aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorFabio Comuni <fabrix.xm@gmail.com>2011-09-26 11:42:48 +0200
committerFabio Comuni <fabrix.xm@gmail.com>2011-09-26 11:42:48 +0200
commit5792b3d3580b9f09460305858293398d8d8a9abf (patch)
tree90d60e9db4ed733a60c2890c7305d45ddd48be42 /mod
parent991656a3ef396d9a6bd43ddb752627c2880b17ba (diff)
parent428e6766411d2c6708ad25f726c4bcf1d64af1cc (diff)
downloadvolse-hubzilla-5792b3d3580b9f09460305858293398d8d8a9abf.tar.gz
volse-hubzilla-5792b3d3580b9f09460305858293398d8d8a9abf.tar.bz2
volse-hubzilla-5792b3d3580b9f09460305858293398d8d8a9abf.zip
Merge branch 'master' into newui
Diffstat (limited to 'mod')
-rw-r--r--mod/contacts.php23
-rw-r--r--mod/dfrn_notify.php25
-rw-r--r--mod/display.php2
-rw-r--r--mod/editpost.php2
-rw-r--r--mod/follow.php5
-rw-r--r--mod/friendika.php2
-rw-r--r--mod/group.php5
-rw-r--r--mod/hostxrd.php3
-rw-r--r--mod/item.php19
-rw-r--r--mod/like.php27
-rw-r--r--mod/message.php16
-rw-r--r--mod/network.php251
-rw-r--r--mod/oexchange.php13
-rw-r--r--mod/openid.php2
-rw-r--r--mod/parse_url.php132
-rw-r--r--mod/photos.php64
-rw-r--r--mod/profile.php1
-rw-r--r--mod/pubsub.php4
-rw-r--r--mod/receive.php34
-rw-r--r--mod/register.php3
-rw-r--r--mod/salmon.php4
-rw-r--r--mod/search.php6
-rw-r--r--mod/xrd.php1
23 files changed, 373 insertions, 271 deletions
diff --git a/mod/contacts.php b/mod/contacts.php
index 4decc5042..ea429d39f 100644
--- a/mod/contacts.php
+++ b/mod/contacts.php
@@ -23,8 +23,6 @@ function contacts_init(&$a) {
$a->page['aside'] = '';
$a->page['aside'] .= group_side('contacts','group',false,0,$contact_id);
- $inv = '<div class="side-link" id="side-invite-link" ><a href="invite" >' . t("Invite Friends") . '</a></div>';
-
if(get_config('system','invitation_only')) {
$x = get_pconfig(local_user(),'system','invites_remaining');
if($x || is_site_admin()) {
@@ -33,21 +31,26 @@ function contacts_init(&$a) {
. '</div>' . $inv;
}
}
- elseif($a->config['register_policy'] != REGISTER_CLOSED)
- $a->page['aside'] .= $inv;
-
-
- $a->page['aside'] .= '<div class="side-link" id="side-match-link"><a href="match" >'
- . t('Find People With Shared Interests') . '</a></div>';
$tpl = get_markup_template('follow.tpl');
+
+ $findSimilarLink = '<div class="side-link" id="side-match-link"><a href="match" >'
+ . t('Similar Interests') . '</a></div>';
+
+ $inv = '';
+ if($a->config['register_policy'] != REGISTER_CLOSED) {
+ $inv = '<div class="side-link" id="side-invite-link" ><a href="invite" >' . t("Invite Friends") . '</a></div>';
+ }
+
$a->page['aside'] .= replace_macros($tpl,array(
'$label' => t('Connect/Follow'),
'$hint' => t('Example: bob@example.com, http://example.com/barbara'),
- '$follow' => t('Follow')
+ '$follow' => t('Follow'),
+ '$findSimilar' => $findSimilarLink,
+ '$inviteFriends' => $inv
));
-
+
}
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 84cb2fc16..23bdd7388 100644
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -72,7 +72,7 @@ function dfrn_notify_post(&$a) {
FROM `contact`
LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
+ AND `user`.`nickname` = '%s' AND `user`.`account_expired` = 0 $sql_extra LIMIT 1",
dbesc($a->argv[1])
);
@@ -807,7 +807,7 @@ function dfrn_notify_content(&$a) {
intval(time() + 90 )
);
- logger('dfrn_notify: challenge=' . $hash );
+ logger('dfrn_notify: challenge=' . $hash, LOGGER_DEBUG );
$sql_extra = '';
switch($direction) {
@@ -829,7 +829,8 @@ function dfrn_notify_content(&$a) {
}
$r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
- WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
+ WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s'
+ AND `user`.`account_expired` = 0 $sql_extra LIMIT 1",
dbesc($a->argv[1])
);
@@ -840,14 +841,20 @@ function dfrn_notify_content(&$a) {
$encrypted_id = '';
$id_str = $my_id . '.' . mt_rand(1000,9999);
- if((($r[0]['duplex']) && strlen($r[0]['prvkey'])) || (! strlen($r[0]['pubkey']))) {
- openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
- openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
+ $prv_key = trim($r[0]['prvkey']);
+ $pub_key = trim($r[0]['pubkey']);
+ $dplx = intval($r[0]['duplex']);
+
+ if((($dplx) && (strlen($prv_key))) || ((strlen($prv_key)) && (!(strlen($pub_key))))) {
+ openssl_private_encrypt($hash,$challenge,$prv_key);
+ openssl_private_encrypt($id_str,$encrypted_id,$prv_key);
}
- else {
- openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
- openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
+ elseif(strlen($pub_key)) {
+ openssl_public_encrypt($hash,$challenge,$pub_key);
+ openssl_public_encrypt($id_str,$encrypted_id,$pub_key);
}
+ else
+ $status = 1;
$challenge = bin2hex($challenge);
$encrypted_id = bin2hex($encrypted_id);
diff --git a/mod/display.php b/mod/display.php
index 52a84e755..281ce1dd4 100644
--- a/mod/display.php
+++ b/mod/display.php
@@ -114,8 +114,6 @@ function display_content(&$a) {
}
- $o .= cc_license();
-
return $o;
}
diff --git a/mod/editpost.php b/mod/editpost.php
index c396ee44b..bceb9250a 100644
--- a/mod/editpost.php
+++ b/mod/editpost.php
@@ -71,7 +71,7 @@ function editpost_content(&$a) {
if($mail_enabled) {
$selected = (($pubmail_enabled) ? ' checked="checked" ' : '');
- $jotnets .= '<div class="profile-jot-net"><input type="checkbox" name="pubmail_enable"' . $selected . 'value="1" /> '
+ $jotnets .= '<div class="profile-jot-net"><input type="checkbox" name="pubmail_enable"' . $selected . ' value="1" /> '
. t("Post to Email") . '</div>';
}
diff --git a/mod/follow.php b/mod/follow.php
index df4d2e630..77c8ae18f 100644
--- a/mod/follow.php
+++ b/mod/follow.php
@@ -100,14 +100,15 @@ function follow_post(&$a) {
$new_relation = CONTACT_IS_FOLLOWER;
// create contact record
- $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `addr`, `alias`, `notify`, `poll`, `name`, `nick`, `photo`, `network`, `pubkey`, `rel`, `priority`,
