aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorMichael Vogel <icarus@dabo.de>2012-03-28 19:52:30 +0200
committerMichael Vogel <icarus@dabo.de>2012-03-28 19:52:30 +0200
commitbdd275474044152a5d9a33ea6b8a8071b931d27e (patch)
treeb10c2b68e0236925992449786d70f45aaca21984 /mod
parent792edfe9c834e3daeae598727e4cb15dc0ff8475 (diff)
parente894775a39920edc0e438364c818357ab809bace (diff)
downloadvolse-hubzilla-bdd275474044152a5d9a33ea6b8a8071b931d27e.tar.gz
volse-hubzilla-bdd275474044152a5d9a33ea6b8a8071b931d27e.tar.bz2
volse-hubzilla-bdd275474044152a5d9a33ea6b8a8071b931d27e.zip
Merge commit 'upstream/master'
Diffstat (limited to 'mod')
-rwxr-xr-xmod/acl.php10
-rwxr-xr-xmod/admin.php12
-rwxr-xr-xmod/community.php12
-rwxr-xr-xmod/contacts.php5
-rw-r--r--mod/delegate.php2
-rw-r--r--mod/dfrn_confirm.php8
-rwxr-xr-xmod/dfrn_notify.php12
-rwxr-xr-xmod/dfrn_poll.php27
-rwxr-xr-xmod/directory.php17
-rwxr-xr-xmod/display.php10
-rwxr-xr-xmod/editpost.php2
-rwxr-xr-xmod/filer.php16
-rwxr-xr-xmod/friendica.php19
-rwxr-xr-xmod/group.php26
-rwxr-xr-xmod/invite.php21
-rwxr-xr-xmod/item.php223
-rwxr-xr-xmod/lostpass.php9
-rwxr-xr-xmod/message.php9
-rwxr-xr-xmod/network.php22
-rwxr-xr-xmod/notifications.php4
-rwxr-xr-xmod/openid.php112
-rwxr-xr-xmod/photo.php26
-rwxr-xr-xmod/photos.php34
-rw-r--r--mod/pretheme.php16
-rwxr-xr-xmod/profile.php2
-rwxr-xr-xmod/profile_photo.php2
-rwxr-xr-xmod/register.php10
-rwxr-xr-xmod/regmod.php5
-rwxr-xr-xmod/search.php7
-rwxr-xr-xmod/settings.php22
-rwxr-xr-xmod/viewsrc.php7
31 files changed, 448 insertions, 261 deletions
diff --git a/mod/acl.php b/mod/acl.php
index 375c618c8..fe353d1eb 100755
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -7,10 +7,10 @@ function acl_init(&$a){
return "";
- $start = (x($_POST,'start')?$_POST['start']:0);
- $count = (x($_POST,'count')?$_POST['count']:100);
- $search = (x($_POST,'search')?$_POST['search']:"");
- $type = (x($_POST,'type')?$_POST['type']:"");
+ $start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
+ $count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
+ $search = (x($_REQUEST,'search')?$_REQUEST['search']:"");
+ $type = (x($_REQUEST,'type')?$_REQUEST['type']:"");
if ($search!=""){
@@ -34,7 +34,7 @@ function acl_init(&$a){
$r = q("SELECT COUNT(`id`) AS c FROM `contact`
WHERE `uid` = %d AND `self` = 0
AND `blocked` = 0 AND `pending` = 0
- AND `notify` != '' $sql_extra" ,
+ AND `notify` != '' $sql_extra2" ,
intval(local_user())
);
$contact_count = (int)$r[0]['c'];
diff --git a/mod/admin.php b/mod/admin.php
index 88ccad6d3..53b5ee354 100755
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -308,7 +308,7 @@ function admin_page_site(&$a) {
SSL_POLICY_FULL => t("Force all links to use SSL"),
SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)")
);
-
+
$t = get_markup_template("admin_site.tpl");
return replace_macros($t, array(
'$title' => t('Administration'),
@@ -325,7 +325,7 @@ function admin_page_site(&$a) {
'$banner' => array('banner', t("Banner/Logo"), $banner, ""),
'$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
'$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices),
- '$ssl_policy' => array('ssl_policy', t("SSL link policy"), get_config('system','ssl_policy'), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
+ '$ssl_policy' => array('ssl_policy', t("SSL link policy"), (string) intval(get_config('system','ssl_policy')), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
'$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
'$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),
@@ -583,6 +583,7 @@ function admin_page_plugins(&$a){
'$admin_form' => $admin_form,
'$function' => 'plugins',
+ '$screenshot' => '',
'$readme' => $readme
));
}
@@ -738,7 +739,11 @@ function admin_page_themes(&$a){
}
$admin_form="";
-
+
+ $screenshot = array( get_theme_screenshot($theme), t('Screenshot'));
+ if(! stristr($screenshot[0],$theme))
+ $screenshot = null;
+
$t = get_markup_template("admin_plugins_details.tpl");
return replace_macros($t, array(
'$title' => t('Administration'),
@@ -755,6 +760,7 @@ function admin_page_themes(&$a){
'$admin_form' => $admin_form,
'$str_author' => t('Author: '),
'$str_maintainer' => t('Maintainer: '),
+ '$screenshot' => $screenshot,
'$readme' => $readme
));
}
diff --git a/mod/community.php b/mod/community.php
index a98999942..f8cc3305b 100755
--- a/mod/community.php
+++ b/mod/community.php
@@ -41,15 +41,16 @@ function community_content(&$a, $update = 0) {
// Here is the way permissions work in this module...
