed, 178 insertions, 148 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 46ce075fd..3afc70b28 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -2488,7 +2488,6 @@ class Activity {
}
static function store($channel, $observer_hash, $act, $item, $fetch_parents = true, $force = false) {
-
$is_sys_channel = is_sys_channel($channel['channel_id']);
$is_child_node = false;
@@ -2523,6 +2522,7 @@ class Activity {
// $permit_mentions = intval(PConfig::Get($channel['channel_id'], 'system','permit_all_mentions') && i_am_mentioned($channel,$item));
if ($is_child_node) {
+
$p = q("select * from item where mid = '%s' and uid = %d and item_wall = 1",
dbesc($item['parent_mid']),
intval($channel['channel_id'])
@@ -2560,6 +2560,7 @@ class Activity {
}*/
}
else {
+
$allowed = true;
// reject public stream comments that weren't sent by the conversation owner
if ($is_sys_channel && $pubstream && $item['owner_xchan'] !== $observer_hash) {
@@ -2575,6 +2576,7 @@ class Activity {
}
}
else {
+
// The $item['item_fetched'] flag is set in fetch_and_store_parents().
// In this case we should check against author permissions because sender is not owner.
if (perm_is_allowed($channel['channel_id'], (($item['item_fetched']) ? $item['author_xchan'] : $observer_hash), 'send_stream') || ($is_sys_channel && $pubstream)) {
@@ -2694,7 +2696,7 @@ class Activity {
}
// This isn't perfect but the best we can do for now.
- $item['comment_policy'] = 'authenticated';
+ $item['comment_policy'] = ((isset($act->data['commentPolicy'])) ? $act->data['commentPolicy'] : 'authenticated');
set_iconfig($item, 'activitypub', 'recips', $act->raw_recips);
@@ -2777,9 +2779,9 @@ class Activity {
else {
$fetch = false;
// TODO: debug
- // if (perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && (PConfig::Get($channel['channel_id'],'system','hyperdrive',true)*/ || $act->type === 'Announce')) {
+ // if (perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && (PConfig::Get($channel['channel_id'],'system','hyperdrive',true) || $act->type === 'Announce')) {
if (perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') || ($is_sys_channel && $pubstream)) {
- $fetch = (($fetch_parents) ? self::fetch_and_store_parents($channel, $observer_hash, $item) : false);
+ $fetch = (($fetch_parents) ? self::fetch_and_store_parents($channel, $observer_hash, $item, $force) : false);
}
if ($fetch) {
$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
@@ -2901,7 +2903,7 @@ class Activity {
}
- static public function fetch_and_store_parents($channel, $observer_hash, $item) {
+ static public function fetch_and_store_parents($channel, $observer_hash, $item, $force = false) {
logger('fetching parents');
$p = [];
@@ -2909,18 +2911,19 @@ class Activity {
$current_item = $item;
while ($current_item['parent_mid'] !== $current_item['mid']) {
- $n = self::fetch($current_item['parent_mid']);
+ $n = self::fetch($current_item['parent_mid'], $channel);
+
if (!$n) {
break;
}
- // set client flag to convert objects to implied activities
- $a = new ActivityStreams($n, null, true);
+
+ $a = new ActivityStreams($n);
if ($a->type === 'Announce' && is_array($a->obj)
&& array_key_exists('object', $a->obj) && array_key_exists('actor', $a->obj)) {
// This is a relayed/forwarded Activity (as opposed to a shared/boosted object)
// Reparse the encapsulated Activity and use that instead
logger('relayed activity', LOGGER_DEBUG);
- $a = new ActivityStreams($a->obj, null, true);
+ $a = new ActivityStreams($a->obj);
}
logger($a->debug(), LOGGER_DATA);
@@ -2933,7 +2936,6 @@ class Activity {
Activity::actor_store($a->actor['id'], $a->actor);
}
- // ActivityPub sourced items are cacheable
