diff options
| author | Thomas Willingham <founder@kakste.com> | 2013-12-18 18:21:47 +0000 |
|---|---|---|
| committer | Thomas Willingham <founder@kakste.com> | 2013-12-18 18:21:47 +0000 |
| commit | 7ac00d02d110ec2f2d33779d8316e17c13cda149 (patch) | |
| tree | 03b41e86e0790895fe56488beea2b5f554fbaeae /include | |
| parent | 733cb37ef14eb4dd5408e1a8c453f13cd41952eb (diff) | |
| parent | df34aaba4733b1c38ac2b8b9c19c5a945d5a841b (diff) | |
| download | volse-hubzilla-7ac00d02d110ec2f2d33779d8316e17c13cda149.tar.gz volse-hubzilla-7ac00d02d110ec2f2d33779d8316e17c13cda149.tar.bz2 volse-hubzilla-7ac00d02d110ec2f2d33779d8316e17c13cda149.zip | |
Merge remote-tracking branch 'upstream/master'
Conflicts:
mod/page.php
Diffstat (limited to 'include')
34 files changed, 2326 insertions, 1304 deletions
diff --git a/include/Contact.php b/include/Contact.php index fcc5019e7..20dd04d17 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -77,6 +77,19 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { $a = get_app(); + if(! $xchan) { + if($a->profile['channel_hash']) + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($a->profile['channel_hash']) + ); + if($r) + $xchan = $r[0]; + } + + if(! $xchan) + return; + +// FIXME - show connect button to observer if appropriate $connect = false; if(local_user()) { $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", @@ -489,62 +502,6 @@ function unmark_for_death($contact) { ); }} -if(! function_exists('contact_photo_menu')){ -function contact_photo_menu($contact) { - - $a = get_app(); - - $contact_url=""; - $pm_url=""; - $status_link=""; - $photos_link=""; - $posts_link=""; - $poke_link=""; - - $sparkle = false; - if($contact['xchan_network'] === NETWORK_ZOT) { - $sparkle = true; - $profile_link = $a->get_baseurl() . '/magic?f=&id=' . $contact['abook_id']; - } - else - $profile_link = $contact['xchan_url']; - - if($sparkle) { - $status_link = $profile_link . "&url=status"; - $photos_link = $profile_link . "&url=photos"; - $profile_link = $profile_link . "&url=profile"; - $pm_url = $a->get_baseurl() . '/message/new/' . $contact['xchan_hash']; - } - - $poke_link = $a->get_baseurl() . '/poke/?f=&c=' . $contact['abook_id']; - $contact_url = $a->get_baseurl() . '/connections/' . $contact['abook_id']; - $posts_link = $a->get_baseurl() . '/network/?cid=' . $contact['abook_id']; - - $menu = Array( - t("Poke") => $poke_link, - t("View Status") => $status_link, - t("View Profile") => $profile_link, - t("View Photos") => $photos_link, - t("Network Posts") => $posts_link, - t("Edit Contact") => $contact_url, - t("Send PM") => $pm_url, - ); - - - $args = array('contact' => $contact, 'menu' => &$menu); - - call_hooks('contact_photo_menu', $args); - - $o = ""; - foreach($menu as $k=>$v){ - if ($v!="") { - $o .= "<li><a href=\"$v\">$k</a></li>\n"; - } - } - return $o; -}} - - function random_profile() { $r = q("select xchan_url from xchan where 1 order by rand() limit 1"); if($r) @@ -553,26 +510,3 @@ function random_profile() { } -function contacts_not_grouped($uid,$start = 0,$count = 0) { - - if(! $count) { - $r = q("select count(*) as total from contact where uid = %d and self = 0 and id not in (select distinct(`contact-id`) from group_member where uid = %d) ", - intval($uid), - intval($uid) - ); - - return $r; - - - } - - $r = q("select * from contact where uid = %d and self = 0 and id not in (select distinct(`contact-id`) from group_member where uid = %d) and blocked = 0 and pending = 0 limit %d, %d", - intval($uid), - intval($uid), - intval($start), - intval($count) - ); - - return $r; -} - diff --git a/include/acl_selectors.php b/include/acl_selectors.php index 033186151..930f9967a 100644 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -208,22 +208,22 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p function fixacl(&$item) { - $item = intval(str_replace(array('<','>'),array('',''),$item)); + $item = str_replace(array('<','>'),array('',''),$item); } -function populate_acl($user = null,$celeb = false) { +function populate_acl($defaults = null,$unused = false) { $allow_cid = $allow_gid = $deny_cid = $deny_gid = false; - if(is_array($user)) { - $allow_cid = ((strlen($user['allow_cid'])) - ? explode('><', $user['allow_cid']) : array() ); - $allow_gid = ((strlen($user['allow_gid'])) - ? explode('><', $user['allow_gid']) : array() ); - $deny_cid = ((strlen($user['deny_cid'])) - ? explode('><', $user['deny_cid']) : array() ); - $deny_gid = ((strlen($user['deny_gid'])) - ? explode('><', $user['deny_gid']) : array() ); + if(is_array($defaults)) { + $allow_cid = ((strlen($defaults['allow_cid'])) + ? explode('><', $defaults['allow_cid']) : array() ); + $allow_gid = ((strlen($defaults['allow_gid'])) + ? explode('><', $defaults['allow_gid']) : array() ); + $deny_cid = ((strlen($defaults['deny_cid'])) + ? explode('><', $defaults['deny_cid']) : array() ); + $deny_gid = ((strlen($defaults['deny_gid'])) + ? explode('><', $defaults['deny_gid']) : array() ); array_walk($allow_cid,'fixacl'); array_walk($allow_gid,'fixacl'); array_walk($deny_cid,'fixacl'); diff --git a/include/api.php b/include/api.php index 1dd970cbc..463d29cf8 100644 --- a/include/api.php +++ b/include/api.php @@ -233,7 +233,7 @@ require_once('include/photos.php'); 'updated' => api_date(null), 'atom_updated' => datetime_convert('UTC','UTC','now',ATOM_TIME), 'language' => $user_info['language'], - 'logo' => $a->get_baseurl()."/images/rhash-64.png", + 'logo' => $a->get_baseurl()."/images/rm-64.png", ); return $arr; @@ -362,7 +362,8 @@ require_once('include/photos.php'); 'location' => ($usr) ? $usr[0]['channel_location'] : '', 'profile_image_url' => $uinfo[0]['xchan_photo_l'], 'url' => $uinfo[0]['xchan_url'], - 'contact_url' => $a->get_baseurl()."/connections/".$uinfo[0]['abook_id'], +//FIXME + 'contact_url' => $a->get_baseurl() . "/connections/".$uinfo[0]['abook_id'], 'protected' => false, 'friends_count' => intval($countfriends), 'created_at' => api_date($uinfo[0]['abook_created']), @@ -739,7 +740,7 @@ require_once('include/photos.php'); 'created_at' => api_date($lastwall['created']), 'in_reply_to_status_id' => $in_reply_to_status_id, 'source' => (($lastwall['app']) ? $lastwall['app'] : 'web'), - 'id' => (($w) ? $w[0]['abook_id'] : $user_info['id']), + 'id' => ($lastwall['id']), 'in_reply_to_user_id' => $in_reply_to_user_id, 'in_reply_to_screen_name' => $in_reply_to_screen_name, 'geo' => '', @@ -1080,12 +1081,46 @@ require_once('include/photos.php'); // params $id = intval(argv(3)); + if($id) { + // first prove that we own the item - logger('API: api_statuses_destroy: '.$id); + $r = q("select * from item where id = %d and uid = %d limit 1", + intval($id), + intval($user_info['uid']) + ); + if(! $r) + return false; + } + else { + if($_REQUEST['namespace'] && $_REQUEST['remote_id']) { + $r = q("select * from item_id where service = '%s' and sid = '%s' and uid = %d limit 1", + dbesc($_REQUEST['namespace']), + dbesc($_REQUEST['remote_id']), + intval($user_info['uid']) + ); + if(! $r) + return false; + $id = $r[0]['iid']; + } + if($_REQUEST['namespace'] && $_REQUEST['comment_id']) { + $r = q("select * from item_id left join item on item.id = item_id.iid where service = '%s' and sid = '%s' and uid = %d and item.id != item.parent limit 1", + dbesc($_REQUEST['namespace']), + dbesc($_REQUEST['comment_id']), + intval($user_info['uid']) + ); + if(! $r) + return false; + $id = $r[0]['iid']; + } + } + if(! $id) + return false; + logger('API: api_statuses_destroy: '.$id); require_once('include/items.php'); drop_item($id, false); + if ($type == 'xml') $ok = "true"; else @@ -1106,7 +1141,7 @@ require_once('include/photos.php'); if (api_user()===false) return false; $user_info = api_get_user($a); - // get last newtork messages + // get last network messages // params @@ -1581,7 +1616,7 @@ require_once('include/photos.php'); $name = get_config('system','sitename'); $server = $a->get_hostname(); - $logo = $a->get_baseurl() . '/images/rhash-64.png'; + $logo = $a->get_baseurl() . '/images/rm-64.png'; $email = get_config('system','admin_email'); $closed = ((get_config('system','register_policy') == REGISTER_CLOSED) ? 'true' : 'false'); $private = ((get_config('system','block_public')) ? 'true' : 'false'); diff --git a/include/auth.php b/include/auth.php index 8eb8bf333..c0002e6c1 100644 --- a/include/auth.php +++ b/include/auth.php @@ -22,6 +22,8 @@ function nuke_session() { unset($_SESSION['my_address']); unset($_SESSION['addr']); unset($_SESSION['return_url']); + unset($_SESSION['remote_service_class']); + unset($_SESSION['remote_hub']); } /** diff --git a/include/contact_widgets.php b/include/contact_widgets.php index af05f8c9f..482bbed78 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -1,30 +1,6 @@ <?php /** @file */ -function follow_widget() { - $a = get_app(); - $uid =$a->channel['channel_id']; - $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", - intval($uid), - intval(ABOOK_FLAG_SELF) - ); - if($r) - $total_channels = $r[0]['total']; - $limit = service_class_fetch($uid,'total_channels'); - if($limit !== false) { - $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit); - } - else { - $abook_usage_message = ''; - } - return replace_macros(get_markup_template('follow.tpl'),array( - '$connect' => t('Add New Connection'), - '$desc' => t('Enter the channel address'), - '$hint' => t('Example: bob@example.com, http://example.com/barbara'), - '$follow' => t('Connect'), - '$abook_usage_message' => $abook_usage_message - )); -} function findpeople_widget() { require_once('include/Contact.php'); @@ -49,7 +25,8 @@ function findpeople_widget() { '$suggest' => t('Channel Suggestions'), '$similar' => '', // FIXME and uncomment when mod/match working // t('Similar Interests'), '$random' => t('Random Profile'), - '$inv' => t('Invite Friends') + '$inv' => t('Invite Friends'), + '$loggedin' => local_user() )); } @@ -149,4 +126,6 @@ function common_friends_visitor_widget($profile_uid) { '$items' => $r )); -};
\ No newline at end of file +}; + + diff --git a/include/conversation.php b/include/conversation.php index fea53015e..2ba3948bf 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -203,6 +203,10 @@ function localize_item(&$item){ } if (stristr($item['verb'],ACTIVITY_POKE)) { + + // FIXME for obscured private posts, until then leave untranslated + return; + $verb = urldecode(substr($item['verb'],strpos($item['verb'],'#')+1)); if(! $verb) return; @@ -911,7 +915,7 @@ function item_photo_menu($item){ if($contact) { $poke_link = $a->get_baseurl($ssl_state) . '/poke/?f=&c=' . $contact['abook_id']; - $contact_url = $a->get_baseurl($ssl_state) . '/connections/' . $contact['abook_id']; + $contact_url = $a->get_baseurl($ssl_state) . '/connedit/' . $contact['abook_id']; $posts_link = $a->get_baseurl($ssl_state) . '/network/?cid=' . $contact['abook_id']; $clean_url = normalise_link($item['author-link']); @@ -993,9 +997,9 @@ function format_like($cnt,$arr,$type,$id) { else { $spanatts = 'class="fakelink" onclick="openClose(\'' . $type . 'list-' . $id . '\');"'; $o .= (($type === 'like') ? - sprintf( t('<span %1$s>%2$d people</span> like this.'), $spanatts, $cnt) + sprintf( tt('<span %1$s>%2$d people</span> like this.','<span %1$s>%2$d people</span> like this.',$cnt), $spanatts, $cnt) : - sprintf( t('<span %1$s>%2$d people</span> don\'t like this.'), $spanatts, $cnt) ); + sprintf( tt('<span %1$s>%2$d people</span> don\'t like this.','<span %1$s>%2$d people</span> don\'t like this.',$cnt), $spanatts, $cnt) ); $o .= EOL ; $total = count($arr); if($total >= MAX_LIKERS) @@ -1004,7 +1008,7 @@ function format_like($cnt,$arr,$type,$id) { $arr[count($arr)-1] = t('and') . ' ' . $arr[count($arr)-1]; $str = implode(', ', $arr); if($total >= MAX_LIKERS) - $str .= sprintf( t(', and %d other people'), $total - MAX_LIKERS ); + $str .= sprintf( tt(', and %d other people',', and %d other people',$total - MAX_LIKERS), $total - MAX_LIKERS ); $str = (($type === 'like') ? sprintf( t('%s like this.'), $str) : sprintf( t('%s don\'t like this.'), $str)); $o .= "\t" . '<div id="' . $type . 'list-' . $id . '" style="display: none;" >' . $str . '</div>'; } @@ -1104,7 +1108,7 @@ function status_editor($a,$x,$popup=false) { '$shortsetloc' => t('set location'), '$noloc' => t('Clear browser location'), '$shortnoloc' => t('clear location'), - '$title' => ((x($x,'title')) ? htmlspecialchars($x['title']) : ''), + '$title' => ((x($x,'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''), '$placeholdertitle' => t('Set title'), '$catsenabled' => ((feature_enabled($x['profile_uid'],'categories') && (! $webpage)) ? 'categories' : ''), '$category' => "", @@ -1113,7 +1117,7 @@ function status_editor($a,$x,$popup=false) { '$permset' => t('Permission settings'), '$shortpermset' => t('permissions'), '$ptyp' => (($notes_cid) ? 'note' : 'wall'), - '$content' => ((x($x,'body')) ? htmlspecialchars($x['body']) : ''), + '$content' => ((x($x,'body')) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8') : ''), '$post_id' => '', '$baseurl' => $a->get_baseurl(true), '$defloc' => $x['default_location'], @@ -1301,7 +1305,191 @@ function prepare_page($item) { '$auth_url' => (($naked) ? '' : $item['author']['xchan_url']), '$date' => (($naked) ? '' : datetime_convert('UTC',date_default_timezone_get(),$item['created'],'Y-m-d H:i')), '$title' => smilies(bbcode($item['title'])), - '$body' => prepare_text($item['body'],$item['mimetype']) + '$body' => prepare_body($item,true) )); } + +function network_tabs() { + $a = get_app(); + $no_active=''; + $starred_active = ''; + $new_active = ''; + $all_active = ''; + $search_active = ''; + $conv_active = ''; + $spam_active = ''; + $postord_active = ''; + + if(x($_GET,'new')) { + $new_active = 'active'; + } + + if(x($_GET,'search')) { + $search_active = 'active'; + } + + if(x($_GET,'star')) { + $starred_active = 'active'; + } + + if(x($_GET,'conv')) { + $conv_active = 'active'; + } + + if(x($_GET,'spam')) { + $spam_active = 'active'; + } + + + + if (($new_active == '') + && ($starred_active == '') + && ($conv_active == '') + && ($search_active == '') + && ($spam_active == '')) { + $no_active = 'active'; + } + + if ($no_active=='active' && x($_GET,'order')) { + switch($_GET['order']){ + case 'post': $postord_active = 'active'; $no_active=''; break; + case 'comment' : $all_active = 'active'; $no_active=''; break; + } + } + + if ($no_active=='active') $all_active='active'; + + $cmd = $a->cmd; + + // tabs + $tabs = array( + array( + 'label' => t('Commented Order'), + 'url'=>$a->get_baseurl(true) . '/' . $cmd . '?f=&order=comment' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), + 'sel'=>$all_active, + 'title'=> t('Sort by Comment Date'), + ), + array( + 'label' => t('Posted Order'), + 'url'=>$a->get_baseurl(true) . '/' . $cmd . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), + 'sel'=>$postord_active, + 'title' => t('Sort by Post Date'), + ), + + array( + 'label' => t('Personal'), + 'url' => $a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1', + 'sel' => $conv_active, + 'title' => t('Posts that mention or involve you'), + ), + array( + 'label' => t('New'), + 'url' => $a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&new=1', + 'sel' => $new_active, + 'title' => t('Activity Stream - by date'), + ), + + ); + + if(feature_enabled(local_user(),'star_posts')) + $tabs[] = array( + 'label' => t('Starred'), + 'url'=>$a->get_baseurl(true) . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1', + 'sel'=>$starred_active, + 'title' => t('Favourite Posts'), + ); + + // Not yet implemented + + if(feature_enabled(local_user(),'spam_filter')) + $tabs[] = array( + 'label' => t('Spam'), + 'url'=>$a->get_baseurl(true) . '/network?f=&spam=1', + 'sel'=> $spam_active, + 'title' => t('Posts flagged as SPAM'), + ); + + $arr = array('tabs' => $tabs); + call_hooks('network_tabs', $arr); + + $tpl = get_markup_template('common_tabs.tpl'); + + return replace_macros($tpl,array('$tabs' => $arr['tabs'])); + +} + + + +function profile_tabs($a, $is_owner=False, $nickname=Null){ + //echo "<pre>"; var_dump($a->user); killme(); + + $channel = $a->get_channel(); + + if (is_null($nickname)) + $nickname = $channel['channel_address']; + + if(x($_GET,'tab')) + $tab = notags(trim($_GET['tab'])); + + $url = $a->get_baseurl() . '/channel/' . $nickname; + $pr = $a->get_baseurl() . '/profile/' . $nickname; + + $tabs = array( + array( + 'label' => t('Channel'), + 'url' => $url, + 'sel' => ((argv(0) == 'channel') ? 'active' : ''), + 'title' => t('Status Messages and Posts'), + 'id' => 'status-tab', + ), + array( + 'label' => t('About'), + 'url' => $pr, + 'sel' => ((argv(0) == 'profile') ? 'active' : ''), + 'title' => t('Profile Details'), + 'id' => 'profile-tab', + ), + array( + 'label' => t('Photos'), + 'url' => $a->get_baseurl() . '/photos/' . $nickname, + 'sel' => ((argv(0) == 'photos') ? 'active' : ''), + 'title' => t('Photo Albums'), + 'id' => 'photo-tab', + ), + ); + + + if ($is_owner){ + $tabs[] = array( + 'label' => t('Events'), + 'url' => $a->get_baseurl() . '/events', + 'sel' => ((argv(0) == 'events') ? 'active' : ''), + 'title' => t('Events and Calendar'), + 'id' => 'events-tab', + ); + if(feature_enabled(local_user(),'webpages')){ + $tabs[] = array( + 'label' => t('Webpages'), + 'url' => $a->get_baseurl() . '/webpages/' . $nickname, + 'sel' => ((argv(0) == 'webpages') ? 'active' : ''), + 'title' => t('Manage Webpages'), + 'id' => 'webpages-tab', + );} + } + else { + // FIXME + // we probably need a listing of events that were created by + // this channel and are visible to the observer + + + } + + + $arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => (($tab) ? $tab : false), 'tabs' => $tabs); + call_hooks('profile_tabs', $arr); + + $tpl = get_markup_template('common_tabs.tpl'); + + return replace_macros($tpl,array('$tabs' => $arr['tabs'])); +} diff --git a/include/crypto.php b/include/crypto.php index a0268ef93..33cdc10c0 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -4,6 +4,8 @@ function rsa_sign($data,$key,$alg = 'sha256') { if(! $key) return 'no key'; $sig = ''; + if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256') + $alg = OPENSSL_ALGO_SHA256; openssl_sign($data,$sig,$key,$alg); return $sig; } @@ -13,6 +15,8 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') { if(! $key) return false; + if(intval(OPENSSL_ALGO_SHA256) && $alg === 'sha256') + $alg = OPENSSL_ALGO_SHA256; $verify = openssl_verify($data,$sig,$key,$alg); return $verify; } @@ -49,6 +53,13 @@ function AES256CBC_decrypt($data,$key,$iv) { str_pad($iv,16,"\0"))); } +function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { + if($alg === 'aes256cbc') + return aes_encapsulate($data,$pubkey); + +} + + function aes_encapsulate($data,$pubkey) { if(! $pubkey) logger('aes_encapsulate: no key. data: ' . $data); @@ -60,12 +71,23 @@ function aes_encapsulate($data,$pubkey) { $x = debug_backtrace(); logger('aes_encapsulate: RSA failed. ' . print_r($x[0],true)); } + $result['alg'] = 'aes256cbc'; $result['key'] = base64url_encode($k,true); openssl_public_encrypt($iv,$i,$pubkey); $result['iv'] = base64url_encode($i,true); return $result; } +function crypto_unencapsulate($data,$prvkey) { + if(! $data) + return; + $alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc'); + if($alg === 'aes256cbc') + return aes_unencapsulate($data,$prvkey); + +} + + function aes_unencapsulate($data,$prvkey) { openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); diff --git a/include/datetime.php b/include/datetime.php index 94c2e4f1c..c0503fc7d 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -443,3 +443,24 @@ function cal($y = 0,$m = 0, $links = false, $class='') { } + + +function z_birthday($dob,$tz,$format="Y-m-d H:i:s") { + + if(! strlen($tz)) + $tz = 'UTC'; + + $tmp_dob = substr($dob,5); + if(intval($tmp_dob)) { + $y = datetime_convert($tz,$tz,'now','Y'); + $bd = $y . '-' . $tmp_dob . ' 00:00'; + $t_dob = strtotime($bd); + $now = strtotime(datetime_convert($tz,$tz,'now')); + if($t_dob < $now) + $bd = $y + 1 . '-' . $tmp_dob . ' 00:00'; + $birthday = datetime_convert($tz,'UTC',$bd,$format); + } + + return $birthday; + +} diff --git a/include/deliver.php b/include/deliver.php index b1314ce39..b0d15e1ef 100644 --- a/include/deliver.php +++ b/include/deliver.php @@ -26,6 +26,7 @@ function deliver_run($argv, $argc) { // If there is no outq_msg, this is a refresh_all message which does not require local handling if($r[0]['outq_msg']) { $msg = array('body' => json_encode(array('pickup' => array(array('notify' => json_decode($r[0]['outq_notify'],true),'message' => json_decode($r[0]['outq_msg'],true)))))); + zot_import($msg,z_root()); $r = q("delete from outq where outq_hash = '%s' limit 1", dbesc($argv[$x]) diff --git a/include/dir_fns.php b/include/dir_fns.php index 0c9a6bd9f..02e8186b7 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -22,7 +22,8 @@ function dir_sort_links() { function dir_safe_mode() { $observer = get_observer_hash(); - +if (! $observer) + return; if ($observer) $safe_mode = get_xconfig($observer,'directory','safe_mode'); if($safe_mode === '0') diff --git a/include/enotify.php b/include/enotify.php index 67fe748d1..011a1cde2 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -4,6 +4,10 @@ function notification($params) { logger('notification: entry', LOGGER_DEBUG); + // throw a small amount of entropy into the system to breakup duplicates arriving at the same precise instant. + usleep(mt_rand(0,10000)); + + $a = get_app(); @@ -79,7 +83,7 @@ function notification($params) { logger('notification: mail'); $subject = sprintf( t('[Red:Notify] New mail received at %s'),$sitename); - $preamble = sprintf( t('%1$s sent you a new private message at %2$s.'),$sender['xchan_name'],$sitename); + $preamble = sprintf( t('%1$s, %2$s sent you a new private message at %3$s.'),$recip['channel_name'], $sender['xchan_name'],$sitename); $epreamble = sprintf( t('%1$s sent you %2$s.'),'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', '[zrl=$itemlink]' . t('a private message') . '[/zrl]'); $sitelink = t('Please visit %s to view and/or reply to your private messages.'); $tsitelink = sprintf( $sitelink, $siteurl . '/message/' . $params['item']['id'] ); @@ -132,25 +136,28 @@ function notification($params) { //$possess_desc = str_replace('<!item_type!