- // Only public wall posts can be shown
+ // Only public posts can be shown
// OR your own posts if you are a logged in member
$r = q("SELECT COUNT(*) AS `total`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
- AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
- AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0
+ AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
+ AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
+ AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 "
);
@@ -69,8 +70,9 @@ function community_content(&$a, $update = 0) {
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
- AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
- AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0
+ AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
+ AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
+ AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
ORDER BY `received` DESC LIMIT %d, %d ",
intval($a->pager['start']),
diff --git a/mod/contacts.php b/mod/contacts.php
index 78c8d4092..8aa51d00a 100755
--- a/mod/contacts.php
+++ b/mod/contacts.php
@@ -396,6 +396,11 @@ function contacts_content(&$a) {
$tabs = array(
array(
+ 'label' => t('Suggestions'),
+ 'url' => $a->get_baseurl(true) . '/suggest',
+ 'sel' => '',
+ ),
+ array(
'label' => t('All Contacts'),
'url' => $a->get_baseurl(true) . '/contacts/all',
'sel' => ($all) ? 'active' : '',
diff --git a/mod/delegate.php b/mod/delegate.php
index c19df0681..8c5031859 100644
--- a/mod/delegate.php
+++ b/mod/delegate.php
@@ -86,7 +86,7 @@ function delegate_content(&$a) {
$r = q("select nurl from contact where substring_index(contact.nurl,'/',3) = '%s'
and contact.uid = %d and contact.self = 0 and network = '%s' ",
- dbesc($a->get_baseurl()),
+ dbesc(normalise_link($a->get_baseurl())),
intval(local_user()),
dbesc(NETWORK_DFRN)
);
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 0bc3ea7df..efb5be3a4 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -207,6 +207,9 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if($duplex == 1)
$params['duplex'] = 1;
+ if($user['page-flags'] == PAGE_COMMUNITY)
+ $params['page'] = 1;
+
logger('dfrn_confirm: Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA);
/**
@@ -522,6 +525,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$source_url = ((x($_POST,'source_url')) ? hex2bin($_POST['source_url']) : '');
$aes_key = ((x($_POST,'aes_key')) ? $_POST['aes_key'] : '');
$duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 );
+ $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0 );
$version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
logger('dfrn_confirm: requestee contacted: ' . $node);
@@ -651,7 +655,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if(count($r))
$photo = $r[0]['photo'];
else
- $photo = $a->get_baseurl() . '/images/default-profile.jpg';
+ $photo = $a->get_baseurl() . '/images/person-175.jpg';
require_once("Photo.php");
@@ -677,6 +681,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
`blocked` = 0,
`pending` = 0,
`duplex` = %d,
+ `forum` = %d,
`network` = '%s' WHERE `id` = %d LIMIT 1
",
dbesc($photos[0]),
@@ -687,6 +692,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($duplex),
+ intval($page),
dbesc(NETWORK_DFRN),
intval($dfrn_record)
);
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 3dbdc5b32..71860ac3b 100755
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -15,6 +15,7 @@ function dfrn_notify_post(&$a) {
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
+ $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0);
$writable = (-1);
if($dfrn_version >= 2.21) {
@@ -87,12 +88,15 @@ function dfrn_notify_post(&$a) {
$importer = $r[0];
- if(($writable != (-1)) && ($writable != $importer['writable'])) {
- q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1",
- intval($writable),
+ if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $page)) {
+ q("UPDATE `contact` SET `writable` = %d, forum = %d WHERE `id` = %d LIMIT 1",
+ intval(($writable == (-1)) ? $importer['writable'] : $writable),
+ intval($page),
intval($importer['id'])
);
- $importer['writable'] = $writable;
+ if($writable != (-1))
+ $importer['writable'] = $writable;
+ $importer['forum'] = $page;
}
// if contact's ssl policy changed, update our links
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index b12e07132..6030587ce 100755
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -26,21 +26,24 @@ function dfrn_poll_init(&$a) {
$dfrn_id = substr($dfrn_id,2);
}
- if(($dfrn_id === '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
+ if(($dfrn_id === '') && (! x($_POST,'dfrn_id'))) {
if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
killme();
}
- $r = q("SELECT `hidewall` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
