diff options
author | Mario <mario@mariovavti.com> | 2021-03-08 09:31:23 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2021-03-08 09:31:23 +0000 |
commit | 951e9c8c4f39dd8577834d5bc501c05d80722de9 (patch) | |
tree | 6a42c6a229c7b2b3e13bc5af77a733d054242695 /include/items.php | |
parent | f94b046333c57acde493ee5dc2511acc6baca701 (diff) | |
parent | 89415e17313578eb115c441480b6e0ddfa90afef (diff) | |
download | volse-hubzilla-5.4.tar.gz volse-hubzilla-5.4.tar.bz2 volse-hubzilla-5.4.zip |
Merge branch '5.4RC'5.4
Diffstat (limited to 'include/items.php')
-rw-r--r--[-rwxr-xr-x] | include/items.php | 229 |
1 files changed, 144 insertions, 85 deletions
diff --git a/include/items.php b/include/items.php index 322e44471..88f100e60 100755..100644 --- a/include/items.php +++ b/include/items.php @@ -4,6 +4,7 @@ * @brief Items related functions. */ +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Enotify; use Zotlabs\Lib\MarkdownSoap; use Zotlabs\Lib\MessageFilter; @@ -11,6 +12,7 @@ use Zotlabs\Lib\ThreadListener; use Zotlabs\Lib\IConfig; use Zotlabs\Lib\Activity; use Zotlabs\Lib\Libsync; +use Zotlabs\Lib\Libzot; use Zotlabs\Access\PermissionLimits; use Zotlabs\Access\PermissionRoles; use Zotlabs\Access\AccessList; @@ -790,8 +792,8 @@ function get_item_elements($x,$allow_code = false) { dbesc($arr['author_xchan']) ); if($r) { - if($r[0]['xchan_pubkey'] && $r[0]['xchan_network'] === 'zot') { - if(rsa_verify($x['body'],base64url_decode($arr['sig']),$r[0]['xchan_pubkey'])) { + if($r[0]['xchan_pubkey'] && $r[0]['xchan_network'] === 'zot6') { + if(Libzot::verify($x['body'], $arr['sig'], $r[0]['xchan_pubkey'])) { $arr['item_verified'] = 1; } else { @@ -1087,7 +1089,7 @@ function empty_acl($item) { return (($item['allow_cid'] === EMPTY_STR && $item['allow_gid'] === EMPTY_STR && $item['deny_cid'] === EMPTY_STR && $item['deny_gid'] === EMPTY_STR) ? true : false); } -function encode_item($item,$mirror = false) { +function encode_item($item,$mirror = false,$zap_compat = false) { $x = []; $x['type'] = 'activity'; $x['encoding'] = 'zot'; @@ -1165,9 +1167,9 @@ function encode_item($item,$mirror = false) { $x['summary'] = $item['summary']; $x['body'] = $item['body']; $x['app'] = $item['app']; - $x['verb'] = $item['verb']; - $x['object_type'] = $item['obj_type']; - $x['target_type'] = $item['tgt_type']; + $x['verb'] = (($zap_compat) ? Activity::activity_mapper($item['verb']) : $item['verb']); + $x['object_type'] = (($zap_compat && $item['obj_type']) ? Activity::activity_obj_mapper($item['obj_type']) : $item['obj_type']); + $x['target_type'] = (($zap_compat && $item['tgt_type']) ? Activity::activity_obj_mapper($item['tgt_type']) : $item['tgt_type']); $x['permalink'] = $item['plink']; $x['location'] = $item['location']; $x['longlat'] = $item['coord']; @@ -1176,10 +1178,19 @@ function encode_item($item,$mirror = false) { $x['owner'] = encode_item_xchan($item['owner']); $x['author'] = encode_item_xchan($item['author']); - if($item['obj']) - $x['object'] = json_decode($item['obj'],true); + if ($zap_compat) { + $x['object'] = Activity::encode_item_object($item,'obj'); + } + else { + if ($item['obj']) { + $x['object'] = json_decode($item['obj'],true); + } + } + if($item['target']) - $x['target'] = json_decode($item['target'],true); + $x['target'] = (($zap_compat) + ? Activity::encode_item_object($item,'target') + : json_decode($item['target'],true)) ; if($item['attach']) $x['attach'] = json_decode($item['attach'],true); if($y = encode_item_flags($item)) @@ -1198,9 +1209,16 @@ function encode_item($item,$mirror = false) { if($item['term']) $x['tags'] = encode_item_terms($item['term'],$mirror); - if($item['iconfig']) + if($item['iconfig']) { + if ($zap_compat) { + for ($y = 0; $y < count($item['iconfig']); $y ++) { + if (preg_match('|^a:[0-9]+:{.