>',$possess_desc); // "a post" - $dest_str = sprintf(t('%1$s commented on [zrl=%2$s]a %3$s[/zrl]'), - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $itemlink, - $item_post_type); + $dest_str = sprintf(t('%1$s, %2$s commented on [zrl=%3$s]a %4$s[/zrl]'), + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $itemlink, + $item_post_type); // "George Bull's post" if($p) - $dest_str = sprintf(t('%1$s commented on [zrl=%2$s]%3$s\'s %4$s[/zrl]'), - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $itemlink, - $p[0]['author']['xchan_name'], - $item_post_type); + $dest_str = sprintf(t('%1$s, %2$s commented on [zrl=%3$s]%4$s\'s %5$s[/zrl]'), + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $itemlink, + $p[0]['author']['xchan_name'], + $item_post_type); // "your post" if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && ($p[0]['item_flags'] & ITEM_WALL)) - $dest_str = sprintf(t('%1$s commented on [zrl=%2$s]your %3$s[/zrl]'), - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $itemlink, - $item_post_type); + $dest_str = sprintf(t('%1$s, %2$s commented on [zrl=%3$s]your %4$s[/zrl]'), + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $itemlink, + $item_post_type); // Some mail softwares relies on subject field for threading. // So, we cannot have different subjects for notifications of the same thread. @@ -158,7 +165,7 @@ function notification($params) { // differents subjects for messages on the same thread. $subject = sprintf( t('[Red:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']); - $preamble = sprintf( t('%s commented on an item/conversation you have been following.'), $sender['xchan_name']); + $preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); $epreamble = $dest_str; $sitelink = t('Please visit %s to view and/or reply to the conversation.'); @@ -170,11 +177,13 @@ function notification($params) { if($params['type'] == NOTIFY_WALL) { $subject = sprintf( t('[Red:Notify] %s posted to your profile wall') , $sender['xchan_name']); - $preamble = sprintf( t('%1$s posted to your profile wall at %2$s') , $sender['xchan_name'], $sitename); + $preamble = sprintf( t('%1$s, %2$s posted to your profile wall at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('%1$s posted to [zrl=%2$s]your wall[/zrl]') , - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $params['link']); + $epreamble = sprintf( t('%1$s, %2$s posted to [zrl=%3$s]your wall[/zrl]') , + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $params['link']); + // FIXME - check the item privacy $private = false; @@ -198,10 +207,11 @@ function notification($params) { } $subject = sprintf( t('[Red:Notify] %s tagged you') , $sender['xchan_name']); - $preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') , - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $params['link']); + $preamble = sprintf( t('%1$s, %2$s tagged you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename); + $epreamble = sprintf( t('%1$s, %2$s [zrl=%3$s]tagged you[/zrl].') , + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $params['link']); $sitelink = t('Please visit %s to view and/or reply to the conversation.'); $tsitelink = sprintf( $sitelink, $siteurl ); @@ -212,10 +222,11 @@ function notification($params) { if($params['type'] == NOTIFY_POKE) { $subject = sprintf( t('[Red:Notify] %1$s poked you') , $sender['xchan_name']); - $preamble = sprintf( t('%1$s poked you at %2$s') , $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') , - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $params['link']); + $preamble = sprintf( t('%1$s, %2$s poked you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename); + $epreamble = sprintf( t('%1$s, %2$s [zrl=%2$s]poked you[/zrl].') , + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $params['link']); $subject = str_replace('poked', t($params['activity']), $subject); $preamble = str_replace('poked', t($params['activity']), $preamble); @@ -229,10 +240,11 @@ function notification($params) { if($params['type'] == NOTIFY_TAGSHARE) { $subject = sprintf( t('[Red:Notify] %s tagged your post') , $sender['xchan_name']); - $preamble = sprintf( t('%1$s tagged your post at %2$s') , $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') , - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', - $itemlink); + $preamble = sprintf( t('%1$s, %2$s tagged your post at %3$s') , $recip['channel_name'],$sender['xchan_name'], $sitename); + $epreamble = sprintf( t('%1$s, %2$s tagged [zrl=%3$s]your post[/zrl]') , + $recip['channel_name'], + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', + $itemlink); $sitelink = t('Please visit %s to view and/or reply to the conversation.'); $tsitelink = sprintf( $sitelink, $siteurl ); @@ -242,10 +254,11 @@ function notification($params) { if($params['type'] == NOTIFY_INTRO) { $subject = sprintf( t('[Red:Notify] Introduction received')); - $preamble = sprintf( t('You\'ve received an introduction from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('You\'ve received [zrl=%1$s]an introduction[/zrl] from %2$s.'), - $itemlink, - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); + $preamble = sprintf( t('%1$s, you\'ve received an introduction from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); + $epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]an introduction[/zrl] from %3$s.'), + $recip['channel_name'], + $itemlink, + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); $body = sprintf( t('You may visit their profile at %s'),$sender['xchan_url']); $sitelink = t('Please visit %s to approve or reject the introduction.'); @@ -256,11 +269,12 @@ function notification($params) { if($params['type'] == NOTIFY_SUGGEST) { $subject = sprintf( t('[Red:Notify] Friend suggestion received')); - $preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); - $epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'), - $itemlink, - '[zrl=' . $params['item']['url'] . ']' . $params['item']['name'] . '[/zrl]', - '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); + $preamble = sprintf( t('%1$s, you\'ve received a friend suggestion from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); + $epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a friend suggestion[/zrl] for %3$s from %4$s.'), + $recip['channel_name'], + $itemlink, + '[zrl=' . $params['item']['url'] . ']' . $params['item']['name'] . '[/zrl]', + '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); $body = t('Name:') . ' ' . $params['item']['name'] . "\n"; $body .= t('Photo:') . ' ' . $params['item']['photo'] . "\n"; @@ -322,6 +336,7 @@ function notification($params) { $datarray['url'] = $sender['xchan_url']; $datarray['photo'] = $sender['xchan_photo_s']; $datarray['date'] = datetime_convert(); + $datarray['aid'] = $recip['channel_account_id']; $datarray['uid'] = $recip['channel_id']; $datarray['link'] = $itemlink; $datarray['parent'] = $parent_id; @@ -340,13 +355,14 @@ function notification($params) { // create notification entry in DB - $r = q("insert into notify (hash,name,url,photo,date,uid,link,parent,type,verb,otype) - values('%s','%s','%s','%s','%s',%d,'%s',%d,%d,'%s','%s')", + $r = q("insert into notify (hash,name,url,photo,date,aid,uid,link,parent,type,verb,otype) + values('%s','%s','%s','%s','%s',%d,%d,'%s',%d,%d,'%s','%s')", dbesc($datarray['hash']), dbesc($datarray['name']), dbesc($datarray['url']), dbesc($datarray['photo']), dbesc($datarray['date']), + intval($datarray['aid']), intval($datarray['uid']), dbesc($datarray['link']), intval($datarray['parent']), @@ -559,7 +575,7 @@ class enotify { // send the message $res = mail( - $params['toEmail'], // send to address + $params['toEmail'], // send to address $messageSubject, // subject $multipartMessageBody, // message body $messageHeader // message headers diff --git a/include/features.php b/include/features.php index c5ab95a34..978d7af8a 100644 --- a/include/features.php +++ b/include/features.php @@ -23,6 +23,7 @@ function get_features() { array('content_expire', t('Content Expiration'), t('Remove posts/comments and/or private messages at a future time')), array('multi_profiles', t('Multiple Profiles'), t('Ability to create multiple profiles')), array('webpages', t('Web Pages'), t('Provide managed web pages on your channel')), + array('private_notes', t('Private Notes'), t('Enables a tool to store notes and reminders')), array('prettyphoto', t('Enhanced Photo Albums'), t('Enable photo album with enhanced features')), //FIXME - needs a description, but how the hell do we explain this to normals? array('sendzid', t('Extended Identity Sharing'), t(' ')), @@ -48,6 +49,7 @@ function get_features() { array('personal_tab', t('Network Personal Tab'), t('Enable tab to display only Network posts that you\'ve interacted on')), array('new_tab', t('Network New Tab'), t('Enable tab to display all new Network activity')), array('affinity', t('Affinity Tool'), t('Filter stream activity by depth of relationships')), + array('suggest', t('Suggest Channels'), t('Show channel suggestions')), ), // Item tools diff --git a/include/follow.php b/include/follow.php index 10bcddf2b..845ce11da 100644 --- a/include/follow.php +++ b/include/follow.php @@ -96,7 +96,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $global_perms = get_perms(); if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) { - $permissions = aes_unencapsulate(array( + $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), @@ -175,6 +175,10 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) proc_run('php', 'include/notifier.php', 'permission_update', $result['abook']['abook_id']); } + $arr = array('channel_id' => $uid, 'abook' => $result['abook']); + + call_hooks('follow', $arr); + /** If there is a default group for this channel, add this member to it */ if($default_group) { diff --git a/include/group.php b/include/group.php index eece07983..8f690785d 100644 --- a/include/group.php +++ b/include/group.php @@ -202,7 +202,7 @@ function group_get_members($gid) { return $ret; } -function mini_group_select($uid,$gid = 0) { +function mini_group_select($uid,$group = '') { $grps = array(); $o = ''; @@ -210,10 +210,10 @@ function mini_group_select($uid,$gid = 0) { $r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC", intval($uid) ); - $grps[] = array('name' => '', 'id' => '0', 'selected' => ''); + $grps[] = array('name' => '', 'hash' => '0', 'selected' => ''); if(count($r)) { foreach($r as $rr) { - $grps[] = array('name' => $rr['name'], 'id' => $rr['id'], 'selected' => (($gid == $rr['id']) ? 'true' : '')); + $grps[] = array('name' => $rr['name'], 'id' => $rr['hash'], 'selected' => (($group == $rr['hash']) ? 'true' : '')); } } @@ -229,7 +229,7 @@ function mini_group_select($uid,$gid = 0) { -function group_side($every="contacts",$each="group",$edit = false, $group_id = 0, $cid = '') { +function group_side($every="contacts",$each="group",$edit = false, $group_id = 0, $cid = '',$mode = 1) { $o = ''; @@ -272,7 +272,7 @@ function group_side($every="contacts",$each="group",$edit = false, $group_id = 0 'cid' => $cid, 'text' => $rr['name'], 'selected' => $selected, - 'href' => (($each === 'network') ? $each.'?f=&gid='.$rr['id'] : $each."/".$rr['id']), + 'href' => (($mode == 0) ? $each.'?f=&gid='.$rr['id'] : $each."/".$rr['id']), 'edit' => $groupedit, 'ismember' => in_array($rr['id'],$member_of), ); diff --git a/include/identity.php b/include/identity.php index e26d2b29f..6bbf193c1 100644 --- a/include/identity.php +++ b/include/identity.php @@ -4,6 +4,21 @@ require_once('include/zot.php'); require_once('include/crypto.php'); +/** + * @function identity_check_service_class($account_id) + * Called when creating a new channel. Checks the account's service class and number + * of current channels to determine whether creating a new channel is within the current + * service class constraints. + * + * @param int $account_id + * Account_id used for this request + * + * @returns array + * 'success' => boolean true if creating a new channel is allowed for this account + * 'message' => if success is false, optional error text + */ + + function identity_check_service_class($account_id) { $ret = array('success' => false, $message => ''); @@ -24,11 +39,22 @@ function identity_check_service_class($account_id) { return $ret; } -// Return an error message if the name is not valid. We're currently only checking -// for an empty name or one that exceeds our storage limit (255 chars). -// 255 chars is probably going to create a mess on some pages. -// Plugins can set additional policies such as full name requirements, character sets, multi-byte -// length, etc. + +/** + * @function validate_channelname($name) + * Determine if the channel name is allowed when creating a new channel. + * This action is pluggable. + * + * @param string $name + * + * @returns nil return if name is valid, or string describing the error state. + * + * We're currently only checking for an empty name or one that exceeds our storage limit (255 chars). + * 255 chars is probably going to create a mess on some pages. + * Plugins can set additional policies such as full name requirements, character sets, multi-byte + * length, etc. + * + */ function validate_channelname($name) { @@ -44,8 +70,13 @@ function validate_channelname($name) { } -// Create the system channel for directory synchronisation - this has no account attached - +/** + * @function create_dir_account() + * Create a system channel - which has no account attached + * + * Currently unused. + * + */ function create_dir_account() { create_identity(array( @@ -57,6 +88,14 @@ function create_dir_account() { )); } +/** + * @channel_total() + * Return the total number of channels on this site. No filtering is performed. + * + * @returns int + * on error returns boolean false + * + */ function channel_total() { $r = q("select channel_id from channel where true"); @@ -66,11 +105,24 @@ function channel_total() { } - -// Required: name, nickname, account_id - -// optional: pageflags - +/** + * @function create_identity($arr) + * Create a new channel + * Also creates the related xchan, hubloc, profile, and "self" abook records, and an + * empty "Friends" group/collection for the new channel + * + * @param array $arr + * 'name' => full name of channel + * 'nickname' => "email/url-compliant" nickname + * 'account_id' => account_id to attach with this channel + * [other identity fields as desired] + * + * @returns array + * 'success' => boolean true or false + * 'message' => optional error text if success is false + * 'channel' => if successful the created channel array + */ + function create_identity($arr) { $a = get_app(); @@ -191,7 +243,7 @@ function create_identity($arr) { $newuid = $ret['channel']['channel_id']; - $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_name, xchan_network, xchan_photo_date, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", + $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_connurl, xchan_name, xchan_network, xchan_photo_date, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", dbesc($hash), dbesc($guid), dbesc($sig), @@ -202,6 +254,7 @@ function create_identity($arr) { dbesc($ret['channel']['channel_address'] . '@' . get_app()->get_hostname()), dbesc(z_root() . '/channel/' . $ret['channel']['channel_address']), dbesc(z_root() . '/follow?f=&url=%s'), + dbesc(z_root() . '/poco/' . $ret['channel']['channel_address']), dbesc($ret['channel']['channel_name']), dbesc('zot'), dbesc(datetime_convert()), @@ -254,8 +307,21 @@ function create_identity($arr) { } -// set default identity for account_id to channel_id -// if $force is false only do this if there is no current default + +/** + * @function set_default_login_identity($account_id, $channel_id, $force = true) + * Set default channel to be used on login + * + * @param int $account_id + * login account + * @param int $channel_id + * channel id to set as default for this account + * @param boolean force + * if true, set this default unconditionally + * if $force is false only do this if there is no existing default + * + * @returns nil + */ function set_default_login_identity($account_id,$channel_id,$force = true) { $r = q("select account_default_channel from account where account_id = %d limit 1", @@ -271,6 +337,21 @@ function set_default_login_identity($account_id,$channel_id,$force = true) { } } +/** + * @function identity_basic_export($channel_id) + * Create an array representing the important channel information + * which would be necessary to create a nomadic identity clone. This includes + * most channel resources and connection information with the exception of content. + * + * @param int $channel_id + * Channel_id to export + * + * + * @returns array + * See function for details + * + */ + function identity_basic_export($channel_id) { /* @@ -349,49 +430,682 @@ function identity_basic_export($channel_id) { -function identity_basic_import($arr, $seize_primary = false) { +/** + * + * @function : profile_load(&$a, $nickname, $profile) + * Generate + * @param App $a + * @param string $nickname + * @param string $profile + * + * Summary: Loads a profile into the App structure. + * The function requires a writeable copy of the main App structure, and the nickname + * of a valid channel. + * + * Permissions of the current observer are checked. If a restricted profile is available + * to the current observer, that will be loaded instead of the channel default profile. + * + * The channel owner can set $profile to a valid profile_guid to preview that profile. + * + * The channel default theme is also selected for use, unless over-riden elsewhere. + * + */ - $ret = array('result' => false ); - if($arr['channel']) { - // import channel +function profile_load(&$a, $nickname, $profile = '') { - // create a new xchan (if necessary) + logger('profile_load: ' . $nickname . (($profile) ? ' profile: ' . $profile : '')); - // create a new hubloc and seize control if applicable + $user = q("select channel_id from channel where channel_address = '%s' limit 1", + dbesc($nickname) + ); + + if(! $user) { + logger('profile error: ' . $a->query_string, LOGGER_DEBUG); + notice( t('Requested channel is not available.') . EOL ); + $a->error = 404; + return; + } + // get the current observer + $observer = $a->get_observer(); + // Can the observer see our profile? + require_once('include/permissions.php'); + if(! perm_is_allowed($user[0]['channel_id'],$observer['xchan_hash'],'view_profile')) { + // permission denied + notice( t(' Sorry, you don\'t have the permission to view this profile. ') . EOL); + return; } - if($arr['profile']) { - // FIXME - change profile assignment to a hash instead of an id we have to fix + if(! $profile) { + $r = q("SELECT abook_profile FROM abook WHERE abook_xchan = '%s' and abook_channel = '%d' limit 1", + dbesc($observer['xchan_hash']), + intval($user[0]['channel_id']) + ); + if($r) + $profile = $r[0]['abook_profile']; + } + $r = null; + + if($profile) { + $r = q("SELECT profile.uid AS profile_uid, profile.*, channel.* FROM profile + LEFT JOIN channel ON profile.uid = channel.channel_id + WHERE channel.channel_address = '%s' AND profile.profile_guid = '%s' LIMIT 1", + dbesc($nickname), + dbesc($profile) + ); + } + + if(! $r) { + $r = q("SELECT profile.uid AS profile_uid, profile.*, channel.* FROM profile + LEFT JOIN channel ON profile.uid = channel.channel_id + WHERE channel.channel_address = '%s' and not ( channel_pageflags & %d ) + AND profile.is_default = 1 LIMIT 1", + dbesc($nickname), + intval(PAGE_REMOVED) + ); + } + if(! $r) { + logger('profile error: ' . $a->query_string, LOGGER_DEBUG); + notice( t('Requested profile is not available.') . EOL ); + $a->error = 404; + return; + } + + // fetch user tags if this isn't the default profile + + if(! $r[0]['is_default']) { + $x = q("select `keywords` from `profile` where uid = %d and `is_default` = 1 limit 1", + intval($profile_uid) + ); + if($x) + $r[0]['keywords'] = $x[0]['keywords']; } - if($arr['xchan']) { + if($r[0]['keywords']) { + $keywords = str_replace(array('#',',',' ',',,'),array('',' ',',',','),$r[0]['keywords']); + if(strlen($keywords)) + $a->page['htmlhead'] .