- dbesc($a->argv[1])
- );
- if(count($r) && $r[0]['hidewall'])
- killme();
+ $user = '';
+ if($a->argc > 1) {
+ $r = q("SELECT `hidewall` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
+ dbesc($a->argv[1])
+ );
+ if((! count($r)) || (count($r) && $r[0]['hidewall']))
+ killme();
+ $user = $r[0]['nickname'];
+ }
- logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] );
+ logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $user);
header("Content-type: application/atom+xml");
- $o = get_feed_for($a, '', $a->argv[1],$last_update);
- echo $o;
+ echo get_feed_for($a, '', $user,$last_update);
killme();
}
@@ -199,7 +202,7 @@ function dfrn_poll_post(&$a) {
$ptype = ((x($_POST,'type')) ? $_POST['type'] : '');
$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
$perm = ((x($_POST,'perm')) ? $_POST['perm'] : 'r');
-
+
if($ptype === 'profile-check') {
if((strlen($challenge)) && (strlen($sec))) {
@@ -358,8 +361,8 @@ function dfrn_poll_post(&$a) {
intval($contact_id)
);
}
- }
-
+ }
+
header("Content-type: application/atom+xml");
$o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction);
echo $o;
diff --git a/mod/directory.php b/mod/directory.php
index 962188945..7f18bd026 100755
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -25,10 +25,6 @@ function directory_post(&$a) {
function directory_content(&$a) {
- $everything = (($a->argc > 1 && $a->argv[1] === 'all' && is_site_admin()) ? true : false);
- if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
- $everything = false;
-
if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
notice( t('Public access denied.') . EOL);
return;
@@ -52,12 +48,6 @@ function directory_content(&$a) {
}
$admin = '';
- if(is_site_admin()) {
- if($everything)
- $admin = '<ul><li><div id="directory-admin-link"><a href="' . $a->get_baseurl() . '/directory' . '">' . t('Normal site view') . '</a></div></li></ul>';
- else
- $admin = '<ul><li><div id="directory-admin-link"><a href="' . $a->get_baseurl() . '/directory/all' . '">' . t('Admin - View all site entries') . '</a></div></li></ul>';
- }
$o .= replace_macros($tpl, array(
'$search' => $search,
@@ -73,17 +63,14 @@ function directory_content(&$a) {
$search = dbesc($search);
$sql_extra = ((strlen($search)) ? " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` ) AGAINST ('$search' IN BOOLEAN MODE) " : "");
- $publish = ((get_config('system','publish_all') || $everything) ? '' : " AND `publish` = 1 " );
+ $publish = ((get_config('system','publish_all')) ? '' : " AND `publish` = 1 " );
$r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra ");
if(count($r))
$a->set_pager_total($r[0]['total']);
- if($everything)
- $order = " ORDER BY `register_date` DESC ";
- else
- $order = " ORDER BY `name` ASC ";
+ $order = " ORDER BY `name` ASC ";
$r = q("SELECT `profile`.*, `profile`.`uid` AS `profile_uid`, `user`.`nickname`, `user`.`timezone` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra $order LIMIT %d , %d ",
diff --git a/mod/display.php b/mod/display.php
index f428149e8..81ed174ac 100755
--- a/mod/display.php
+++ b/mod/display.php
@@ -16,7 +16,15 @@ function display_content(&$a) {
$o = '<div id="live-display"></div>' . "\r\n";
- $a->page['htmlhead'] .= '<script>$(document).ready(function() { $(".comment-edit-wrapper textarea").contact_autocomplete(baseurl+"/acl"); });</script>';
+ $a->page['htmlhead'] .= <<<EOT
+<script>
+$(document).ready(function() {
+ $(".comment-edit-wrapper textarea").contact_autocomplete(baseurl+"/acl");
+ // make auto-complete work in more places
+ $(".wall-item-comment-wrapper textarea").contact_autocomplete(baseurl+"/acl");
+});
+</script>
+EOT;
$nick = (($a->argc > 1) ? $a->argv[1] : '');
diff --git a/mod/editpost.php b/mod/editpost.php
index 778ac3dcc..2ddba36aa 100755
--- a/mod/editpost.php
+++ b/mod/editpost.php
@@ -104,7 +104,7 @@ function editpost_content(&$a) {
'$wait' => t('Please wait'),
'$permset' => t('Permission settings'),
'$ptyp' => $itm[0]['type'],
- '$content' => $itm[0]['body'],
+ '$content' => undo_post_tagging($itm[0]['body']),
'$post_id' => $post_id,
'$baseurl' => $a->get_baseurl(),
'$defloc' => $a->user['default-location'],
diff --git a/mod/filer.php b/mod/filer.php
index a9e213536..82537848b 100755
--- a/mod/filer.php
+++ b/mod/filer.php
@@ -16,8 +16,20 @@ function filer_content(&$a) {
logger('filer: tag ' . $term . ' item ' . $item_id);
- if($item_id && strlen($term))
+ if($item_id && strlen($term)){
+ // file item
file_tag_save_file(local_user(),$item_id,$term);
-
+ } else {
+ // return filer dialog
+ $filetags = get_pconfig(local_user(),'system','filetags');
+ $filetags = explode("][", trim($filetags,"[]"));
+ $tpl = get_markup_template("filer_dialog.tpl");
+ $o = replace_macros($tpl, array(
+ '$field' => array('term', t("File as:"), '', '', $filetags, t('- select -')),
