Merge branch 'dev' into containers

3 files changed, 49 insertions, 8 deletions

diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index c95552562..b7f40f632 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -504,15 +504,21 @@ class Activity {
 		$ret['diaspora:guid'] = $i['uuid'];
 
 		$images = [];
+		$audios = [];
+		$videos = [];
+
 		$has_images = preg_match_all('/\[[zi]mg(.*?)](.*?)\[/ism', $i['body'], $images, PREG_SET_ORDER);
+		$has_audios = preg_match_all('/\[zaudio](.*?)\[/ism', $i['body'], $audios, PREG_SET_ORDER);
+		$has_videos = preg_match_all('/\[zvideo](.*?)\[/ism', $i['body'], $videos, PREG_SET_ORDER);
 
 		// provide ocap access token for private media.
 		// set this for descendants even if the current item is not private
 		// because it may have been relayed from a private item.
 
 		$token = IConfig::Get($i, 'ocap', 'relay');
+		$matches_processed = [];
+
 		if ($token && $has_images) {
-			$matches_processed = [];
 			for ($n = 0; $n < count($images); $n++) {
 				$match = $images[$n];
 				if (str_starts_with($match[1], '=http') && str_contains($match[1], z_root() . '/photo/') && !in_array($match[1], $matches_processed)) {
@@ -527,6 +533,28 @@ class Activity {
 			}
 		}
 
+		if ($token && $has_audios) {
+			for ($n = 0; $n < count($audios); $n++) {
+				$match = $audios[$n];
+				if (str_contains($match[1], z_root() . '/attach/') && !in_array($match[1], $matches_processed)) {
+					$i['body'] = str_replace($match[1], $match[1] . '?token=' . $token, $i['body']);
+					$audios[$n][1] = $match[1] . '?token=' . $token;
+					$matches_processed[] = $match[1];
+				}
+			}
+		}
+
+		if ($token && $has_videos) {
+			for ($n = 0; $n < count($videos); $n++) {
+				$match = $videos[$n];
+				if (str_contains($match[1], z_root() . '/attach/') && !in_array($match[1], $matches_processed)) {
+					$i['body'] = str_replace($match[1], $match[1] . '?token=' . $token, $i['body']);
+					$videos[$n][1] = $match[1] . '?token=' . $token;
+					$matches_processed[] = $match[1];
+				}
+			}
+		}
+
 		if ($i['title'])
 			$ret['name'] = unescape_tags($i['title']);
 
@@ -733,6 +761,8 @@ class Activity {
 
 		$ret = [];
 
+		$token = IConfig::Get($item, 'ocap', 'relay');
+
 		if (!$iconfig && array_key_exists('attach', $item)) {
 			$atts = ((is_array($item['attach'])) ? $item['attach'] : json_decode($item['attach'], true));
 			if ($atts) {
@@ -741,11 +771,17 @@ class Activity {
 						continue;
 					}
 
-					if (isset($att['type']) && strpos($att['type'], 'image')) {
-						$ret[] = ['type' => 'Image', 'mediaType' => $att['type'], 'name' => $att['title'], 'url' => $att['href']];
+					if (str_starts_with($att['type'], 'image')) {
+						$ret[] = ['type' => 'Image', 'mediaType' => $att['type'], 'name' => $att['title'], 'url' => $att['href'] . (($token) ? '?token=' . $token : '')];
+					}
+					elseif (str_starts_with($att['type'], 'audio')) {
+						$ret[] = ['type' => 'Audio', 'mediaType' => $att['type'], 'name' => $att['title'], 'url' => $att['href'] . (($token) ? '?token=' . $token : '')];
+					}
+					elseif (str_starts_with($att['type'], 'video')) {
+						$ret[] = ['type' => 'Video', 'mediaType' => $att['type'], 'name' => $att['title'], 'url' => $att['href'] . (($token) ? '?token=' . $token : '')];
 					}
 					else {
-						$ret[] = ['type' => 'Link', 'mediaType' => $att['type'], 'name' => $att['title'], 'href' => $att['href']];
+						$ret[] = ['type' => 'Link', 'mediaType' => $att['type'], 'name' => $att['title'], 'href' => $att['href'] . (($token) ? '?token=' . $token : '')];
 					}
 				}
 			}
diff --git a/Zotlabs/Module/Admin/Account_edit.php b/Zotlabs/Module/Admin/Account_edit.php
index 0300fb10c..35a15133f 100644
--- a/Zotlabs/Module/Admin/Account_edit.php
+++ b/Zotlabs/Module/Admin/Account_edit.php
@@ -8,6 +8,11 @@ class Account_edit {
 
 	function post() {
 
+		// Validate CSRF token
+		//
+		// We terminate with a 403 Forbidden status if the check fails.
+		check_form_security_token_ForbiddenOnErr('admin_account_edit', 'security');
+
 		$account_id = $_REQUEST['aid'];
 
 		if(! $account_id)
@@ -18,7 +23,7 @@ class Account_edit {
 		if($pass1 && $pass2 && ($pass1 === $pass2)) {
 			$salt = random_string(32);
 			$password_encoded = hash('whirlpool', $salt . $pass1);
-			$r = q("update account set account_salt = '%s', account_password = '%s', 
+			$r = q("update account set account_salt = '%s', account_password = '%s',
 				account_password_changed = '%s' where account_id = %d",
 				dbesc($salt),
 				dbesc($password_encoded),
@@ -34,7 +39,7 @@ class Account_edit {
 		$account_level = 5;
 		$account_language = trim($_REQUEST['account_language']);
 
-		$r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s' 
+		$r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s'
 			where account_id = %d",
 			dbesc($service_class),
 			intval($account_level),
@@ -62,8 +67,8 @@ class Account_edit {
 			return '';
 		}
 
-
 		$a = replace_macros(get_markup_template('admin_account_edit.tpl'), [
+			'$security' => get_form_security_token('admin_account_edit'),
 			'$account' => $x[0],
 			'$title' => t('Account Edit'),
 			'$pass1' => [ 'pass1', t('New Password'), ' ','' ],
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 1dd3017aa..e67566db9 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -1086,7 +1086,7 @@ class Item extends Controller {
 			$obj['id']            = $mid;
 			$obj['diaspora:guid'] = $uuid;
 			$obj['attributedTo']  = channel_url($channel);
-			$obj['published']     = $created;
+			$obj['published']     = datetime_convert('UTC', 'UTC', $created, ATOM_TIME);
 			$obj['name']          = $title;
 
 			$datarray['obj']      = $obj;