= '<meta name="keywords" content="' . htmlentities($keywords,ENT_COMPAT,'UTF-8') . '" />' . "\r\n" ; - // import any xchan and hubloc which are not yet available on this site - // Unset primary for all other hubloc on our own record if $seize_primary + } + $a->profile = $r[0]; + $a->profile_uid = $r[0]['profile_uid']; + $a->page['title'] = $a->profile['channel_name'] . " - " . $a->profile['channel_address'] . "@" . $a->get_hostname(); + + $a->profile['channel_mobile_theme'] = get_pconfig(local_user(),'system', 'mobile_theme'); + $_SESSION['theme'] = $a->profile['channel_theme']; + $_SESSION['mobile_theme'] = $a->profile['channel_mobile_theme']; + + /** + * load/reload current theme info + */ + + $a->set_template_engine(); // reset the template engine to the default in case the user's theme doesn't specify one + + $theme_info_file = "view/theme/".current_theme()."/php/theme.php"; + if (file_exists($theme_info_file)){ + require_once($theme_info_file); } - if($arr['abook']) { - // import the abook entries + return; +} + +function profile_create_sidebar(&$a,$connect = true) { + + $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false); + + $a->set_widget('profile',profile_sidebar($a->profile, $block, $connect)); + return; +} + + +/** + * + * Function: profile_sidebar + * + * Formats a profile for display in the sidebar. + * It is very difficult to templatise the HTML completely + * because of all the conditional logic. + * + * @parameter: array $profile + * + * Returns HTML string stuitable for sidebar inclusion + * Exceptions: Returns empty string if passed $profile is wrong type or not populated + * + */ + + + +function profile_sidebar($profile, $block = 0, $show_connect = true) { + + $a = get_app(); + + $observer = $a->get_observer(); + $o = ''; + $location = false; + $address = false; + $pdesc = true; + if((! is_array($profile)) && (! count($profile))) + return $o; + + + head_set_icon($profile['thumb']); + + $is_owner = (($profile['uid'] == local_user()) ? true : false); + + $profile['picdate'] = urlencode($profile['picdate']); + + call_hooks('profile_sidebar_enter', $profile); + + require_once('include/Contact.php'); + + if($show_connect) { + + // This will return an empty string if we're already connected. + + $connect_url = rconnect_url($profile['uid'],get_observer_hash()); + $connect = (($connect_url) ? t('Connect') : ''); + if($connect_url) + $connect_url = sprintf($connect_url,urlencode($profile['channel_address'] . '@' . $a->get_hostname())); + + // premium channel - over-ride + + if($profile['channel_pageflags'] & PAGE_PREMIUM) + $connect_url = z_root() . '/connect/' . $profile['channel_address']; } + // show edit profile to yourself + if($is_owner) { - if($seize_primary) { + $profile['menu'] = array( + 'chg_photo' => t('Change profile photo'), + 'entries' => array(), + ); - // send a refresh message to all our friends, telling them we've moved + if(feature_enabled(local_user(),'multi_profiles')) { + $profile['edit'] = array($a->get_baseurl(). '/profiles', t('Profiles'),"", t('Manage/edit profiles')); + $profile['menu']['cr_new'] = t('Create New Profile'); + } + else + $profile['edit'] = array($a->get_baseurl() . '/profiles/' . $profile['id'], t('Edit Profile'),'',t('Edit Profile')); + + $r = q("SELECT * FROM `profile` WHERE `uid` = %d", + local_user()); + + + if($r) { + foreach($r as $rr) { + $profile['menu']['entries'][] = array( + 'photo' => $rr['thumb'], + 'id' => $rr['id'], + 'alt' => t('Profile Image'), + 'profile_name' => $rr['profile_name'], + 'isdefault' => $rr['is_default'], + 'visible_to_everybody' => t('visible to everybody'), + 'edit_visibility' => t('Edit visibility'), + ); + } + } } - $ret['result'] = true ; - return $ret; + if((x($profile,'address') == 1) + || (x($profile,'locality') == 1) + || (x($profile,'region') == 1) + || (x($profile,'postal_code') == 1) + || (x($profile,'country_name') == 1)) + $location = t('Location:'); + + $gender = ((x($profile,'gender') == 1) ? t('Gender:') : False); + $marital = ((x($profile,'marital') == 1) ? t('Status:') : False); + $homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False); + + if(! perm_is_allowed($profile['uid'],((is_array($observer)) ? $observer['xchan_hash'] : ''),'view_profile')) { + $block = true; + } + + if(($profile['hidewall'] || $block) && (! local_user()) && (! remote_user())) { + $location = $pdesc = $gender = $marital = $homepage = False; + } + + $firstname = ((strpos($profile['name'],' ')) + ? trim(substr($profile['name'],0,strpos($profile['name'],' '))) : $profile['name']); + $lastname = (($firstname === $profile['name']) ? '' : trim(substr($profile['name'],strlen($firstname)))); + + if(is_array($observer) + && perm_is_allowed($profile['uid'],$observer['xchan_hash'],'view_contacts')) { + $contact_block = contact_block(); + } + + $channel_menu = false; + $menu = get_pconfig($profile['uid'],'system','channel_menu'); + if($menu) { + require_once('include/menu.php'); + $m = menu_fetch($menu,$profile['uid'],$observer['xchan_hash']); + if($m) + $channel_menu = menu_render($m); + } + $menublock = get_pconfig($profile['uid'],'system','channel_menublock'); + if ($menublock && (! $block)) { + require_once('include/comanche.php'); + $channel_menu .= comanche_block($menublock); + } + + $tpl = get_markup_template('profile_vcard.tpl'); + + $o .= replace_macros($tpl, array( + '$profile' => $profile, + '$connect' => $connect, + '$connect_url' => $connect_url, + '$location' => $location, + '$gender' => $gender, + '$pdesc' => $pdesc, + '$marital' => $marital, + '$homepage' => $homepage, + '$chanmenu' => $channel_menu, + '$contact_block' => $contact_block, + )); + + $arr = array('profile' => &$profile, 'entry' => &$o); + + call_hooks('profile_sidebar', $arr); + + return $o; +} + + +// FIXME or remove + + + function get_birthdays() { + + $a = get_app(); + $o = ''; + + if(! local_user()) + return $o; + + $bd_format = t('g A l F d') ; // 8 AM Friday January 18 + $bd_short = t('F d'); + + $r = q("SELECT `event`.*, `event`.`id` AS `eid`, `contact`.* FROM `event` + LEFT JOIN `contact` ON `contact`.`id` = `event`.`cid` + WHERE `event`.`uid` = %d AND `type` = 'birthday' AND `start` < '%s' AND `finish` > '%s' + ORDER BY `start` ASC ", + intval(local_user()), + dbesc(datetime_convert('UTC','UTC','now + 6 days')), + dbesc(datetime_convert('UTC','UTC','now')) + ); + + if($r && count($r)) { + $total = 0; + $now = strtotime('now'); + $cids = array(); + + $istoday = false; + foreach($r as $rr) { + if(strlen($rr['name'])) + $total ++; + if((strtotime($rr['start'] . ' +00:00') < $now) && (strtotime($rr['finish'] . ' +00:00') > $now)) + $istoday = true; + } + $classtoday = $istoday ? ' birthday-today ' : ''; + if($total) { + foreach($r as &$rr) { + if(! strlen($rr['name'])) + continue; + + // avoid duplicates + + if(in_array($rr['cid'],$cids)) + continue; + $cids[] = $rr['cid']; + + $today = (((strtotime($rr['start'] . ' +00:00') < $now) && (strtotime($rr['finish'] . ' +00:00') > $now)) ? true : false); + $sparkle = ''; + $url = $rr['url']; + if($rr['network'] === NETWORK_DFRN) { + $sparkle = " sparkle"; + $url = $a->get_baseurl() . '/redir/' . $rr['cid']; + } + + $rr['link'] = $url; + $rr['title'] = $rr['name']; + $rr['date'] = day_translate(datetime_convert('UTC', $a->timezone, $rr['start'], $rr['adjust'] ? $bd_format : $bd_short)) . (($today) ? ' ' . t('[today]') : ''); + $rr['startime'] = Null; + $rr['today'] = $today; + + } + } + } + $tpl = get_markup_template("birthdays_reminder.tpl"); + return replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(), + '$classtoday' => $classtoday, + '$count' => $total, + '$event_reminders' => t('Birthday Reminders'), + '$event_title' => t('Birthdays this week:'), + '$events' => $r, + '$lbr' => '{', // raw brackets mess up if/endif macro processing + '$rbr' => '}' + + )); + } + +// FIXME + + function get_events() { + + require_once('include/bbcode.php'); + + $a = get_app(); + + if(! local_user()) + return $o; + + $bd_format = t('g A l F d') ; // 8 AM Friday January 18 + $bd_short = t('F d'); + + $r = q("SELECT `event`.* FROM `event` + WHERE `event`.`uid` = %d AND `type` != 'birthday' AND `start` < '%s' AND `start` > '%s' + ORDER BY `start` ASC ", + intval(local_user()), + dbesc(datetime_convert('UTC','UTC','now + 6 days')), + dbesc(datetime_convert('UTC','UTC','now - 1 days')) + ); + + if($r && count($r)) { + $now = strtotime('now'); + $istoday = false; + foreach($r as $rr) { + if(strlen($rr['name'])) + $total ++; + + $strt = datetime_convert('UTC',$rr['convert'] ? $a->timezone : 'UTC',$rr['start'],'Y-m-d'); + if($strt === datetime_convert('UTC',$a->timezone,'now','Y-m-d')) + $istoday = true; + } + $classtoday = (($istoday) ? 'event-today' : ''); + + + foreach($r as &$rr) { + if($rr['adjust']) + $md = datetime_convert('UTC',$a->timezone,$rr['start'],'Y/m'); + else + $md = datetime_convert('UTC','UTC',$rr['start'],'Y/m'); + $md .= "/#link-".$rr['id']; + + $title = substr(strip_tags(bbcode($rr['desc'])),0,32) . '... '; + if(! $title) + $title = t('[No description]'); + + $strt = datetime_convert('UTC',$rr['convert'] ? $a->timezone : 'UTC',$rr['start']); + $today = ((substr($strt,0,10) === datetime_convert('UTC',$a->timezone,'now','Y-m-d')) ? true : false); + + $rr['link'] = $md; + $rr['title'] = $title; + $rr['date'] = day_translate(datetime_convert('UTC', $rr['adjust'] ? $a->timezone : 'UTC', $rr['start'], $bd_format)) . (($today) ? ' ' . t('[today]') : ''); + $rr['startime'] = $strt; + $rr['today'] = $today; + } + } + + $tpl = get_markup_template("events_reminder.tpl"); + return replace_macros($tpl, array( + '$baseurl' => $a->get_baseurl(), + '$classtoday' => $classtoday, + '$count' => count($r), + '$event_reminders' => t('Event Reminders'), + '$event_title' => t('Events this week:'), + '$events' => $r, + )); + } + + +function advanced_profile(&$a) { + + if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_profile')) + return ''; + + $o = ''; + + $o .= '<h2>' . t('Profile') . '</h2>'; + + if($a->profile['name']) { + + $tpl = get_markup_template('profile_advanced.tpl'); + + $profile = array(); + + $profile['fullname'] = array( t('Full Name:'), $a->profile['name'] ) ; + + if($a->profile['gender']) $profile['gender'] = array( t('Gender:'), $a->profile['gender'] ); + + + if(($a->profile['dob']) && ($a->profile['dob'] != '0000-00-00')) { + + $year_bd_format = t('j F, Y'); + $short_bd_format = t('j F'); + + + $val = ((intval($a->profile['dob'])) + ? day_translate(datetime_convert('UTC','UTC',$a->profile['dob'] . ' 00:00 +00:00',$year_bd_format)) + : day_translate(datetime_convert('UTC','UTC','2001-' . substr($a->profile['dob'],5) . ' 00:00 +00:00',$short_bd_format))); + + $profile['birthday'] = array( t('Birthday:'), $val); + + } + + if($age = age($a->profile['dob'],$a->profile['timezone'],'')) $profile['age'] = array( t('Age:'), $age ); + + + if($a->profile['marital']) $profile['marital'] = array( t('Status:'), $a->profile['marital']); + + + if($a->profile['with']) $profile['marital']['with'] = $a->profile['with']; + + if(strlen($a->profile['howlong']) && $a->profile['howlong'] !== '0000-00-00 00:00:00') { + $profile['howlong'] = relative_date($a->profile['howlong'], t('for %1$d %2$s')); + } + + if($a->profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), $a->profile['sexual'] ); + + if($a->profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify($a->profile['homepage']) ); + + if($a->profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify($a->profile['hometown']) ); + + if($a->profile['keywords']) $profile['keywords'] = array( t('Tags:'), $a->profile['keywords']); + + if($a->profile['politic']) $profile['politic'] = array( t('Political Views:'), $a->profile['politic']); + + if($a->profile['religion']) $profile['religion'] = array( t('Religion:'), $a->profile['religion']); + + if($txt = prepare_text($a->profile['about'])) $profile['about'] = array( t('About:'), $txt ); + + if($txt = prepare_text($a->profile['interest'])) $profile['interest'] = array( t('Hobbies/Interests:'), $txt); + + if($txt = prepare_text($a->profile['likes'])) $profile['likes'] = array( t('Likes:'), $txt); + + if($txt = prepare_text($a->profile['dislikes'])) $profile['dislikes'] = array( t('Dislikes:'), $txt); + + + if($txt = prepare_text($a->profile['contact'])) $profile['contact'] = array( t('Contact information and Social Networks:'), $txt); + + if($txt = prepare_text($a->profile['music'])) $profile['music'] = array( t('Musical interests:'), $txt); + + if($txt = prepare_text($a->profile['book'])) $profile['book'] = array( t('Books, literature:'), $txt); + + if($txt = prepare_text($a->profile['tv'])) $profile['tv'] = array( t('Television:'), $txt); + + if($txt = prepare_text($a->profile['film'])) $profile['film'] = array( t('Film/dance/culture/entertainment:'), $txt); + + if($txt = prepare_text($a->profile['romance'])) $profile['romance'] = array( t('Love/Romance:'), $txt); + + if($txt = prepare_text($a->profile['work'])) $profile['work'] = array( t('Work/employment:'), $txt); + + if($txt = prepare_text($a->profile['education'])) $profile['education'] = array( t('School/education:'), $txt ); + + $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_page = '%s' and uid = %d and obj_type = %d + order by obj_verb, term", + dbesc($a->profile['profile_guid']), + intval($a->profile['profile_uid']), + intval(TERM_OBJ_THING) + ); + + $things = null; + + if($r) { + $things = array(); + + // Use the system obj_verbs array as a sort key, since we don't really + // want an alphabetic sort. To change the order, use a plugin to + // alter the obj_verbs() array or alter it in code. Unknown verbs come + // after the known ones - in no particular order. + + $v = obj_verbs(); + foreach($v as $k => $foo) + $things[$k] = null; + foreach($r as $rr) { + if(! $things[$rr['obj_verb']]) + $things[$rr['obj_verb']] = array(); + $things[$rr['obj_verb']][] = array('term' => $rr['term'],'url' => $rr['url'],'img' => $rr['imgurl']); + } + $sorted_things = array(); + if($things) + foreach($things as $k => $v) + if(is_array($things[$k])) + $sorted_things[$k] = $v; + } + + logger('mod_profile: things: ' . print_r($sorted_things,true), LOGGER_DATA); + + return replace_macros($tpl, array( + '$title' => t('Profile'), + '$profile' => $profile, + '$things' => $sorted_things + )); + } + + return ''; +} + + + + +function get_my_url() { + if(x($_SESSION,'zrl_override')) + return $_SESSION['zrl_override']; + if(x($_SESSION,'my_url')) + return $_SESSION['my_url']; + return false; +} + +function get_my_address() { + if(x($_SESSION,'zid_override')) + return $_SESSION['zid_override']; + if(x($_SESSION,'my_address')) + return $_SESSION['my_address']; + return false; +} + +/** + * @function zid_init(&$a) + * If somebody arrives at our site using a zid, add their xchan to our DB if we don't have it already. + * And if they aren't already authenticated here, attempt reverse magic auth. + * + * @hooks 'zid_init' + * string 'zid' - their zid + * string 'url' - the destination url + * + */ + +function zid_init(&$a) { + $tmp_str = get_my_address(); + if(validate_email($tmp_str)) { + proc_run('php','include/gprobe.php',bin2hex($tmp_str)); + $arr = array('zid' => $tmp_str, 'url' => $a->cmd); + call_hooks('zid_init',$arr); + if((! local_user()) && (! remote_user())) { + logger('zid_init: not authenticated. Invoking reverse magic-auth for ' . $tmp_str); + $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_id desc limit 1", + dbesc($tmp_str) + ); + // try to avoid recursion - but send them home to do a proper magic auth + $dest = '/' . $a->query_string; + $dest = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$dest); + if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&dest=' . z_root() . $dest); + } + else + logger('zid_init: no hubloc found.'); + } + } +} + +/** + * @function zid($s,$address = '') + * Adds a zid parameter to a url + * @param string $s + * The url to accept the zid + * @param boolean $address + * $address to use instead of session environment + * @return string + * + * @hooks 'zid' + * string url - url to accept zid + * string zid - urlencoded zid + * string result - the return string we calculated, change it if you want to return something else + */ + + +function zid($s,$address = '') { + if(! strlen($s) || strpos($s,'zid=')) + return $s; + $has_params = ((strpos($s,'?')) ? true : false); + $num_slashes = substr_count($s,'/'); + if(! $has_params) + $has_params = ((strpos($s,'&')) ? true : false); + $achar = strpos($s,'?') ? '&' : '?'; + + $mine = get_my_url(); + $myaddr = (($address) ? $address : get_my_address()); + + // FIXME checking against our own channel url is no longer reliable. We may have a lot + // of urls attached to out channel. Should probably match against our site, since we + // will not need to remote authenticate on our own site anyway. + + if($mine && $myaddr && (! link_compare($mine,$s))) + $zurl = $s . (($num_slashes >= 3) ? '' : '/') . $achar . 'zid=' . urlencode($myaddr); + else + $zurl = $s; + + $arr = array('url' => $s, 'zid' => urlencode($myaddr), 'result' => $zurl); + call_hooks('zid', $arr); + return $arr['result']; +} + +// Used from within PCSS themes to set theme parameters. If there's a +// puid request variable, that is the "page owner" and normally their theme +// settings take precedence; unless a local user sets the "always_my_theme" +// system pconfig, which means they don't want to see anybody else's theme +// settings except their own while on this site. + +function get_theme_uid() { + $uid = (($_REQUEST['puid']) ? intval($_REQUEST['puid']) : 0); + if(local_user()) { + if((get_pconfig(local_user(),'system','always_my_theme')) || (! $uid)) + return local_user(); + if(! $uid) + return local_user(); + } + return $uid; } diff --git a/include/items.php b/include/items.php index 520ea7230..b328ca2d1 100755 --- a/include/items.php +++ b/include/items.php @@ -202,11 +202,29 @@ function post_activity_item($arr) { return $ret; } - if(array_key_exists('content_type',$arr) && $arr['content_type'] == 'text/html') - $arr['body'] = purify_html($arr['body']); - else - $arr['body'] = escape_tags($arr['body']); + if(! array_key_exists('mimetype',$arr)) + $arr['mimetype'] = 'text/bbcode'; + + if(array_key_exists('item_private',$arr) && $arr['item_private']) { + + $arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']); + + if($channel) { + if($channel['channel_hash'] === $arr['author_xchan']) { + $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey'])); + $arr['item_flags'] = $arr['item_flags'] | ITEM_VERIFIED; + } + } + + logger('Encrypting local storage'); + $key = get_config('system','pubkey'); + $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; + if($arr['title']) + $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + if($arr['body']) + $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + } $arr['mid'] = ((x($arr,'mid')) ? $arr['mid'] : item_message_id()); $arr['parent_mid'] = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']); @@ -238,7 +256,7 @@ function post_activity_item($arr) { $post = item_store($arr); - if($post['result']) + if($post['success']) $post_id = $post['item_id']; if($post_id) { @@ -546,42 +564,47 @@ function title_is_body($title, $body) { function get_item_elements($x) { -// logger('get_item_elements'); + $arr = array(); - $arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : ''); + $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'],ENT_COMPAT,'UTF-8',false) : ''); $arr['created'] = datetime_convert('UTC','UTC',$x['created']); $arr['edited'] = datetime_convert('UTC','UTC',$x['edited']); - $arr['expires'] = ((x($x,'expires') && $x['expires']) - ? datetime_convert('UTC','UTC',$x['expires']) - : '0000-00-00 00:00:00'); if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); if($arr['edited'] > datetime_convert()) $arr['edited'] = datetime_convert(); - $arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['expires'] = ((x($x,'expires') && $x['expires']) + ? datetime_convert('UTC','UTC',$x['expires']) + : '0000-00-00 00:00:00'); + + $arr['commented'] = ((x($x,'commented') && $x['commented']) + ? datetime_convert('UTC','UTC',$x['commented']) + : $arr['created']); + + $arr['title'] = (($x['title']) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8',false) : ''); if(mb_strlen($arr['title']) > 255) $arr['title'] = mb_substr($arr['title'],0,255); - $arr['app'] = (($x['app']) ? htmlentities($x['app'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['parent_mid'] = (($x['message_top']) ? htmlentities($x['message_top'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['thr_parent'] = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['app'] = (($x['app']) ? htmlspecialchars($x['app'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['mid'] = (($x['message_id']) ? htmlspecialchars($x['message_id'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['parent_mid'] = (($x['message_top']) ? htmlspecialchars($x['message_top'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['thr_parent'] = (($x['message_parent']) ? htmlspecialchars($x['message_parent'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['plink'] = (($x['permalink']) ? htmlentities($x['permalink'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['location'] = (($x['location']) ? htmlentities($x['location'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['coord'] = (($x['longlat']) ? htmlentities($x['longlat'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['verb'] = (($x['verb']) ? htmlentities($x['verb'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['mimetype'] = (($x['mimetype']) ? htmlentities($x['mimetype'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['obj_type'] = (($x['object_type']) ? htmlentities($x['object_type'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['tgt_type'] = (($x['target_type']) ? htmlentities($x['target_type'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['comment_policy'] = (($x['comment_scope']) ? htmlentities($x['comment_scope'], ENT_COMPAT,'UTF-8',false) : 'contacts'); + $arr['plink'] = (($x['permalink']) ? htmlspecialchars($x['permalink'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['location'] = (($x['location']) ? htmlspecialchars($x['location'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['coord'] = (($x['longlat']) ? htmlspecialchars($x['longlat'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['verb'] = (($x['verb']) ? htmlspecialchars($x['verb'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['mimetype'] = (($x['mimetype']) ? htmlspecialchars($x['mimetype'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['obj_type'] = (($x['object_type']) ? htmlspecialchars($x['object_type'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['tgt_type'] = (($x['target_type']) ? htmlspecialchars($x['target_type'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['comment_policy'] = (($x['comment_scope']) ? htmlspecialchars($x['comment_scope'], ENT_COMPAT,'UTF-8',false) : 'contacts'); - $arr['sig'] = (($x['signature']) ? htmlentities($x['signature'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['sig'] = (($x['signature']) ? htmlspecialchars($x['signature'], ENT_COMPAT,'UTF-8',false) : ''); $arr['object'] = activity_sanitise($x['object']); @@ -604,8 +627,8 @@ function get_item_elements($x) { // once, and after that your hub knows them. Sure some info is in the post, but it's only a transit identifier // and not enough info to be able to look you up from your hash - which is the only thing stored with the post. - if(import_author_xchan($x['author'])) - $arr['author_xchan'] = base64url_encode(hash('whirlpool',$x['author']['guid'] . $x['author']['guid_sig'], true)); + if(($xchan_hash = import_author_xchan($x['author'])) !