+ $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `addr`, `alias`, `batch`, `notify`, `poll`, `name`, `nick`, `photo`, `network`, `pubkey`, `rel`, `priority`,
`writable`, `blocked`, `readonly`, `pending` )
- VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, 0, 0, 0 ) ",
+ VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, 0, 0, 0 ) ",
intval(local_user()),
dbesc(datetime_convert()),
dbesc($ret['url']),
dbesc($ret['addr']),
dbesc($ret['alias']),
+ dbesc($ret['batch']),
dbesc($ret['notify']),
dbesc($ret['poll']),
dbesc($ret['name']),
diff --git a/mod/friendika.php b/mod/friendika.php
index d0e709c75..c5d7de59f 100644
--- a/mod/friendika.php
+++ b/mod/friendika.php
@@ -42,8 +42,6 @@ function friendika_content(&$a) {
$o .= t('This is Friendika version') . ' ' . FRIENDIKA_VERSION . ' ';
$o .= t('running at web location') . ' ' . z_root() . '</p><p>';
- $o .= t('Shared content within the Friendika network is provided under the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0 license</a>') . '</p><p>';
-
$o .= t('Please visit <a href="http://project.friendika.com">Project.Friendika.com</a> to learn more about the Friendika project.') . '</p><p>';
$o .= t('Bug reports and issues: please visit') . ' ' . '<a href="http://bugs.friendika.com">Bugs.Friendika.com</a></p><p>';
diff --git a/mod/group.php b/mod/group.php
index 981796f67..ca163902c 100644
--- a/mod/group.php
+++ b/mod/group.php
@@ -176,8 +176,8 @@ function group_content(&$a) {
if($change)
$o = '';
- $o .= '<div id="group-members">';
$o .= '<h3>' . t('Members') . '</h3>';
+ $o .= '<div id="group-members">';
$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
foreach($members as $member) {
if($member['url']) {
@@ -190,9 +190,10 @@ function group_content(&$a) {
$o .= '</div><div id="group-members-end"></div>';
$o .= '<hr id="group-separator" />';
+
+ $o .= '<h3>' . t('All Contacts') . '</h3>';
$o .= '<div id="group-all-contacts">';
- $o .= '<h3>' . t('All Contacts') . '</h3>';
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `blocked` = 0 and `pending` = 0 and `self` = 0 ORDER BY `name` ASC",
intval(local_user())
);
diff --git a/mod/hostxrd.php b/mod/hostxrd.php
index c7861d26d..1cc18da7a 100644
--- a/mod/hostxrd.php
+++ b/mod/hostxrd.php
@@ -4,7 +4,8 @@ function hostxrd_init(&$a) {
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
$tpl = file_get_contents('view/xrd_host.tpl');
- echo str_replace(array('$zroot','$domain'),array(z_root(),z_path()),$tpl);
+ echo str_replace(array(
+ '$zroot','$domain','$zot_post'),array(z_root(),z_path(),z_root() . '/post'),$tpl);
session_write_close();
exit();
diff --git a/mod/item.php b/mod/item.php
index 025a12a32..e5d4eea82 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -336,9 +336,9 @@ function item_post(&$a) {
// embedded bookmark in post? convert to regular url and set bookmark flag
$bookmark = 0;
- if(preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/m",$body,$match)) {
+ if(preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism",$body,$match)) {
$bookmark = 1;
- $body = preg_replace("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/m",'[url=$1]$2[/url]',$body);
+ $body = preg_replace("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism",'[url=$1]$2[/url]',$body);
}
@@ -346,7 +346,7 @@ function item_post(&$a) {
* Fold multi-line [code] sequences
*/
- $body = preg_replace('/\[\/code\]\s*\[code\]/m',"\n",$body);
+ $body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body);
/**
* Look for any tags and linkify them
@@ -501,6 +501,7 @@ function item_post(&$a) {
$datarray['author-avatar'] = $author['thumb'];
$datarray['created'] = datetime_convert();
$datarray['edited'] = datetime_convert();
+ $datarray['commented'] = datetime_convert();
$datarray['received'] = datetime_convert();
$datarray['changed'] = datetime_convert();
$datarray['uri'] = $uri;
@@ -561,9 +562,9 @@ function item_post(&$a) {
$r = q("INSERT INTO `item` (`guid`, `uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`,
- `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `received`, `changed`, `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`,
+ `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `commented`, `received`, `changed`, `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`,
`tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach`, `bookmark` )
- VALUES( '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d )",
+ VALUES( '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d )",
dbesc($datarray['guid']),
intval($datarray['uid']),
dbesc($datarray['type']),
@@ -578,6 +579,7 @@ function item_post(&$a) {
dbesc($datarray['author-avatar']),
dbesc($datarray['created']),
dbesc($datarray['edited']),
+ dbesc($datarray['commented']),
dbesc($datarray['received']),
dbesc($datarray['changed']),
dbesc($datarray['uri']),
@@ -803,6 +805,13 @@ function item_post(&$a) {
// NOTREACHED
}
+ // update the commented timestamp on the parent
+
+ q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1",
+ dbesc(datetime_convert()),
+ dbesc(datetime_convert()),
+ intval($parent)
+ );
$datarray['id'] = $post_id;
$datarray['plink'] = $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id;
diff --git a/mod/like.php b/mod/like.php
index 287630212..95bedcc20 100644
--- a/mod/like.php
+++ b/mod/like.php
@@ -55,6 +55,22 @@ function like_content(&$a) {
return;
}
+ $remote_owner = null;
+
+ if(! $item['wall']) {
+ // The top level post may have been written by somebody on another system
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($item['contact-id']),
+ intval($item['uid'])
+ );
+ if(! count($r))
+ return;
+ if(! $r[0]['self'])
+ $remote_owner = $r[0];
+ }
+
+ // this represents the post owner on this system.
