diff options
| author | Christian Vogeley <christian.vogeley@hotmail.de> | 2013-08-03 00:14:59 +0200 |
|---|---|---|
| committer | Christian Vogeley <christian.vogeley@hotmail.de> | 2013-08-03 00:14:59 +0200 |
| commit | 9294f72adb3c076932558b6f29a4c570e7962764 (patch) | |
| tree | c0a7d4f5b56e922c2a572f4f0a414a405f92cd82 /include | |
| parent | c0cd147a3a9a86b270ea32026089ced16fb2f50c (diff) | |
| download | volse-hubzilla-9294f72adb3c076932558b6f29a4c570e7962764.tar.gz volse-hubzilla-9294f72adb3c076932558b6f29a4c570e7962764.tar.bz2 volse-hubzilla-9294f72adb3c076932558b6f29a4c570e7962764.zip | |
Revert "merge"
This reverts commit c0cd147a3a9a86b270ea32026089ced16fb2f50c, reversing
changes made to d2d1e54bfe928fe4cdfdcfc7e9acf658cda76898.
Diffstat (limited to 'include')
| -rw-r--r-- | include/ItemObject.php | 2 | ||||
| -rw-r--r-- | include/attach.php | 4 | ||||
| -rw-r--r-- | include/config.php | 36 | ||||
| -rw-r--r-- | include/conversation.php | 2 | ||||
| -rw-r--r-- | include/enotify.php | 17 | ||||
| -rwxr-xr-x | include/items.php | 185 | ||||
| -rw-r--r-- | include/message.php | 94 | ||||
| -rw-r--r-- | include/notifier.php | 5 | ||||
| -rw-r--r-- | include/photo/photo_imagick.php | 4 | ||||
| -rw-r--r-- | include/security.php | 82 | ||||
| -rwxr-xr-x | include/text.php | 18 | ||||
| -rw-r--r-- | include/zot.php | 25 |
12 files changed, 179 insertions, 295 deletions
diff --git a/include/ItemObject.php b/include/ItemObject.php index 8c8c0ee2a..b31e60cbc 100644 --- a/include/ItemObject.php +++ b/include/ItemObject.php @@ -262,7 +262,7 @@ class Item extends BaseObject { } } - $result['private'] = $item['item_private']; + $result['private'] = $item['private']; $result['toplevel'] = ($this->is_toplevel() ? 'toplevel_item' : ''); if($this->is_threaded()) { diff --git a/include/attach.php b/include/attach.php index 46d406f4b..38a011bcb 100644 --- a/include/attach.php +++ b/include/attach.php @@ -193,13 +193,13 @@ function attach_by_hash($hash,$rev = 0) { $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the attachment -dbg(1); + $r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1", dbesc($hash), intval($r[0]['uid']) ); -dbg(0); + if(! $r) { $ret['message'] = t('Permission denied.'); return $ret; diff --git a/include/config.php b/include/config.php index 38840f5e4..1f7a4dbd7 100644 --- a/include/config.php +++ b/include/config.php @@ -130,12 +130,20 @@ function load_pconfig($uid,$family = '') { if(! array_key_exists($uid,$a->config)) $a->config[$uid] = array(); + if(($family) && (! array_key_exists($family,$a->config[$uid]))) + $a->config[$uid][$family] = array(); - // family is no longer used - load entire user config - - $r = q("SELECT * FROM `pconfig` WHERE `uid` = %d", - intval($uid) - ); + if($family) { + $r = q("SELECT * FROM `pconfig` WHERE `cat` = '%s' AND `uid` = %d", + dbesc($family), + intval($uid) + ); + } + else { + $r = q("SELECT * FROM `pconfig` WHERE `uid` = %d", + intval($uid) + ); + } if($r) { foreach($r as $rr) { @@ -258,12 +266,20 @@ function load_xconfig($xchan,$family = '') { if(! array_key_exists($xchan,$a->config)) $a->config[$xchan] = array(); + if(($family) && (! array_key_exists($family,$a->config[$xchan]))) + $a->config[$xchan][$family] = array(); - // family is no longer used. Entire config is loaded - - $r = q("SELECT * FROM `xconfig` WHERE `xchan` = '%s'", - dbesc($xchan) - ); + if($family) { + $r = q("SELECT * FROM `xconfig` WHERE `cat` = '%s' AND `xchan` = '%s'", + dbesc($family), + dbesc($xchan) + ); + } + else { + $r = q("SELECT * FROM `xconfig` WHERE `xchan` = '%s'", + dbesc($xchan) + ); + } if($r) { foreach($r as $rr) { diff --git a/include/conversation.php b/include/conversation.php index 61b563a5d..1023c068d 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1128,8 +1128,6 @@ function conv_sort($arr,$order) { usort($parents,'sort_thr_created'); elseif(stristr($order,'commented')) usort($parents,'sort_thr_commented'); - elseif(stristr($order,'ascending')) - usort($parents,'sort_thr_created_rev'); if(count($parents)) foreach($parents