== false) + $arr['author_xchan'] = $xchan_hash; else return array(); @@ -613,8 +636,8 @@ function get_item_elements($x) { if($arr['author_xchan'] === base64url_encode(hash('whirlpool',$x['owner']['guid'] . $x['owner']['guid_sig'], true))) $arr['owner_xchan'] = $arr['author_xchan']; else { - if(import_author_xchan($x['owner'])) - $arr['owner_xchan'] = base64url_encode(hash('whirlpool',$x['owner']['guid'] . $x['owner']['guid_sig'], true)); + if(($xchan_hash = import_author_xchan($x['owner'])) !== false) + $arr['owner_xchan'] = $xchan_hash; else return array(); } @@ -639,12 +662,11 @@ function get_item_elements($x) { $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; $key = get_config('system','pubkey'); if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); } - return $arr; } @@ -652,21 +674,18 @@ function get_item_elements($x) { function import_author_xchan($x) { - $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1", - dbesc($x['guid']), - dbesc($x['guid_sig']), - intval(HUBLOC_FLAGS_PRIMARY) - ); + $arr = array('xchan' => $x, 'xchan_hash' => ''); + call_hooks('import_author_xchan',$arr); + if($arr['xchan_hash']) + return $arr['xchan_hash']; - if($r) { - logger('import_author_xchan: in cache', LOGGER_DEBUG); - return true; + if((! array_key_exists('network', $x)) || ($x['network'] === 'zot')) { + return import_author_zot($x); } - logger('import_author_xchan: entry not in cache - probing: ' . print_r($x,true), LOGGER_DEBUG); + // TODO: create xchans for other common and/or aligned networks - $them = array('hubloc_url' => $x['url'],'xchan_guid' => $x['guid'], 'xchan_guid_sig' => $x['guid_sig']); - return zot_refresh($them); + return false; } function encode_item($item) { @@ -694,9 +713,9 @@ function encode_item($item) { if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); if($item['body']) - $item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } if($item['item_restrict'] & ITEM_DELETED) { @@ -714,6 +733,7 @@ function encode_item($item) { $x['created'] = $item['created']; $x['edited'] = $item['edited']; $x['expires'] = $item['expires']; + $x['commented'] = $item['commented']; $x['mimetype'] = $item['mimetype']; $x['title'] = $item['title']; $x['body'] = $item['body']; @@ -779,6 +799,7 @@ function encode_item_xchan($xchan) { $ret['name'] = $xchan['xchan_name']; $ret['address'] = $xchan['xchan_addr']; $ret['url'] = $xchan['hubloc_url']; + $ret['network'] = $xchan['xchan_network']; $ret['photo'] = array('mimetype' => $xchan['xchan_photo_mimetype'], 'src' => $xchan['xchan_photo_m']); $ret['guid'] = $xchan['xchan_guid']; $ret['guid_sig'] = $xchan['xchan_guid_sig']; @@ -810,8 +831,8 @@ function decode_tags($t) { $ret = array(); foreach($t as $x) { $tag = array(); - $tag['term'] = htmlentities($x['tag'], ENT_COMPAT,'UTF-8',false); - $tag['url'] = htmlentities($x['url'], ENT_COMPAT,'UTF-8',false); + $tag['term'] = htmlspecialchars($x['tag'], ENT_COMPAT,'UTF-8',false); + $tag['url'] = htmlspecialchars($x['url'], ENT_COMPAT,'UTF-8',false); switch($x['type']) { case 'hashtag': $tag['type'] = TERM_HASHTAG; @@ -854,12 +875,12 @@ function activity_sanitise($arr) { if(is_array($x)) $ret[$k] = activity_sanitise($x); else - $ret[$k] = htmlentities($x, ENT_COMPAT,'UTF-8',false); + $ret[$k] = htmlspecialchars($x, ENT_COMPAT,'UTF-8',false); } return $ret; } else { - return htmlentities($arr, ENT_COMPAT,'UTF-8', false); + return htmlspecialchars($arr, ENT_COMPAT,'UTF-8', false); } } return ''; @@ -871,7 +892,7 @@ function array_sanitise($arr) { if($arr) { $ret = array(); foreach($arr as $x) { - $ret[] = htmlentities($x, ENT_COMPAT,'UTF-8',false); + $ret[] = htmlspecialchars($x, ENT_COMPAT,'UTF-8',false); } return $ret; } @@ -902,9 +923,9 @@ function encode_mail($item) { if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); if($item['body']) - $item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } $x['message_id'] = $item['mid']; @@ -936,8 +957,8 @@ function get_mail_elements($x) { $arr = array(); - $arr['body'] = (($x['body']) ? htmlentities($x['body'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['title'] = (($x['title'])? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : ''); + $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['title'] = (($x['title'])? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : ''); $arr['created'] = datetime_convert('UTC','UTC',$x['created']); if((! array_key_exists('expires',$x)) || ($x['expires'] === '0000-00-00 00:00:00')) @@ -955,34 +976,32 @@ function get_mail_elements($x) { $key = get_config('system','pubkey'); $arr['mail_flags'] |= MAIL_OBSCURED; - $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false); + $arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); - $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); + $arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false); if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); - $arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['parent_mid'] = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['mid'] = (($x['message_id']) ? htmlspecialchars($x['message_id'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['parent_mid'] = (($x['message_parent']) ? htmlspecialchars($x['message_parent'], ENT_COMPAT,'UTF-8',false) : ''); if($x['attach']) $arr['attach'] = activity_sanitise($x['attach']); - - if(import_author_xchan($x['from'])) - $arr['from_xchan'] = base64url_encode(hash('whirlpool',$x['from']['guid'] . $x['from']['guid_sig'], true)); + if(($xchan_hash = import_author_xchan($x['from'])) !== false) + $arr['from_xchan'] = $xchan_hash; else return array(); - if(import_author_xchan($x['to'])) - $arr['to_xchan'] = base64url_encode(hash('whirlpool',$x['to']['guid'] . $x['to']['guid_sig'], true)); + if(($xchan_hash = import_author_xchan($x['to'])) !== false) + $arr['to_xchan'] = $xchan_hash; else return array(); - return $arr; } @@ -992,23 +1011,23 @@ function get_profile_elements($x) { $arr = array(); - if(import_author_xchan($x['from'])) - $arr['xprof_hash'] = base64url_encode(hash('whirlpool',$x['from']['guid'] . $x['from']['guid_sig'], true)); + if(($xchan_hash = import_author_xchan($x['from'])) !== false) + $arr['xprof_hash'] = $xchan_hash; else return array(); - $arr['desc'] = (($x['title']) ? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : ''); + $arr['desc'] = (($x['title']) ? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : ''); $arr['dob'] = datetime_convert('UTC','UTC',$x['birthday'],'Y-m-d'); $arr['age'] = (($x['age']) ? intval($x['age']) : 0); - $arr['gender'] = (($x['gender']) ? htmlentities($x['gender'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['marital'] = (($x['marital']) ? htmlentities($x['marital'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['sexual'] = (($x['sexual']) ? htmlentities($x['sexual'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['locale'] = (($x['locale']) ? htmlentities($x['locale'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['region'] = (($x['region']) ? htmlentities($x['region'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['postcode'] = (($x['postcode']) ? htmlentities($x['postcode'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['country'] = (($x['country']) ? htmlentities($x['country'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['gender'] = (($x['gender']) ? htmlspecialchars($x['gender'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['marital'] = (($x['marital']) ? htmlspecialchars($x['marital'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['sexual'] = (($x['sexual']) ? htmlspecialchars($x['sexual'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['locale'] = (($x['locale']) ? htmlspecialchars($x['locale'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['region'] = (($x['region']) ? htmlspecialchars($x['region'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['postcode'] = (($x['postcode']) ? htmlspecialchars($x['postcode'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['country'] = (($x['country']) ? htmlspecialchars($x['country'], ENT_COMPAT,'UTF-8',false) : ''); $arr['keywords'] = (($x['keywords'] && is_array($x['keywords'])) ? array_sanitise($x['keywords']) : array()); @@ -1426,6 +1445,12 @@ function encode_rel_links($links) { function item_store($arr,$allow_exec = false) { + $d = array('item' => $arr, 'allow_exec' => $allow_exec); + call_hooks('item_store', $d ); + $arr = $d['item']; + $allow_exec = $d['allow_exec']; + + $ret = array('result' => false, 'item_id' => 0); if(! $arr['uid']) { @@ -1510,9 +1535,9 @@ function item_store($arr,$allow_exec = false) { $key = get_config('system','pubkey'); $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); } } @@ -1539,8 +1564,8 @@ function item_store($arr,$allow_exec = false) { $arr['owner_xchan'] = ((x($arr,'owner_xchan')) ? notags(trim($arr['owner_xchan'])) : ''); $arr['created'] = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert()); $arr['edited'] = ((x($arr,'edited') !== false) ? datetime_convert('UTC','UTC',$arr['edited']) : datetime_convert()); - $arr['expires'] = ((x($arr,'expires') !== false) ? datetime_convert('UTC','UTC',$arr['expires']) : '0000-00-00 00:00:00'); - $arr['commented'] = datetime_convert(); + $arr['expires'] = ((x($arr,'expires') !== false) ? datetime_convert('UTC','UTC',$arr['expires']) : '0000-00-00 00:00:00'); + $arr['commented'] = ((x($arr,'commented') !== false) ? datetime_convert('UTC','UTC',$arr['commented']) : datetime_convert()); $arr['received'] = datetime_convert(); $arr['changed'] = datetime_convert(); $arr['location'] = ((x($arr,'location')) ? notags(trim($arr['location'])) : ''); @@ -1777,8 +1802,13 @@ function item_store($arr,$allow_exec = false) { // update the commented timestamp on the parent + $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d ", + dbesc($arr['parent_mid']), + intval($arr['uid']) + ); + q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d LIMIT 1", - dbesc(datetime_convert()), + dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), dbesc(datetime_convert()), intval($parent_id) ); @@ -1797,6 +1827,15 @@ function item_store($arr,$allow_exec = false) { function item_store_update($arr,$allow_exec = false) { + + + $d = array('item' => $arr, 'allow_exec' => $allow_exec); + call_hooks('item_store_update', $d ); + $arr = $d['item']; + $allow_exec = $d['allow_exec']; + + + $ret = array('result' => false, 'item_id' => 0); if(! intval($arr['uid'])) { logger('item_store_update: no uid'); @@ -1833,8 +1872,6 @@ function item_store_update($arr,$allow_exec = false) { $arr['item_flags'] = intval($arr['item_flags']) | $orig[0]['item_flags']; $arr['item_restrict'] = intval($arr['item_restrict']) | $orig[0]['item_restrict']; - unset($arr['id']); - unset($arr['uid']); if(array_key_exists('edit',$arr)) unset($arr['edit']); @@ -1876,9 +1913,9 @@ function item_store_update($arr,$allow_exec = false) { $key = get_config('system','pubkey'); $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; if($arr['title']) - $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + $arr['title'] = json_encode(crypto_encapsulate($arr['title'],$key)); if($arr['body']) - $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['body'] = json_encode(crypto_encapsulate($arr['body'],$key)); } } @@ -1900,7 +1937,8 @@ function item_store_update($arr,$allow_exec = false) { } - + unset($arr['id']); + unset($arr['uid']); unset($arr['aid']); unset($arr['mid']); unset($arr['parent']); @@ -2232,7 +2270,7 @@ function tag_deliver($uid,$item_id) { if($item['item_flags'] & ITEM_OBSCURED) { $key = get_config('system','prvkey'); if($item['body']) - $body = aes_unencapsulate(json_decode_plus($item['body']),$key); + $body = crypto_unencapsulate(json_decode_plus($item['body']),$key); } else $body = $item['body']; @@ -2324,12 +2362,13 @@ function tgroup_check($uid,$item) { $mention = false; // check that the message originated elsewhere and is a top-level post - // or is a followup and we have already accepted the top level post + // or is a followup and we have already accepted the top level post as an uplink if($item['mid'] != $item['parent_mid']) { - $r = q("select id from item where mid = '%s' and uid = %d limit 1", + $r = q("select id from item where mid = '%s' and uid = %d and ( item_flags & %d ) limit 1", dbesc($item['parent_mid']), - intval($uid) + intval($uid), + intval(ITEM_UPLINK) ); if($r) return true; @@ -2554,198 +2593,6 @@ function mail_store($arr) { - - - -function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { - - $a = get_app(); - - $idtosend = $orig_id = (($contact['dfrn_id']) ? $contact['dfrn_id'] : $contact['issued_id']); - - if($contact['duplex'] && $contact['dfrn_id']) - $idtosend = '0:' . $orig_id; - if($contact['duplex'] && $contact['issued_id']) - $idtosend = '1:' . $orig_id; - - $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0); - - $rino_enable = get_config('system','rino_encrypt'); - - if(! $rino_enable) - $rino = 0; - -// $ssl_val = intval(get_config('system','ssl_policy')); -// $ssl_policy = ''; - -// switch($ssl_val){ -// case SSL_POLICY_FULL: -// $ssl_policy = 'full'; -// break; -// case SSL_POLICY_SELFSIGN: -// $ssl_policy = 'self'; -// break; -// case SSL_POLICY_NONE: -// default: -// $ssl_policy = 'none'; -// break; -// } - - $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : ''); - - logger('dfrn_deliver: ' . $url); - - $xml = fetch_url($url); - - $curl_stat = $a->get_curl_code(); - if(! $curl_stat) - return(-1); // timed out - - logger('dfrn_deliver: ' . $xml, LOGGER_DATA); - - if(! $xml) - return 3; - - if(strpos($xml,'<?xml') === false) { - logger('dfrn_deliver: no valid XML returned'); - logger('dfrn_deliver: returned XML: ' . $xml, LOGGER_DATA); - return 3; - } - - $res = parse_xml_string($xml); - - if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id))) - return (($res->status) ? $res->status : 3); - - $postvars = array(); - $sent_dfrn_id = hex2bin((string) $res->dfrn_id); - $challenge = hex2bin((string) $res->challenge); - $perm = (($res->perm) ? $res->perm : null); - $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0); - $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); - $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); - - if($owner['page-flags'] == PAGE_PRVGROUP) - $page = 2; - - $final_dfrn_id = ''; - - if($perm) { - if((($perm == 'rw') && (! intval($contact['writable']))) - || (($perm == 'r') && (intval($contact['writable'])))) { - q("update contact set writable = %d where id = %d limit 1", - intval(($perm == 'rw') ? 1 : 0), - intval($contact['id']) - ); - $contact['writable'] = (string) 1 - intval($contact['writable']); - } - } - - if(($contact['duplex'] && strlen($contact['pubkey'])) - || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) - || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) { - openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); - openssl_public_decrypt($challenge,$postvars['challenge'],$contact['pubkey']); - } - else { - openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']); - openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']); - } - - $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); - - if(strpos($final_dfrn_id,':') == 1) - $final_dfrn_id = substr($final_dfrn_id,2); - - if($final_dfrn_id != $orig_id) { - logger('dfrn_deliver: wrong dfrn_id.'); - // did not decode properly - cannot trust this site - return 3; - } - - $postvars['dfrn_id'] = $idtosend; - $postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION; - if($dissolve) - $postvars['dissolve'] = '1'; - - - if((($contact['rel']) && ($contact['rel'] != CONTACT_IS_SHARING) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { - $postvars['data'] = $atom; - $postvars['perm'] = 'rw'; - } - else { - $postvars['data'] = str_replace('<dfrn:comment-allow>1','<dfrn:comment-allow>0',$atom); - $postvars['perm'] = 'r'; - } - -// $postvars['ssl_policy'] = $ssl_policy; - - if($page) - $postvars['page'] = $page; - - if($rino && $rino_allowed && (! $dissolve)) { - $key = substr(random_string(),0,16); - $data = bin2hex(aes_encrypt($postvars['data'],$key)); - $postvars['data'] = $data; - logger('rino: sent key = ' . $key, LOGGER_DEBUG); - - - if($dfrn_version >= 2.1) { - if(($contact['duplex'] && strlen($contact['pubkey'])) - || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) - || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) { - - openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']); - } - else { - openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']); - } - } - else { - if(($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { - openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']); - } - else { - openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']); - } - } - - logger('md5 rawkey ' . md5($postvars['key'])); - - $postvars['key'] = bin2hex($postvars['key']); - } - - logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA); - - $xml = post_url($contact['notify'],$postvars); - - logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA); - - $curl_stat = $a->get_curl_code(); - if((! $curl_stat) || (! strlen($xml))) - return(-1); // timed out - - if(($curl_stat == 503) && (stristr($a->get_curl_headers(),'retry-after'))) - return(-1); - - if(strpos($xml,'<?xml') === false) { - logger('dfrn_deliver: phase 2: no valid XML returned'); - logger('dfrn_deliver: phase 2: returned XML: ' . $xml, LOGGER_DATA); - return 3; - } - - if($contact['term_date'] != '0000-00-00 00:00:00') { - logger("dfrn_deliver: $url back from the dead - removing mark for death"); - require_once('include/Contact.php'); - unmark_for_death($contact); - } - - $res = parse_xml_string($xml); - - return $res->status; -} - - /** * * consume_feed - process atom feed and update anything/everything we might need to update @@ -3515,7 +3362,7 @@ function drop_item($id,$interactive = true) { intval($id) ); - if(! $r) { + if((! $r) || ($r[0]['item_restrict'] & ITEM_DELETED)) { if(! $interactive) return 0; notice( t('Item not found.') . EOL); @@ -3541,6 +3388,17 @@ function drop_item($id,$interactive = true) { if($ok_to_delete) { + // set the deleted flag immediately on this item just in case the + // hook