diff options
| author | Michael <icarus@dabo.de> | 2012-04-11 18:47:21 +0200 |
|---|---|---|
| committer | Michael <icarus@dabo.de> | 2012-04-11 18:47:21 +0200 |
| commit | c3139fa0fd49b0b4de4568d46a6946c75ccb2a62 (patch) | |
| tree | a46d809d2e11fefba938717d38b1371572e4d815 /include/items.php | |
| parent | 81a8d4f9dbd32de133e647c87a5394dd52f009fe (diff) | |
| parent | fe257a20324fe68838e5829e19d18777045a41b4 (diff) | |
| download | volse-hubzilla-c3139fa0fd49b0b4de4568d46a6946c75ccb2a62.tar.gz volse-hubzilla-c3139fa0fd49b0b4de4568d46a6946c75ccb2a62.tar.bz2 volse-hubzilla-c3139fa0fd49b0b4de4568d46a6946c75ccb2a62.zip | |
Merge branch 'master' of github.com:annando/friendica
Diffstat (limited to 'include/items.php')
| -rw-r--r--[-rwxr-xr-x] | include/items.php | 173 |
1 files changed, 155 insertions, 18 deletions
diff --git a/include/items.php b/include/items.php index a1254e165..ee6960534 100755..100644 --- a/include/items.php +++ b/include/items.php @@ -7,14 +7,11 @@ require_once('include/crypto.php'); function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) { - // default permissions - anonymous user - - if(! strlen($owner_nick)) - killme(); + $sitefeed = ((strlen($owner_nick)) ? false : true); // not yet implemented, need to rewrite huge chunks of following logic $public_feed = (($dfrn_id) ? false : true); - $starred = false; - $converse = false; + $starred = false; // not yet implemented, possible security issues + $converse = false; if($public_feed && $a->argc > 2) { for($x = 2; $x < $a->argc; $x++) { @@ -25,10 +22,11 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) } } + // default permissions - anonymous user $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone` + $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick) @@ -156,7 +154,8 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '') + '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''), + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') )); call_hooks('atom_feed', $atom); @@ -417,7 +416,7 @@ function get_atom_elements($feed,$item) { // the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining // html. - if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) { + if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) { $res['body'] = reltoabs($res['body'],$base_url); @@ -430,14 +429,22 @@ function get_atom_elements($feed,$item) { // we shouldn't need a whitelist, because the bbcode converter // will strip out any unsupported tags. - // $config->set('HTML.Allowed', 'p,b,a[href],i'); $purifier = new HTMLPurifier($config); $res['body'] = $purifier->purify($res['body']); - $res['body'] = html2bbcode($res['body']); + $res['body'] = @html2bbcode($res['body']); + } + elseif(! $have_real_body) { + + // it's not one of our messages and it has no tags + // so it's probably just text. We'll escape it just to be safe. + + $res['body'] = escape_tags($res['body']); } + // this tag is obsolete but we keep it for really old sites + $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) $res['last-child'] = 1; @@ -682,7 +689,7 @@ function item_store($arr,$force_parent = false) { unset($arr['dsprsig']); } - if($arr['gravity']) + if(x($arr, 'gravity')) $arr['gravity'] = intval($arr['gravity']); elseif($arr['parent-uri'] === $arr['uri']) $arr['gravity'] = 0; @@ -742,6 +749,7 @@ function item_store($arr,$force_parent = false) { if($arr['parent-uri'] === $arr['uri']) { $parent_id = 0; + $parent_deleted = 0; $allow_cid = $arr['allow_cid']; $allow_gid = $arr['allow_gid']; $deny_cid = $arr['deny_cid']; @@ -800,6 +808,8 @@ function item_store($arr,$force_parent = false) { logger('item_store: item parent was not found - ignoring item'); return 0; } + + $parent_deleted = 0; } } @@ -1043,6 +1053,22 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { if(! $rino_enable) $rino = 0; + $ssl_val = intval(get_config('system','ssl_policy')); + $ssl_policy = ''; + + switch($ssl_val){ + case SSL_POLICY_FULL: + $ssl_policy = 'full'; + break; + case SSL_POLICY_SELFSIGN: + $ssl_policy = 'self'; + break; + case SSL_POLICY_NONE: + default: + $ssl_policy = 'none'; + break; + } + $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : ''); logger('dfrn_deliver: ' . $url); @@ -1072,11 +1098,23 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars = array(); $sent_dfrn_id = hex2bin((string) $res->dfrn_id); $challenge = hex2bin((string) $res->challenge); + $perm = (($res->perm) ? $res->perm : null); $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0); $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); + $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); $final_dfrn_id = ''; + if($perm) { + if((($perm == 'rw') && (! intval($contact['writable']))) + || (($perm == 'r') && (intval($contact['writable'])))) { + q("update contact set writable = %d where id = %d limit 1", + intval(($perm == 'rw') ? 