diff options
| author | Fabio Comuni <fabrix.xm@gmail.com> | 2012-03-22 14:56:23 +0100 |
|---|---|---|
| committer | Fabio Comuni <fabrix.xm@gmail.com> | 2012-03-22 14:56:23 +0100 |
| commit | d5a6e7b1767ebc337f31745984f1ce0904b77780 (patch) | |
| tree | 29355722fb8a3e993884e852a254277c80e90de4 /mod | |
| parent | e193091dfe348c5430c3a303947dbe7a6eced374 (diff) | |
| parent | 622b25df5f2d1ab21c9e23047bc0c98bfe72bad0 (diff) | |
| download | volse-hubzilla-d5a6e7b1767ebc337f31745984f1ce0904b77780.tar.gz volse-hubzilla-d5a6e7b1767ebc337f31745984f1ce0904b77780.tar.bz2 volse-hubzilla-d5a6e7b1767ebc337f31745984f1ce0904b77780.zip | |
Merge remote-tracking branch 'friendica/master'
Diffstat (limited to 'mod')
| -rwxr-xr-x | mod/community.php | 12 | ||||
| -rwxr-xr-x | mod/contacts.php | 5 | ||||
| -rw-r--r-- | mod/delegate.php | 2 | ||||
| -rw-r--r-- | mod/dfrn_confirm.php | 2 | ||||
| -rwxr-xr-x | mod/item.php | 10 | ||||
| -rwxr-xr-x | mod/lostpass.php | 9 | ||||
| -rwxr-xr-x | mod/notifications.php | 4 | ||||
| -rwxr-xr-x | mod/openid.php | 111 | ||||
| -rwxr-xr-x | mod/photo.php | 26 | ||||
| -rwxr-xr-x | mod/register.php | 10 | ||||
| -rwxr-xr-x | mod/regmod.php | 5 | ||||
| -rwxr-xr-x | mod/search.php | 7 |
12 files changed, 131 insertions, 72 deletions
diff --git a/mod/community.php b/mod/community.php index a98999942..f8cc3305b 100755 --- a/mod/community.php +++ b/mod/community.php @@ -41,15 +41,16 @@ function community_content(&$a, $update = 0) { // Here is the way permissions work in this module... - // Only public wall posts can be shown + // Only public posts can be shown // OR your own posts if you are a logged in member $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 + AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' + AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' + AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 " ); @@ -69,8 +70,9 @@ function community_content(&$a, $update = 0) { FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 + AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' + AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' + AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 ORDER BY `received` DESC LIMIT %d, %d ", intval($a->pager['start']), diff --git a/mod/contacts.php b/mod/contacts.php index 78c8d4092..8aa51d00a 100755 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -396,6 +396,11 @@ function contacts_content(&$a) { $tabs = array( array( + 'label' => t('Suggestions'), + 'url' => $a->get_baseurl(true) . '/suggest', + 'sel' => '', + ), + array( 'label' => t('All Contacts'), 'url' => $a->get_baseurl(true) . '/contacts/all', 'sel' => ($all) ? 'active' : '', diff --git a/mod/delegate.php b/mod/delegate.php index c19df0681..8c5031859 100644 --- a/mod/delegate.php +++ b/mod/delegate.php @@ -86,7 +86,7 @@ function delegate_content(&$a) { $r = q("select nurl from contact where substring_index(contact.nurl,'/',3) = '%s' and contact.uid = %d and contact.self = 0 and network = '%s' ", - dbesc($a->get_baseurl()), + dbesc(normalise_link($a->get_baseurl())), intval(local_user()), dbesc(NETWORK_DFRN) ); diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 2f4fb7045..efb5be3a4 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -655,7 +655,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { if(count($r)) $photo = $r[0]['photo']; else - $photo = $a->get_baseurl() . '/images/default-profile.jpg'; + $photo = $a->get_baseurl() . '/images/person-175.jpg'; require_once("Photo.php"); diff --git a/mod/item.php b/mod/item.php index fe570075f..ee6c5c9a7 100755 --- a/mod/item.php +++ b/mod/item.php @@ -243,6 +243,7 @@ function item_post(&$a) { } + if(! strlen($body)) { if($preview) killme(); @@ -253,6 +254,15 @@ function item_post(&$a) { } } + // Work around doubled linefeeds in Tinymce 3.5b2 + // First figure out if it's a status post that would've been + // created using tinymce. Otherwise leave it alone. + + $plaintext = (local_user() ? intval(get_pconfig(local_user(),'system','plaintext')) : 0); + if((! $parent) && (! $api_source) && (! $plaintext)) { + $body = str_replace("\r\n","\n",$body); + $body = str_replace("\n\n","\n",$body); + } // get contact info for