Merge branch 'master' of https://github.com/friendica/friendica

Conflicts: include/config.php update.php
author: Alexander Kampmann <programmer@nurfuerspam.de> 2012-04-05 13:39:15 +0200
committer: Alexander Kampmann <programmer@nurfuerspam.de> 2012-04-05 13:39:15 +0200
commit: 355c42cb309eb1313097411067ca999b699aa620 (patch)
tree: d00d1af9dceecdf114cadff924c5ba4a864fbf43 /include/items.php
parent: cbf4544887c7f496f2b2312727fe7bcb64a6d6c8 (diff)
parent: 9b6e91086b29554fd04362f6c87ea148718e8b1c (diff)
download: volse-hubzilla-355c42cb309eb1313097411067ca999b699aa620.tar.gz
volse-hubzilla-355c42cb309eb1313097411067ca999b699aa620.tar.bz2
volse-hubzilla-355c42cb309eb1313097411067ca999b699aa620.zip
1 files changed, 51 insertions, 16 deletions
diff --git a/include/items.php b/include/items.php
index 5a297c83e..ee6960534 100755..100644
--- a/include/items.php
+++ b/include/items.php
@@ -7,14 +7,11 @@ require_once('include/crypto.php');
 
 function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
 
-	// default permissions - anonymous user
-
-	if(! strlen($owner_nick))
-		killme();
 
+	$sitefeed    = ((strlen($owner_nick)) ? false : true); // not yet implemented, need to rewrite huge chunks of following logic
 	$public_feed = (($dfrn_id) ? false : true);
-	$starred = false;
-	$converse = false;
+	$starred     = false;   // not yet implemented, possible security issues
+	$converse    = false;
 
 	if($public_feed && $a->argc > 2) {
 		for($x = 2; $x < $a->argc; $x++) {
@@ -25,6 +22,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
 		}
 	}
 
+	// default permissions - anonymous user
 
 	$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid`  = '' AND `deny_gid`  = '' ";
 
@@ -418,7 +416,7 @@ function get_atom_elements($feed,$item) {
 	// the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining 
 	// html.
 
-	if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) {
+	if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) {
 
 		$res['body'] = reltoabs($res['body'],$base_url);
 
@@ -431,14 +429,22 @@ function get_atom_elements($feed,$item) {
 
 		// we shouldn't need a whitelist, because the bbcode converter
 		// will strip out any unsupported tags.
-		// $config->set('HTML.Allowed', 'p,b,a[href],i'); 
 
 		$purifier = new HTMLPurifier($config);
 		$res['body'] = $purifier->purify($res['body']);
 
-		$res['body'] = html2bbcode($res['body']);
+		$res['body'] = @html2bbcode($res['body']);
+	}
+	elseif(! $have_real_body) {
+
+		// it's not one of our messages and it has no tags
+		// so it's probably just text. We'll escape it just to be safe.
+
+		$res['body'] = escape_tags($res['body']);
 	}
 
+	// this tag is obsolete but we keep it for really old sites
+
 	$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
 	if($allow && $allow[0]['data'] == 1)
 		$res['last-child'] = 1;
@@ -1092,12 +1098,23 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
 	$postvars     = array();
 	$sent_dfrn_id = hex2bin((string) $res->dfrn_id);
 	$challenge    = hex2bin((string) $res->challenge);
+	$perm         = (($res->perm) ? $res->perm : null);
 	$dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
 	$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
 	$page         = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
 
 	$final_dfrn_id = '';
 
+	if($perm) {
+		if((($perm == 'rw') && (! intval($contact['writable']))) 
+		|| (($perm == 'r') && (intval($contact['writable'])))) {
+			q("update contact set writable = %d where id = %d limit 1",
+				intval(($perm == 'rw') ? 1 : 0),
+				intval($contact['id'])
+			);
+			$contact['writable'] = (string) 1 - intval($contact['writable']);			
+		}
+	}
 
 	if(($contact['duplex'] && strlen($contact['pubkey'])) 
 		|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
@@ -1437,7 +1454,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
 			}
 			if($deleted && is_array($contact)) {
 				$r = q("SELECT `item`.*, `contact`.`self` FROM `item` left join `contact` on `item`.`contact-id` = `contact`.`id` 
-					WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d LIMIT 1",
+					WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1",
 					dbesc($uri),
 					intval($importer['uid']),
 					intval($contact['id'])
@@ -1582,9 +1599,10 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
 