+
$r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`self` = 1 AND `contact`.`uid` = %d LIMIT 1",
intval($owner_uid)
@@ -67,6 +83,11 @@ function like_content(&$a) {
return;
}
+ if(! $remote_owner)
+ $remote_owner = $owner;
+
+
+ // This represents the person posting
if((local_user()) && (local_user() == $owner_uid)) {
$contact = $owner;
@@ -137,9 +158,9 @@ EOT;
$arr['gravity'] = GRAVITY_LIKE;
$arr['parent'] = $item['id'];
$arr['parent-uri'] = $item['uri'];
- $arr['owner-name'] = $owner['name'];
- $arr['owner-link'] = $owner['url'];
- $arr['owner-avatar'] = $owner['thumb'];
+ $arr['owner-name'] = $remote_owner['name'];
+ $arr['owner-link'] = $remote_owner['url'];
+ $arr['owner-avatar'] = $remote_owner['thumb'];
$arr['author-name'] = $contact['name'];
$arr['author-link'] = $contact['url'];
$arr['author-avatar'] = $contact['thumb'];
diff --git a/mod/message.php b/mod/message.php
index cc94730bc..1bee45d48 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -159,10 +159,10 @@ function message_content(&$a) {
'$from_url' => $a->get_baseurl() . '/redir/' . $rr['contact-id'],
'$sparkle' => ' sparkle',
'$from_photo' => $rr['thumb'],
- '$subject' => (($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>'),
+ '$subject' => template_escape((($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>')),
'$delete' => t('Delete conversation'),
- '$body' => $rr['body'],
- '$to_name' => $rr['name'],
+ '$body' => template_escape($rr['body']),
+ '$to_name' => template_escape($rr['name']),
'$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['mailcreated'], t('D, d M Y - g:i A'))
));
}
@@ -221,14 +221,14 @@ function message_content(&$a) {
}
$o .= replace_macros($tpl, array(
'$id' => $message['id'],
- '$from_name' =>$message['from-name'],
+ '$from_name' => template_escape($message['from-name']),
'$from_url' => $from_url,
'$sparkle' => $sparkle,
'$from_photo' => $message['from-photo'],
- '$subject' => $message['title'],
- '$body' => smilies(bbcode($message['body'])),
+ '$subject' => template_escape($message['title']),
+ '$body' => template_escape(smilies(bbcode($message['body']))),
'$delete' => t('Delete message'),
- '$to_name' => $message['name'],
+ '$to_name' => template_escape($message['name']),
'$date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A')
));
@@ -240,7 +240,7 @@ function message_content(&$a) {
'$header' => t('Send Reply'),
'$to' => t('To:'),
'$subject' => t('Subject:'),
- '$subjtxt' => $message['title'],
+ '$subjtxt' => template_escape($message['title']),
'$readonly' => ' readonly="readonly" style="background: #BBBBBB;" ',
'$yourmessage' => t('Your message:'),
'$select' => $select,
diff --git a/mod/network.php b/mod/network.php
index 1de0bc212..9488cd973 100644
--- a/mod/network.php
+++ b/mod/network.php
@@ -17,12 +17,12 @@ function network_init(&$a) {
// We need a better way of managing a growing argument list
- $srchurl = '/network'
- . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '')
- . ((x($_GET,'star')) ? '?star=' . $_GET['star'] : '')
- . ((x($_GET,'order')) ? '?order=' . $_GET['order'] : '')
- . ((x($_GET,'bmark')) ? '?bmark=' . $_GET['bmark'] : '');
-
+ // moved into savedsearches()
+ // $srchurl = '/network'
+ // . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '')
+ // . ((x($_GET,'star')) ? '?star=' . $_GET['star'] : '')
+ // . ((x($_GET,'bmark')) ? '?bmark=' . $_GET['bmark'] : '');
+
if(x($_GET,'save')) {
$r = q("select * from `search` where `uid` = %d and `term` = '%s' limit 1",
intval(local_user()),
@@ -42,76 +42,110 @@ function network_init(&$a) {
);
}
- $a->page['aside'] .= search($search,'netsearch-box',$srchurl,true);
-
- $a->page['aside'] .= '<div id="network-new-link">';
-
-
- $a->page['aside'] .= '<div id="network-view-link">';
- if(($a->argc > 1 && $a->argv[1] === 'new') || ($a->argc > 2 && $a->argv[2] === 'new') || x($_GET,'search')) {
- $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '') . '">' . t('View Conversations') . '</a></div>';
+ // item filter tabs
+ // TODO: fix this logic, reduce duplication
+ $a->page['content'] .= '<div class="tabs-wrapper">';
+
+ $starred_active = '';
+ $new_active = '';
+ $bookmarked_active = '';
+ $all_active = '';
+ $search_active = '';
+
+ if(($a->argc > 1 && $a->argv[1] === 'new')
+ || ($a->argc > 2 && $a->argv[2] === 'new')) {
+ $new_active = 'active';
}
- else {
- $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . $a->cmd . '/new' . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '">' . t('View New Items') . '</a></div>';
-
- if(x($_GET,'star'))
- $a->page['aside'] .= '<div id="network-star-link">'
- . '<a class="network-star" href="' . $a->get_baseurl() . '/' . $a->cmd
- . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '">'
- . t('View Any Items') . '</a>'
- . '<span class="network-star icon starred"></span>'
- . '<span class="network-star icon unstarred"></span>'
- . '<div class="clear"></div></div>';
- else
- $a->page['aside'] .= '<div id="network-star-link">'
- . '<a class="network-star" href="' . $a->get_baseurl() . '/' . $a->cmd
- . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '&star=1" >'
- . t('View Starred Items') . '</a>'
- . '<span class="network-star icon starred"></span>'
- . '<div class="clear"></div></div>';
-
- if(! $_GET['bmark'])
- $a->page['aside'] .= '<div id="network-bmark-link">'
- . '<a class="network-bmark" href="' . $a->get_baseurl() . '/' . $a->cmd
- . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '&bmark=1" >'
- . t('View Bookmarks') . '</a>'
- . '<div class="clear"></div></div>';
-
-
+
+ if(x($_GET,'search')) {
+ $search_active = 'active';
}
-
- $a->page['aside'] .= '</div>';
-
+
+ if(x($_GET,'star')) {
+ $starred_active = 'active';
+ }
+
+ if($_GET['bmark']) {
+ $bookmarked_active = 'active';
+ }
+
+ if (($new_active == '')
+ && ($starred_active == '')
+ && ($bookmarked_active == '')
+ && ($search_active == '')) {
+ $all_active = 'active';
+ }
+
+ // network links moved to content to match other pages
+ // all
+ $a->page['content'] .= '<a class="tabs ' . $all_active . '" href="' . $a->get_baseurl() . '/'
+ . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '') . '">'
+ . t('All') . '</a>';
+
+ // new
+ $a->page['content'] .= '<a class="tabs ' . $new_active . '" href="' . $a->get_baseurl() . '/'
+ . str_replace('/new', '', $a->cmd) . '/new'
+ . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '">'
+ . t('New') . '</a>';
+
+ // starred
+ $a->page['content'] .= '<a class="tabs ' . $starred_active . '" href="' . $a->get_baseurl() . '/'
+ . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '&star=1" >'
+ . t('Starred') . '</a>';
+
+ // bookmarks
+ $a->page['content'] .= '<a class="tabs ' . $bookmarked_active . '" href="' . $a->get_baseurl() . '/'
+ . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '&bmark=1" >'
+ . t('Bookmarks') . '</a>';
+
+ $a->page['content'] .= '</div>';
+ // --- end item filter tabs
+
+ // search terms header
+ if(x($_GET,'search')) {
+ $a->page['content'] .= '<h2>Search Results For: ' . $search . '</h2>';
+ }
+
$a->page['aside'] .= group_side('network','network',true,$group_id);
+
+ // moved to saved searches to have it in the same div
+ //$a->page['aside'] .= search($search,'netsearch-box',$srchurl,true);
- $a->page['aside'] .= saved_searches();
+ $a->page['aside'] .= saved_searches($search);
}
-function saved_searches() {
+function saved_searches($search) {
+ $srchurl = '/network'
+ . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '')
+ . ((x($_GET,'star')) ? '?star=' . $_GET['star'] : '')
+ . ((x($_GET,'bmark')) ? '?bmark=' . $_GET['bmark'] : '');
+
$o = '';
$r = q("select `term` from `search` WHERE `uid` = %d",
intval(local_user())
);
+ $o .= '<div id="saved-search-list" class="widget">';
+ $o .= '<h3 id="search">' . t('Saved Searches') . '</h3>' . "\r\n";
+ $o .= search($search,'netsearch-box',$srchurl,true);
+
if(count($r)) {
- $o .= '<h3>' . t('Saved Searches') . '</h3>' . "\r\n";
- $o .= '<div id="saved-search-list"><ul id="saved-search-ul">' . "\r\n";
+ $o .= '<ul id="saved-search-ul">' . "\r\n";
foreach($r as $rr) {
$o .= '<li class="saved-search-li clear"><a href="network/?f=&remove=1&search=' . $rr['term'] . '" class="icon drophide savedsearchdrop" title="' . t('Remove term') . '" onclick="return confirmDelete();" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a> <a href="network/?f&search=' . $rr['term'] . '" class="savedsearchterm" >' . $rr['term'] . '</a></li>' . "\r\n";
}
- $o .= '</ul></div>' . "\r\n";
+ $o .= '</ul>';
}
+ $o .= '</div>' . "\r\n";
return $o;
}
-
-
function network_content(&$a, $update = 0) {
require_once('include/conversation.php');
@@ -132,6 +166,7 @@ function network_content(&$a, $update = 0) {
$star = ((x($_GET,'star')) ? intval($_GET['star']) : 0);
$bmark = ((x($_GET,'bmark')) ? intval($_GET['bmark']) : 0);
$order = ((x($_GET,'order')) ? notags($_GET['order']) : 'comment');
+ $liked = ((x($_GET,'liked')) ? intval($_GET['liked']) : 0);
if(($a->argc > 2) && $a->argv[2] === 'new')
@@ -195,6 +230,7 @@ function network_content(&$a, $update = 0) {
. ((x($_GET,'star')) ? '&star=' . $_GET['star'] : '')
. ((x($_GET,'order')) ? '&order=' . $_GET['order'] : '')
. ((x($_GET,'bmark')) ? '&bmark=' . $_GET['bmark'] : '')
+ . ((x($_GET,'liked')) ? '&liked=' . $_GET['liked'] : '')
. "'; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
}
@@ -315,44 +351,27 @@ function network_content(&$a, $update = 0) {
else {
// Normal conversation view
- // Show conversation by activity date
- if($order === 'post') {
- $r = q("SELECT `item`.`id` AS `item_id`, `contact`.`uid` AS `contact_uid`
- FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
- WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `item`.`parent` = `item`.`id`
- $sql_extra
- ORDER BY `item`.`created` DESC LIMIT %d ,%d ",
- intval(local_user()),
- intval($a->pager['start']),
- intval($a->pager['itemspage'])
- );
- }
- else {
- // $order === 'comment'
- // First fetch a known number of parent items
-
- $r = q("SELECT `item`.`id` AS `item_id`, `contact`.`uid` AS `contact_uid`
- FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
- , (SELECT `_com`.`parent`,max(`_com`.`created`) as `created`
- FROM `item` AS `_com`
- WHERE `_com`.`uid`=%d AND
- (`_com`.`parent`!=`_com`.`id` OR `_com`.`id` NOT IN (SELECT `__com`.`parent` FROM `item` as `__com` WHERE `__com`.`parent`!=`__com`.`id`))
- GROUP BY `_com`.`parent` ORDER BY `created` DESC) AS `com`
- WHERE `item`.`id`=`com`.`parent` AND
- `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- $sql_extra
- ORDER BY `com`.`created` DESC LIMIT %d ,%d ",
- intval(local_user()),
- intval(local_user()),
- intval($a->pager['start']),
- intval($a->pager['itemspage'])
- );
- }
+ if($order === 'post')
+ $ordering = "`created`";