$item = Activity::decode_note($a);
if (!$item) {
@@ -2975,7 +2977,7 @@ class Activity {
if ($p) {
foreach ($p as $pv) {
if ($pv[0]->is_valid()) {
- Activity::store($channel, $observer_hash, $pv[0], $pv[1], false);
+ Activity::store($channel, $observer_hash, $pv[0], $pv[1], false, $force);
}
}
return true;
diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php
index ee1f54ec8..13a75bb6c 100644
--- a/Zotlabs/Lib/Libzot.php
+++ b/Zotlabs/Lib/Libzot.php
@@ -1235,8 +1235,14 @@ class Libzot {
if (is_array($AS->obj) && array_key_exists('commentPolicy', $AS->obj)) {
$p = strstr($AS->obj['commentPolicy'], 'until=');
if ($p !== false) {
- $arr['comments_closed'] = datetime_convert('UTC', 'UTC', substr($p, 6));
- $arr['comment_policy'] = trim(str_replace($p, '', $AS->obj['commentPolicy']));
+ $comments_closed_at = datetime_convert('UTC', 'UTC', substr($p, 6));
+ if ($comments_closed_at === $arr['created']) {
+ $arr['item_nocomment'] = 1;
+ }
+ else {
+ $arr['comments_closed'] = $comments_closed_at;
+ $arr['comment_policy'] = trim(str_replace($p, '', $AS->obj['commentPolicy']));
+ }
}
else {
$arr['comment_policy'] = $AS->obj['commentPolicy'];
@@ -1545,8 +1551,7 @@ class Libzot {
}
$tag_delivery = tgroup_check($channel['channel_id'], $arr);
-
- $perm = 'send_stream';
+ $perm = 'send_stream';
if (($arr['mid'] !== $arr['parent_mid']) && ($relay))
$perm = 'post_comments';
@@ -1563,7 +1568,7 @@ class Libzot {
if ((!$tag_delivery) && (!$local_public)) {
$allowed = (perm_is_allowed($channel['channel_id'], $sender, $perm));
- if ((!$allowed) && $perm === 'post_comments') {
+ if (!$allowed) {
$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
dbesc($arr['parent_mid']),
intval($channel['channel_id'])
diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php
index e9edd8de3..84c2463d6 100644
--- a/Zotlabs/Module/Network.php
+++ b/Zotlabs/Module/Network.php
@@ -20,7 +20,7 @@ class Network extends \Zotlabs\Web\Controller {
return;
}
- if(in_array(substr($_GET['search'],0,1),[ '@', '!', '?']))
+ if(in_array(substr($_GET['search'],0,1),[ '@', '!', '?']) || strpos($_GET['search'], 'https://') === 0)
goaway('search' . '?f=&search=' . $_GET['search']);
if(count($_GET) < 2) {
diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php
index c22bf2836..95510c349 100644
--- a/Zotlabs/Module/Search.php
+++ b/Zotlabs/Module/Search.php
@@ -1,85 +1,110 @@
<?php
+
namespace Zotlabs\Module;
+use App;
+use Zotlabs\Lib\Activity;
+use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Web\Controller;
-class Search extends \Zotlabs\Web\Controller {
+class Search extends Controller {
function init() {
- if(x($_REQUEST,'search'))
- \App::$data['search'] = escape_tags($_REQUEST['search']);
+ if (x($_REQUEST, 'search'))
+ App::$data['search'] = escape_tags($_REQUEST['search']);
}
-
-
+
+
function get($update = 0, $load = false) {
-
- if((get_config('system','block_public')) || (get_config('system','block_public_search'))) {
- if ((! local_channel()) && (! remote_channel())) {
- notice( t('Public access denied.') . EOL);
+
+ if ((get_config('system', 'block_public')) || (get_config('system', 'block_public_search'))) {
+ if ((!local_channel()) && (!remote_channel())) {
+ notice(t('Public access denied.') . EOL);
return;
}
}
-
+
nav_set_selected('Search');
-
+
require_once("include/bbcode.php");
require_once('include/security.php');
require_once('include/conversation.php');
require_once('include/items.php');
-
+
$format = (($_REQUEST['format']) ? $_REQUEST['format'] : '');
- if($format !== '') {
+ if ($format !== '') {
$update = $load = 1;
}
-
- $observer = \App::get_observer();
+