*}$|s', $item['iconfig'][$y]['v'])) { + $item['iconfig'][$y]['v'] = serialise(unserialize($item['iconfig'][$y]['v'])); + } + } + } $x['meta'] = encode_item_meta($item['iconfig'],$mirror); - + } logger('encode_item: ' . print_r($x,true), LOGGER_DATA); @@ -1398,6 +1416,30 @@ function decode_tags($t) { return ''; } + +function purify_imported_object($obj) { + $ret = null; + if (is_array($obj)) { + foreach ( $obj as $k => $v ) { + if (is_array($v)) { + $ret[$k] = purify_imported_object($v); + } + elseif (is_string($v)) { + $ret[$k] = purify_html($v); + } + } + } + elseif (is_string($obj)) { + $ret = purify_html($obj); + } + + return $ret; +} + + + + + /** * @brief Santise a potentially complex array. * @@ -1409,6 +1451,10 @@ function activity_sanitise($arr) { if(is_array($arr)) { $ret = array(); foreach($arr as $k => $x) { + if (in_array($k, [ 'content', 'summary', 'contentMap', 'summaryMap' ])) { + $ret[$k] = purify_imported_object($arr[$k]); + continue; + } if(is_array($x)) $ret[$k] = activity_sanitise($x); else @@ -1651,7 +1697,7 @@ function item_sign(&$item) { if(! $r) return; - $item['sig'] = base64url_encode(rsa_sign($item['body'], $r[0]['channel_prvkey'])); + $item['sig'] = base64url_encode(Crypto::sign($item['body'], $r[0]['channel_prvkey'])); $item['item_verified'] = 1; } @@ -2390,9 +2436,14 @@ function item_store_update($arr, $allow_exec = false, $deliver = true) { logger('item_store_update: ' . print_r($arr,true), LOGGER_DATA); - $str = ''; - foreach($arr as $k => $v) { - if($str) + $columns = db_columns('item'); + $str = ''; + foreach ($arr as $k => $v) { + if (!in_array($k, $columns)) { + continue; + } + + if ($str) $str .= ","; $str .= " " . TQUOT . $k . TQUOT . " = '" . $v . "' "; } @@ -2694,10 +2745,13 @@ function tag_deliver($uid, $item_id) { return; } + /* this should not be required anymore due to the check above if (strpos($item['body'],'[/share]')) { logger('W2W post already shared'); return; } + */ + // group delivery via W2W logger('rewriting W2W post for ' . $u[0]['channel_address']); start_delivery_chain($u[0], $item, $item_id, 0, true, (($item['edited'] != $item['created']) || $item['item_deleted'])); @@ -2970,7 +3024,7 @@ function item_community_tag($channel,$item) { $pitem = $items[0]; $auth = get_iconfig($item,'system','communitytagauth'); if($auth) { - if(rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['owner']['xchan_pubkey']) || rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['author']['xchan_pubkey'])) { + if(Crypto::verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['owner']['xchan_pubkey']) || Crypto::verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['author']['xchan_pubkey'])) { logger('tag_deliver: tagging the post: ' . $channel['channel_name']); $tag_the_post = true; } @@ -2979,7 +3033,7 @@ function item_community_tag($channel,$item) { if(($pitem['owner_xchan'] === $channel['channel_hash']) && (! intval(get_pconfig($channel['channel_id'],'system','blocktags')))) { logger('tag_deliver: community tag recipient: ' . $channel['channel_name']); $tag_the_post = true; - $sig = rsa_sign('tagauth.' . $item['mid'],$channel['channel_prvkey']); + $sig = Crypto::sign('tagauth.' . $item['mid'],$channel['channel_prvkey']); logger('tag_deliver: setting iconfig for ' . $item['id']); set_iconfig($item['id'],'system','communitytagauth',base64url_encode($sig),1); } @@ -3267,24 +3321,19 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false $arr['item_wall'] = 1; $arr['item_thread_top'] = 1; - if (strpos($item['body'], "[/share]") !== false) { - $pos = strpos($item['body'], "[share"); - $bb = substr($item['body'], $pos); - } else { - $bb = "[share author='" . urlencode($item['author']['xchan_name']). - "' profile='" . $item['author']['xchan_url'] . - "' portable_id='" . $item['author']['xchan_hash'] . - "' avatar='" . $item['author']['xchan_photo_s'] . - "' link='" . $item['plink'] . - "' auth='" . ((in_array($item['author']['xchan_network'], ['zot6','zot'])) ? 'true' : 'false') . - "' posted='" . $item['created'] . - "' message_id='" . $item['mid'] . - "']"; - if($item['title']) - $bb .= '[h3][b]'.$item['title'].'[/b][/h3]'."\r\n"; - $bb .= $item['body']; - $bb .