+ else
+ $ordering = "`commented`";
+
+ // Fetch a page full of parent items for this page
+
+ $r = q("SELECT `item`.`id` AS `item_id`, `contact`.`uid` AS `contact_uid`
+ FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
+ WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+ AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ AND `item`.`parent` = `item`.`id`
+ $sql_extra
+ ORDER BY `item`.$ordering DESC LIMIT %d ,%d ",
+ intval(local_user()),
+ intval($a->pager['start']),
+ intval($a->pager['itemspage'])
+ );
+
// Then fetch all the children of the parents that are on this page
$parents_arr = array();
@@ -363,48 +382,21 @@ function network_content(&$a, $update = 0) {
$parents_arr[] = $rr['item_id'];
$parents_str = implode(', ', $parents_arr);
- if($order === 'post') {
- // parent created order
- $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
- `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`writable`,
- `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
- `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
- FROM `item`, (SELECT `p`.`id`,`p`.`created` FROM `item` AS `p` WHERE `p`.`parent`=`p`.`id`) as `parentitem`, `contact`
- WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
- AND `contact`.`id` = `item`.`contact-id`
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `item`.`parent` = `parentitem`.`id` AND `item`.`parent` IN ( %s )
- $sql_extra
- ORDER BY `parentitem`.`created` DESC, `item`.`gravity` ASC, `item`.`created` ASC ",
- intval(local_user()),
- dbesc($parents_str)
- );
- }
- else {
- // $order === 'comment'
-
- $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
- `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`writable`,
- `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
- `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
- FROM `item`, `contact`,
- (SELECT `_com`.`parent`,max(`_com`.`created`) as `created`
- FROM `item` AS `_com`
- WHERE `_com`.`uid`=%d AND
- (`_com`.`parent`!=`_com`.`id` OR `_com`.`id` NOT IN (SELECT `__com`.`parent` FROM `item` as `__com` WHERE `__com`.`parent`!=`__com`.`id`))
- GROUP BY `_com`.`parent` ORDER BY `created` DESC) AS `com`
- WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
- AND `contact`.`id` = `item`.`contact-id`
- AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
- AND `item`.`parent` = `com`.`parent` AND `item`.`parent` IN ( %s )
- $sql_extra
- ORDER BY `com`.`created` DESC, `item`.`gravity` ASC, `item`.`created` ASC ",
- intval(local_user()),
- intval(local_user()),
- dbesc($parents_str)
- );
- }
- }
+ $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
+ `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`writable`,
+ `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
+ `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
+ FROM `item`, (SELECT `p`.`id`,`p`.`created`,`p`.`commented` FROM `item` AS `p` WHERE `p`.`parent`=`p`.`id`) as `parentitem`, `contact`
+ WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
+ AND `contact`.`id` = `item`.`contact-id`
+ AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
+ AND `item`.`parent` = `parentitem`.`id` AND `item`.`parent` IN ( %s )
+ $sql_extra
+ ORDER BY `parentitem`.$ordering DESC, `parentitem`.`id` ASC, `item`.`gravity` ASC, `item`.`created` ASC ",
+ intval(local_user()),
+ dbesc($parents_str)
+ );
+ }
}
// Set this so that the conversation function can find out contact info for our wall-wall items
@@ -416,7 +408,6 @@ function network_content(&$a, $update = 0) {
if(! $update) {
$o .= paginate($a);
- $o .= cc_license();
}
return $o;
diff --git a/mod/oexchange.php b/mod/oexchange.php
index 1a990c64f..53dce6446 100644
--- a/mod/oexchange.php
+++ b/mod/oexchange.php
@@ -28,9 +28,16 @@ function oexchange_content(&$a) {
return;
}
- $url = (((x($_GET,'url')) && strlen($_GET['url'])) ? notags(trim($_GET['url'])) : '');
-
- $s = fetch_url($a->get_baseurl() . '/parse_url&url=' . $url);
+ $url = (((x($_GET,'url')) && strlen($_GET['url']))
+ ? urlencode(notags(trim($_GET['url']))) : '');
+ $title = (((x($_GET,'title')) && strlen($_GET['title']))
+ ? '&title=' . urlencode(notags(trim($_GET['title']))) : '');
+ $description = (((x($_GET,'description')) && strlen($_GET['description']))
+ ? '&description=' . urlencode(notags(trim($_GET['description']))) : '');
+ $tags = (((x($_GET,'tags')) && strlen($_GET['tags']))
+ ? '&tags=' . urlencode(notags(trim($_GET['tags']))) : '');
+
+ $s = fetch_url($a->get_baseurl() . '/parse_url?f=&url=' . $url . $title . $description . $tags);
if(! strlen($s))
return;
diff --git a/mod/openid.php b/mod/openid.php
index 3c3293147..b8734f023 100644
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -56,7 +56,7 @@ function openid_content(&$a) {
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
- FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
+ FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
dbesc($_SESSION['openid'])
);
if(! count($r)) {
diff --git a/mod/parse_url.php b/mod/parse_url.php
index 79c336ddc..a238ecb2f 100644
--- a/mod/parse_url.php
+++ b/mod/parse_url.php
@@ -3,15 +3,36 @@
require_once('library/HTML5/Parser.php');
require_once('library/HTMLPurifier.auto.php');
+function arr_add_hashes(&$item,$k) {
+ $item = '#' . $item;
+}
+
function parse_url_content(&$a) {
- logger('parse_url: ' . $_GET['url']);
+ $text = null;
+ $str_tags = '';
+