+ $observer = App::get_observer();
$observer_hash = (($observer) ? $observer['xchan_hash'] : '');
-
+
$o = '<div id="live-search"></div>' . "\r\n";
$o .= '<div class="generic-content-wrapper-styled">' . "\r\n";
-
+
$o .= '<h3>' . t('Search') . '</h3>';
-
- if(x(\App::$data,'search'))
- $search = trim(\App::$data['search']);
+
+ if (x(App::$data, 'search'))
+ $search = trim(App::$data['search']);
else
- $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : '');
-
+ $search = ((x($_GET, 'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : '');
+
$tag = false;
- if(x($_GET,'tag')) {
- $tag = true;
- $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : '');
+ if (x($_GET, 'tag')) {
+ $tag = true;
+ $search = ((x($_GET, 'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : '');
}
- $o .= search($search,'search-box','/search',((local_channel()) ? true : false));
-
- if(strpos($search,'#') === 0) {
- $tag = true;
- $search = substr($search,1);
+ $o .= search($search, 'search-box', '/search', ((local_channel()) ? true : false));
+
+ if (local_channel() && strpos($search, 'https://') === 0) {
+ $j = Activity::fetch($search, App::get_channel());
+ if ($j) {
+ $AS = new ActivityStreams($j);
+
+ if ($AS->is_valid()) {
+ // check if is_an_actor, otherwise import activity
+ if (is_array($AS->obj) && !ActivityStreams::is_an_actor($AS->obj)) {
+ // The boolean flag enables html cache of the item
+ $item = Activity::decode_note($AS);
+ if ($item) {
+ logger('parsed_item: ' . print_r($item, true), LOGGER_DATA);
+ Activity::store(App::get_channel(), $observer_hash, $AS, $item, true, true);
+ goaway(z_root() . '/display/' . gen_link_id($item['mid']));
+ }
+ }
+ }
+ }
}
- if(strpos($search,'@') === 0) {
- $search = substr($search,1);
+
+ if (strpos($search, '#') === 0) {
+ $tag = true;
+ $search = substr($search, 1);
+ }
+ if (strpos($search, '@') === 0) {
+ $search = substr($search, 1);
goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search);
}
- if(strpos($search,'!') === 0) {
- $search = substr($search,1);
+ if (strpos($search, '!') === 0) {
+ $search = substr($search, 1);
goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search);
}
- if(strpos($search,'?') === 0) {
- $search = substr($search,1);
+ if (strpos($search, '?') === 0) {
+ $search = substr($search, 1);
goaway(z_root() . '/help' . '?f=1&navsearch=1&search=' . $search);
}
-
+
// look for a naked webbie
- if(strpos($search,'@') !== false) {
+ if (strpos($search, '@') !== false) {
goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search);
}
-
- if(! $search)
+
+ if (!$search)
return $o;
-
- if($tag) {
- $wildtag = str_replace('*','%',$search);
+
+ if ($tag) {
+ $wildtag = str_replace('*', '%', $search);
$sql_extra = sprintf(" AND item.id IN (select oid from term where otype = %d and ttype in ( %d , %d) and term like '%s') ",
intval(TERM_OBJ_POST),
intval(TERM_HASHTAG),
@@ -88,80 +113,80 @@ class Search extends \Zotlabs\Web\Controller {
);
}
else {
- $regstr = db_getfunc('REGEXP');
+ $regstr = db_getfunc('REGEXP');
$sql_extra = sprintf(" AND (item.title $regstr '%s' OR item.body $regstr '%s') ", dbesc(protect_sprintf(preg_quote($search))), dbesc(protect_sprintf(preg_quote($search))));
}
-
+
// Here is the way permissions work in the search module...
// Only public posts can be shown
// OR your own posts if you are a logged in member
// No items will be shown if the member has a blocked profile wall.
-
- if((! $update) && (! $load)) {
-
+
+ if ((!$update) && (!$load)) {
+
// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
// because browser prefetching might change it on us. We have to deliver it with the page.