1 : 0), + intval($contact['id']) + ); + $contact['writable'] = (string) 1 - intval($contact['writable']); + } + } if(($contact['duplex'] && strlen($contact['pubkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) @@ -1115,6 +1153,11 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars['perm'] = 'r'; } + $postvars['ssl_policy'] = $ssl_policy; + + if($page) + $postvars['page'] = '1'; + if($rino && $rino_allowed && (! $dissolve)) { $key = substr(random_string(),0,16); $data = bin2hex(aes_encrypt($postvars['data'],$key)); @@ -1379,6 +1422,19 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) } + $community_page = 0; + $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community'); + if($rawtags) { + $community_page = intval($rawtags[0]['data']); + } + if(is_array($contact) && intval($contact['forum']) != $community_page) { + q("update contact set forum = %d where id = %d limit 1", + intval($community_page), + intval($contact['id']) + ); + $contact['forum'] = (string) $community_page; + } + // process any deleted entries @@ -1398,7 +1454,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) } if($deleted && is_array($contact)) { $r = q("SELECT `item`.*, `contact`.`self` FROM `item` left join `contact` on `item`.`contact-id` = `contact`.`id` - WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d LIMIT 1", + WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1", dbesc($uri), intval($importer['uid']), intval($contact['id']) @@ -1543,9 +1599,10 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) if(count($r)) { if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { - $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), + dbesc($datarray['tag']), dbesc(datetime_convert('UTC','UTC',$datarray['edited'])), dbesc($item_id), intval($importer['uid']) @@ -1595,6 +1652,14 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) if((activity_match($datarray['verb'],ACTIVITY_LIKE)) || (activity_match($datarray['verb'],ACTIVITY_DISLIKE))) { $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; + // only one like or dislike per person + $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 limit 1", + intval($datarray['uid']), + intval($datarray['contact-id']), + dbesc($datarray['verb']) + ); + if($r && count($r)) + continue; } if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) { @@ -1680,9 +1745,10 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) if(count($r)) { if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { - $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), + dbesc($datarray['tag']), dbesc(datetime_convert('UTC','UTC',$datarray['edited'])), dbesc($item_id), intval($importer['uid']) @@ -1747,6 +1813,18 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['uid']; $datarray['contact-id'] = $contact['id']; + + if(! link_compare($datarray['owner-link'],$contact['url'])) { + // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery, + // but otherwise there's a possible data mixup on the sender's system. + // the tgroup delivery code called from item_store will correct it if it's a forum, + // but we're going to unconditionally correct it here so that the post will always be owned by our contact. + logger('consume_feed: Correcting item owner.', LOGGER_DEBUG); + $datarray['owner-name'] = $contact['name']; + $datarray['owner-link'] = $contact['url']; + $datarray['owner-avatar'] = $contact['thumb']; + } + $r = item_store($datarray); continue; @@ -1837,6 +1915,14 @@ function local_delivery($importer,$data) { ); if(count($r)) { $fid = $r[0]['id']; + + // OK, we do. Do we already have an introduction for this person ? + $r = q("select id from intro where uid = %d and fid = %d limit 1", + intval($fsugg['uid']), + intval($fid) + ); + if(count($r)) + return 0; } if(! $fid) $r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo`,`request` ) VALUES ( '%s', '%s', '%s', '%s' ) ", @@ -1857,6 +1943,7 @@ function local_delivery($importer,$data) { else return 0; + $hash = random_string(); $r = q("INSERT INTO `intro` ( `uid`, `fid`, `contact-id`, `note`, `hash`, `datetime`, `blocked` ) @@ -1942,6 +2029,19 @@ function local_delivery($importer,$data) { // NOTREACHED } + + $community_page = 0; + $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community'); + if($rawtags) { + $community_page = intval($rawtags[0]['data']); + } + if(intval($importer['forum']) != $community_page) { + q("update contact set forum = %d where id = %d limit 1", + intval($community_page), + intval($importer['id']) + ); + $importer['forum'] = (string) $community_page; + } logger('local_delivery: feed item count = ' . $feed->get_item_quantity()); @@ -1964,7 +2064,7 @@ function local_delivery($importer,$data) { if($deleted) { $r = q("SELECT `item`.*, `contact`.`self` FROM `item` left join contact on `item`.`contact-id` = `contact`.`id` - WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d LIMIT 1", + WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1", dbesc($uri), intval($importer['importer_uid']), intval($importer['id']) @@ -1981,6 +2081,7 @@ function local_delivery($importer,$data) { if(($item['verb'] === ACTIVITY_TAG) && ($item['object-type'] === ACTVITY_OBJ_TAGTERM)) { $xo = parse_xml_string($item['object'],false); $xt = parse_xml_string($item['target'],false); + if($xt->type === ACTIVITY_OBJ_NOTE) { $i = q("select * from `item` where uri = '%s' and uid = %d limit 1", dbesc($xt->id), @@ -2136,6 +2237,14 @@ function local_delivery($importer,$data) { $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; $datarray['last-child'] = 0; + // only one like or dislike per person + $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 limit 1", + intval($datarray['uid']), + intval($datarray['contact-id']), + dbesc($datarray['verb']) + ); + if($r && count($r)) + continue; } if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) { @@ -2251,9 +2360,10 @@ function local_delivery($importer,$data) { if(count($r)) { if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { - $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), + dbesc($datarray['tag']), dbesc(datetime_convert('UTC','UTC',$datarray['edited'])), dbesc($item_id), intval($importer['importer_uid']) @@ -2285,6 +2395,15 @@ function local_delivery($importer,$data) { if(($datarray['verb'] == ACTIVITY_LIKE) || ($datarray['verb'] == ACTIVITY_DISLIKE)) { $datarray['type'] = 'activity'; $datarray['gravity'] = GRAVITY_LIKE; + // only one like or dislike per person + $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 limit 1", + intval($datarray['uid']), + intval($datarray['contact-id']), + dbesc($datarray['verb']) + ); + if($r && count($r)) + continue; + } if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) { @@ -2407,9 +2526,10 @@ function local_delivery($importer,$data) { if(count($r)) { if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { - $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), + dbesc($datarray['tag']), dbesc(datetime_convert('UTC','UTC',$datarray['edited'])), dbesc($item_id), intval($importer['importer_uid']) @@ -2439,6 +2559,18 @@ function local_delivery($importer,$data) { $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['importer_uid']; $datarray['contact-id'] = $importer['id']; + + if(! link_compare($datarray['owner-link'],$contact['url'])) { + // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery, + // but otherwise there's a possible data mixup on the sender's system. + // the tgroup delivery code called from item_store will correct it if it's a forum, + // but we're going to unconditionally correct it here so that the post will always be owned by our contact. + logger('local_delivery: Correcting item owner.', LOGGER_DEBUG); + $datarray['owner-name'] = $importer['senderName']; + $datarray['owner-link'] = $importer['url']; + $datarray['owner-avatar'] = $importer['thumb']; + } + $r = item_store($datarray); continue; } @@ -2823,6 +2955,11 @@ function item_expire($uid,$days) { foreach($r as $item) { + // don't expire filed items + + if(strpos($item['file'],'[') !== false) + continue; + // Only expire posts, not photos and photo comments if($expire_photos==0 && strlen($item['resource-id'])) |