+ if(x($_GET,'binurl'))
+ $url = trim(hex2bin($_GET['binurl']));
+ else
+ $url = trim($_GET['url']);
- $url = trim(hex2bin($_GET['url']));
+ if($_GET['title'])
+ $title = strip_tags(trim($_GET['title']));
+
+ if($_GET['description'])
+ $text = strip_tags(trim($_GET['description']));
+
+ if($_GET['tags']) {
+ $arr_tags = str_getcsv($_GET['tags']);
+ if(count($arr_tags)) {
+ array_walk($arr_tags,'arr_add_hashes');
+ $str_tags = '<br />' . implode(' ',$arr_tags) . '<br />';
+ }
+ }
logger('parse_url: ' . $url);
- $text = null;
$template = "<br /><a class=\"bookmark\" href=\"%s\" >%s</a>%s<br />";
@@ -25,6 +46,20 @@ function parse_url_content(&$a) {
killme();
}
+ if($url && $title && $text) {
+
+ $text = '<br /><br /><blockquote>' . $text . '</blockquote><br />';
+ $title = str_replace(array("\r","\n"),array('',''),$title);
+
+ $result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags;
+
+ logger('parse_url (unparsed): returns: ' . $result);
+
+ echo $result;
+ killme();
+ }
+
+
if($url) {
$s = fetch_url($url);
} else {
@@ -35,14 +70,16 @@ function parse_url_content(&$a) {
logger('parse_url: data: ' . $s, LOGGER_DATA);
if(! $s) {
- echo sprintf($template,$url,$url,'');
+ echo sprintf($template,$url,$url,'') . $str_tags;
killme();
}
- if(strpos($s,'<title>')) {
- $title = substr($s,strpos($s,'<title>')+7,64);
- if(strpos($title,'<') !== false)
- $title = strip_tags(substr($title,0,strpos($title,'<')));
+ if(! $title) {
+ if(strpos($s,'<title>')) {
+ $title = substr($s,strpos($s,'<title>')+7,64);
+ if(strpos($title,'<') !== false)
+ $title = strip_tags(substr($title,0,strpos($title,'<')));
+ }
}
$config = HTMLPurifier_Config::createDefault();
@@ -56,7 +93,7 @@ function parse_url_content(&$a) {
$dom = @HTML5_Parser::parse($s);
if(! $dom) {
- echo sprintf($template,$url,$url,'');
+ echo sprintf($template,$url,$url,'') . $str_tags;
killme();
}
@@ -69,48 +106,51 @@ function parse_url_content(&$a) {
}
}
- $divs = $dom->getElementsByTagName('div');
- if($divs) {
- foreach($divs as $div) {
- $class = $div->getAttribute('class');
- if($class && (stristr($class,'article') || stristr($class,'content'))) {
- $items = $div->getElementsByTagName('p');
- if($items) {
- foreach($items as $item) {
- $text = $item->textContent;
- if(stristr($text,'<script')) {
- $text = '';
- continue;
- }
- $text = strip_tags($text);
- if(strlen($text) < 100) {
- $text = '';
- continue;
+
+ if(! $text) {
+ $divs = $dom->getElementsByTagName('div');
+ if($divs) {
+ foreach($divs as $div) {
+ $class = $div->getAttribute('class');
+ if($class && (stristr($class,'article') || stristr($class,'content'))) {
+ $items = $div->getElementsByTagName('p');
+ if($items) {
+ foreach($items as $item) {
+ $text = $item->textContent;
+ if(stristr($text,'<script')) {
+ $text = '';
+ continue;
+ }
+ $text = strip_tags($text);
+ if(strlen($text) < 100) {
+ $text = '';
+ continue;
+ }
+ $text = substr($text,0,250) . '...' ;
+ break;
}
- $text = substr($text,0,250) . '...' ;
- break;
}
}
+ if($text)
+ break;
}
- if($text)
- break;
}
- }
- if(! $text) {
- $items = $dom->getElementsByTagName('p');
- if($items) {
- foreach($items as $item) {
- $text = $item->textContent;
- if(stristr($text,'<script'))
- continue;
- $text = strip_tags($text);
- if(strlen($text) < 100) {
- $text = '';
- continue;
+ if(! $text) {
+ $items = $dom->getElementsByTagName('p');
+ if($items) {
+ foreach($items as $item) {
+ $text = $item->textContent;
+ if(stristr($text,'<script'))
+ continue;
+ $text = strip_tags($text);
+ if(strlen($text) < 100) {
+ $text = '';
+ continue;
+ }
+ $text = substr($text,0,250) . '...' ;
+ break;
}
- $text = substr($text,0,250) . '...' ;
- break;
}
}
}
@@ -119,9 +159,9 @@ function parse_url_content(&$a) {
$text = '<br /><br /><blockquote>' . $text . '</blockquote><br />';
}
- $title = str_replace("\n",'',$title);
+ $title = str_replace(array("\r","\n"),array('',''),$title);
- $result = sprintf($template,$url,($title) ? $title : $url,$text);
+ $result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags;
logger('parse_url: returns: ' . $result);
diff --git a/mod/photos.php b/mod/photos.php
index b74ca85d7..cb7df15cc 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -33,13 +33,18 @@ function photos_init(&$a) {
if(count($albums)) {
$a->data['albums'] = $albums;
- $o .= '<h4><a href="' . $a->get_baseurl() . '/profile/' . $a->data['user']['nickname'] . '">' . $a->data['user']['username'] . '</a></h4>';
- $o .= '<h4>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '">' . t('Photo Albums') . '</a></h4>';
-
+ $o .= '<div class="vcard">';
+ $o .= '<div class="fn">' . $a->data['user']['username'] . '</h4>';
+ $o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_baseurl() . '/photo/profile/' . $a->data['user']['uid'] . '.jpg" alt="' . $a->data['user']['username'] . '" /></div>';
+ $o .= '</div>';
+
+ $o .= '<div id="side-bar-photos-albums" class="widget">';
+ $o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '">' . t('Photo Albums') . '</a></h4>';
+
$o .= '<ul>';
foreach($albums as $album) {
- // don't show contact photos. We once trasnlated this name, but then you could still access it under
+ // don't show contact photos. We once translated this name, but then you could still access it under
// a different language setting. Now we store the name in English and check in English (and translated for legacy albums).