as $i=>$_x) diff --git a/include/enotify.php b/include/enotify.php index fc8eb6439..3b7a643ed 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -33,7 +33,7 @@ function notification($params) { push_lang($recip['account_language']); // should probably have a channel language - $banner = t('Red Matrix Notification'); + $banner = t('Red Notification'); $product = RED_PLATFORM; $siteurl = $a->get_baseurl(true); $thanks = t('Thank You,'); @@ -89,7 +89,7 @@ function notification($params) { intval($recip['channel_id']) ); if($p) { - logger('notification: comment already notified'); + logger('notification comment already notified'); pop_lang(); return; } @@ -168,19 +168,6 @@ function notification($params) { } if($params['type'] == NOTIFY_TAGSELF) { - - $p = null; - $p = q("select id from notify where link = '%s' and uid = %d limit 1", - dbesc($params['link']), - intval($recip['channel_id']) - ); - if($p) { - logger('enotify: tag: already notified about this post'); - pop_lang(); - return; - } - - $subject = sprintf( t('[Red:Notify] %s tagged you') , $sender['xchan_name']); $preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename); $epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') , diff --git a/include/items.php b/include/items.php index bacb68909..863fa419b 100755 --- a/include/items.php +++ b/include/items.php @@ -491,6 +491,7 @@ function title_is_body($title, $body) { function get_item_elements($x) { $arr = array(); + $arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : ''); $arr['created'] = datetime_convert('UTC','UTC',$x['created']); @@ -505,11 +506,6 @@ function get_item_elements($x) { $arr['edited'] = datetime_convert(); $arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : ''); - - if(mb_strlen($arr['title']) > 255) - $arr['title'] = mb_substr($arr['title'],0,255); - - $arr['app'] = (($x['app']) ? htmlentities($x['app'], ENT_COMPAT,'UTF-8',false) : ''); $arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : ''); $arr['parent_mid'] = (($x['message_top']) ? htmlentities($x['message_top'], ENT_COMPAT,'UTF-8',false) : ''); @@ -532,21 +528,6 @@ function get_item_elements($x) { $arr['item_private'] = ((array_key_exists('flags',$x) && is_array($x['flags']) && in_array('private',$x['flags'])) ? 1 : 0); - $arr['item_flags'] = 0; - - // if it's a private post, encrypt it in the DB. - // We have to do that here because we need to cleanse the input and prevent bad stuff from getting in, - // and we need plaintext to do that. - - if(intval($arr['item_private'])) { - $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; - $key = get_config('system','pubkey'); - if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); - if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); - } - if(array_key_exists('flags',$x) && in_array('deleted',$x['flags'])) $arr['item_restrict'] = ITEM_DELETED; @@ -618,14 +599,6 @@ function encode_item($item) { $scope = map_scope($public_scope); $c_scope = map_scope($comment_scope); - if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) { - $key = get_config('system','prvkey'); - if($item['title']) - $item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key); - if($item['body']) - $item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key); - } - if($item['item_restrict'] & ITEM_DELETED) { $x['message_id'] = $item['mid']; $x['created'] = $item['created']; @@ -818,13 +791,7 @@ function encode_mail($item) { $x = array(); $x['type'] = 'mail'; - if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { - $key = get_config('system','prvkey'); - if($item['title']) - $item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key); - if($item['body']) - $item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key); - } + logger('encode_mail: ' . print_r($item,true)); $x['message_id'] = $item['mid']; $x['message_parent'] = $item['parent_mid']; @@ -836,6 +803,9 @@ function encode_mail($item) { $x['flags'] = array(); + if($item['mail_flags'] & MAIL_OBSCURED) + $x['flags'][] = 