calls a remote process which loops. We'll delete it properly in a second. + + $r = q("UPDATE item SET item_restrict = ( item_restrict | %d ) WHERE id = %d LIMIT 1", + intval(ITEM_DELETED), + intval($item['id']) + ); + + $arr = array('item' => $item); + call_hooks('drop_item', $arr ); + $notify_id = intval($item['id']); $items = q("select * from item where parent = %d and uid = %d", @@ -3757,6 +3615,7 @@ function fetch_post_tags($items,$link = false) { function zot_feed($uid,$observer_xchan,$mindate) { + $result = array(); $mindate = datetime_convert('UTC','UTC',$mindate); if(! $mindate) @@ -3764,10 +3623,14 @@ function zot_feed($uid,$observer_xchan,$mindate) { $mindate = dbesc($mindate); + logger('zot_feed: ' . $uid); + if(! perm_is_allowed($uid,$observer_xchan,'view_stream')) { + logger('zot_feed: permission denied.'); return $result; } + require_once('include/security.php'); $sql_extra = item_permissions_sql($uid); if($mindate != '0000-00-00 00:00:00') { @@ -3829,6 +3692,8 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $sql_options = ''; $sql_extra2 = ''; $sql_extra3 = ''; + $def_acl = ''; + $item_uids = ' true '; if($channel) { @@ -3845,7 +3710,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") $sql_options ) "; - if($arr['group'] && $uid) { + if($arr['gid'] && $uid) { $r = q("SELECT * FROM `group` WHERE id = %d AND uid = %d LIMIT 1", intval($arr['group']), intval($uid) @@ -3855,7 +3720,6 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C return $result; } - $contact_str = ''; $contacts = group_get_members($group); if($contacts) { @@ -3867,11 +3731,15 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } else { $contact_str = ' 0 '; - info( t('Group is empty')); + $result['message'] = t('Collection is empty.'); + return $result; } $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str)) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; + $x = group_rec_byhash($uid,$r[0]['hash']); + $result['headline'] = sprintf( t('Collection: %s'),$x['name']); + } elseif($arr['cid'] && $uid) { @@ -3881,6 +3749,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C ); if($r) { $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval($arr['uid']) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) and item_restrict = 0 ) "; + $result['headline'] = sprintf( t('Connection: %s'),$r[0]['xchan_name']); } else { $result['message'] = t('Connection not found.'); diff --git a/include/menu.php b/include/menu.php index 900b48e65..c10a669b3 100644 --- a/include/menu.php +++ b/include/menu.php @@ -196,6 +196,31 @@ function menu_add_item($menu_id, $uid, $arr) { $mitem_desc = escape_tags($arr['mitem_desc']); $mitem_order = intval($arr['mitem_order']); $mitem_flags = intval($arr['mitem_flags']); + + if(local_user() == $uid) { + $channel = get_app()->get_channel(); + } + + if ((! $arr['contact_allow']) + && (! $arr['group_allow']) + && (! $arr['contact_deny']) + && (! $arr['group_deny'])) { + $str_group_allow = $channel['channel_allow_gid']; + $str_contact_allow = $channel['channel_allow_cid']; + $str_group_deny = $channel['channel_deny_gid']; + $str_contact_deny = $channel['channel_deny_cid']; + } + else { + + // use the posted permissions + + $str_group_allow = perms2str($arr['group_allow']); + $str_contact_allow = perms2str($arr['contact_allow']); + $str_group_deny = perms2str($arr['group_deny']); + $str_contact_deny = perms2str($arr['contact_deny']); + } + + $allow_cid = perms2str($arr['allow_cid']); $allow_gid = perms2str($arr['allow_gid']); $deny_cid = perms2str($arr['deny_cid']); @@ -205,10 +230,10 @@ function menu_add_item($menu_id, $uid, $arr) { dbesc($mitem_link), dbesc($mitem_desc), intval($mitem_flags), - dbesc($allow_cid), - dbesc($allow_gid), - dbesc($deny_cid), - dbesc($deny_gid), + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), intval($uid), intval($menu_id), intval($mitem_order) @@ -225,19 +250,40 @@ function menu_edit_item($menu_id, $uid, $arr) { $mitem_desc = escape_tags($arr['mitem_desc']); $mitem_order = intval($arr['mitem_order']); $mitem_flags = intval($arr['mitem_flags']); - $allow_cid = perms2str($arr['allow_cid']); - $allow_gid = perms2str($arr['allow_gid']); - $deny_cid = perms2str($arr['deny_cid']); - $deny_gid = perms2str($arr['deny_gid']); + + + if(local_user() == $uid) { + $channel = get_app()->get_channel(); + } + + if ((! $arr['contact_allow']) + && (! $arr['group_allow']) + && (! $arr['contact_deny']) + && (! $arr['group_deny'])) { + $str_group_allow = $channel['channel_allow_gid']; + $str_contact_allow = $channel['channel_allow_cid']; + $str_group_deny = $channel['channel_deny_gid']; + $str_contact_deny = $channel['channel_deny_cid']; + } + else { + + // use the posted permissions + + $str_group_allow = perms2str($arr['group_allow']); + $str_contact_allow = perms2str($arr['contact_allow']); + $str_group_deny = perms2str($arr['group_deny']); + $str_contact_deny = perms2str($arr['contact_deny']); + } + $r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d limit 1", dbesc($mitem_link), dbesc($mitem_desc), intval($mitem_flags), - dbesc($allow_cid), - dbesc($allow_gid), - dbesc($deny_cid), - dbesc($deny_gid), + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), intval($mitem_order), intval($uid), intval($menu_id), diff --git a/include/message.php b/include/message.php index 2fca9bef0..a95021583 100644 --- a/include/message.php +++ b/include/message.php @@ -109,9 +109,9 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $key = get_config('system','pubkey'); if($subject) - $subject = json_encode(aes_encapsulate($subject,$key)); + $subject = json_encode(crypto_encapsulate($subject,$key)); if($body) - $body = json_encode(aes_encapsulate($body,$key)); + $body = json_encode(crypto_encapsulate($body,$key)); @@ -231,9 +231,9 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $key = get_config('system','prvkey'); if($r[$k]['title']) - $r[$k]['title'] = aes_unencapsulate(json_decode_plus($r[$k]['title']),$key); + $r[$k]['title'] = crypto_unencapsulate(json_decode_plus($r[$k]['title']),$key); if($r[$k]['body']) - $r[$k]['body'] = aes_unencapsulate(json_decode_plus($r[$k]['body']),$key); + $r[$k]['body'] = crypto_unencapsulate(json_decode_plus($r[$k]['body']),$key); } } @@ -270,9 +270,9 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + $messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + $messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } @@ -358,9 +358,9 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { $key = get_config('system','prvkey'); if($messages[$k]['title']) - $messages[$k]['title'] = aes_unencapsulate(json_decode_plus($messages[$k]['title']),$key); + $messages[$k]['title'] = crypto_unencapsulate(json_decode_plus($messages[$k]['title']),$key); if($messages[$k]['body']) - $messages[$k]['body'] = aes_unencapsulate(json_decode_plus($messages[$k]['body']),$key); + $messages[$k]['body'] = crypto_unencapsulate(json_decode_plus($messages[$k]['body']),$key); } } diff --git a/include/nav.php b/include/nav.php index 51c1cc583..7e99c782e 100644 --- a/include/nav.php +++ b/include/nav.php @@ -147,16 +147,13 @@ EOT; if(local_user()) { $nav['network'] = array('network', t('Matrix'), "", t('Your matrix')); - $nav['network']['all']=array('notifications/network', t('See all matrix notifications'), "", ""); $nav['network']['mark'] = array('', t('Mark all matrix notifications seen'), '',''); $nav['home'] = array('channel/' . $channel['channel_address'], t('Channel Home'), "", t('Channel home')); - $nav['home']['all']=array('notifications/channel', t('See all channel notifications'), "", ""); $nav['home']['mark'] = array('', t('Mark all channel notifications seen'), '',''); $nav['intros'] = array('connections/pending', t('Intros'), "", t('New Connections')); - $nav['intros']['all']=array('intro', t('See all channel introductions'), "", ""); $nav['notifications'] = array('notifications/system', t('Notices'), "", t('Notifications')); @@ -199,7 +196,10 @@ EOT; $banner = get_config('system','banner'); if($banner === false) - $banner = 'red'; + $banner = get_config('system','sitename'); + + $x = array('nav' => $nav, 'usermenu' => $userinfo ); + call_hooks('nav', $x); $tpl = get_markup_template('nav.tpl'); @@ -207,10 +207,10 @@ EOT; '$baseurl' => $a->get_baseurl(), '$langselector' => ((get_config('system','select_language')) ? lang_selector() : ''), '$sitelocation' => $sitelocation, - '$nav' => $nav, + '$nav' => $x['nav'], '$banner' => $banner, '$emptynotifications' => t('Nothing new here'), - '$userinfo' => $userinfo, + '$userinfo' => $x['usermenu'], '$localuser' => local_user(), '$sel' => $a->nav_sel, '$apps' => $a->get_apps(), diff --git a/include/network.php b/include/network.php index 99a0a8e2b..7446c2384 100644 --- a/include/network.php +++ b/include/network.php @@ -6,204 +6,6 @@ function get_capath() { return appdirpath() . '/library/cacert.pem'; } - - -// curl wrapper. If binary flag is true, return binary -// results. - -/** - * fetch_url is deprecated and being replaced by the more capable z_fetch_url - * please use that function instead. - * Once all occurrences of fetch_url are removed from the codebase we will - * remove this function and perhaps rename z_fetch_url back to fetch_url - */ - - - -function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_content=Null) { - - $a = get_app(); - - $ch = @curl_init($url); - if(($redirects > 8) || (! $ch)) - return false; - - @curl_setopt($ch, CURLOPT_HEADER, true); - @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); - - if (!is_null($accept_content)){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( - "Accept: " . $accept_content - )); - } - - @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); - @curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; Red)"); - - - if(intval($timeout)) { - @curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - } - else { - $curl_time = intval(get_config('system','curl_timeout')); - @curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); - } - // by default we will allow self-signed certs - // but you can override this - - $check_cert = get_config('system','verifyssl'); - @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); - - $prx = get_config('system','proxy'); - if(strlen($prx)) { - @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - @curl_setopt($ch, CURLOPT_PROXY, $prx); - $prxusr = @get_config('system','proxyuser'); - if(strlen($prxusr)) - @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); - } - if($binary) - @curl_setopt($ch, CURLOPT_BINARYTRANSFER,1); - - $a->set_curl_code(0); - - // don't let curl abort the entire application - // if it throws any errors. - - $s = @curl_exec($ch); - - $base = $s; - $curl_info = @curl_getinfo($ch); - $http_code = $curl_info['http_code']; -// logger('fetch_url:' . $http_code . ' data: ' . $s); - $header = ''; - - // Pull out multiple headers, e.g. proxy and continuation headers - // allow for HTTP/2.x without fixing code - - while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { - $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); - $header .= $chunk; - $base = substr($base,strlen($chunk)); - } - - if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307 || $http_code == 308) { - $matches = array(); - preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); - $newurl = trim(array_pop($matches)); - if(strpos($newurl,'/') === 0) - $newurl = $url . $newurl; - $url_parsed = @parse_url($newurl); - if (isset($url_parsed)) { - $redirects++; - @curl_close($ch); - return fetch_url($newurl,$binary,$redirects,$timeout); - } - } - - $a->set_curl_code($http_code); - - $body = substr($s,strlen($header)); - $a->set_curl_headers($header); - @curl_close($ch); - return($body); -} - -// post request to $url. $params is an array of post variables. - - -function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) { - $a = get_app(); - $ch = curl_init($url); - if(($redirects > 8) || (! $ch)) - return false; - - curl_setopt($ch, CURLOPT_HEADER, true); - @curl_setopt($ch, CURLOPT_CAINFO, get_capath()); - curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); - curl_setopt($ch, CURLOPT_POST,1); - curl_setopt($ch, CURLOPT_POSTFIELDS,$params); - curl_setopt($ch, CURLOPT_USERAGENT, "Red"); - - if(intval($timeout)) { - curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - } - else { - $curl_time = intval(get_config('system','curl_timeout')); - curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); - } - - if(defined('LIGHTTPD')) { - if(!is_array($headers)) { - $headers = array('Expect:'); - } else { - if(!in_array('Expect:', $headers)) { - array_push($headers, 'Expect:'); - } - } - } - if($headers) - curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); - - $check_cert = get_config('system','verifyssl'); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); - $prx = get_config('system','proxy'); - if(strlen($prx)) { - curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - curl_setopt($ch, CURLOPT_PROXY, $prx); - $prxusr = get_config('system','proxyuser'); - if(strlen($prxusr)) - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); - } - - $a->set_curl_code(0); - - // don't let curl abort the entire application - // if it throws any errors. - - $s = @curl_exec($ch); - - $base = $s; - $curl_info = curl_getinfo($ch); - $http_code = $curl_info['http_code']; - - $header = ''; - - // Pull out multiple headers, e.g. proxy and continuation headers - // allow for HTTP/2.x without fixing code - - while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { - $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); - $header .= $chunk; - $base = substr($base,strlen($chunk)); - } - - if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307 || $http_code == 308) { - $matches = array(); - preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); - $newurl = trim(array_pop($matches)); - if(strpos($newurl,'/') === 0) - $newurl = $url . $newurl; - $url_parsed = @parse_url($newurl); - if (isset($url_parsed)) { - $redirects++; - @curl_close($ch); - if($http_code == 303) { - return fetch_url($newurl,false,$redirects,$timeout); - } else { - return post_url($newurl,$params,$redirects,$timeout); - } - } - } - $a->set_curl_code($http_code); - $body = substr($s,strlen($header)); - - $a->set_curl_headers($header); - - curl_close($ch); - return($body); -} - /** * @function z_fetch_url * @param string $url @@ -347,6 +149,8 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { "Accept: " . $opts['accept_content'] )); } + if(x($opts,'headers')) + curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); if(x($opts,'timeout') && intval($opts['timeout'])) { @curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']); @@ -586,175 +390,6 @@ function webfinger($s, $debug = false) { } -function lrdd($uri, $debug = false) { - - $a = get_app(); - - // default priority is host priority, host-meta first - - $priority = 'host'; - - // All we have is an email address. Resource-priority is irrelevant - // because our URI isn't directly resolvable. - - if(strstr($uri,'@')) { - return(webfinger($uri)); - } - - // get the host meta file - - $host = @parse_url($uri); - - if($host) { - $url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://'; - $url .= $host['host'] . '/.well-known/host-meta' ; - } - else - return array(); - - logger('lrdd: constructed url: ' . $url); - - $xml = fetch_url($url); - $headers = $a->get_curl_headers(); - - if (! $xml) - return array(); - - logger('lrdd: host_meta: ' . $xml, LOGGER_DATA); - - if(! stristr($xml,'<xrd')) - return array(); - - $h = parse_xml_string($xml); - if(! $h) - return array(); - - $arr = convert_xml_element_to_array($h); - - if(isset($arr['xrd']['property'])) { - $property = $arr['crd']['property']; - if(! isset($property[0])) - $properties = array($property); - else - $properties = $property; - foreach($properties as $prop) - if((string) $prop['@attributes'] === 'http://lrdd.net/priority/resource') - $priority = 'resource'; - } - - // save the links in case we need them - - $links = array(); - - if(isset($arr['xrd']['link'])) { - $link = $arr['xrd']['link']; - if(! isset($link[0])) - $links = array($link); - else - $links = $link; - } - - // do we have a template or href? - - if(count($links)) { - foreach($links as $link) { - if($link['@attributes']['rel'] && attribute_contains($link['@attributes']['rel'],'lrdd')) { - if(x($link['@attributes'],'template')) - $tpl = $link['@attributes']['template']; - elseif(x($link['@attributes'],'href')) - $href = $link['@attributes']['href']; - } - } - } - - if((! isset($tpl)) || (! strpos($tpl,'{uri}'))) - $tpl = ''; - - if($priority === 'host') { - if(strlen($tpl)) - $pxrd = str_replace('{uri}', urlencode($uri), $tpl); - elseif(isset($href)) - $pxrd = $href; - if(isset($pxrd)) { - logger('lrdd: (host priority) pxrd: ' . $pxrd); - $links = fetch_xrd_links($pxrd); - return $links; - } - - $lines = explode("\n",$headers); - if(count($lines)) { - foreach($lines as $line) { - if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) { - return(fetch_xrd_links($matches[1])); - break; - } - } - } - } - - - // priority 'resource' - - - $html = fetch_url($uri); - $headers = $a->get_curl_headers(); - logger('lrdd: headers=' . $headers, LOGGER_DEBUG); - - // don't try and parse raw xml as html - if(! strstr($html,'<?xml')) { - require_once('library/HTML5/Parser.php'); - - try { - $dom = HTML5_Parser::parse($html); - } catch (DOMException $e) { - logger('lrdd: parse error: ' . $e); - } - - if(isset($dom) && $dom) { - $items = $dom->getElementsByTagName('link'); - foreach($items as $item) { - $x = $item->getAttribute('rel'); - if($x == "lrdd") { - $pagelink = $item->getAttribute('href'); - break; - } - } - } - } - - if(isset($pagelink)) - return(fetch_xrd_links($pagelink)); - - // next look in HTTP headers - - $lines = explode("\n",$headers); - if(count($lines)) { - foreach($lines as $line) { - // TODO alter the following regex to support multiple relations (space separated) - if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) { - $pagelink = $matches[1]; - break; - } - // don't try and run feeds through the html5 parser - if(stristr($line,'content-type:') && ((stristr($line,'application/atom+xml')) || (stristr($line,'application/rss+xml')))) - return array(); - if(stristr($html,'<rss') || stristr($html,'<feed')) - return array(); - } - } - - if(isset($pagelink)) - return(fetch_xrd_links($pagelink)); - - // If we haven't found any links, return the host xrd links (which we have already fetched) - - if(isset($links)) - return $links; - - return array(); - -} - // Given a host name, locate the LRDD template from that @@ -785,58 +420,6 @@ function fetch_lrdd_template($host) { return $tpl; } -// Given a URL, retrieve the page as an XRD document. -// Return an array of links. -// on error/failure return empty array. - - -function fetch_xrd_links($url) { - - $xrd_timeout = intval(get_config('system','xrd_timeout')); - $redirects = 0; - $xml = fetch_url($url,false,$redirects,(($xrd_timeout) ? $xrd_timeout : 30)); - - logger('fetch_xrd_links: ' . $xml, LOGGER_DATA); - - if ((! $xml) || (! stristr($xml,'<xrd'))) - return array(); - - // fix diaspora's bad xml - $xml = str_replace(array('href="','"/>'),array('href="','"/>'),$xml); - - $arr = xml2array($xml); - - logger('fetch_xrd_links: ' . print_r($arr,true), LOGGER_DATA); - - $links = array(); - - if(isset($arr['xrd']['link'])) { - $link = $arr['xrd']['link']; - if(! isset($link[0])) - $links = array($link); - else - $links = $link; - } - if(isset($arr['xrd']['alias'])) { - $alias = $arr['xrd']['alias']; - if(! isset($alias[0])) - $aliases = array($alias); - else - $aliases = $alias; - if(is_array($aliases) && count($aliases)) { - foreach($aliases as $alias) { - $links[]['@attributes'] = array('rel' => 'alias' , 'href' => $alias); - } - } - } - - logger('fetch_xrd_links: ' . print_r($links,true), LOGGER_DATA); - - return $links; - -} - - // Take a URL from the wild, prepend http:// if necessary // and check DNS to see if it's real (or check if is a valid IP address) // return true if it's OK, false if something is wrong with it @@ -965,7 +548,7 @@ function avatar_img($email) { call_hooks('avatar_lookup', $avatar); if(! $avatar['success']) - $avatar['url'] = $a->get_baseurl() . '/images/person-175.jpg'; + $avatar['url'] = $a->get_baseurl() . '/images/default_profile_photos/rainbow_man/175.jpg'; logger('Avatar: ' . $avatar['email'] . ' ' . $avatar['url'], LOGGER_DEBUG); return $avatar['url']; @@ -993,70 +576,13 @@ function parse_xml_string($s,$strict = true) { return $x; } -function add_fcontact($arr,$update = false) { - - if($update) { - $r = q("UPDATE `fcontact` SET - `name` = '%s', - `photo` = '%s', - `request` = '%s', - `nick` = '%s', - `addr` = '%s', - `batch` = '%s', - `notify` = '%s', - `poll` = '%s', - `confirm` = '%s', - `alias` = '%s', - `pubkey` = '%s', - `updated` = '%s' - WHERE `url` = '%s' AND `network` = '%s' LIMIT 1", - dbesc($arr['name']), - dbesc($arr['photo']), - dbesc($arr['request']), - dbesc($arr['nick']), - dbesc($arr['addr']), - dbesc($arr['batch']), - dbesc($arr['notify']), - dbesc($arr['poll']), - dbesc($arr['confirm']), - dbesc($arr['alias']), - dbesc($arr['pubkey']), - dbesc(datetime_convert()), - dbesc($arr['url']), - dbesc($arr['network']) - ); - } - else { - $r = q("insert into fcontact ( `url`,`name`,`photo`,`request`,`nick`,`addr`, - `batch`, `notify`,`poll`,`confirm`,`network`,`alias`,`pubkey`,`updated` ) - values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", - dbesc($arr['url']), - dbesc($arr['name']), - dbesc($arr['photo']), - dbesc($arr['request']), - dbesc($arr['nick']), - dbesc($arr['addr']), - dbesc($arr['batch']), - dbesc($arr['notify']), - dbesc($arr['poll']), - dbesc($arr['confirm']), - dbesc($arr['network']), - dbesc($arr['alias']), - dbesc($arr['pubkey']), - dbesc(datetime_convert()) - ); - } - - return $r; -} - function scale_external_images($s, $include_link = true, $scale_replace = false) { $a = get_app(); // Picture addresses can contain special characters - $s = htmlspecialchars_decode($s); + $s = htmlspecialchars_decode($s, ENT_COMPAT); $matches = null; $c = preg_match_all('/\[img(.