if((! strlen($album['album'])) || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos')))
@@ -887,9 +892,9 @@ function photos_content(&$a) {
'$nickname' => $a->data['user']['nickname'],
'$newalbum' => t('New album name: '),
'$existalbumtext' => t('or existing album name: '),
- '$albumselect' => $albumselect,
+ '$albumselect' => template_escape($albumselect),
'$permissions' => t('Permissions'),
- '$aclselect' => (($visitor) ? '' : populate_acl($a->user, $celeb)),
+ '$aclselect' => (($visitor) ? '' : template_escape(populate_acl($a->user, $celeb))),
'$uploader' => $ret['addon_text'],
'$default' => (($ret['default_upload']) ? $default_upload : ''),
'$uploadurl' => $ret['post_url']
@@ -930,7 +935,7 @@ function photos_content(&$a) {
$o .= replace_macros($edit_tpl,array(
'$nametext' => t('New album name: '),
'$nickname' => $a->data['user']['nickname'],
- '$album' => $album,
+ '$album' => template_escape($album),
'$hexalbum' => bin2hex($album),
'$submit' => t('Submit'),
'$dropsubmit' => t('Delete Album')
@@ -955,8 +960,8 @@ function photos_content(&$a) {
'$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'],
'$phototitle' => t('View Photo'),
'$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.jpg',
- '$imgalt' => $rr['filename'],
- '$desc'=> $rr['desc']
+ '$imgalt' => template_escape($rr['filename']),
+ '$desc'=> template_escape($rr['desc'])
));
}
@@ -982,7 +987,15 @@ function photos_content(&$a) {
);
if(! count($ph)) {
- notice( t('Photo not available') . EOL );
+ $ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
+ LIMIT 1",
+ intval($owner_uid),
+ dbesc($datum)
+ );
+ if(count($ph))
+ notice( t('Permission denied. Access to this item may be restricted.'));
+ else
+ notice( t('Photo not available') . EOL );
return;
}
@@ -1007,8 +1020,9 @@ function photos_content(&$a) {
break;
}
}
- $prevlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] ;
- $nextlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] ;
+ $edit_suffix = ((($cmd === 'edit') && ($can_post)) ? '/edit' : '');
+ $prevlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix;
+ $nextlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix;
}
@@ -1031,7 +1045,7 @@ function photos_content(&$a) {
if($can_post && ($ph[0]['uid'] == $owner_uid)) {
$tools = array(
- 'edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/edit', t('Edit photo')),
+ 'edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . (($cmd === 'edit') ? '' : '/edit'), (($cmd === 'edit') ? t('View photo') : t('Edit photo'))),
'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource-id'], t('Use as profile photo')),
);
@@ -1130,16 +1144,16 @@ function photos_content(&$a) {
$edit_tpl = get_markup_template('photo_edit.tpl');
$edit = replace_macros($edit_tpl, array(
'$id' => $ph[0]['id'],
- '$album' => $ph[0]['album'],
+ '$album' => template_escape($ph[0]['album']),
'$newalbum' => t('New album name'),
'$nickname' => $a->data['user']['nickname'],
'$resource_id' => $ph[0]['resource-id'],
'$capt_label' => t('Caption'),
- '$caption' => $ph[0]['desc'],
+ '$caption' => template_escape($ph[0]['desc']),
'$tag_label' => t('Add a Tag'),
'$tags' => $link_item['tag'],
'$permissions' => t('Permissions'),
- '$aclselect' => populate_acl($ph[0]),
+ '$aclselect' => template_escape(populate_acl($ph[0])),
'$help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'),
'$item_id' => ((count($linked_items)) ? $link_item['id'] : 0),
'$submit' => t('Submit'),
@@ -1285,11 +1299,11 @@ function photos_content(&$a) {
$comments .= replace_macros($template,array(
'$id' => $item['item_id'],
'$profile_url' => $profile_link,
- '$name' => $profile_name,
+ '$name' => template_escape($profile_name),
'$thumb' => $profile_avatar,
'$sparkle' => $sparkle,
- '$title' => $item['title'],
- '$body' => bbcode($item['body']),
+ '$title' => template_escape($item['title']),
+ '$body' => template_escape(bbcode($item['body'])),
'$ago' => relative_date($item['created']),
'$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
'$drop' => $drop,
@@ -1304,18 +1318,18 @@ function photos_content(&$a) {
$photo_tpl = get_markup_template('photo_view.tpl');
$o .= replace_macros($photo_tpl, array(
'$id' => $ph[0]['id'],
- '$album' => array($album_link,$ph[0]['album']),
+ '$album' => array($album_link,template_escape($ph[0]['album'])),
'$tools' => $tools,
'$lock' => $lock,
'$photo' => $photo,
'$prevlink' => $prevlink,
'$nextlink' => $nextlink,
'$desc' => $ph[0]['desc'],
- '$tags' => $tags,
+ '$tags' => template_escape($tags),
'$edit' => $edit,
'$likebuttons' => $likebuttons,
- '$like' => $like,
- '$dislike' => $dislike,
+ '$like' => template_escape($like),
+ '$dislike' => template_escape($dislike),
'$comments' => $comments,
'$paginate' => $paginate,
));
@@ -1363,9 +1377,9 @@ function photos_content(&$a) {
'$phototitle' => t('View Photo'),
'$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . ((($rr['scale']) == 6) ? 4 : $rr['scale']) . '.jpg',