+ '$submit' => t('Save'),
+ ));
+
+ echo $o;
+ }
killme();
}
diff --git a/mod/friendica.php b/mod/friendica.php
index ab92e31ed..d5dad9448 100755
--- a/mod/friendica.php
+++ b/mod/friendica.php
@@ -51,15 +51,20 @@ function friendica_content(&$a) {
$o .= '<p></p>';
if(count($a->plugins)) {
- $o .= '<p>' . t('Installed plugins/addons/apps') . '</p>';
- $o .= '<ul>';
- foreach($a->plugins as $p)
- if(strlen($p))
- $o .= '<li>' . $p . '</li>';
- $o .= '</ul>';
+ $o .= '<p>' . t('Installed plugins/addons/apps:') . '</p>';
+ $sorted = $a->plugins;
+ $s = '';
+ sort($sorted);
+ foreach($sorted as $p) {
+ if(strlen($p)) {
+ if(strlen($s)) $s .= ', ';
+ $s .= $p;
+ }
+ }
+ $o .= '<div style="margin-left: 25px; margin-right: 25px;">' . $s . '</div>';
}
else
- $o .= '<p>' . t('No installed plugins/addons/apps');
+ $o .= '<p>' . t('No installed plugins/addons/apps') . '</p>';
call_hooks('about_hook', $o);
diff --git a/mod/group.php b/mod/group.php
index 13401ef0d..a282dbccf 100755
--- a/mod/group.php
+++ b/mod/group.php
@@ -21,6 +21,8 @@ function group_post(&$a) {
}
if(($a->argc == 2) && ($a->argv[1] === 'new')) {
+ check_form_security_token_redirectOnErr('/group/new', 'group_edit');
+
$name = notags(trim($_POST['groupname']));
$r = group_add(local_user(),$name);
if($r) {
@@ -35,6 +37,8 @@ function group_post(&$a) {
return; // NOTREACHED
}
if(($a->argc == 2) && (intval($a->argv[1]))) {
+ check_form_security_token_redirectOnErr('/group', 'group_edit');
+
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
intval(local_user())
@@ -62,7 +66,8 @@ function group_post(&$a) {
}
function group_content(&$a) {
-
+ $change = false;
+
if(! local_user()) {
notice( t('Permission denied') . EOL);
return;
@@ -83,14 +88,17 @@ function group_content(&$a) {
return replace_macros($tpl, $context + array(
'$title' => t('Create a group of contacts/friends.'),
- '$gname' => array('groupname',t('Group Name: '),$group['name'], ''),
+ '$gname' => array('groupname',t('Group Name: '), '', ''),
'$gid' => 'new',
+ '$form_security_token' => get_form_security_token("group_edit"),
));
}
if(($a->argc == 3) && ($a->argv[1] === 'drop')) {
+ check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
+
if(intval($a->argv[2])) {
$r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[2]),
@@ -108,6 +116,8 @@ function group_content(&$a) {
}
if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
+ check_form_security_token_ForbiddenOnErr('group_member_change', 't');
+
$r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1",
intval($a->argv[2]),
intval(local_user())
@@ -155,7 +165,8 @@ function group_content(&$a) {
$drop_tpl = get_markup_template('group_drop.tpl');
$drop_txt = replace_macros($drop_tpl, array(
'$id' => $group['id'],
- '$delete' => t('Delete')
+ '$delete' => t('Delete'),
+ '$form_security_token' => get_form_security_token("group_drop"),
));
$celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
@@ -166,6 +177,7 @@ function group_content(&$a) {
'$gname' => array('groupname',t('Group Name: '),$group['name'], ''),
'$gid' => $group['id'],
'$drop' => $drop_txt,
+ '$form_security_token' => get_form_security_token('group_edit'),
);
}
@@ -177,14 +189,14 @@ function group_content(&$a) {
'label_members' => t('Members'),
'members' => array(),
'label_contacts' => t('All Contacts'),
- 'contacts' => arraY(),
+ 'contacts' => array(),
);
-
+ $sec_token = addslashes(get_form_security_token('group_member_change'));
$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
foreach($members as $member) {
if($member['url']) {
- $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;';
+ $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;';
$groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode);
}
else
@@ -199,7 +211,7 @@ function group_content(&$a) {
$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
foreach($r as $member) {
if(! in_array($member['id'],$preselected)) {
- $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;';
+ $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;';
$groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode);
}
}
diff --git a/mod/invite.php b/mod/invite.php
index d4eb9c5ef..2dbf93c59 100755
--- a/mod/invite.php
+++ b/mod/invite.php
@@ -56,7 +56,7 @@ function invite_post(&$a) {
else
$nmessage = $message;
- $res = mail($recip, sprintf( t('Please join my network on %s'), $a->config['sitename']),
+ $res = mail($recip, sprintf( t('Please join us on Friendica'), $a->config['sitename']),
$nmessage,
"From: " . $a->user['email'] . "\n"
. 'Content-type: text/plain; charset=UTF-8' . "\n"
@@ -94,15 +94,28 @@ function invite_content(&$a) {
}
}
+ $dirloc = get_config('system','directory_submit_url');
+ if(strlen($dirloc)) {
+ if($a->config['register_policy'] == REGISTER_CLOSED)