*?)\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER); @@ -1085,19 +611,20 @@ function scale_external_images($s, $include_link = true, $scale_replace = false) $scaled = str_replace($scale_replace[0], $scale_replace[1], $mtch[2]); else $scaled = $mtch[2]; - $i = fetch_url($scaled); + $i = z_fetch_url($scaled); + $cache = get_config('system','itemcache'); if (($cache != '') and is_dir($cache)) { $cachefile = $cache."/".hash("md5", $scaled); - file_put_contents($cachefile, $i); + file_put_contents($cachefile, $i['body']); } // guess mimetype from headers or filename - $type = guess_image_type($mtch[2],true); + $type = guess_image_type($mtch[2],$i['header']); - if($i) { - $ph = photo_factory($i, $type); + if($i['success']) { + $ph = photo_factory($i['body'], $type); if($ph->is_valid()) { $orig_width = $ph->getWidth(); $orig_height = $ph->getHeight(); @@ -1126,52 +653,6 @@ function scale_external_images($s, $include_link = true, $scale_replace = false) return $s; } - -function fix_contact_ssl_policy(&$contact,$new_policy) { - - $ssl_changed = false; - if((intval($new_policy) == SSL_POLICY_SELFSIGN || $new_policy === 'self') && strstr($contact['url'],'https:')) { - $ssl_changed = true; - $contact['url'] = str_replace('https:','http:',$contact['url']); - $contact['request'] = str_replace('https:','http:',$contact['request']); - $contact['notify'] = str_replace('https:','http:',$contact['notify']); - $contact['poll'] = str_replace('https:','http:',$contact['poll']); - $contact['confirm'] = str_replace('https:','http:',$contact['confirm']); - $contact['poco'] = str_replace('https:','http:',$contact['poco']); - } - - if((intval($new_policy) == SSL_POLICY_FULL || $new_policy === 'full') && strstr($contact['url'],'http:')) { - $ssl_changed = true; - $contact['url'] = str_replace('http:','https:',$contact['url']); - $contact['request'] = str_replace('http:','https:',$contact['request']); - $contact['notify'] = str_replace('http:','https:',$contact['notify']); - $contact['poll'] = str_replace('http:','https:',$contact['poll']); - $contact['confirm'] = str_replace('http:','https:',$contact['confirm']); - $contact['poco'] = str_replace('http:','https:',$contact['poco']); - } - - if($ssl_changed) { - q("update contact set - url = '%s', - request = '%s', - notify = '%s', - poll = '%s', - confirm = '%s', - poco = '%s' - where id = %d limit 1", - dbesc($contact['url']), - dbesc($contact['request']), - dbesc($contact['notify']), - dbesc($contact['poll']), - dbesc($contact['confirm']), - dbesc($contact['poco']), - intval($contact['id']) - ); - } -} - - - /** * xml2array() will convert the given XML text to an array in the XML structure. * Link: http://www.bin-co.com/php/scripts/xml2array/ diff --git a/include/notifier.php b/include/notifier.php index 1407be4b3..0868ac77e 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -382,12 +382,27 @@ function notifier_run($argv, $argc){ $env_recips = (($private) ? array() : null); - $details = q("select xchan_hash, xchan_addr, xchan_guid, xchan_guid_sig from xchan where xchan_hash in (" . implode(',',$recipients) . ")"); + $details = q("select xchan_hash, xchan_instance_url, xchan_addr, xchan_guid, xchan_guid_sig from xchan where xchan_hash in (" . implode(',',$recipients) . ")"); $recip_list = array(); if($details) { foreach($details as $d) { + + // If the recipient is federated from a traditional network they won't be able to + // handle nomadic identity. If we're publishing from a site that they aren't + // directly connected with, ignore them. + + // FIXME: make sure we run through a notifier loop on the hub they're connected + // with if this post comes in from a different hub - so that we will deliver to them. + + // On the down side, these channels will stop working if the hub they connected with + // goes down permanently, as they are (doh) not nomadic. + + if(($d['xchan_instance_url']) && ($d['xchan_instance_url'] != z_root())) + continue; + + $recip_list[] = $d['xchan_addr'] . ' (' . $d['xchan_hash'] . ')'; if($private) $env_recips[] = array('guid' => $d['xchan_guid'],'guid_sig' => $d['xchan_guid_sig']); @@ -408,9 +423,9 @@ function notifier_run($argv, $argc){ // for public posts always include our own hub - $sql_extra = (($private) ? "" : " or hubloc_url = '" . z_root() . "' "); + $sql_extra = (($private) ? "" : " or hubloc_url = '" . dbesc(z_root()) . "' "); - $r = q("select distinct hubloc_sitekey, hubloc_flags, hubloc_callback, hubloc_host from hubloc + $r = q("select hubloc_sitekey, hubloc_flags, hubloc_callback, hubloc_host from hubloc where hubloc_hash in (" . implode(',',$recipients) . ") $sql_extra group by hubloc_sitekey"); if(! $r) { logger('notifier: no hubs'); @@ -419,10 +434,14 @@ function notifier_run($argv, $argc){ $hubs = $r; $hublist = array(); + $keys = array(); + foreach($hubs as $hub) { - // don't try to deliver to deleted hublocs - if(! ($hub['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) { + // don't try to deliver to deleted hublocs - and inexplicably SQL "distinct" and "group by" + // both return records with duplicate keys in rare circumstances + if((! ($hub['hubloc_flags'] & HUBLOC_FLAGS_DELETED)) && (! in_array($hub['hubloc_sitekey'],$keys))) { $hublist[] = $hub['hubloc_host']; + $keys[] = $hub['hubloc_sitekey']; } } diff --git a/include/oembed.php b/include/oembed.php index 5da842170..520b69892 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -44,7 +44,8 @@ function oembed_fetch_url($embedurl){ $entries = $xpath->query("//link[@type='application/json+oembed']"); foreach($entries as $e){ $href = $e->getAttributeNode("href")->nodeValue; - $txt = fetch_url($href . '&maxwidth=' . $a->videowidth); + $x = z_fetch_url($href . '&maxwidth=' . $a->videowidth); + $txt = $x['body']; break; } } diff --git a/include/onepoll.php b/include/onepoll.php index 50c2566be..a821b76cf 100644 --- a/include/onepoll.php +++ b/include/onepoll.php @@ -36,11 +36,12 @@ function onepoll_run($argv, $argc){ $contacts = q("SELECT abook.*, xchan.*, account.* FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan where abook_id = %d - AND (( abook_flags = %d ) OR ( abook_flags = %d )) + AND (( abook_flags = %d ) OR ( abook_flags = %d ) OR ( abook_flags & %d )) AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1", intval($contact_id), intval(ABOOK_FLAG_HIDDEN), intval(0), + intval(ABOOK_FLAG_PENDING), intval(ACCOUNT_OK), intval(ACCOUNT_UNVERIFIED) ); @@ -67,7 +68,7 @@ function onepoll_run($argv, $argc){ logger("onepoll: poll: ({$contact['id']}) IMPORTER: {$importer['xchan_name']}, CONTACT: {$contact['xchan_name']}"); - $last_update = (($contact['abook_updated'] === '0000-00-00 00:00:00') + $last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] === '0000-00-00 00:00:00')) ? datetime_convert('UTC','UTC','now - 7 days') : datetime_convert('UTC','UTC',$contact['abook_updated'] . ' - 2 days') ); @@ -98,17 +99,31 @@ function onepoll_run($argv, $argc){ return; if($contact['xchan_connurl']) { - $feedurl = str_replace('/poco/','/zotfeed/',$channel['xchan_connurl']); - $x = z_fetch_url($feedurl . '?f=&mindate=' . $last_update); - if($x['success']) { + $fetch_feed = true; + $x = null; + + if(! ($contact['abook_their_perms'] & PERMS_R_STREAM )) + $fetch_feed = false; + + if($fetch_feed) { + + $feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']); + $x = z_fetch_url($feedurl . '?f=&mindate=' . urlencode($last_update)); + + logger('feed_update: ' . print_r($x,true), LOGGER_DATA); + + } + + if(($x) && ($x['success'])) { $total = 0; logger('onepoll: feed update ' . $contact['xchan_name']); $j = json_decode($x['body'],true); if($j['success'] && $j['messages']) { foreach($j['messages'] as $message) { - $results = process_delivery(array('hash' => $contact['xchan_hash']),$message, + $results = process_delivery(array('hash' => $contact['xchan_hash']), get_item_elements($message), array(array('hash' => $importer['xchan_hash'])), false); + logger('onepoll: feed_update: process_delivery: ' . print_r($results,true)); $total ++; } logger("onepoll: $total messages processed"); diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 38210ba26..8730b4298 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -473,19 +473,19 @@ abstract class photo_driver { * @arg $fromcurl boolean Check Content-Type header from curl request */ -function guess_image_type($filename, $fromcurl=false) { +function guess_image_type($filename, $headers = '') { logger('Photo: guess_image_type: '.$filename . ($fromcurl?' from curl headers':''), LOGGER_DEBUG); $type = null; - if ($fromcurl) { + if ($headers) { $a = get_app(); - $headers=array(); - $h = explode("\n",$a->get_curl_headers()); + $hdrs=array(); + $h = explode("\n",$headers); foreach ($h as $l) { list($k,$v) = array_map("trim", explode(":", trim($l), 2)); - $headers[$k] = $v; + $hdrs[$k] = $v; } - if (array_key_exists('Content-Type', $headers)) - $type = $headers['Content-Type']; + if (array_key_exists('Content-Type', $hdrs)) + $type = $hdrs['Content-Type']; } if (is_null($type)){ // FIXME!!!! @@ -576,9 +576,9 @@ function import_profile_photo($photo,$xchan) { $photo_failure = true; } if($photo_failure) { - $photo = $a->get_baseurl() . '/images/person-175.jpg'; - $thumb = $a->get_baseurl() . '/images/person-80.jpg'; - $micro = $a->get_baseurl() . '/images/person-48.jpg'; + $photo = $a->get_baseurl() . '/images/default_profile_photos/rainbow_man/175.jpg'; + $thumb = $a->get_baseurl() . '/images/default_profile_photos/rainbow_man/80.jpg'; + $micro = $a->get_baseurl() . '/images/default_profile_photos/rainbow_man/48.jpg'; $type = 'image/jpeg'; } diff --git a/include/photos.php b/include/photos.php index ea4b494e0..9828140b8 100644 --- a/include/photos.php +++ b/include/photos.php @@ -279,8 +279,16 @@ function photos_album_widget($channelx,$observer,$albums = null) { $o = ''; - if(! $albums) - $albums = photos_albums_list($channelx,$observer); + // If we weren't passed an album list, see if the photos module + // dropped one for us to find in $a->data['albums']. + // If all else fails, load it. + + if(! $albums) { + if(array_key_exists('albums', get_app()->data)) + $albums = get_app()->data['albums']; + else + $albums = photos_albums_list($channelx,$observer); + } if($albums) { $o = replace_macros(get_markup_template('photo_albums.tpl'),array( diff --git a/include/plugin.php b/include/plugin.php index ea88a61df..9982a48a2 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -181,12 +181,14 @@ function unregister_hook($hook,$file,$function) { // // It might not be obvious but themes can manually add hooks to the $a->hooks // array in their theme_init() and use this to customise the app behaviour. +// UPDATE: use insert_hook($hookname,$function_name) to do this // function load_hooks() { $a = get_app(); - $a->hooks = array(); +// if(! is_array($a->hooks)) + $a->hooks = array(); $r = q("SELECT * FROM hook WHERE true ORDER BY priority DESC"); if($r) { foreach($r as $rr) { @@ -195,8 +197,40 @@ function load_hooks() { $a->hooks[$rr['hook']][] = array($rr['file'],$rr['function']); } } +//logger('hooks: ' . print_r($a->hooks,true)); + } +/** + * + * @function insert_hook($hook,$fn) + * + * Insert a short-lived hook into the running page request. + * Hooks are normally persistent so that they can be called + * across asynchronous processes such as delivery and poll + * processes. + * + * insert_hook lets you attach a hook callback immediately + * which will not persist beyond the life of this page request + * or the current process. + * + * @param string $hook; + * name of hook to attach callback + * @param string $fn; + * function name of callback handler + * + */ + +function insert_hook($hook,$fn) { + $a = get_app(); + if(! is_array($a->hooks)) + $a->hooks = array(); + if(! array_key_exists($hook,$a->hooks)) + $a->hooks[$hook] = array(); + $a->hooks[$hook][] = array('',$fn); +} + + function call_hooks($name, &$data = null) { @@ -204,7 +238,8 @@ function call_hooks($name, &$data = null) { if((is_array($a->hooks)) && (array_key_exists($name,$a->hooks))) { foreach($a->hooks[$name] as $hook) { - @include_once($hook[0]); + if($hook[0]) + @include_once($hook[0]); if(function_exists($hook[1])) { $func = $hook[1]; $func($a,$data); @@ -298,10 +333,10 @@ function get_theme_info($theme){ 'name' => $theme, 'description' => "", 'author' => array(), - 'maintainer' => array(), 'version' => "", - 'credits' => "", 'compat' => "", + 'credits' => "", + 'maintainer' => array(), 'experimental' => false, 'unsupported' => false ); @@ -459,6 +494,15 @@ function head_add_css($src,$media = 'screen') { get_app()->css_sources[] = array($src,$media); } + +function head_remove_css($src,$media = 'screen') { + $a = get_app(); + $index = array_search(array($src,$media),$a->css_sources); + if($index !== false) + unset($a->css_sources[$index]); + +} + function head_get_css() { $str = ''; $sources = get_app()->css_sources; @@ -476,15 +520,44 @@ function format_css_if_exists($source) { $path = theme_include($source[0]); if($path) - return '<link rel="stylesheet" href="' . z_root() . '/' . $path . '" type="text/css" media="' . $source[1] . '" />' . "\r\n"; + return '<link rel="stylesheet" href="' . script_path() . '/' . $path . '" type="text/css" media="' . $source[1] . '" />' . "\r\n"; } +function script_path() { + if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS']) + $scheme = 'https'; + elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443)) + $scheme = 'https'; + else + $scheme = 'http'; + + if(x($_SERVER,'SERVER_NAME')) { + $hostname = $_SERVER['SERVER_NAME']; + } + else { + return z_root(); + } + + if(x($_SERVER,'SERVER_PORT') && $_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) { + $hostname .= ':' . $_SERVER['SERVER_PORT']; + } + + return $scheme . '://' . $hostname; +} function head_add_js($src) { get_app()->js_sources[] = $src; } +function head_remove_js($src) { + $a = get_app(); + $index = array_search($src,$a->js_sources); + if($index !== false) + unset($a->js_sources[$index]); + +} + function head_get_js() { $str = ''; $sources = get_app()->js_sources; @@ -501,7 +574,7 @@ function format_js_if_exists($source) { else $path = theme_include($source); if($path) - return '<script src="' . z_root() . '/' . $path . '" ></script>' . "\r\n" ; + return '<script src="' . script_path() . '/' . $path . '" ></script>' . "\r\n" ; } diff --git a/include/poller.php b/include/poller.php index 3c4e6402c..0dcec4c0f 100644 --- a/include/poller.php +++ b/include/poller.php @@ -117,7 +117,10 @@ function poller_run($argv, $argc){ set_config('system','last_expire_day',$d2); + // Uncomment when expire protocol component is working +// Update - this is not going to happen. We are only going to +// implement per-item expire, not blanket expiration // proc_run('php','include/expire.php'); proc_run('php','include/cli_suggest.php'); diff --git a/include/profile_advanced.php b/include/profile_advanced.php deleted file mode 100644 index 21606185d..000000000 --- a/include/profile_advanced.php +++ /dev/null @@ -1,125 +0,0 @@ -<?php /** @file */ - -function advanced_profile(&$a) { - - $o = ''; - - $o .= '<h2>' . t('Profile') . '</h2>'; - - if($a->profile['name']) { - - $tpl = get_markup_template('profile_advanced.tpl'); - - $profile = array(); - - $profile['fullname'] = array( t('Full Name:'), $a->profile['name'] ) ; - - if($a->profile['gender']) $profile['gender'] = array( t('Gender:'), $a->profile['gender'] ); - - - if(($a->profile['dob']) && ($a->profile['dob'] != '0000-00-00')) { - - $year_bd_format = t('j F, Y'); - $short_bd_format = t('j F'); - - - $val = ((intval($a->profile['dob'])) - ? day_translate(datetime_convert('UTC','UTC',$a->profile['dob'] . ' 00:00 +00:00',$year_bd_format)) - : day_translate(datetime_convert('UTC','UTC','2001-' . substr($a->profile['dob'],5) . ' 00:00 +00:00',$short_bd_format))); - - $profile['birthday'] = array( t('Birthday:'), $val); - - } - - if($age = age($a->profile['dob'],$a->profile['timezone'],'')) $profile['age'] = array( t('Age:'), $age ); - - - if($a->profile['marital']) $profile['marital'] = array( t('Status:'), $a->profile['marital']); - - - if($a->profile['with']) $profile['marital']['with'] = $a->profile['with']; - - if(strlen($a->profile['howlong']) && $a->profile['howlong'] !== '0000-00-00 00:00:00') { - $profile['howlong'] = relative_date($a->profile['howlong'], t('for %1$d %2$s')); - } - - if($a->profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), $a->profile['sexual'] ); - - if($a->profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify($a->profile['homepage']) ); - - if($a->profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify($a->profile['hometown']) ); - - if($a->profile['keywords']) $profile['keywords'] = array( t('Tags:'), $a->profile['keywords']); - - if($a->profile['politic']) $profile['politic'] = array( t('Political Views:'), $a->profile['politic']); - - if($a->profile['religion']) $profile['religion'] = array( t('Religion:'), $a->profile['religion']); - - if($txt = prepare_text($a->profile['about'])) $profile['about'] = array( t('About:'), $txt ); - - if($txt = prepare_text($a->profile['interest'])) $profile['interest'] = array( t('Hobbies/Interests:'), $txt); - - if($txt = prepare_text($a->profile['likes'])) $profile['likes'] = array( t('Likes:'), $txt); - - if($txt = prepare_text($a->profile['dislikes'])) $profile['dislikes'] = array( t('Dislikes:'), $txt); - - - if($txt = prepare_text($a->profile['contact'])) $profile['contact'] = array( t('Contact information and Social Networks:'), $txt); - - if($txt = prepare_text($a->profile['music'])) $profile['music'] = array( t('Musical interests:'), $txt); - - if($txt = prepare_text($a->profile['book'])) $profile['book'] = array( t('Books, literature:'), $txt); - - if($txt = prepare_text($a->profile['tv'])) $profile['tv'] = array( t('Television:'), $txt); - - if($txt = prepare_text($a->profile['film'])) $profile['film'] = array( t('Film/dance/culture/entertainment:'), $txt); - - if($txt = prepare_text($a->profile['romance'])) $profile['romance'] = array( t('Love/Romance:'), $txt); - - if($txt = prepare_text($a->profile['work'])) $profile['work'] = array( t('Work/employment:'), $txt); - - if($txt = prepare_text($a->profile['education'])) $profile['education'] = array( t('School/education:'), $txt ); - - $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' and obj_page = '%s' and uid = %d and obj_type = %d - order by obj_verb, term", - dbesc($a->profile['profile_guid']), - intval($a->profile['profile_uid']), - intval(TERM_OBJ_THING) - ); - - $things = null; - - if($r) { - $things = array(); - - // Use the system obj_verbs array as a sort key, since we don't really - // want an alphabetic sort. To change the order, use a plugin to - // alter the obj_verbs() array or alter it in code. Unknown verbs come - // after the known ones - in no particular order. - - $v = obj_verbs(); - foreach($v as $k => $foo) - $things[$k] = null; - foreach($r as $rr) { - if(! $things[$rr['obj_verb']]) - $things[$rr['obj_verb']] = array(); - $things[$rr['obj_verb']][] = array('term' => $rr['term'],'url' => $rr['url'],'img' => $rr['imgurl']); - } - $sorted_things = array(); - if($things) - foreach($things as $k => $v) - if(is_array($things[$k])) - $sorted_things[$k] = $v; - } - - logger('mod_profile: things: ' . print_r($sorted_things,true), LOGGER_DATA); - - return replace_macros($tpl, array( - '$title' => t('Profile'), - '$profile' => $profile, - '$things' => $sorted_things - )); - } - - return ''; -} diff --git a/include/security.php b/include/security.php index 1181e6bf2..296fa450f 100644 --- a/include/security.php +++ b/include/security.php @@ -386,12 +386,12 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); - $r = q("SELECT gid FROM group_member WHERE xchan = '%s' ", + $r = q("SELECT hash FROM `group` left join group_member on group.id = group_member.gid WHERE xchan = '%s' ", dbesc($contact_id) ); if(count($r)) { foreach($r as $rr) - $groups[] = $rr['gid']; + $groups[] = $rr['hash']; } return $groups; }} diff --git a/include/socgraph.php b/include/socgraph.php index b34d5142c..0e91eba60 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -287,11 +287,13 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) { and not xlink_link in ( select xchan from xign where uid = %d ) and xlink_xchan != '' and not ( xchan_flags & %d ) + and not ( xchan_flags & %d ) group by xchan_hash order by total desc limit %d, %d ", intval($uid), intval($uid), intval($uid), intval(XCHAN_FLAGS_HIDDEN), + intval(XCHAN_FLAGS_DELETED), intval($start), intval($limit) ); @@ -305,10 +307,12 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) { and not xlink_link in ( select abook_xchan from abook where abook_channel = %d ) and not xlink_link in ( select xchan from xign where uid = %d ) and not ( xchan_flags & %d ) + and not ( xchan_flags & %d ) group by xchan_hash order by total desc limit %d, %d ", intval($uid), intval($uid), intval(XCHAN_FLAGS_HIDDEN), + intval(XCHAN_FLAGS_DELETED), intval($start), intval($limit) ); diff --git a/include/taxonomy.php b/include/taxonomy.php index 5159dad02..65d082bb0 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -87,9 +87,9 @@ function format_term_for_display($term) { return $s; if($term['url']) - $s .