'obscured'; + if($item['mail_flags'] & MAIL_RECALLED) { $x['flags'][] = 'recalled'; $x['title'] = ''; @@ -862,16 +832,18 @@ function get_mail_elements($x) { if(in_array('recalled',$x['flags'])) { $arr['mail_flags'] |= MAIL_RECALLED; } + if(in_array('obscured',$x['flags'])) { + + $arr['mail_flags'] |= MAIL_OBSCURED; + $arr['body'] = base64url_decode($arr['body']); + $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false); + $arr['body'] = base64url_encode($arr['body']); + $arr['title'] = base64url_decode($arr['title']); + $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false); + $arr['title'] = base64url_encode($arr['title']); + } } - $key = get_config('system','pubkey'); - $arr['mail_flags'] |= MAIL_OBSCURED; - $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false); - if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); - $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false); - if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); @@ -1356,56 +1328,24 @@ function item_store($arr,$force_parent = false) { if(array_key_exists('parent',$arr)) unset($arr['parent']); - $arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode'); - $arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : ''); - $arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : ''); - - $arr['allow_cid'] = ((x($arr,'allow_cid')) ? trim($arr['allow_cid']) : ''); - $arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : ''); - $arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : ''); - $arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : ''); - $arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : 0 ); - $arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 ); - - // this is a bit messy - we really need an input filter chain that temporarily undoes obscuring - - if($arr['mimetype'] != 'text/html') { - if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) - $arr['body'] = escape_tags($arr['body']); - if((strpos($arr['title'],'<') !== false) || (strpos($arr['title'],'>') !== false)) - $arr['title'] = escape_tags($arr['title']); - } - - // only detect language if we have text content, and if the post is private but not yet - // obscured, make it so. - - if(! ($arr['item_flags'] & ITEM_OBSCURED)) { - $arr['lang'] = detect_language($arr['body']); + $arr['lang'] = detect_language($arr['body']); - $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); + $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); - if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { - $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); - call_hooks('item_translate', $translate); - if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { - logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); - return; - } - $arr = $translate['item']; - } - if($arr['item_private']) { - $key = get_config('system','pubkey'); - $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; - if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); - if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { + $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); + call_hooks('item_translate', $translate); + if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { + logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); + return; } - + $arr = $translate['item']; } + // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin. - + if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) + $arr['body'] = escape_tags($arr['body']); if((x($arr,'object')) && is_array($arr['object'])) { activity_sanitise($arr['object']); @@ -1432,6 +1372,8 @@ function item_store($arr,$force_parent = false) { $arr['commented'] = datetime_convert(); $arr['received'] = datetime_convert(); $arr['changed'] = datetime_convert(); + $arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode'); + $arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : ''); $arr['location'] = ((x($arr,'location')) ? notags(trim($arr['location'])) : ''); $arr['coord'] = ((x($arr,'coord')) ? notags(trim($arr['coord'])) : ''); $arr['parent_mid'] = ((x($arr,'parent_mid')) ? notags(trim($arr['parent_mid'])) : ''); @@ -1442,12 +1384,19 @@ function item_store($arr,$force_parent = false) { $arr['tgt_type'] = ((x($arr,'tgt_type')) ? notags(trim($arr['tgt_type'])) : ''); $arr['target'] = ((x($arr,'target')) ? trim($arr['target']) : ''); $arr['plink'] = ((x($arr,'plink')) ? notags(trim($arr['plink'])) : ''); + $arr['allow_cid'] = ((x($arr,'allow_cid')) ? trim($arr['allow_cid']) : ''); + $arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : ''); + $arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : ''); + $arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : ''); + $arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : 0 ); + $arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : ''); $arr['attach'] = ((x($arr,'attach')) ? notags(trim($arr['attach'])) : ''); $arr['app'] = ((x($arr,'app')) ? notags(trim($arr['app'])) : ''); $arr['item_restrict'] = ((x($arr,'item_restrict')) ? intval($arr['item_restrict']) : 0 ); $arr['comment_policy'] = ((x($arr,'comment_policy')) ? notags(trim($arr['comment_policy'])) : 'contacts' ); + $arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 ); $arr['item_flags'] = $arr['item_flags'] | ITEM_UNSEEN; @@ -1604,7 +1553,7 @@ function item_store($arr,$force_parent = false) { if(strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid)) $private = 1; else - $private = $arr['item_private']; + $private = $arr['private']; // Set parent id - and also make sure to inherit the parent's ACL's. @@ -1625,7 +1574,7 @@ function item_store($arr,$force_parent = false) { $arr['allow_gid'] = $allow_gid; $arr['deny_cid'] = $deny_cid; $arr['deny_gid'] = $deny_gid; - $arr['item_private'] = $private; + $arr['private'] = $private; // Store taxonomy @@ -2101,17 +2050,10 @@ function tgroup_check($uid,$item) { $mention = false; // check that the message originated elsewhere and is a top-level post - // or is a followup and we have already accepted the top level post - if($item['mid'] != $item['parent_mid']) { - $r = q("select id from item where mid = '%s' and uid = %d limit 1", - dbesc($item['parent_mid']), - intval($uid) - ); - if($r) - return true; + if($arr['mid'] != $arr['parent_mid']) return false; - } + if(! perm_is_allowed($uid,$item['author_xchan'],'tag_deliver')) return false; @@ -4770,52 +4712,39 @@ function zot_feed($uid,$observer_xchan,$mindate) { if(! $mindate) $mindate = '0000-00-00 00:00:00'; - $mindate = dbesc($mindate); - if(! perm_is_allowed($uid,$observer_xchan,'view_stream')) { return $result; } - $sql_extra = item_permissions_sql($uid); +// FIXME + $sql_extra = item_permissions_sql($uid,$remote_contact,$groups); - if($mindate != '0000-00-00 00:00:00') { + if($mindate != '0000-00-00 00:00:00') $sql_extra .= " and created > '$mindate' "; - $limit = ""; - } - else - $limit = " limit 0, 50 "; - $items = array(); - $r = q("SELECT item.*, item.id as item_id from item - WHERE uid = %d AND item_restrict = 0 and id = parent +// FIXME + // We probably should use two queries and pick up total conversations. + // For now get a chunk of raw posts in ascending created order so that + // hopefully the parent is imported before we see the kids. + // This will fail if there are more than $limit kids and you didn't + // receive the parent via direct delivery + + $limit = 200; + + $items = q("SELECT item.* from item + WHERE uid = %d AND item_restrict = 0 AND (item_flags & %d) - $sql_extra ORDER BY created ASC $limit", + $sql_extra ORDER BY created ASC limit 0, $limit", intval($uid), intval(ITEM_WALL) ); - if($r) { - - $parents_str = ids_to_querystr($r,'id'); - - $items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item` - WHERE `item`.`uid` = %d AND `item`.`item_restrict` = 0 - AND `item`.