+ $linktxt = sprintf( t('Visit %s for a list of public sites that you can join. Friendica members on other sites can all connect with each other, as well as with members of many other social networks.'), dirname($dirloc) . '/siteinfo');
+ elseif($a->config['register_policy'] != REGISTER_CLOSED)
+ $linktxt = sprintf( t('To accept this invitation, please visit and register at %s or any other public Friendica website.'), $a->get_baseurl())
+ . "\r\n" . "\r\n" . sprintf( t('Friendica sites all inter-connect to create a huge privacy-enhanced social web that is owned and controlled by its members. They can also connect with many traditional social networks. See %s for a list of alternate Friendica sites you can join.'),dirname($dirloc) . '/siteinfo');
+ }
+ else {
+ $o = t('Our apologies. This system is not currently configured to connect with other public sites or invite members.');
+ return $o;
+ }
$o = replace_macros($tpl, array(
'$invite' => t('Send invitations'),
'$addr_text' => t('Enter email addresses, one per line:'),
'$msg_text' => t('Your message:'),
- '$default_message' => sprintf(t('Please join my social network on %s'), $a->config['sitename']) . "\r\n" . "\r\n"
- . t('To accept this invitation, please visit:') . "\r\n" . "\r\n" . $a->get_baseurl()
+ '$default_message' => t('You are cordially invited to join me and other close friends on Friendica - and help us to create a better social web.') . "\r\n" . "\r\n"
+ . $linktxt
. "\r\n" . "\r\n" . (($invonly) ? t('You will need to supply this invitation code: $invite_code') . "\r\n" . "\r\n" : '') .t('Once you have registered, please connect with me via my profile page at:')
- . "\r\n" . "\r\n" . $a->get_baseurl() . '/profile/' . $a->user['nickname'] ,
+ . "\r\n" . "\r\n" . $a->get_baseurl() . '/profile/' . $a->user['nickname']
+ . "\r\n" . "\r\n" . t('For more information about the Friendica project and why we feel it is important, please visit http://friendica.com') . "\r\n" . "\r\n" ,
'$submit' => t('Submit')
));
diff --git a/mod/item.php b/mod/item.php
index 98cfb4338..24730f53e 100755
--- a/mod/item.php
+++ b/mod/item.php
@@ -171,16 +171,17 @@ function item_post(&$a) {
$str_contact_allow = $orig_post['allow_cid'];
$str_group_deny = $orig_post['deny_gid'];
$str_contact_deny = $orig_post['deny_cid'];
- $title = $orig_post['title'];
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
$emailcc = $orig_post['emailcc'];
$app = $orig_post['app'];
-
+ $categories = $orig_post['file'];
+ $title = notags(trim($_REQUEST['title']));
$body = escape_tags(trim($_REQUEST['body']));
$private = $orig_post['private'];
$pubmail_enable = $orig_post['pubmail'];
+
}
else {
@@ -213,8 +214,10 @@ function item_post(&$a) {
$coord = notags(trim($_REQUEST['coord']));
$verb = notags(trim($_REQUEST['verb']));
$emailcc = notags(trim($_REQUEST['emailcc']));
-
$body = escape_tags(trim($_REQUEST['body']));
+
+ // $categories = TODO
+
$private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0);
if(($parent_item) &&
@@ -242,7 +245,6 @@ function item_post(&$a) {
}
}
-
if(! strlen($body)) {
if($preview)
killme();
@@ -253,6 +255,15 @@ function item_post(&$a) {
}
}
+ // Work around doubled linefeeds in Tinymce 3.5b2
+ // First figure out if it's a status post that would've been
+ // created using tinymce. Otherwise leave it alone.
+
+ $plaintext = (local_user() ? intval(get_pconfig(local_user(),'system','plaintext')) : 0);
+ if((! $parent) && (! $api_source) && (! $plaintext)) {
+ $body = str_replace("\r\n","\n",$body);
+ $body = str_replace("\n\n","\n",$body);
+ }
// get contact info for poster
@@ -490,6 +501,7 @@ function item_post(&$a) {
$datarray['location'] = $location;
$datarray['coord'] = $coord;
$datarray['tag'] = $str_tags;
+ $datarray['file'] = $categories;
$datarray['inform'] = $inform;
$datarray['verb'] = $verb;
$datarray['allow_cid'] = $str_contact_allow;
@@ -549,9 +561,12 @@ function item_post(&$a) {
if($orig_post) {
- $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
- dbesc($title),
- dbesc($body),
+ $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `attach` = '%s', `file` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ dbesc($datarray['title']),
+ dbesc($datarray['body']),
+ dbesc($datarray['tag']),
+ dbesc($datarray['attach']),
+ dbesc($datarray['file']),
dbesc(datetime_convert()),
intval($post_id),
intval($profile_uid)
@@ -609,7 +624,7 @@ function item_post(&$a) {
dbesc($datarray['attach']),
intval($datarray['bookmark']),
intval($datarray['origin']),
- intval($datarry['moderated'])
+ intval($datarray['moderated'])
);
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
@@ -832,129 +847,129 @@ function item_content(&$a) {
*/
function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
//is it a hash tag?