= '<a href="' . $term['url'] . '">' . htmlspecialchars($term['term']) . '</a>'; + $s .= '<a href="' . $term['url'] . '">' . htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8') . '</a>'; else - $s .= htmlspecialchars($term['term']); + $s .= htmlspecialchars($term['term'], ENT_COMPAT,'UTF-8'); return $s; } diff --git a/include/text.php b/include/text.php index fc70e3509..f808fb0a0 100755 --- a/include/text.php +++ b/include/text.php @@ -15,8 +15,11 @@ require_once("include/friendica_smarty.php"); function replace_macros($s,$r) { $a = get_app(); + $arr = array('template' => $s, 'params' => $r); + call_hooks('replace_macros', $arr); + $t = $a->template_engine(); - $output = $t->replace_macros($s,$r); + $output = $t->replace_macros($arr['template'],$arr['params']); return $output; } @@ -125,6 +128,9 @@ function purify_html($s) { } + + + // generate a string that's random, but usually pronounceable. // used to generate initial passwords @@ -728,13 +734,27 @@ function search($s,$id='search-box',$url='/search',$save = false) { $o .= '<form action="' . $a->get_baseurl((stristr($url,'network')) ? true : false) . $url . '" method="get" >'; $o .= '<input type="text" class="icon-search" name="search" id="search-text" placeholder="" value="' . $s .'" onclick="this.submit();" />'; $o .= '<input type="submit" name="submit" id="search-submit" value="' . t('Search') . '" />'; - if($save) + if(feature_enabled(local_user(),'savedsearch')) $o .= '<input type="submit" name="save" id="search-save" value="' . t('Save') . '" />'; $o .= '</form></div>'; return $o; } +function searchbox($s,$id='search-box',$url='/search',$save = false) { + $a = get_app(); + $o = '<div id="' . $id . '">'; + $o .= '<form action="' . z_root() . '/' . $url . '" method="get" >'; + $o .= '<input type="hidden" name="f" value="" />'; + $o .= '<input type="text" class="icon-search" name="search" id="search-text" placeholder="" value="' . $s .'" onclick="this.submit();" />'; + $o .= '<input type="submit" name="submit" id="search-submit" value="' . t('Search') . '" />'; + if(feature_enabled(local_user(),'savedsearch')) + $o .= '<input type="submit" name="searchsave" id="search-save" value="' . t('Save') . '" />'; + $o .= '</form></div>'; + return $o; +} + + function valid_email($x){ if(get_config('system','disable_email_validation')) @@ -878,9 +898,7 @@ function smilies($s, $sample = false) { ':like', ':dislike', 'red#', - 'r#', - '~friendica' - + 'r#' ); $icons = array( @@ -916,9 +934,9 @@ function smilies($s, $sample = false) { '<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />', '<img class="smiley" src="' . $a->get_baseurl() . '/images/like.gif" alt=":like" />', '<img class="smiley" src="' . $a->get_baseurl() . '/images/dislike.gif" alt=":dislike" />', - '<a href="http://getzot.com"><img class="smiley" src="' . $a->get_baseurl() . '/images/rhash-16.png" alt="red#" /> the Red Matrix</a>', - '<a href="http://getzot.com"><img class="smiley" src="' . $a->get_baseurl() . '/images/rhash-16.png" alt="r#" /> the Red Matrix</a>', - '<a href="http://friendica.com">~friendica <img class="smiley" src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>' + '<a href="http://getzot.com"><strong>red<img class="smiley" src="' . $a->get_baseurl() . '/images/rm-16.png" alt="red#" />matrix</strong></a>', + '<a href="http://getzot.com"><strong>red<img class="smiley" src="' . $a->get_baseurl() . '/images/rm-16.png" alt="r#" />matrix</strong></a>' + ); $params = array('texts' => $texts, 'icons' => $icons, 'string' => $s); @@ -1010,9 +1028,9 @@ function unobscure(&$item) { if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) { $key = get_config('system','prvkey'); if($item['title']) - $item['title'] = aes_unencapsulate(json_decode_plus($item['title']),$key); + $item['title'] = crypto_unencapsulate(json_decode_plus($item['title']),$key); if($item['body']) - $item['body'] = aes_unencapsulate(json_decode_plus($item['body']),$key); + $item['body'] = crypto_unencapsulate(json_decode_plus($item['body']),$key); } } @@ -1047,7 +1065,7 @@ function theme_attachments(&$item) { break; } - $title = htmlentities($r['title'], ENT_COMPAT,'UTF-8'); + $title = htmlspecialchars($r['title'], ENT_COMPAT,'UTF-8'); if(! $title) $title = t('unknown.???'); $title .= ' ' . $r['length'] . ' ' . t('bytes'); @@ -1077,11 +1095,11 @@ function format_categories(&$item,$writeable) { if($terms) { $categories = array(); foreach($terms as $t) { - $term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8') ; + $term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8',false) ; if(! trim($term)) continue; $removelink = (($writeable) ? z_root() . '/filerm/' . $item['id'] . '?f=&cat=' . urlencode($t['term']) : ''); - $categories[] = array('term' => $term, 'writeable' => $writeable, 'removelink' => $removelink, 'url' => $t['url']); + $categories[] = array('term' => $term, 'writeable' => $writeable, 'removelink' => $removelink, 'url' => zid($t['url'])); } } $s = replace_macros(get_markup_template('item_categories.tpl'),array( @@ -1099,7 +1117,7 @@ function format_filer(&$item) { if($terms) { $categories = array(); foreach($terms as $t) { - $term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8') ; + $term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8',false) ; if(! trim($term)) continue; $removelink = z_root() . '/filerm/' . $item['id'] . '?f=&term=' . urlencode($t['term']); diff --git a/include/widgets.php b/include/widgets.php index 87941f40f..9d6617aa2 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -1,5 +1,18 @@ <?php /** @file */ +function list_widgets() { + $widgets = array( + 'profile' => t('Displays a full channel profile'), + 'tagcloud' => t('Tag cloud of webpage categories'), + 'collections' => t('List and filter by collection'), + 'suggestions' => t('Show a couple of channel suggestion'), + 'follow' => t('Provide a channel follow form') + ); + $arr = array('widgets' => $widgets); + call_hooks('list_widgets',$arr); + return $arr['widgets']; +} + function widget_profile($args) { $a = get_app(); @@ -32,3 +45,453 @@ function widget_tagcloud($args) { return $o; } +function widget_collections($args) { + require_once('include/group.php'); + $page = argv(0); + $gid = $_REQUEST['gid']; + + return group_side($page,$page,true,$_REQUEST['gid'],'',0); + +} + + +function widget_suggestions($arr) { + + if((! local_user()) || (! feature_enabled(local_user(),'suggest'))) + return ''; + + require_once('include/socgraph.php'); + + $r = suggestion_query(local_user(),get_observer_hash(),0,20); + + if(! $r) { + return; + } + + $arr = array(); + + // Get two random entries from the top 20 returned. + // We'll grab the first one and the one immediately following. + // This will throw some entropy intot he situation so you won't + // be looking at the same two mug shots every time the widget runs + + + $index = ((count($r) > 2) ? mt_rand(0,count($r) - 2) : 0); + + + for($x = $index; $x <= ($index+1); $x ++) { + + $rr = $r[$x]; + if(! $rr['xchan_url']) + break; + + $connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr']; + + $arr[] = array( + 'url' => chanlink_url($rr['xchan_url']), + 'profile' => $rr['xchan_url'], + 'name' => $rr['xchan_name'], + 'photo' => $rr['xchan_photo_m'], + 'ignlnk' => z_root() . '/suggest?ignore=' . $rr['xchan_hash'], + 'conntxt' => t('Connect'), + 'connlnk' => $connlnk, + 'ignore' => t('Ignore/Hide') + ); + } + + + $o = replace_macros(get_markup_template('suggest_widget.tpl'),array( + '$title' => t('Suggestions'), + '$more' => t('See more...'), + '$entries' => $arr + )); + + return $o; + +} + + +function widget_follow($args) { + if(! local_user()) + return ''; + $a = get_app(); + $uid =$a->channel['channel_id']; + $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", + intval($uid), + intval(ABOOK_FLAG_SELF) + ); + if($r) + $total_channels = $r[0]['total']; + $limit = service_class_fetch($uid,'total_channels'); + if($limit !== false) { + $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit); + } + else { + $abook_usage_message = ''; + } + return replace_macros(get_markup_template('follow.tpl'),array( + '$connect' => t('Add New Connection'), + '$desc' => t('Enter the channel address'), + '$hint' => t('Example: bob@example.com, http://example.com/barbara'), + '$follow' => t('Connect'), + '$abook_usage_message' => $abook_usage_message + )); + +} + + +function widget_notes($arr) { + if(! local_user()) + return ''; + if(! feature_enabled(local_user(),'private_notes')) + return ''; + + $text = get_pconfig(local_user(),'notes','text'); + + $o = replace_macros(get_markup_template('notes.tpl'), array( + '$banner' => t('Notes'), + '$text' => $text, + '$save' => t('Save'), + )); + return $o; +} + + +function widget_savedsearch($arr) { + if((! local_user()) || (! feature_enabled(local_user(),'savedsearch'))) + return ''; + + $a = get_app(); + + $search = ((x($_GET,'search')) ? $_GET['search'] : ''); + + if(x($_GET,'searchsave') && $search) { + $r = q("select * from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", + intval(local_user()), + intval(TERM_SAVEDSEARCH), + dbesc($search) + ); + if(! $r) { + q("insert into `term` ( `uid`,`type`,`term` ) values ( %d, %d, '%s') ", + intval(local_user()), + intval(TERM_SAVEDSEARCH), + dbesc($search) + ); + } + } + + if(x($_GET,'searchremove') && $search) { + q("delete from `term` where `uid` = %d and `type` = %d and `term` = '%s' limit 1", + intval(local_user()), + intval(TERM_SAVEDSEARCH), + dbesc($search) + ); + $search = ''; + } + + + + $srchurl = $a->query_string; + + $srchurl = rtrim(preg_replace('/searchsave\=[^\&].*?(\&|$)/is','',$srchurl),'&'); + $hasq = ((strpos($srchurl,'?') !== false) ? true : false); + $srchurl = rtrim(preg_replace('/searchremove\=[^\&].*?(\&|$)/is','',$srchurl),'&'); + $hasq = ((strpos($srchurl,'?') !== false) ? true : false); + + $srchurl = rtrim(preg_replace('/search\=[^\&].*?(\&|$)/is','',$srchurl),'&'); + $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); + $hasq = ((strpos($srchurl,'?') !== false) ? true : false); + + $o = ''; + + $r = q("select `tid`,`term` from `term` WHERE `uid` = %d and `type` = %d ", + intval(local_user()), + intval(TERM_SAVEDSEARCH) + ); + + $saved = array(); + + if(count($r)) { + foreach($r as $rr) { + + $saved[] = array( + 'id' => $rr['tid'], + 'term' => $rr['term'], + 'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&searchremove=1&search=' . urlencode($rr['term']), + 'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&search=' . urlencode($rr['term']), + 'displayterm' => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'), + 'encodedterm' => urlencode($rr['term']), + 'delete' => t('Remove term'), + 'selected' => ($search==$rr['term']), + ); + } + } + + + $tpl = get_markup_template("saved_searches.tpl"); + $o = replace_macros($tpl, array( + '$title' => t('Saved Searches'), + '$add' => t('add'), + '$searchbox' => searchbox('','netsearch-box',$srchurl . (($hasq) ? '' : '?f='),true), + '$saved' => $saved, + )); + + return $o; + +} + + +function widget_filer($arr) { + if(! local_user()) + return ''; + + $a = get_app(); + + $selected = ((x($_REQUEST,'file')) ? $_REQUEST['file'] : ''); + + $terms = array(); + $r = q("select distinct(term) from term where uid = %d and type = %d order by term asc", + intval(local_user()), + intval(TERM_FILE) + ); + if(! $r) + return; + + foreach($r as $rr) + $terms[] = array('name' => $rr['term'], 'selected' => (($selected == $rr['term']) ? 'selected' : '')); + + return replace_macros(get_markup_template('fileas_widget.tpl'),array( + '$title' => t('Saved Folders'), + '$desc' => '', + '$sel_all' => (($selected == '') ? 'selected' : ''), + '$all' => t('Everything'), + '$terms' => $terms, + '$base' => z_root() . '/' . $a->cmd + + )); +} + +function widget_archive($arr) { + + $o = ''; + $a = get_app(); + + if(! $a->profile_uid) { + return ''; + } + + $uid = $a->profile_uid; + + if(! feature_enabled($uid,'archives')) + return ''; + + + $wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0); + $url = z_root() . '/' . $a->cmd; + + + $ret = posted_dates($uid,$wall); + + if(! count($ret)) + return ''; + + $o = replace_macros(get_markup_template('posted_date_widget.tpl'),array( + '$title' => t('Archives'), + '$size' => ((count($ret) > 6) ? 6 : count($ret)), + '$url' => $url, + '$dates' => $ret + )); + return $o; +} + + +function widget_fullprofile($arr) { + $a = get_app(); + if(! $a->profile['profile_uid']) + return; + + $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false); + + return profile_sidebar($a->profile, $block); +} + +function widget_categories($arr) { + $a = get_app(); + $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); + $srchurl = $a->query_string; + $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); + $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); + return categories_widget($srchurl,$cat); + +} + +function widget_tagcloud_wall($arr) { + $a = get_app(); + if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash'])) + return ''; + $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50); + if(feature_enabled($a->profile['profile_uid'],'tagadelic')) + return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL); + return ''; +} + + +function widget_affinity($arr) { + + if(! local_user()) + return ''; + + $cmin = ((x($_REQUEST,'cmin')) ? intval($_REQUEST['cmin']) : 0); + $cmax = ((x($_REQUEST,'cmax')) ? intval($_REQUEST['cmax']) : 99); + + if(feature_enabled(local_user(),'affinity')) { + $tpl = get_markup_template('main_slider.tpl'); + $x = replace_macros($tpl,array( + '$val' => $cmin . ';' . $cmax, + '$refresh' => t('Refresh'), + '$me' => t('Me'), + '$intimate' => t('Best Friends'), + '$friends' => t('Friends'), + '$coworkers' => t('Co-workers'), + '$oldfriends' => t('Former Friends'), + '$acquaintances' => t('Acquaintances'), + '$world' => t('Everybody') + )); + $arr = array('html' => $x); + call_hooks('main_slider',$arr); + return $arr['html']; + } + return ''; +} + + +function widget_settings_menu($arr) { + + if(! local_user()) + return; + + $a = get_app(); + $channel = $a->get_channel(); + + $abook_self_id = 0; + + // Retrieve the 'self' address book entry for use in the auto-permissions link + + $abk = q("select abook_id from abook where abook_channel = %d and ( abook_flags & %d ) limit 1", + intval(local_user()), + intval(ABOOK_FLAG_SELF) + ); + if($abk) + $abook_self_id = $abk[0]['abook_id']; + + + $tabs = array( + array( + 'label' => t('Account settings'), + 'url' => $a->get_baseurl(true).'/settings/account', + 'selected' => ((argv(1) === 'account') ? 'active' : ''), + ), + + array( + 'label' => t('Channel settings'), + 'url' => $a->get_baseurl(true).'/settings/channel', + 'selected' => ((argv(1) === 'channel') ? 'active' : ''), + ), + + array( + 'label' => t('Additional features'), + 'url' => $a->get_baseurl(true).'/settings/features', + 'selected' => ((argv(1) === 'features') ? 'active' : ''), + ), + + array( + 'label' => t('Feature settings'), + 'url' => $a->get_baseurl(true).'/settings/featured', + 'selected' => ((argv(1) === 'featured') ? 'active' : ''), + ), + + array( + 'label' => t('Display settings'), + 'url' => $a->get_baseurl(true).'/settings/display', + 'selected' => ((argv(1) === 'display') ? 'active' : ''), + ), + + array( + 'label' => t('Connected apps'), + 'url' => $a->get_baseurl(true) . '/settings/oauth', + 'selected' => ((argv(1) === 'oauth') ? 'active' : ''), + ), + + array( + 'label' => t('Export channel'), + 'url' => $a->get_baseurl(true) . '/uexport/basic', + 'selected' => '' + ), + +// array( +// 'label' => t('Export account'), +// 'url' => $a->get_baseurl(true) . '/uexport/complete', +// 'selected' => '' +// ), + + array( + 'label' => t('Automatic Permissions (Advanced)'), + 'url' => $a->get_baseurl(true) . '/connedit/' . $abook_self_id, + 'selected' => '' + ), + + + ); + + if(feature_enabled(local_user(),'premium_channel')) { + $tabs[] = array( + 'label' => t('Premium Channel Settings'), + 'url' => $a->get_baseurl(true) . '/connect/' . $channel['channel_address'], + 'selected' => '' + ); + + } + + if(feature_enabled(local_user(),'channel_sources')) { + $tabs[] = array( + 'label' => t('Channel Sources'), + 'url' => $a->get_baseurl(true) . '/sources', + 'selected' => '' + ); + + } + + + + $tabtpl = get_markup_template("generic_links_widget.tpl"); + return replace_macros($tabtpl, array( + '$title' => t('Settings'), + '$class' => 'settings-widget', + '$items' => $tabs, + )); + +} + + +function widget_mailmenu($arr) { + if (! local_user()) + return; + + $a = get_app(); + return replace_macros(get_markup_template('message_side.tpl'), array( + '$tabs'=> array(), + + '$check'=>array( + 'label' => t('Check Mail'), + 'url' => $a->get_baseurl(true) . '/message', + 'sel' => (argv(1) == ''), + ), + '$new'=>array( + 'label' => t('New Message'), + 'url' => $a->get_baseurl(true) . '/message/new', + 'sel'=> (argv(1) == 'new'), + ) + + )); + +}