`parent` IN ( %s ) ", - intval($uid), - dbesc($parents_str) - ); - - } - if($items) { xchan_query($items); $items = fetch_post_tags($items); - require_once('include/conversation.php'); - $items = conv_sort($items,'ascending'); - - } - else + } else { $items = array(); + } foreach($items as $item) $result[] = encode_item($item); diff --git a/include/message.php b/include/message.php index d6294cdba..6c44a54f3 100644 --- a/include/message.php +++ b/include/message.php @@ -2,7 +2,6 @@ /* Private Message backend API */ -require_once('include/crypto.php'); // send a private message @@ -57,28 +56,6 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $replyto = $mid; } - /** - * - * When a photo was uploaded into the message using the (profile wall) ajax - * uploader, The permissions are initially set to disallow anybody but the - * owner from seeing it. This is because the permissions may not yet have been - * set for the post. If it's private, the photo permissions should be set - * appropriately. But we didn't know the final permissions on the post until - * now. So now we'll look for links of uploaded messages that are in the - * post and set them to the same permissions as the post itself. - * - */ - - $match = null; - $images = null; - if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) - $images = $match[1]; - - $key = get_config('system','pubkey'); - if($subject) - $subject = json_encode(aes_encapsulate($subject,$key)); - if($body) - $body = json_encode(aes_encapsulate($body,$key)); $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", @@ -87,8 +64,8 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' intval($channel['channel_id']), dbesc($channel['channel_hash']), dbesc($recipient), - dbesc($subject), - dbesc($body), + dbesc(base64url_encode($subject)), + dbesc(base64url_encode($body)), dbesc($mid), dbesc($replyto), dbesc(datetime_convert()) @@ -107,18 +84,35 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' return $ret; } - if(count($images)) { - foreach($images as $image) { - if(! stristr($image,$a->get_baseurl() . '/photo/')) - continue; - $image_uri = substr($image,strrpos($image,'/') + 1); - $image_uri = substr($image_uri,0, strpos($image_uri,'-')); - $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'", - dbesc('<' . $recipient . '>'), - dbesc($image_uri), - intval($channel['channel_id']), - dbesc('<' . $channel['channel_hash'] . '>') - ); + /** + * + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded messages that are in the + * post and set them to the same permissions as the post itself. + * + */ + + $match = null; + + if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) { + $images = $match[1]; + if(count($images)) { + foreach($images as $image) { + if(! stristr($image,$a->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'", + dbesc('<' . $recipient . '>'), + dbesc($image_uri), + intval($channel['channel_id']), + dbesc('<' . $channel['channel_hash'] . '>') + ); + } } } @@ -177,14 +171,11 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c); $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); if($r[$k]['mail_flags'] & MAIL_OBSCURED) { - logger('unencrypting'); - $key = get_config('system','prvkey'); - - if($r[$k]['title']) - $r[$k]['title'] = aes_unencapsulate(json_decode($r[$k]['title'],true),$key); - if($r[$k]['body']) - $r[$k]['body'] = aes_unencapsulate(json_decode($r[$k]['body'],true),$key); + $r[$k]['title'] = base64url_decode($r[$k]['title']); + $r[$k]['body'] = base64url_decode($r[$k]['body']); } + + } return $r; @@ -218,11 +209,8 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { - $key = get_config('system','prvkey'); - if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key); - if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key); + $messages[$k]['title'] = base64url_decode($messages[$k]['title']); + $messages[$k]['body'] = base64url_decode($messages[$k]['body']); } } @@ -306,12 +294,10 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { - $key = get_config('system','prvkey'); - if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key); - if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key); + $messages[$k]['title'] = base64url_decode($messages[$k]['title']); + $messages[$k]['body'] = base64url_decode($messages[$k]['body']); } + } diff --git a/include/notifier.php