- if(strpos($tag,'#') === 0) {
+ if(strpos($tag,'#') === 0) {
//if the tag is replaced...
if(strpos($tag,'[url='))
- //...do nothing
- continue;
- //base tag has the tags name only
- $basetag = str_replace('_',' ',substr($tag,1));
+ //...do nothing
+ return;
+ //base tag has the tags name only
+ $basetag = str_replace('_',' ',substr($tag,1));
//create text for link
$newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]';
- //replace tag by the link
- $body = str_replace($tag, $newtag, $body);
+ //replace tag by the link
+ $body = str_replace($tag, $newtag, $body);
- //is the link already in str_tags?
- if(! stristr($str_tags,$newtag)) {
+ //is the link already in str_tags?
+ if(! stristr($str_tags,$newtag)) {
//append or set str_tags
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
- return;
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+ return;
}
- //is it a person tag?
- if(strpos($tag,'@') === 0) {
+ //is it a person tag?
+ if(strpos($tag,'@') === 0) {
//is it already replaced?
- if(strpos($tag,'[url='))
- continue;
- $stat = false;
+ if(strpos($tag,'[url='))
+ return;
+ $stat = false;
//get the person's name
$name = substr($tag,1);
- //is it a link or a full dfrn address?
- if((strpos($name,'@')) || (strpos($name,'http://'))) {
- $newname = $name;
+ //is it a link or a full dfrn address?
+ if((strpos($name,'@')) || (strpos($name,'http://'))) {
+ $newname = $name;
//get the profile links
- $links = @lrdd($name);
- if(count($links)) {
+ $links = @lrdd($name);
+ if(count($links)) {
//for all links, collect how is to inform and how's profile is to link
- foreach($links as $link) {
- if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
- $profile = $link['@attributes']['href'];
- if($link['@attributes']['rel'] === 'salmon') {
- if(strlen($inform))
- $inform .= ',';
- $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
- }
- }
- }
- } else { //if it is a name rather than an address
- $newname = $name;
- $alias = '';
+ foreach($links as $link) {
+ if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
+ $profile = $link['@attributes']['href'];
+ if($link['@attributes']['rel'] === 'salmon') {
+ if(strlen($inform))
+ $inform .= ',';
+ $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
+ }
+ }
+ }
+ } else { //if it is a name rather than an address
+ $newname = $name;
+ $alias = '';
$tagcid = 0;
- //is it some generated name?
- if(strrpos($newname,'+')) {
+ //is it some generated name?
+ if(strrpos($newname,'+')) {
//get the id
- $tagcid = intval(substr($newname,strrpos($newname,'+') + 1));
+ $tagcid = intval(substr($newname,strrpos($newname,'+') + 1));
//remove the next word from tag's name
- if(strpos($name,' ')) {
+ if(strpos($name,' ')) {
$name = substr($name,0,strpos($name,' '));
- }
+ }
}
if($tagcid) { //if there was an id
- //select contact with that id from the logged in user's contact list
- $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($tagcid),
+ //select contact with that id from the logged in user's contact list
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($tagcid),
intval($profile_uid)
- );
+ );
} elseif(strstr($name,'_') || strstr($name,' ')) { //no id
- //get the real name
- $newname = str_replace('_',' ',$name);
+ //get the real name
+ $newname = str_replace('_',' ',$name);
//select someone from this user's contacts by name
- $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($newname),
- intval($profile_uid)
- );
+ $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
+ dbesc($newname),
+ intval($profile_uid)
+ );
} else {
- //select someone by attag or nick and the name passed in
- $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
- dbesc($name),
- dbesc($name),
- intval($profile_uid)
- );
+ //select someone by attag or nick and the name passed in
+ $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
+ dbesc($name),
+ dbesc($name),
+ intval($profile_uid)
+ );
}
- //$r is set, if someone could be selected
- if(count($r)) {
+ //$r is set, if someone could be selected
+ if(count($r)) {
$profile = $r[0]['url'];
- //set newname to nick, find alias
- if($r[0]['network'] === 'stat') {
- $newname = $r[0]['nick'];
- $stat = true;
- if($r[0]['alias'])
- $alias = $r[0]['alias'];
- }
- else
- $newname = $r[0]['name'];
+ //set newname to nick, find alias
+ if($r[0]['network'] === 'stat') {
+ $newname = $r[0]['nick'];
+ $stat = true;
+ if($r[0]['alias'])
+ $alias = $r[0]['alias'];
+ }
+ else
+ $newname = $r[0]['name'];
//add person's id to $inform
- if(strlen($inform))
- $inform .= ',';
- $inform .= 'cid:' . $r[0]['id'];
- }
+ if(strlen($inform))
+ $inform .= ',';
+ $inform .= 'cid:' . $r[0]['id'];
+ }
}
- //if there is an url for this persons profile
- if(isset($profile)) {