= "[/share]"; - } + $bb = "[share author='" . urlencode($item['author']['xchan_name']). + "' profile='" . $item['author']['xchan_url'] . + "' portable_id='" . $item['author']['xchan_hash'] . + "' avatar='" . $item['author']['xchan_photo_s'] . + "' link='" . $item['plink'] . + "' auth='" . ((in_array($item['author']['xchan_network'], ['zot6','zot'])) ? 'true' : 'false') . + "' posted='" . $item['created'] . + "' message_id='" . $item['mid'] . + "']"; + if($item['title']) + $bb .= '[h3][b]'.$item['title'].'[/b][/h3]'."\r\n"; + $bb .= $item['body']; + $bb .= "[/share]"; $arr['body'] = $bb; $arr['term'] = $item['term']; @@ -3969,10 +4018,10 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL) { ); if($items) { foreach($items as $i) - delete_item_lowlevel($i,$stage,$force); + delete_item_lowlevel($i, $stage); } else - delete_item_lowlevel($item,$stage,$force); + delete_item_lowlevel($item, $stage); if(! $interactive) return 1; @@ -4006,7 +4055,6 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL) { * * @param array $item * @param int $stage - * @param boolean $force * @return boolean */ function delete_item_lowlevel($item, $stage = DROPITEM_NORMAL) { @@ -4318,54 +4366,54 @@ function fetch_post_tags($items, $link = false) { */ function zot_feed($uid, $observer_hash, $arr) { - $result = array(); - $mindate = null; + $result = []; + $mindate = null; $message_id = null; - $wall = true; + $wall = true; require_once('include/security.php'); - if(array_key_exists('mindate',$arr)) { - $mindate = datetime_convert('UTC','UTC',$arr['mindate']); + if (array_key_exists('mindate', $arr)) { + $mindate = datetime_convert('UTC', 'UTC', $arr['mindate']); } - if(array_key_exists('message_id',$arr)) { + if (array_key_exists('message_id', $arr)) { $message_id = $arr['message_id']; } - if(array_key_exists('wall',$arr)) { + if (array_key_exists('wall', $arr)) { $wall = intval($arr['wall']); } - if(! $mindate) + if (!$mindate) $mindate = NULL_DATE; $mindate = dbesc($mindate); logger('zot_feed: requested for uid ' . $uid . ' from observer ' . $observer_hash, LOGGER_DEBUG); - if($message_id) - logger('message_id: ' . $message_id,LOGGER_DEBUG); + if ($message_id) + logger('message_id: ' . $message_id, LOGGER_DEBUG); - if(! perm_is_allowed($uid,$observer_hash,'view_stream')) { + if (!perm_is_allowed($uid, $observer_hash, 'view_stream')) { logger('zot_feed: permission denied.'); return $result; } - if(! is_sys_channel($uid)) - $sql_extra = item_permissions_sql($uid,$observer_hash); + if (!is_sys_channel($uid)) + $sql_extra = item_permissions_sql($uid, $observer_hash); $limit = " LIMIT 5000 "; - if($mindate > NULL_DATE) { + if ($mindate > NULL_DATE) { $sql_extra .= " and ( created > '$mindate' or changed > '$mindate' ) "; } - if($message_id) { + if ($message_id) { $sql_extra .= " and mid = '" . dbesc($message_id) . "' "; - $limit = ''; + $limit = ''; } - if($wall) { + if ($wall) { $sql_extra .= " and item_wall = 1 "; } @@ -4374,17 +4422,17 @@ function zot_feed($uid, $observer_hash, $arr) { $item_normal = item_normal(); - if(is_sys_channel($uid)) { + if (is_sys_channel($uid)) { - $nonsys_uids = q("SELECT channel_id FROM channel WHERE channel_system = 0"); - $nonsys_uids_str = ids_to_querystr($nonsys_uids,'channel_id'); + $nonsys_uids = q("SELECT channel_id FROM channel WHERE channel_system = 0"); + $nonsys_uids_str = ids_to_querystr($nonsys_uids, 'channel_id'); $r = q("SELECT parent, postopts FROM item WHERE uid IN ( %s ) AND item_private = 0 $item_normal $sql_extra ORDER BY created ASC $limit", - intval($nonsys_uids_str) + dbesc($nonsys_uids_str) ); } else { @@ -4398,19 +4446,19 @@ function zot_feed($uid, $observer_hash, $arr) { $parents = []; - if($r) { - foreach($r as $rv) { - if(array_key_exists($rv['parent'],$parents)) + if ($r) { + foreach ($r as $rv) { + if (array_key_exists($rv['parent'], $parents)) continue; - if(strpos($rv['postopts'],'nodeliver') !== false) + if (strpos($rv['postopts'], 'nodeliver') !== false) continue; $parents[$rv['parent']] = $rv; - if(count($parents) > 200) + if (count($parents) > 200) break; } - $parents_str = ids_to_querystr($parents,'parent'); - $sys_query = ((is_sys_channel($uid)) ? $sql_extra : ''); + $parents_str = ids_to_querystr($parents, 'parent'); + $sys_query = ((is_sys_channel($uid)) ? $sql_extra : ''); $item_normal = item_normal(); $items = q("SELECT item.