b/include/notifier.php index dea9d6072..9a8866223 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -328,10 +328,7 @@ function notifier_run($argv, $argc){ // Generic delivery section, we have an encoded item and recipients // Now start the delivery process - $x = $encoded_item; - $x['title'] = 'private'; - $x['body'] = 'private'; - logger('notifier: encoded item: ' . print_r($x,true), LOGGER_DATA); + logger('notifier: encoded item: ' . print_r($encoded_item,true)); stringify_array_elms($recipients); if(! $recipients) diff --git a/include/photo/photo_imagick.php b/include/photo/photo_imagick.php index 3f84fd06c..2737c8f69 100644 --- a/include/photo/photo_imagick.php +++ b/include/photo/photo_imagick.php @@ -153,14 +153,14 @@ class photo_imagick extends photo_driver { do { $this->image->cropImage($w, $h, $x, $y); /** - * We need to remove the canvas, + * We need to remove the canva, * or the image is not resized to the crop: * http://php.net/manual/en/imagick.cropimage.php#97232 */ $this->image->setImagePage(0, 0, 0, 0); } while ($this->image->nextImage()); - $this->doScaleImage($max,$max); + $this->doScaleImage($max); } public function imageString() { diff --git a/include/security.php b/include/security.php index ef4d5a313..29a0fc0bc 100644 --- a/include/security.php +++ b/include/security.php @@ -205,29 +205,26 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { else { - $observer = get_observer_hash(); - if($observer) { - $groups = init_groups_visitor($observer); - - $gs = '<<>>'; // should be impossible to match - - if(is_array($groups) && count($groups)) { - foreach($groups as $g) - $gs .= '|<' . $g . '>'; - } - $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) - ) - ", - dbesc(protect_sprintf( '%<' . $observer . '>%')), - dbesc($gs), - dbesc(protect_sprintf( '%<' . $observer . '>%')), - dbesc($gs) - ); - } + $observer = get_app()->get_observer(); + $groups = init_groups_visitor($remote_user); + + $gs = '<<>>'; // should be impossible to match + + if(is_array($groups) && count($groups)) { + foreach($groups as $g) + $gs .= '|<' . $g . '>'; + } + $sql = sprintf( + " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') + AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + ) + ", + dbesc(protect_sprintf( '%<' . $remote_user . '>%')), + dbesc($gs), + dbesc(protect_sprintf( '%<' . $remote_user . '>%')), + dbesc($gs) + ); } - return $sql; } @@ -263,28 +260,25 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) else { - $observer = get_observer_hash(); - - if($observer) { - $groups = init_groups_visitor($observer); - - $gs = '<<>>'; // should be impossible to match - - if(is_array($groups) && count($groups)) { - foreach($groups as $g) - $gs .= '|<' . $g . '>'; - } - $sql = sprintf( - " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') - AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) - ) - ", - dbesc(protect_sprintf( '%<' . $observer . '>%')), - dbesc($gs), - dbesc(protect_sprintf( '%<' . $observer . '>%')), - dbesc($gs) - ); - } + $observer = get_app()->get_observer(); + $groups = init_groups_visitor($remote_user); + + $gs = '<<>>'; // should be impossible to match + + if(is_array($groups) && count($groups)) { + foreach($groups as $g) + $gs .= '|<' . $g . '>'; + } + $sql = sprintf( + " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s') + AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) + ) + ", + dbesc(protect_sprintf( '%<' . $remote_user . '>%')), + dbesc($gs), + dbesc(protect_sprintf( '%<' . $remote_user . '>%')), + dbesc($gs) + ); } return $sql; } diff --git a/include/text.php b/include/text.php index 814c564a3..2d29dff31 100755 --- a/include/text.php +++ b/include/text.php @@ -887,7 +887,7 @@ function smilies($s, $sample = false) { '<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />', '<img class="smiley" src="' . $a->get_baseurl() . '/images/like.gif" alt=":like" />', '<img class="smiley" src="' . $a->get_baseurl() . '/images/dislike.gif" alt=":dislike" />', - '<a href="http://getzot.com"><img