-
+
$o .= '<div id="live-search"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1))
- . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n";
-
- \App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
+ . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; </script>\r\n";
+
+ App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), [
'$baseurl' => z_root(),
- '$pgtype' => 'search',
- '$uid' => ((\App::$profile['profile_uid']) ? \App::$profile['profile_uid'] : '0'),
- '$gid' => '0',
- '$cid' => '0',
- '$cmin' => '(-1)',
- '$cmax' => '(-1)',
- '$star' => '0',
- '$liked' => '0',
- '$conv' => '0',
- '$spam' => '0',
- '$fh' => '0',
- '$dm' => '0',
+ '$pgtype' => 'search',
+ '$uid' => ((App::$profile['profile_uid']) ? App::$profile['profile_uid'] : '0'),
+ '$gid' => '0',
+ '$cid' => '0',
+ '$cmin' => '(-1)',
+ '$cmax' => '(-1)',
+ '$star' => '0',
+ '$liked' => '0',
+ '$conv' => '0',
+ '$spam' => '0',
+ '$fh' => '0',
+ '$dm' => '0',
'$nouveau' => '0',
- '$wall' => '0',
- '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
- '$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
- '$search' => (($tag) ? urlencode('#') : '') . $search,
- '$xchan' => '',
- '$order' => '',
- '$file' => '',
- '$cats' => '',
- '$tags' => '',
- '$mid' => '',
- '$verb' => '',
- '$net' => '',
- '$dend' => '',
- '$dbegin' => ''
- ));
-
-
- }
-
+ '$wall' => '0',
+ '$list' => ((x($_REQUEST, 'list')) ? intval($_REQUEST['list']) : 0),
+ '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
+ '$search' => (($tag) ? urlencode('#') : '') . $search,
+ '$xchan' => '',
+ '$order' => '',
+ '$file' => '',
+ '$cats' => '',
+ '$tags' => '',
+ '$mid' => '',
+ '$verb' => '',
+ '$net' => '',
+ '$dend' => '',
+ '$dbegin' => ''
+ ]);
+
+
+ }
+
$item_normal = item_normal_search();
- $pub_sql = public_permissions_sql($observer_hash);
-
+ $pub_sql = public_permissions_sql($observer_hash);
+
require_once('include/channel.php');
-
+
$sys = get_sys_channel();
-
- if(($update) && ($load)) {
- $itemspage = get_pconfig(local_channel(),'system','itemspage');
- \App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10));
- $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
-
+
+ if (($update) && ($load)) {
+ $itemspage = get_pconfig(local_channel(), 'system', 'itemspage');
+ App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10));
+ $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
+
// in case somebody turned off public access to sys channel content with permissions
-
- if(! perm_is_allowed($sys['channel_id'],$observer_hash,'view_stream'))
+
+ if (!perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream'))
$sys['xchan_hash'] .= 'disabled';
-
- if($load) {
+
+ if ($load) {
$r = null;
-
- if(local_channel()) {
+
+ if (local_channel()) {
$r = q("SELECT mid, MAX(id) as item_id from item
WHERE ((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 )
OR ( item.uid = %d )) OR item.owner_xchan = '%s' )
@@ -172,11 +197,11 @@ class Search extends \Zotlabs\Web\Controller {
dbesc($sys['xchan_hash'])
);
}
- if($r === null) {
+ if ($r === null) {
$r = q("SELECT mid, MAX(id) as item_id from item
WHERE (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
- and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+ and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK | PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
$pub_sql ) OR owner_xchan = '%s')
$item_normal
$sql_extra
@@ -184,51 +209,49 @@ class Search extends \Zotlabs\Web\Controller {
dbesc($sys['xchan_hash'])
);
}
- if($r) {
- $str = ids_to_querystr($r,'item_id');
- $r = q("select *, id as item_id from item where id in ( " . $str . ") order by created desc ");
+ if ($r) {
+ $str = ids_to_querystr($r, 'item_id');
+ $r = q("select *, id as item_id from item where id in ( " . $str . ") order by created desc ");
}
}
else {
- $r = array();
+ $r = [];
}
-
-
}
-
- if($r) {
+
+ if ($r) {
xchan_query($r);
- $items = fetch_post_tags($r,true);
- } else {
- $items = array();
- }
-
-
- if($format == 'json') {
- $result = array();
+ $items = fetch_post_tags($r, true);
+ }
+ else {
+ $items = [];
+ }
+
+ if ($format == 'json') {
+ $result = [];
require_once('include/conversation.php');
- foreach($items as $item) {
+ foreach ($items as $item) {
$item['html'] = zidify_links(bbcode($item['body']));
- $x = encode_item($item);
- $x['html'] = prepare_text($item['body'],$item['mimetype']);
- $result[] = $x;
+ $x = encode_item($item);
+ $x['html'] = prepare_text($item['body'], $item['mimetype']);
+ $result[] = $x;
}
- json_return_and_die(array('success' => true,'messages' => $result));
+ json_return_and_die(['success' => true, 'messages' => $result]);
}
-
- if($tag)
- $o .= '<h2>' . sprintf( t('Items tagged with: %s'),$search) . '</h2>';
+
+ if ($tag)
+ $o .= '<h2>' . sprintf(t('Items tagged with: %s'), $search) . '</h2>';
else
- $o .= '<h2>' . sprintf( t('Search results for: %s'),$search) . '</h2>';
-
- $o .= conversation($items,'search',$update,'client');
-
+ $o .= '<h2>' . sprintf(t('Search results for: %s'), $search) . '</h2>';
+
+ $o .= conversation($items, 'search', $update, 'client');
+
$o .= '</div>';
-
+
return $o;
}
-
-
+
+
}