diff options
author | Jeroen <jeroenpraat@xs4all.nl> | 2014-10-10 13:37:09 +0000 |
---|---|---|
committer | Jeroen <jeroenpraat@xs4all.nl> | 2014-10-10 13:37:09 +0000 |
commit | 053e6061089ba89a53caf264ea4a055cec8be8ba (patch) | |
tree | 0323006e1fdf262026fd6198c51c69f05ce6d54b /include | |
parent | 1dda77596926fe08990c8a6f31412a38fbc602b5 (diff) | |
parent | f2335448f44e270222dad9147bd2b2c4bfec950b (diff) | |
download | volse-hubzilla-053e6061089ba89a53caf264ea4a055cec8be8ba.tar.gz volse-hubzilla-053e6061089ba89a53caf264ea4a055cec8be8ba.tar.bz2 volse-hubzilla-053e6061089ba89a53caf264ea4a055cec8be8ba.zip |
Merge branch 'master' of https://github.com/friendica/red
Diffstat (limited to 'include')
-rw-r--r-- | include/apps.php | 5 | ||||
-rw-r--r-- | include/bbcode.php | 4 | ||||
-rwxr-xr-x | include/items.php | 1 | ||||
-rw-r--r-- | include/zot.php | 54 |
4 files changed, 56 insertions, 8 deletions
diff --git a/include/apps.php b/include/apps.php index 91012b0ef..cd0c2984e 100644 --- a/include/apps.php +++ b/include/apps.php @@ -11,7 +11,10 @@ require_once('include/identity.php'); function get_system_apps() { $ret = array(); - $files = glob('app/*.apd'); + if(is_dir('apps')) + $files = glob('apps/*.apd'); + else + $files = glob('app/*.apd'); if($files) { foreach($files as $f) { $x = parse_app_description($f); diff --git a/include/bbcode.php b/include/bbcode.php index d7a5ac457..6b7217f91 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -162,7 +162,7 @@ function bb_parse_app($match) { function bb_parse_element($match) { $j = json_decode(base64url_decode($match[1]),true); if($j) { - $o = EOL . '<a href="' . z_root() . '" foo="baz" onclick="importElement(\'' . $match[1] . '\'); return false;" >' . t('Install design element: ') . $j['pagetitle'] . '</a>' . EOL; + $o = EOL . '<a href="#" onclick="importElement(\'' . $match[1] . '\'); return false;" >' . t('Install design element: ') . $j['pagetitle'] . '</a>' . EOL; } return $o; } @@ -823,7 +823,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { // fix any escaped ampersands that may have been converted into links $Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text); - $Text = preg_replace("/\<(.*?)(src|href)=\"[^hfm](.*?)\>/ism",'<$1$2="">',$Text); + $Text = preg_replace("/\<(.*?)(src|href)=\"[^hfm#](.*?)\>/ism",'<$1$2="">',$Text); call_hooks('bbcode',$Text); diff --git a/include/items.php b/include/items.php index a930a7c3e..e64e91dc3 100755 --- a/include/items.php +++ b/include/items.php @@ -2072,6 +2072,7 @@ function item_store($arr,$allow_exec = false) { return $ret; } + // is the new message multi-level threaded? // even though we don't support it now, preserve the info // and re-attach to the conversation parent. diff --git a/include/zot.php b/include/zot.php index 3d59f00f3..1706153dd 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1402,6 +1402,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments'); + // This is our own post, possibly coming from a channel clone if($arr['owner_xchan'] == $d['hash']) { @@ -1419,7 +1420,44 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); continue; } - + + if($arr['mid'] != $arr['parent_mid']) { + + // check source route. + // We are only going to accept comments from this sender if the comment has the same route as the top-level-post, + // this is so that permissions mismatches between senders apply to the entire conversation + // As a side effect we will also do a preliminary check that we have the top-level-post, otherwise + // processing it is pointless. + + $r = q("select route from item where mid = '%s' and uid = %d limit 1", + dbesc($arr['parent_mid']), + intval($channel['channel_id']) + ); + if(! $r) { + $result[] = array($d['hash'],'comment parent not found',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + continue; + } + if($relay) { + // reset the route in case it travelled a great distance upstream + // use our parent's route so when we go back downstream we'll match + // with whatever route our parent has. + $arr['route'] = $r[0]['route']; + } + else { + + // going downstream check that we have the same upstream provider that + // sent it to us originally. Ignore it if it came from another source + // (with potentially different permissions) + + $current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender['hash']; + + if($r[0]['route'] != $current_route) { + $result[] = array($d['hash'],'comment route mismatch',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + continue; + } + } + } + if($arr['item_restrict'] & ITEM_DELETED) { // remove_community_tag is a no-op if this isn't a community tag activity @@ -1446,9 +1484,13 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $arr['id'] = $r[0]['id']; $arr['uid'] = $channel['channel_id']; update_imported_item($sender,$arr,$channel['channel_id']); - } - $result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); - $item_id = $r[0]['id']; + $result[] = array($d['hash'],'updated',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + $item_id = $r[0]['id']; + } + else { + $result[] = array($d['hash'],'update ignored',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); + continue; + } } else { $arr['aid'] = $channel['channel_account_id']; @@ -1459,7 +1501,9 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false) { $item_id = $item_result['item_id']; $parr = array('item_id' => $item_id,'item' => $arr,'sender' => $sender,'channel' => $channel); call_hooks('activity_received',$parr); - add_source_route($item_id,$sender['hash']); + // don't add a source route if it's a relay or later recipients will get a route mismatch + if(! $relay) + add_source_route($item_id,$sender['hash']); } $result[] = array($d['hash'],(($item_id) ? 'posted' : 'storage failed:' . $item_result['message']),$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); } |