*, item.id AS item_id FROM item @@ -4419,25 +4467,23 @@ function zot_feed($uid, $observer_hash, $arr) { ); } - if($items) { + if ($items) { xchan_query($items); $items = fetch_post_tags($items); require_once('include/conversation.php'); - $items = conv_sort($items,'ascending'); + $items = conv_sort($items, 'ascending'); } else - $items = array(); + $items = []; - logger('zot_feed: number items: ' . count($items),LOGGER_DEBUG); + logger('zot_feed: number items: ' . count($items), LOGGER_DEBUG); - foreach($items as $item) + foreach ($items as $item) $result[] = encode_item($item); return $result; } - - function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = CLIENT_MODE_NORMAL,$module = 'network') { $result = array('success' => false); @@ -4477,7 +4523,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE $item_uids and item_thread_top = 1 $sql_options $item_normal ) "; if($arr['since_id']) - $sql_extra .= " and item.id > " . $since_id . " "; + $sql_extra .= " and item.id > " . intval($arr['since_id']) . " "; if($arr['cat']) $sql_extra .= protect_sprintf(term_query('item', $arr['cat'], TERM_CATEGORY)); @@ -4562,9 +4608,11 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C // only setup pagination on initial page view $pager_sql = ''; } else { - $itemspage = (($channel) ? get_pconfig($uid,'system','itemspage') : 10); - App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); - $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start'])); + if(! $arr['total']) { + $itemspage = (($channel) ? get_pconfig($uid,'system','itemspage') : 10); + App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start'])); + } } if (isset($arr['start']) && isset($arr['records'])) @@ -4600,7 +4648,6 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C require_once('include/security.php'); $sql_extra .= item_permissions_sql($channel['channel_id'],$observer_hash); - if($arr['pages']) $item_restrict = " AND item_type = " . ITEM_TYPE_WEBPAGE . " "; else @@ -4613,11 +4660,23 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C // "New Item View" - show all items unthreaded in reverse created date order - $items = q("SELECT item.*, item.id AS item_id FROM item + if ($arr['total']) { + $items = dbq("SELECT count(item.id) AS total FROM item WHERE $item_uids $item_restrict $simple_update - $sql_extra $sql_nets $sql_extra3 - ORDER BY item.received DESC $pager_sql" + $sql_extra $sql_nets $sql_extra3" + ); + if ($items) { + return intval($items[0]['total']); + } + return 0; + } + + $items = dbq("SELECT item.*, item.id AS item_id FROM item + WHERE $item_uids $item_restrict + $simple_update + $sql_extra $sql_nets $sql_extra3 + ORDER BY item.received DESC $pager_sql" ); require_once('include/items.php'); @@ -4638,7 +4697,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C // Fetch a page full of parent items for this page - $r = q("SELECT distinct item.id AS item_id, item.$ordering FROM item + $r = dbq("SELECT distinct item.id AS item_id, item.$ordering FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE $item_uids $item_restrict AND item.parent = item.id @@ -4649,7 +4708,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } else { // update - $r = q("SELECT item.parent AS item_id FROM item + $r = dbq("SELECT item.parent AS item_id FROM item left join abook on item.author_xchan = abook.abook_xchan WHERE $item_uids $item_restrict $simple_update and (abook.abook_blocked = 0 or abook.abook_flags is null) @@ -4724,7 +4783,7 @@ function webpage_to_namespace($webpage) { function update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid) { - if(! $post_id) + if(! intval($post_id)) return; $page_type = webpage_to_namespace($webpage); @@ -4746,7 +4805,7 @@ function update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remo // as the entire mid. If it were the post_id the link would be less portable. IConfig::Set( - intval($post_id), + $post_id, 'system', $page_type, ($pagetitle) ? $pagetitle : substr($mid,0,16), |