'$albumlink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($rr['album']),
- '$albumname' => $rr['album'],
+ '$albumname' => template_escape($rr['album']),
'$albumalt' => t('View Album'),
- '$imgalt' => $rr['filename']
+ '$imgalt' => template_escape($rr['filename'])
));
}
diff --git a/mod/profile.php b/mod/profile.php
index 66fa17554..50bbdd46e 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -239,7 +239,6 @@ function profile_content(&$a, $update = 0) {
if(! $update) {
$o .= paginate($a);
- $o .= cc_license();
}
return $o;
diff --git a/mod/pubsub.php b/mod/pubsub.php
index 4dff5d531..b2f006927 100644
--- a/mod/pubsub.php
+++ b/mod/pubsub.php
@@ -44,7 +44,7 @@ function pubsub_init(&$a) {
$subscribe = (($hub_mode === 'subscribe') ? 1 : 0);
- $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
+ $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 LIMIT 1",
dbesc($nick)
);
if(! count($r))
@@ -99,7 +99,7 @@ function pubsub_post(&$a) {
$nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : '');
$contact_id = (($a->argc > 2) ? intval($a->argv[2]) : 0 );
- $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
+ $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 LIMIT 1",
dbesc($nick)
);
if(! count($r))
diff --git a/mod/receive.php b/mod/receive.php
index 34128518b..950bf0bd3 100644
--- a/mod/receive.php
+++ b/mod/receive.php
@@ -12,18 +12,26 @@ require_once('include/diaspora.php');
function receive_post(&$a) {
- if($a->argc != 3 || $a->argv[1] !== 'users')
- http_status_exit(500);
+ $public = false;
- $guid = $a->argv[2];
+ if(($a->argc == 2) && ($a->argv[1] === 'public')) {
+ $public = true;
+ }
+ else {
- $r = q("SELECT * FROM `user` WHERE `guid` = '%s' LIMIT 1",
- dbesc($guid)
- );
- if(! count($r))
- http_status_exit(500);
+ if($a->argc != 3 || $a->argv[1] !== 'users')
+ http_status_exit(500);
+
+ $guid = $a->argv[2];
+
+ $r = q("SELECT * FROM `user` WHERE `guid` = '%s' AND `account_expired` = 0 LIMIT 1",
+ dbesc($guid)
+ );
+ if(! count($r))
+ http_status_exit(500);
- $importer = $r[0];
+ $importer = $r[0];
+ }
// It is an application/x-www-form-urlencoded
@@ -41,9 +49,13 @@ function receive_post(&$a) {
if(! is_array($msg))
http_status_exit(500);
- diaspora_dispatch($importer,$msg);
+ $ret = 0;
+ if($public)
+ diaspora_dispatch_public($msg);
+ else
+ $ret = diaspora_dispatch($importer,$msg);
- http_status_exit(200);
+ http_status_exit(($ret) ? $ret : 200);
// NOTREACHED
}
diff --git a/mod/register.php b/mod/register.php
index 5fceebd4b..85e1f9faa 100644
--- a/mod/register.php
+++ b/mod/register.php
@@ -501,8 +501,7 @@ function register_content(&$a) {
}
- $license = cc_license();
-
+ $license = '';
$o = get_markup_template("register.tpl");
$o = replace_macros($o, array(
diff --git a/mod/salmon.php b/mod/salmon.php
index 0264e820d..6172d17a1 100644
--- a/mod/salmon.php
+++ b/mod/salmon.php
@@ -25,12 +25,12 @@ function salmon_post(&$a) {
$xml = file_get_contents('php://input');
- logger('mod-salmon: new salmon ' . $xml);
+ logger('mod-salmon: new salmon ' . $xml, LOGGER_DATA);
$nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : '');
$mentions = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false);
- $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
+ $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 LIMIT 1",
dbesc($nick)
);
if(! count($r))
diff --git a/mod/search.php b/mod/search.php
index 3264948be..396b50738 100644
--- a/mod/search.php
+++ b/mod/search.php
@@ -9,8 +9,9 @@ function search_saved_searches() {
);
if(count($r)) {
+ $o .= '<div id="saved-search-list" class="widget">';
$o .= '<h3>' . t('Saved Searches') . '</h3>' . "\r\n";
- $o .= '<div id="saved-search-list"><ul id="saved-search-ul">' . "\r\n";
+ $o .= '<ul id="saved-search-ul">' . "\r\n";
foreach($r as $rr) {
$o .= '<li class="saved-search-li clear"><a href="search/?f=&remove=1&search=' . $rr['term'] . '" class="icon drophide savedsearchdrop" title="' . t('Remove term') . '" onclick="return confirmDelete();" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a> <a href="search/?f&search=' . $rr['term'] . '" class="savedsearchterm" >' . $rr['term'] . '</a></li>' . "\r\n";
}
@@ -142,12 +143,11 @@ function search_content(&$a) {
);
-
+ $o .= '<h2>Search results for: ' . $search . '</h2>';
$o .= conversation($a,$r,'search',false);
$o .= paginate($a);
- $o .= cc_license();
return $o;
}
diff --git a/mod/xrd.php b/mod/xrd.php
index fcec74336..dae6e4828 100644
--- a/mod/xrd.php
+++ b/mod/xrd.php
@@ -45,6 +45,7 @@ function xrd_init(&$a) {
'$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'],
'$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['nickname'],
'$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'],
+ '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['nickname'],
'$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg',
'$dspr' => $dspr,
'$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'],