poster diff --git a/mod/lostpass.php b/mod/lostpass.php index b71398fa4..57e6d6965 100755 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -3,13 +3,13 @@ function lostpass_post(&$a) { - $email = notags(trim($_POST['login-name'])); - if(! $email) + $loginame = notags(trim($_POST['login-name'])); + if(! $loginame) goaway(z_root()); $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1", - dbesc($email), - dbesc($email) + dbesc($loginame), + dbesc($loginame) ); if(! count($r)) { @@ -19,6 +19,7 @@ function lostpass_post(&$a) { $uid = $r[0]['uid']; $username = $r[0]['username']; + $email = $r[0]['email']; $new_password = autoname(12) . mt_rand(100,9999); $new_password_encoded = hash('whirlpool',$new_password); diff --git a/mod/notifications.php b/mod/notifications.php index d478b5163..ff131010f 100755 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -143,7 +143,7 @@ function notifications_content(&$a) { '$intro_id' => $rr['intro_id'], '$madeby' => sprintf( t('suggested by %s'),$rr['name']), '$contact_id' => $rr['contact-id'], - '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/default-profile.jpg"), + '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/person-175.jpg"), '$fullname' => $rr['fname'], '$url' => $rr['furl'], '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''), @@ -191,7 +191,7 @@ function notifications_content(&$a) { '$uid' => $_SESSION['uid'], '$intro_id' => $rr['intro_id'], '$contact_id' => $rr['contact-id'], - '$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/default-profile.jpg"), + '$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/person-175.jpg"), '$fullname' => $rr['name'], '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''), '$activity' => array('activity', t('Post a new friend activity'), 1, t('if applicable')), diff --git a/mod/openid.php b/mod/openid.php index 0be48060e..e2cea7d85 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -13,72 +13,81 @@ function openid_content(&$a) { logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) { + $openid = new LightOpenID; if($openid->validate()) { - if(x($_SESSION,'register')) { - unset($_SESSION['register']); - $args = ''; - $attr = $openid->getAttributes(); - if(is_array($attr) && count($attr)) { - foreach($attr as $k => $v) { - if($k === 'namePerson/friendly') - $nick = notags(trim($v)); - if($k === 'namePerson/first') - $first = notags(trim($v)); - if($k === 'namePerson') - $args .= '&username=' . notags(trim($v)); - if($k === 'contact/email') - $args .= '&email=' . notags(trim($v)); - if($k === 'media/image/aspect11') - $photosq = bin2hex(trim($v)); - if($k === 'media/image/default') - $photo = bin2hex(trim($v)); - } - } - if($nick) - $args .= '&nickname=' . $nick; - elseif($first) - $args .= '&nickname=' . $first; - - if($photosq) - $args .= '&photo=' . $photosq; - elseif($photo) - $args .= '&photo=' . $photo; - - $args .= '&openid_url=' . notags(trim($_SESSION['openid'])); - if($a->config['register_policy'] != REGISTER_CLOSED) - goaway($a->get_baseurl() . '/register' . $args); - else - goaway(z_root()); - - // NOTREACHED - } - $authid = normalise_openid($_REQUEST['openid_identity']); - if(! strlen($authid)) - goaway(z_root()); + if(! strlen($authid)) { + logger( t('OpenID protocol error. No ID returned.') . EOL); + goaway(z_root()); + } $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` - FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", + FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 + AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc($authid) ); - if(! count($r)) { - notice( t('Login failed.') . EOL ); + if($r && count($r)) { + + // successful OpenID login + + unset($_SESSION['openid']); + + require_once('include/security.php'); + authenticate_success($r[0],true,true); + + // just in case there was no return url set + // and we fell through + goaway(z_root()); - } - unset($_SESSION['openid']); + } + + // Successful OpenID login - but we can't match it to an existing account. + // New registration? + + if($a->config['register_policy'] == REGISTER_CLOSED) { + notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL); + goaway(z_root()); + } + + unset($_SESSION['register']); + $args = ''; + $attr = $openid->getAttributes(); + if(is_array($attr) && count($attr)) { + foreach($attr as $k => $v) { + if($k === 'namePerson/friendly') + $nick = notags(trim($v)); + if($k === 'namePerson/first') + $first = notags(trim($v)); + if($k === 'namePerson') + $args .