+ //if there is an url for this persons profile
+ if(isset($profile)) {
//create profile link
- $profile = str_replace(',','%2c',$profile);
- $newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
- $body = str_replace('@' . $name, $newtag, $body);
+ $profile = str_replace(',','%2c',$profile);
+ $newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
+ $body = str_replace('@' . $name, $newtag, $body);
//append tag to str_tags
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
-
- // Status.Net seems to require the numeric ID URL in a mention if the person isn't
- // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
-
- if(strlen($alias)) {
- $newtag = '@[url=' . $alias . ']' . $newname . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
- }
- }
+ if(! stristr($str_tags,$newtag)) {
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+
+ // Status.Net seems to require the numeric ID URL in a mention if the person isn't
+ // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
+
+ if(strlen($alias)) {
+ $newtag = '@[url=' . $alias . ']' . $newname . '[/url]';
+ if(! stristr($str_tags,$newtag)) {
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+ }
+ }
}
}
diff --git a/mod/lostpass.php b/mod/lostpass.php
index b71398fa4..57e6d6965 100755
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -3,13 +3,13 @@
function lostpass_post(&$a) {
- $email = notags(trim($_POST['login-name']));
- if(! $email)
+ $loginame = notags(trim($_POST['login-name']));
+ if(! $loginame)
goaway(z_root());
$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1",
- dbesc($email),
- dbesc($email)
+ dbesc($loginame),
+ dbesc($loginame)
);
if(! count($r)) {
@@ -19,6 +19,7 @@ function lostpass_post(&$a) {
$uid = $r[0]['uid'];
$username = $r[0]['username'];
+ $email = $r[0]['email'];
$new_password = autoname(12) . mt_rand(100,9999);
$new_password_encoded = hash('whirlpool',$new_password);
diff --git a/mod/message.php b/mod/message.php
index 55e313776..8991f643d 100755
--- a/mod/message.php
+++ b/mod/message.php
@@ -15,6 +15,13 @@ function message_post(&$a) {
$body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
$recipient = ((x($_REQUEST,'messageto')) ? intval($_REQUEST['messageto']) : 0 );
+ // Work around doubled linefeeds in Tinymce 3.5b2
+
+ $plaintext = intval(get_pconfig(local_user(),'system','plaintext'));
+ if(! $plaintext) {
+ $body = str_replace("\r\n","\n",$body);
+ $body = str_replace("\n\n","\n",$body);
+ }
$ret = send_message($recipient, $body, $subject, $replyto);
$norecip = false;
@@ -154,7 +161,7 @@ function message_content(&$a) {
$preselect = (isset($a->argv[2])?array($a->argv[2]):false);
- $select = contact_select('messageto','message-to-select', $preselect, 4, true);
+ $select = contact_select('messageto','message-to-select', $preselect, 4, true, false, false, 10);
$tpl = get_markup_template('prv_message.tpl');
$o .= replace_macros($tpl,array(
'$header' => t('Send Private Message'),
diff --git a/mod/network.php b/mod/network.php
index d0f1733f4..5ca0a8c7d 100755
--- a/mod/network.php
+++ b/mod/network.php
@@ -90,7 +90,7 @@ function saved_searches($search) {
$o = replace_macros($tpl, array(
'$title' => t('Saved Searches'),
'$add' => t('add'),
- '$searchbox' => search($search,'netsearch-box',$a->get_baseurl(true) . $srchurl,true),
+ '$searchbox' => search($search,'netsearch-box',$srchurl,true),
'$saved' => $saved,
));
@@ -250,6 +250,20 @@ function network_content(&$a, $update = 0) {
if($cid)
$def_acl = array('allow_cid' => '<' . intval($cid) . '>');
+ if($nets) {
+ $r = q("select id from contact where uid = %d and network = '%s' and self = 0",
+ intval(local_user()),
+ dbesc($nets)
+ );
+
+ $str = '';
+ if(count($r))
+ foreach($r as $rr)
+ $str .= '<' . $rr['id'] . '>';
+ if(strlen($str))
+ $def_acl = array('allow_cid' => $str);
+ }
+
if(! $update) {
if($group) {
if(($t = group_public_members($group)) && (! get_pconfig(local_user(),'system','nowarn_insecure'))) {
@@ -269,9 +283,9 @@ function network_content(&$a, $update = 0) {
'allow_location' => $a->user['allow_location'],
'default_location' => $a->user['default-location'],
'nickname' => $a->user['nickname'],
- 'lockstate' => ((($group) || (is_array($a->user) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))))) ? 'lock' : 'unlock'),
- 'acl' => populate_acl((($group || $cid) ? $def_acl : $a->user), $celeb),
- 'bang' => (($group || $cid) ? '!' : ''),
+ 'lockstate' => ((($group) || ($cid) || ($nets) || (is_array($a->user) && ((strlen($a->user['allow_cid'])) || (strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) || (strlen($a->user['deny_gid']))))) ? 'lock' : 'unlock'),
+ 'acl' => populate_acl((($group || $cid || $nets) ? $def_acl : $a->user), $celeb),
+ 'bang' => (($group || $cid || $nets) ? '!' : ''),