 				if(count($r)) {
 					if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) {  
-						$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
+						$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
 							dbesc($datarray['title']),
 							dbesc($datarray['body']),
+							dbesc($datarray['tag']),
 							dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
 							dbesc($item_id),
 							intval($importer['uid'])
@@ -1727,9 +1745,10 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
 
 				if(count($r)) {
 					if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) {  
-						$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
+						$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
 							dbesc($datarray['title']),
 							dbesc($datarray['body']),
+							dbesc($datarray['tag']),
 							dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
 							dbesc($item_id),
 							intval($importer['uid'])
@@ -1800,7 +1819,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
 					// but otherwise there's a possible data mixup on the sender's system.
 					// the tgroup delivery code called from item_store will correct it if it's a forum,
 					// but we're going to unconditionally correct it here so that the post will always be owned by our contact. 
-					logger('local_delivery: Correcting item owner.', LOGGER_DEBUG);
+					logger('consume_feed: Correcting item owner.', LOGGER_DEBUG);
 					$datarray['owner-name']   = $contact['name'];
 					$datarray['owner-link']   = $contact['url'];
 					$datarray['owner-avatar'] = $contact['thumb'];
@@ -1896,6 +1915,14 @@ function local_delivery($importer,$data) {
 		);
 		if(count($r)) {
 			$fid = $r[0]['id'];
+
+			// OK, we do. Do we already have an introduction for this person ?
+			$r = q("select id from intro where uid = %d and fid = %d limit 1",
+				intval($fsugg['uid']),
+				intval($fid)
+			);
+			if(count($r))
+				return 0;
 		}
 		if(! $fid)
 			$r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo`,`request` ) VALUES ( '%s', '%s', '%s', '%s' ) ",
@@ -1916,6 +1943,7 @@ function local_delivery($importer,$data) {
 		else
 			return 0;
 
+
 		$hash = random_string();
  
 		$r = q("INSERT INTO `intro` ( `uid`, `fid`, `contact-id`, `note`, `hash`, `datetime`, `blocked` )
@@ -2036,7 +2064,7 @@ function local_delivery($importer,$data) {
 			if($deleted) {
 
 				$r = q("SELECT `item`.*, `contact`.`self` FROM `item` left join contact on `item`.`contact-id` = `contact`.`id`
-					WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d LIMIT 1",
+					WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1",
 					dbesc($uri),
 					intval($importer['importer_uid']),
 					intval($importer['id'])
@@ -2332,9 +2360,10 @@ function local_delivery($importer,$data) {
 
 				if(count($r)) {
 					if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) {  
-						$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
+						$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
 							dbesc($datarray['title']),
 							dbesc($datarray['body']),
+							dbesc($datarray['tag']),
 							dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
 							dbesc($item_id),
 							intval($importer['importer_uid'])
@@ -2497,9 +2526,10 @@ function local_delivery($importer,$data) {
 
 			if(count($r)) {
 				if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) {  
-					$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
+					$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
 						dbesc($datarray['title']),
 						dbesc($datarray['body']),
+						dbesc($datarray['tag']),
 						dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
 						dbesc($item_id),
 						intval($importer['importer_uid'])
@@ -2925,6 +2955,11 @@ function item_expire($uid,$days) {
 
 	foreach($r as $item) {
 
+		// don't expire filed items
+
+		if(strpos($item['file'],'[') !== false)
+			continue;
+
 		// Only expire posts, not photos and photo comments
 
 		if($expire_photos==0 && strlen($item['resource-id']))
author	Alexander Kampmann <programmer@nurfuerspam.de>	2012-04-05 13:39:15 +0200
committer	Alexander Kampmann <programmer@nurfuerspam.de>	2012-04-05 13:39:15 +0200
commit	355c42cb309eb1313097411067ca999b699aa620 (patch)
tree	d00d1af9dceecdf114cadff924c5ba4a864fbf43 /include/items.php
parent	cbf4544887c7f496f2b2312727fe7bcb64a6d6c8 (diff)
parent	9b6e91086b29554fd04362f6c87ea148718e8b1c (diff)
download	volse-hubzilla-355c42cb309eb1313097411067ca999b699aa620.tar.gz volse-hubzilla-355c42cb309eb1313097411067ca999b699aa620.tar.bz2 volse-hubzilla-355c42cb309eb1313097411067ca999b699aa620.zip