= '&username=' . notags(trim($v)); + if($k === 'contact/email') + $args .= '&email=' . notags(trim($v)); + if($k === 'media/image/aspect11') + $photosq = bin2hex(trim($v)); + if($k === 'media/image/default') + $photo = bin2hex(trim($v)); + } + } + if($nick) + $args .= '&nickname=' . $nick; + elseif($first) + $args .= '&nickname=' . $first; + + if($photosq) + $args .= '&photo=' . $photosq; + elseif($photo) + $args .= '&photo=' . $photo; - require_once('include/security.php'); - authenticate_success($r[0],true,true); + $args .= '&openid_url=' . notags(trim($authid)); - // just in case there was no return url set - // and we fell through + goaway($a->get_baseurl() . '/register' . $args); - goaway(z_root()); + // NOTREACHED } } notice( t('Login failed.') . EOL); diff --git a/mod/photo.php b/mod/photo.php index c4a93769a..3a7025120 100755 --- a/mod/photo.php +++ b/mod/photo.php @@ -23,7 +23,7 @@ function photo_init(&$a) { // NOTREACHED } - $default = 'images/default-profile.jpg'; + $default = 'images/person-175.jpg'; if(isset($type)) { @@ -39,12 +39,12 @@ function photo_init(&$a) { break; case 'micro': $resolution = 6; - $default = 'images/default-profile-mm.jpg'; + $default = 'images/person-48.jpg'; break; case 'avatar': default: $resolution = 5; - $default = 'images/default-profile-sm.jpg'; + $default = 'images/person-80.jpg'; break; } @@ -115,8 +115,24 @@ function photo_init(&$a) { } if(! isset($data)) { - killme(); - // NOTREACHED + if(isset($resolution)) { + switch($resolution) { + + case 4: + $data = file_get_contents('images/person-175.jpg'); + break; + case 5: + $data = file_get_contents('images/person-80.jpg'); + break; + case 6: + $data = file_get_contents('images/person-48.jpg'); + break; + default: + killme(); + // NOTREACHED + break; + } + } } if(isset($customres) && $customres > 0 && $customres < 500) { diff --git a/mod/register.php b/mod/register.php index 388b3e250..6d0e2700b 100755 --- a/mod/register.php +++ b/mod/register.php @@ -150,6 +150,16 @@ function register_post(&$a) { if(count($r)) $err .= t('Nickname is already registered. Please choose another.') . EOL; + // Check deleted accounts that had this nickname. Doesn't matter to us, + // but could be a security issue for federated platforms. + + $r = q("SELECT * FROM `userd` + WHERE `username` = '%s' LIMIT 1", + dbesc($nickname) + ); + if(count($r)) + $err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL; + if(strlen($err)) { notice( $err ); return; diff --git a/mod/regmod.php b/mod/regmod.php index 17e728ba2..21f41eb01 100755 --- a/mod/regmod.php +++ b/mod/regmod.php @@ -64,6 +64,11 @@ function user_allow($hash) { } + +// This does not have to go through user_remove() and save the nickname +// permanently against re-registration, as the person was not yet +// allowed to have friends on this system + function user_deny($hash) { $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", diff --git a/mod/search.php b/mod/search.php index 386592ea1..50e7a6abc 100755 --- a/mod/search.php +++ b/mod/search.php @@ -93,8 +93,9 @@ function search_content(&$a) { return $o; // Here is the way permissions work in the search module... - // Only public wall posts can be shown + // Only public posts can be shown // OR your own posts if you are a logged in member + // No items will be shown if the member has a blocked profile wall. $s_regx = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\[')); @@ -104,7 +105,7 @@ function search_content(&$a) { $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0) + AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0) OR `item`.`uid` = %d ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $search_alg ", @@ -127,7 +128,7 @@ function search_content(&$a) { FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) + AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) OR `item`.`uid` = %d ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $search_alg |