class="smiley" src="' . $a->get_baseurl() . '/images/rhash-16.png" alt="red#" /> the Red Matrix</a>', + '<img class="smiley" src="' . $a->get_baseurl() . '/images/rhash-16.png" alt="red#" /></a>', '<a href="http://friendica.com">~friendica <img class="smiley" src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>' ); @@ -977,22 +977,11 @@ function link_compare($a,$b) { -function prepare_body(&$item,$attach = false) { +function prepare_body($item,$attach = false) { $a = get_app(); - - - call_hooks('prepare_body_init', $item); - if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) { - $key = get_config('system','prvkey'); - if($item['title']) - $item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key); - if($item['body']) - $item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key); - } - $s = prepare_text($item['body'],$item['mimetype']); $prep_arr = array('item' => $item, 'html' => $s); @@ -1003,7 +992,6 @@ function prepare_body(&$item,$attach = false) { return $s; } - $arr = json_decode($item['attach'],true); if(count($arr)) { $s .= '<div class="body-attach">'; @@ -1258,7 +1246,7 @@ function feed_salmonlinks($nick) { function get_plink($item) { $a = get_app(); - if (x($item,'plink') && ($item['item_private'] != 1)) { + if (x($item,'plink') && ($item['private'] != 1)) { return array( 'href' => $item['plink'], 'title' => t('link to source'), diff --git a/include/zot.php b/include/zot.php index 437ec0c86..7369de80a 100644 --- a/include/zot.php +++ b/include/zot.php @@ -770,6 +770,8 @@ function zot_fetch($arr) { function zot_import($arr) { +// logger('zot_import: ' . print_r($arr,true), LOGGER_DATA); + $data = json_decode($arr['body'],true); if(! $data) { @@ -781,6 +783,8 @@ function zot_import($arr) { $data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true); } + logger('zot_import: data' . print_r($data,true), LOGGER_DATA); + $incoming = $data['pickup']; $return = array(); @@ -833,12 +837,10 @@ function zot_import($arr) { if($i['message']) { if($i['message']['type'] === 'activity') { $arr = get_item_elements($i['message']); - if(! array_key_exists('created',$arr)) { logger('Activity rejected: probable failure to lookup author/owner. ' . print_r($i['message'],true)); continue; } - logger('Activity received: ' . print_r($arr,true), LOGGER_DATA); logger('Activity recipients: ' . print_r($deliveries,true), LOGGER_DATA); @@ -1020,18 +1022,6 @@ function process_delivery($sender,$arr,$deliveries,$relay) { $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); - // This is our own post, possibly coming from a channel clone - - if($arr['owner_xchan'] == $d['hash']) { - $arr['item_flags'] = $arr['item_flags'] | ITEM_WALL; - } - else { - // clear the wall flag if it is set - if($arr['item_flags'] & ITEM_WALL) { - $arr['item_flags'] = ($arr['item_flags'] ^ ITEM_WALL); - } - } - if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery)) { logger("permission denied for delivery {$channel['channel_id']}"); $result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>'); @@ -1575,7 +1565,7 @@ function build_sync_packet($uid = 0, $packet = null) { // don't pass these elements, they should not be synchronised - $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address'); + $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey'); if(in_array($k,$disallowed)) continue; @@ -1615,8 +1605,7 @@ function build_sync_packet($uid = 0, $packet = null) { function process_channel_sync_delivery($sender,$arr,$deliveries) { -// FIXME - this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. -// TODO: missing group membership changes +// FIXME - this will sync red structures. Eventually we need to make this application agnostic. $result = array(); @@ -1646,7 +1635,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) { } if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) { - $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey', 'channel_address'); + $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey'); $clean = array(); foreach($arr['channel'] as $k => $v) { |