\ No newline at end of file diff --git a/include/zot.php b/include/zot.php index 09a3c28fa..b0d87cea9 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4,9 +4,26 @@ require_once('include/crypto.php'); require_once('include/items.php'); /** + * Red implementation of zot protocol. + * + * https://github.com/friendica/red/wiki/zot + * https://github.com/friendica/red/wiki/Zot---A-High-Level-Overview + * + */ + + +/** * * @function zot_new_uid($channel_nick) - * @channel_id = unique nickname of controlling entity + * + * Generates a unique string for use as a zot guid using our DNS-based url, the channel nickname and some entropy. + * The entropy ensures uniqueness against re-installs where the same URL and nickname are chosen. + * NOTE: zot doesn't require this to be unique. Internally we use a whirlpool hash of this guid and the signature + * of this guid signed with the channel private key. This can be verified and should make the probability of + * collision of the verified result negligible within the constraints of our immediate universe. + * + * @param string channel_nickname = unique nickname of controlling entity + * * @returns string * */ @@ -18,41 +35,58 @@ function zot_new_uid($channel_nick) { /** - * - * Given an array of zot hashes, return all distinct hubs - * If primary is true, return only primary hubs - * Result is ordered by url to assist in batching. - * Return only the first primary hub as there should only be one. + * @function zot_get_hublocs($hash) + * Given a zot hash, return all distinct hubs. + * This function is used in building the zot discovery packet + * and therefore should only be used by channels which are defined + * on this hub + * @param string $hash - xchan_hash + * @retuns array of hubloc (hub location structures) + * hubloc_id int + * hubloc_guid char(255) + * hubloc_guid_sig text + * hubloc_hash char(255) + * hubloc_addr char(255) + * hubloc_flags int + * hubloc_status int + * hubloc_url char(255) + * hubloc_url_sig text + * hubloc_host char(255) + * hubloc_callback char(255) + * hubloc_connect char(255) + * hubloc_sitekey text + * hubloc_updated datetime + * hubloc_connected datetime * */ -function zot_get_hubloc($arr,$primary = false) { +function zot_get_hublocs($hash) { - $tmp = ''; - - if(is_array($arr)) { - foreach($arr as $e) { - if(strlen($tmp)) - $tmp .= ','; - $tmp .= "'" . dbesc($e) . "'" ; - } - } - - if(! strlen($tmp)) - return array(); - - $sql_extra = (($primary) ? " and hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) : "" ); - $limit = (($primary) ? " limit 1 " : ""); - return q("select * from hubloc where hubloc_hash in ( $tmp ) $sql_extra order by hubloc_url $limit"); + /** Only search for active hublocs - e.g. those that haven't been marked deleted */ + $ret = q("select * from hubloc where hubloc_hash = '%s' and not ( hubloc_flags & %d ) group by hubloc_url ", + dbesc($hash), + intval(HUBLOC_FLAGS_DELETED) + ); + return $ret; } -/* +/** + * + * @function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_key = null, $secret = null) + * builds a zot notification packet that you can either + * store in the queue with a message array or call zot_zot to immediately + * zot it to the other side * - * zot_build_packet builds a notification packet that you can either - * store in the queue with a message array or call zot_zot to immediately - * zot it to the other side + * @param array $channel => sender channel structure + * @param string $type => packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'notify', 'auth_check' + * @param array $recipients => envelope information, array ( 'guid' => string, 'guid_sig' => string ); empty for public posts + * @param string $remote_key => optional public site key of target hub used to encrypt entire packet + * NOTE: remote_key and encrypted packets are required for 'auth_check' packets, optional for all others + * @param string $secret => random string, required for packets which require verification/callback + * e.g. 'pickup', 'purge', 'notify', 'auth_check' --- 'ping' and 'refresh' do not require verification * + * @returns string json encoded zot packet */ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_key = null, $secret = null) { @@ -82,7 +116,7 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_ // Hush-hush ultra top-secret mode if($remote_key) { - $data = aes_encapsulate(json_encode($data),$remote_key); + $data = crypto_encapsulate(json_encode($data),$remote_key); } return json_encode($data); @@ -194,12 +228,27 @@ function zot_finger($webbie,$channel,$autofallback = true) { } /** - * @function: zot_refresh + * @function: zot_refresh($them, $channel = null) * - * zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified - * to fetch new permissions via a finger operation. This may result in a new connection (abook entry) being added to a local channel - * and it may result in auto-permissions being granted. + * zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified + * to fetch new permissions via a finger/discovery operation. This may result in a new connection + * (abook entry) being added to a local channel and it may result in auto-permissions being granted. + * + * Friending in zot is accomplished by sending a refresh packet to a specific channel which indicates a + * permission change has been made by the sender which affects the target channel. The hub controlling + * the target channel does targetted discovery (a zot-finger request requesting permissions for the local + * channel). These are decoded here, and if necessary and abook structure (addressbook) is created to store + * the permissions assigned to this channel. + * + * Initially these abook structures are created with a 'pending' flag, so that no reverse permissions are + * implied until this is approved by the owner channel. A channel can also auto-populate permissions in + * return and send back a refresh packet of its own. This is used by forum and group communication channels + * so that friending and membership in the channel's "club" is automatic. + * + * @param array $them => xchan structure of sender + * @param array $channel => local channel structure of target recipient, required for "friending" operations * + * @returns boolean true if successful, else false */ function zot_refresh($them,$channel = null) { @@ -269,7 +318,7 @@ function zot_refresh($them,$channel = null) { if($channel) { $global_perms = get_perms(); if($j['permissions']['data']) { - $permissions = aes_unencapsulate(array( + $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), @@ -306,6 +355,11 @@ function zot_refresh($them,$channel = null) { ); if(! $y) logger('abook update failed'); + else { + // if we were just granted read stream permission and didn't have it before, try to pull in some posts + if((! ($r[0]['abook_their_perms'] & PERMS_R_STREAM)) && ($their_perms & PERMS_R_STREAM)) + proc_run('php','include/onepoll.php',$r[0]['abook_id']); + } } else { $default_perms = 0; @@ -330,7 +384,6 @@ function zot_refresh($them,$channel = null) { ); if($y) { - logger("New introduction received for {$channel['channel_name']}"); if($default_perms) { // send back a permissions update for auto-friend/auto-permissions @@ -342,6 +395,14 @@ function zot_refresh($them,$channel = null) { if($z) proc_run('php','include/notifier.php','permission_update',$z[0]['abook_id']); } + $new_connection = q("select abook_id, abook_flags from abook where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1", + intval($channel['channel_id']), + dbesc($x['hash']) + ); + + if($new_connection && (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) && ($their_perms & PERMS_R_STREAM)) + proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']); + } } } @@ -354,7 +415,17 @@ function zot_refresh($them,$channel = null) { * @function: zot_gethub * * A guid and a url, both signed by the sender, distinguish a known sender at a known location - * This function looks these up to see if the channel is known. If not, we will need to verify it. + * This function looks these up to see if the channel is known and therefore previously verified. + * If not, we will need to verify it. + * + * @param array $arr + * $arr must contain: + * string $arr['guid'] => guid of conversant + * string $arr['guid_sig'] => guid signed with conversant's private key + * string $arr['url'] => URL of the origination hub of this communication + * string $arr['url_sig'] => URL signed with conversant's private key + * + * * @returns: array => hubloc record */ @@ -381,6 +452,27 @@ function zot_gethub($arr) { return null; } +/** + * @function zot_register_hub($arr) + * + * A communication has been received which has an unknown (to us) sender. + * Perform discovery based on our calculated hash of the sender at the origination address. + * This will fetch the discovery packet of the sender, which contains the public key we + * need to verify our guid and url signatures. + * + * @param array $arr + * $arr must contain: + * string $arr['guid'] => guid of conversant + * string $arr['guid_sig'] => guid signed with conversant's private key + * string $arr['url'] => URL of the origination hub of this communication + * string $arr['url_sig'] => URL signed with conversant's private key + * + * + * @returns array => 'success' (boolean true or false) + * 'message' (optional error string only if success is false) + */ + + function zot_register_hub($arr) { $result = array('success' => false); @@ -399,22 +491,49 @@ function zot_register_hub($arr) { if($x['success']) { $record = json_decode($x['body'],true); - $c = import_xchan($record); - if($c['success']) - $result['success'] = true; + + /* + * We now have a key - only continue registration if our signatures are valid + * AND the guid and guid sig in the returned packet match those provided in + * our current communication. + */ + + if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'])) + && (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'])) + && ($arr['guid'] === $record['guid']) + && ($arr['guid_sig'] === $record['guid_sig'])) { + + $c = import_xchan($record); + if($c['success']) + $result['success'] = true; + } + else { + logger('zot_register_hub: failure to verify returned packet.'); + } } } return $result; } - -// Takes a json associative array from zot_finger and imports the xchan and hublocs -// If the xchan already exists, update the name and photo if these have changed. -// +/** + * @function import_xchan($arr,$ud_flags = 1) + * Takes an associative array of a fecthed discovery packet and updates + * all internal data structures which need to be updated as a result. + * + * @param array $arr => json_decoded discovery packet + * @param int $ud_flags + * Determines whether to create a directory update record if any changes occur, default 1 or true + * + * @returns array => 'success' (boolean true or false) + * 'message' (optional error string only if success is false) + */ function import_xchan($arr,$ud_flags = 1) { + + call_hooks('import_xchan', $arr); + $ret = array('success' => false); $dirmode = intval(get_config('system','directory_mode')); @@ -437,7 +556,6 @@ function import_xchan($arr,$ud_flags = 1) { return $ret; } - logger('import_xchan: ' . $xchan_hash, LOGGER_DEBUG); $r = q("select * from xchan where xchan_hash = '%s' limit 1", @@ -552,19 +670,41 @@ function import_xchan($arr,$ud_flags = 1) { require_once('include/photo/photo_driver.php'); - $photos = import_profile_photo($arr['photo'],$xchan_hash); - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' + // see if this is a channel clone that's hosted locally - which we treat different from other xchans/connections + + $local = q("select channel_account_id, channel_id from channel where channel_hash = '%s' limit 1", + dbesc($xchan_hash) + ); + if($local) { + $ph = z_fetch_url($arr['photo'],true); + if($ph['success']) { + import_channel_photo($ph['body'], $arr['photo_mimetype'], $local[0]['channel_account_id'],$local[0]['channel_id']); + // reset the names in case they got messed up when we had a bug in this function + $photos = array( + z_root() . '/photo/profile/l/' . $local[0]['channel_id'], + z_root() . '/photo/profile/m/' . $local[0]['channel_id'], + z_root() . '/photo/profile/s/' . $local[0]['channel_id'], + $arr['photo_mimetype'] + ); + } + } + else { + $photos = import_profile_photo($arr['photo'],$xchan_hash); + } + if($photos) { + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s' limit 1", - dbesc($arr['photo_updated']), + dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($xchan_hash) - ); + ); - $what .= 'photo '; - $changed = true; + $what .= 'photo '; + $changed = true; + } } // what we are missing for true hub independence is for any changes in the primary hub to @@ -572,10 +712,20 @@ function import_xchan($arr,$ud_flags = 1) { if($arr['locations']) { - $xisting = q("select hubloc_id, hubloc_url from hubloc where hubloc_hash = '%s'", + $xisting = q("select hubloc_id, hubloc_url, hubloc_sitekey from hubloc where hubloc_hash = '%s'", dbesc($xchan_hash) ); + // See if a primary is specified + + $has_primary = false; + foreach($arr['locations'] as $location) { + if($location['primary']) { + $has_primary = true; + break; + } + } + foreach($arr['locations'] as $location) { if(! rsa_verify($location['url'],base64url_decode($location['url_sig']),$arr['key'])) { logger('import_xchan: Unable to verify site signature for ' . $location['url']); @@ -583,15 +733,21 @@ function import_xchan($arr,$ud_flags = 1) { continue; } + // Ensure that they have one primary hub + + if(! $has_primary) + $location['primary'] = true; + + for($x = 0; $x < count($xisting); $x ++) { - if($xisting[$x]['hubloc_url'] == $location['url']) { + if(($xisting[$x]['hubloc_url'] === $location['url']) && ($xisting[$x]['hubloc_sitekey'] === $location['sitekey'])) { $xisting[$x]['updated'] = true; } } // match as many fields as possible in case anything at all changed. - $r = q("select * from hubloc where hubloc_hash = '%s' and hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_url = '%s' and hubloc_url_sig = '%s' and hubloc_host = '%s' and hubloc_addr = '%s' and hubloc_callback = '%s' and hubloc_sitekey = '%s' limit 1", + $r = q("select * from hubloc where hubloc_hash = '%s' and hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_url = '%s' and hubloc_url_sig = '%s' and hubloc_host = '%s' and hubloc_addr = '%s' and hubloc_callback = '%s' and hubloc_sitekey = '%s' ", dbesc($xchan_hash), dbesc($arr['guid']), dbesc($arr['guid_sig']), @@ -612,6 +768,16 @@ function import_xchan($arr,$ud_flags = 1) { intval($r[0]['hubloc_id']) ); } + + // Remove pure duplicates + if(count($r) > 1) { + for($h = 1; $h < count($r); $h ++) { + q("delete from hubloc where hubloc_id = %d limit 1", + intval($r[$h]['hubloc_id']) + ); + } + } + if((($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) && (! $location['primary'])) || ((! ($r[0]['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY)) && ($location['primary']))) { $r = q("update hubloc set hubloc_flags = (hubloc_flags ^ %d), hubloc_updated = '%s' where hubloc_id = %d limit 1", @@ -719,8 +885,6 @@ function import_xchan($arr,$ud_flags = 1) { } } - - if($changed) { $guid = random_string() . '@' . get_app()->get_hostname(); update_modtime($xchan_hash,$guid,$arr['address'],$ud_flags); @@ -744,6 +908,20 @@ function import_xchan($arr,$ud_flags = 1) { return $ret; } +/** + * @function zot_process_response($hub,$arr,$outq) { + * Called immediately after sending a zot message which is using queue processing + * Updates the queue item according to the response result and logs any information + * returned to aid communications troubleshooting. + * + * @param string $hub - url of site we just contacted + * @param array $arr - output of z_post_url() + * @param array $outq - The queue structure attached to this request + * + * @returns nothing + */ + + function zot_process_response($hub,$arr,$outq) { if(! $arr['success']) { @@ -779,14 +957,16 @@ function zot_process_response($hub,$arr,$outq) { } /** - * @function: zot_fetch + * @function zot_fetch($arr) * - * We received a notification packet (in mod/post.php) that a message is waiting for us, and we've verified the sender. - * Now send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign. - * The entire pickup message is encrypted with the remote site's public key. - * If everything checks out on the remote end, we will receive back a packet containing one or more messages, - * which will be processed before returning. - * + * We received a notification packet (in mod/post.php) that a message is waiting for us, and we've verified the sender. + * Now send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site private key. + * The entire pickup message is encrypted with the remote site's public key. + * If everything checks out on the remote end, we will receive back a packet containing one or more messages, + * which will be processed and delivered before this function ultimately returns. + * + * @param array $arr + * decrypted and json decoded notify packet from remote site */ @@ -811,7 +991,7 @@ function zot_fetch($arr) { 'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey'))) ); - $datatosend = json_encode(aes_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'])); + $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'])); $fetch = zot_zot($url,$datatosend); $result = zot_import($fetch, $arr['sender']['url']); @@ -824,7 +1004,16 @@ function zot_fetch($arr) { * Process an incoming array of messages which were obtained via pickup, and * import, update, delete as directed. * - * The message types handled here are 'activity' (e.g. posts), 'mail' and 'profile' + * @param array $arr => 'pickup' structure returned from remote site + * @param string $sender_url => the url specified by the sender in the initial communication + * we will verify the sender and url in each returned message structure and also verify + * that all the messages returned match the site url that we are currently processing. + * + * The message types handled here are 'activity' (e.g. posts), 'mail' , 'profile', and 'channel_sync' + * + * @returns array => array ( [0] => string $channel_hash, [1] => string $delivery_status, [2] => string $address ) + * suitable for logging remotely, enumerating the processing results of each message/recipient combination. + * */ function zot_import($arr, $sender_url) { @@ -837,7 +1026,7 @@ function zot_import($arr, $sender_url) { } if(array_key_exists('iv',$data)) { - $data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true); + $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true); } $incoming = $data['pickup']; @@ -849,7 +1038,7 @@ function zot_import($arr, $sender_url) { $result = null; if(array_key_exists('iv',$i['notify'])) { - $i['notify'] = json_decode(aes_unencapsulate($i['notify'],get_config('system','prvkey')),true); + $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true); } logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA); @@ -898,11 +1087,29 @@ function zot_import($arr, $sender_url) { $deliveries = allowed_public_recips($i); } + + // Go through the hash array and remove duplicates. array_unique() won't do this because the array is more than one level. + + $no_dups = array(); + if($deliveries) { + foreach($deliveries as $d) { + if(! in_array($d['hash'],$no_dups)) + $no_dups[] = $d['hash']; + } + + if($no_dups) { + $deliveries = array(); + foreach($no_dups as $n) { + $deliveries[] = array('hash' => $n); + } + } + } + if(! $deliveries) { logger('zot_import: no deliveries on this site'); continue; } - + if($i['message']) { if($i['message']['type'] === 'activity') { $arr = get_item_elements($i['message']); @@ -1426,22 +1633,22 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = 1, $suppress_ $arr = array(); $arr['xprof_hash'] = $hash; - $arr['xprof_desc'] = (($profile['description']) ? htmlentities($profile['description'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_desc'] = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : ''); $arr['xprof_dob'] = datetime_convert('','',$profile['birthday'],'Y-m-d'); // !!!! check this for 0000 year $arr['xprof_age'] = (($profile['age']) ? intval($profile['age']) : 0); - $arr['xprof_gender'] = (($profile['gender']) ? htmlentities($profile['gender'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_marital'] = (($profile['marital']) ? htmlentities($profile['marital'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_sexual'] = (($profile['sexual']) ? htmlentities($profile['sexual'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_locale'] = (($profile['locale']) ? htmlentities($profile['locale'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_region'] = (($profile['region']) ? htmlentities($profile['region'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_postcode'] = (($profile['postcode']) ? htmlentities($profile['postcode'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_country'] = (($profile['country']) ? htmlentities($profile['country'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_gender'] = (($profile['gender']) ? htmlspecialchars($profile['gender'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_marital'] = (($profile['marital']) ? htmlspecialchars($profile['marital'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_sexual'] = (($profile['sexual']) ? htmlspecialchars($profile['sexual'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_locale'] = (($profile['locale']) ? htmlspecialchars($profile['locale'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_region'] = (($profile['region']) ? htmlspecialchars($profile['region'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_postcode'] = (($profile['postcode']) ? htmlspecialchars($profile['postcode'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_country'] = (($profile['country']) ? htmlspecialchars($profile['country'], ENT_COMPAT,'UTF-8',false) : ''); $clean = array(); if(array_key_exists('keywords',$profile) and is_array($profile['keywords'])) { import_directory_keywords($hash,$profile['keywords']); foreach($profile['keywords'] as $kw) { - $kw = trim(htmlentities($kw,ENT_COMPAT,'UTF-8',false)); + $kw = trim(htmlspecialchars($kw,ENT_COMPAT,'UTF-8',false)); $kw = trim($kw,','); $clean[] = $kw; } @@ -1543,7 +1750,7 @@ function import_directory_keywords($hash,$keywords) { $clean = array(); foreach($keywords as $kw) { - $kw = trim(htmlentities($kw,ENT_COMPAT,'UTF-8',false)); + $kw = trim(htmlspecialchars($kw,ENT_COMPAT,'UTF-8',false)); $kw = trim($kw,','); $clean[] = $kw; } @@ -1642,10 +1849,10 @@ function import_site($arr,$pubkey) { $access_policy = ACCESS_TIERED; } - $directory_url = htmlentities($arr['directory_url'],ENT_COMPAT,'UTF-8',false); - $url = htmlentities($arr['url'],ENT_COMPAT,'UTF-8',false); - $sellpage = htmlentities($arr['sellpage'],ENT_COMPAT,'UTF-8',false); - $site_location = htmlentities($arr['location'],ENT_COMPAT,'UTF-8',false); + $directory_url = htmlspecialchars($arr['directory_url'],ENT_COMPAT,'UTF-8',false); + $url = htmlspecialchars($arr['url'],ENT_COMPAT,'UTF-8',false); + $sellpage = htmlspecialchars($arr['sellpage'],ENT_COMPAT,'UTF-8',false); + $site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false); if($exists) { if(($siterecord['site_flags'] != $site_directory) @@ -1916,3 +2123,24 @@ function get_rpost_path($observer) { } +function import_author_zot($x) { + $hash = base64url_encode(hash('whirlpool',$x['guid'] . $x['guid_sig'], true)); + $r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1", + dbesc($x['guid']), + dbesc($x['guid_sig']), + intval(HUBLOC_FLAGS_PRIMARY) + ); + + if($r) { + logger('import_author_zot: in cache', LOGGER_DEBUG); + return $hash; + } + + logger('import_author_zot: entry not in cache - probing: ' . print_r($x,true), LOGGER_DEBUG); + + $them = array('hubloc_url' => $x['url'],'xchan_guid' => $x['guid'], 'xchan_guid_sig' => $x['guid_sig']); + if(zot_refresh($them)) + return $hash; + return false; +} + |