diff options
author | friendica <info@friendica.com> | 2014-03-26 22:05:19 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-03-26 22:05:19 -0700 |
commit | 5a3903a40c508a6b5e9a90986564e5c4918223cc (patch) | |
tree | a06da99eeb144b36b0c610f99d1236129c9f5226 /mod | |
parent | a00c581e272af71eb064a1a29edd3334d9148d9d (diff) | |
download | volse-hubzilla-5a3903a40c508a6b5e9a90986564e5c4918223cc.tar.gz volse-hubzilla-5a3903a40c508a6b5e9a90986564e5c4918223cc.tar.bz2 volse-hubzilla-5a3903a40c508a6b5e9a90986564e5c4918223cc.zip |
firehose testing (network?f=&fh=1) - some possible security bugs so testing purposes only
Diffstat (limited to 'mod')
-rw-r--r-- | mod/community.php | 105 | ||||
-rw-r--r-- | mod/network.php | 28 |
2 files changed, 19 insertions, 114 deletions
diff --git a/mod/community.php b/mod/community.php deleted file mode 100644 index e4c6e6b04..000000000 --- a/mod/community.php +++ /dev/null @@ -1,105 +0,0 @@ -<?php - -function community_init(&$a) { - if(! local_user()) { - unset($_SESSION['theme']); - unset($_SESSION['mobile_theme']); - } - - -} - - -function community_content(&$a, $update = 0) { - - $o = ''; - - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { - notice( t('Public access denied.') . EOL); - return; - } - - if(get_config('system','no_community_page')) { - notice( t('Not available.') . EOL); - return; - } - - require_once("include/bbcode.php"); - require_once('include/security.php'); - require_once('include/conversation.php'); - - - $o .= '<h3>' . t('Community') . '</h3>'; - if(! $update) { - nav_set_selected('community'); - $o .= '<div id="live-community"></div>' . "\r\n"; - $o .= "<script> var profile_uid = -1; var netargs = '/?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; - } - - if(x($a->data,'search')) - $search = notags(trim($a->data['search'])); - else - $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); - - - // Here is the way permissions work in this module... - // Only public posts can be shown - // OR your own posts if you are a logged in member - - if(! get_pconfig(local_user(),'system','alt_pager')) { - $r = q("SELECT COUNT(distinct(`item`.`mid`)) AS `total` - FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` - WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' - AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0" - ); - - if(count($r)) - $a->set_pager_total($r[0]['total']); - - if(! $r[0]['total']) { - info( t('No results.') . EOL); - return $o; - } - - } - - $r = q("SELECT distinct(`item`.`mid`), `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`, - `user`.`nickname`, `user`.`hidewall` - FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` - WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' - AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 group by `item`.`mid` - ORDER BY `received` DESC LIMIT %d, %d ", - intval($a->pager['start']), - intval($a->pager['itemspage']) - - ); - - if(! count($r)) { - info( t('No results.') . EOL); - return $o; - } - - // we behave the same in message lists as the search module - - $o .= conversation($a,$r,'community',$update); - - if(! get_pconfig(local_user(),'system','alt_pager')) { - $o .= paginate($a); - } - else { - $o .= alt_pager($a,count($r)); - } - - return $o; -} - diff --git a/mod/network.php b/mod/network.php index 191fe55ed..4508d41be 100644 --- a/mod/network.php +++ b/mod/network.php @@ -100,6 +100,7 @@ function network_content(&$a, $update = 0, $load = false) { $spam = ((x($_GET,'spam')) ? intval($_GET['spam']) : 0); $cmin = ((x($_GET,'cmin')) ? intval($_GET['cmin']) : 0); $cmax = ((x($_GET,'cmax')) ? intval($_GET['cmax']) : 99); + $firehose = ((x($_GET,'fh')) ? intval($_GET['fh']) : 0); $file = ((x($_GET,'file')) ? $_GET['file'] : ''); @@ -218,6 +219,7 @@ function network_content(&$a, $update = 0, $load = false) { . ((x($_GET,'cmin')) ? '&cmin=' . $_GET['cmin'] : '') . ((x($_GET,'cmax')) ? '&cmax=' . $_GET['cmax'] : '') . ((x($_GET,'file')) ? '&file=' . $_GET['file'] : '') + . ((x($_GET,'fh')) ? '&fh=' . $_GET['fh'] : '') . "'; var profile_page = " . $a->pager['page'] . ";</script>"; @@ -235,6 +237,7 @@ function network_content(&$a, $update = 0, $load = false) { '$liked' => (($liked) ? $liked : '0'), '$conv' => (($conv) ? $conv : '0'), '$spam' => (($spam) ? $spam : '0'), + '$fh' => (($firehose) ? $firehose : '0'), '$nouveau' => (($nouveau) ? $nouveau : '0'), '$wall' => '0', '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), @@ -316,6 +319,16 @@ function network_content(&$a, $update = 0, $load = false) { } + if($firehose) { + require_once('include/identity.php'); + $sys = get_sys_channel(); + $uids = " and item.uid in ( " . intval(local_user()) . "," . intval($sys['channel_id']) . ") "; + } + else { + $uids = " and item.uid = " . local_user() . " "; + } + + $simple_update = (($update) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : ''); if($load) $simple_update = ''; @@ -354,12 +367,11 @@ function network_content(&$a, $update = 0, $load = false) { $r = q("SELECT distinct item.id AS item_id FROM item left join abook on item.author_xchan = abook.abook_xchan - WHERE item.uid = %d AND item.item_restrict = 0 + WHERE true $uids AND item.item_restrict = 0 AND item.parent = item.id and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets + $sql_extra3 $sql_extra $sql_nets group by item.mid ORDER BY item.$ordering DESC $pager_sql ", - intval(local_user()), intval(ABOOK_FLAG_BLOCKED) ); @@ -368,10 +380,9 @@ function network_content(&$a, $update = 0, $load = false) { // update $r = q("SELECT item.parent AS item_id FROM item left join abook on item.author_xchan = abook.abook_xchan - WHERE item.uid = %d AND item.item_restrict = 0 $simple_update + WHERE true $uids AND item.item_restrict = 0 $simple_update and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets ", - intval(local_user()), + $sql_extra3 $sql_extra $sql_nets group by item.mid ", intval(ABOOK_FLAG_BLOCKED) ); @@ -388,10 +399,9 @@ function network_content(&$a, $update = 0, $load = false) { $parents_str = ids_to_querystr($r,'item_id'); $items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item` - WHERE `item`.`uid` = %d AND `item`.`item_restrict` = 0 + WHERE true $uids AND `item`.`item_restrict` = 0 AND `item`.`parent` IN ( %s ) - $sql_extra ", - intval(local_user()), + $sql_extra group by item.mid", dbesc($parents_str) ); |