'visitor' => 'block',
'profile_uid' => local_user()
);
diff --git a/mod/notifications.php b/mod/notifications.php
index d478b5163..ff131010f 100755
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -143,7 +143,7 @@ function notifications_content(&$a) {
'$intro_id' => $rr['intro_id'],
'$madeby' => sprintf( t('suggested by %s'),$rr['name']),
'$contact_id' => $rr['contact-id'],
- '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/default-profile.jpg"),
+ '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/person-175.jpg"),
'$fullname' => $rr['fname'],
'$url' => $rr['furl'],
'$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''),
@@ -191,7 +191,7 @@ function notifications_content(&$a) {
'$uid' => $_SESSION['uid'],
'$intro_id' => $rr['intro_id'],
'$contact_id' => $rr['contact-id'],
- '$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/default-profile.jpg"),
+ '$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/person-175.jpg"),
'$fullname' => $rr['name'],
'$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''),
'$activity' => array('activity', t('Post a new friend activity'), 1, t('if applicable')),
diff --git a/mod/openid.php b/mod/openid.php
index df074b299..e2cea7d85 100755
--- a/mod/openid.php
+++ b/mod/openid.php
@@ -10,68 +10,84 @@ function openid_content(&$a) {
if($noid)
goaway(z_root());
+ logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA);
+
if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) {
+
$openid = new LightOpenID;
if($openid->validate()) {
- if(x($_SESSION,'register')) {
- unset($_SESSION['register']);
- $args = '';
- $attr = $openid->getAttributes();
- if(is_array($attr) && count($attr)) {
- foreach($attr as $k => $v) {
- if($k === 'namePerson/friendly')
- $nick = notags(trim($v));
- if($k === 'namePerson/first')
- $first = notags(trim($v));
- if($k === 'namePerson')
- $args .= '&username=' . notags(trim($v));
- if($k === 'contact/email')
- $args .= '&email=' . notags(trim($v));
- if($k === 'media/image/aspect11')
- $photosq = bin2hex(trim($v));
- if($k === 'media/image/default')
- $photo = bin2hex(trim($v));
- }
- }
- if($nick)
- $args .= '&nickname=' . $nick;
- elseif($first)
- $args .= '&nickname=' . $first;
+ $authid = normalise_openid($_REQUEST['openid_identity']);
- if($photosq)
- $args .= '&photo=' . $photosq;
- elseif($photo)
- $args .= '&photo=' . $photo;
+ if(! strlen($authid)) {
+ logger( t('OpenID protocol error. No ID returned.') . EOL);
+ goaway(z_root());
+ }
- $args .= '&openid_url=' . notags(trim($_SESSION['openid']));
- if($a->config['register_policy'] != REGISTER_CLOSED)
- goaway($a->get_baseurl() . '/register' . $args);
- else
- goaway(z_root());
+ $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
+ FROM `user` WHERE `openid` = '%s' AND `blocked` = 0
+ AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
+ dbesc($authid)
+ );
- // NOTREACHED
- }
+ if($r && count($r)) {
+ // successful OpenID login
- $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
- FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
- dbesc($_SESSION['openid'])
- );
- if(! count($r)) {
- notice( t('Login failed.') . EOL );
+ unset($_SESSION['openid']);
+
+ require_once('include/security.php');
+ authenticate_success($r[0],true,true);
+
+ // just in case there was no return url set
+ // and we fell through
+
+ goaway(z_root());
+ }
+
+ // Successful OpenID login - but we can't match it to an existing account.
+ // New registration?
+
+ if($a->config['register_policy'] == REGISTER_CLOSED) {
+ notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL);
goaway(z_root());
- }
- unset($_SESSION['openid']);
+ }
+
+ unset($_SESSION['register']);
+ $args = '';
+ $attr = $openid->getAttributes();
+ if(is_array($attr) && count($attr)) {
+ foreach($attr as $k => $v) {
+ if($k === 'namePerson/friendly')
+ $nick = notags(trim($v));
+ if($k === 'namePerson/first')
+ $first = notags(trim($v));
+ if($k === 'namePerson')
+ $args .= '&username=' . notags(trim($v));
+ if($k === 'contact/email')
+ $args .= '&email=' . notags(trim($v));
+ if($k === 'media/image/aspect11')
+ $photosq = bin2hex(trim($v));
+ if($k === 'media/image/default')
+ $photo = bin2hex(trim($v));
+ }
+ }
+ if($nick)
+ $args .= '&nickname=' . $nick;
+ elseif($first)
+ $args .= '&nickname=' . $first;
+
+ if($photosq)
+ $args .= '&photo=' . $photosq;
+ elseif($photo)
+ $args .= '&photo=' . $photo;
- require_once('include/security.php');
- authenticate_success($r[0],true,true);
+ $args .= '&openid_url=' . notags(trim($authid));
- // just in case there was no return url set
- // and we fell through
+ goaway($a->get_baseurl() . '/register' . $args);
- goaway(z_root());
+ // NOTREACHED
}
}
notice( t('Login failed.') . EOL);
diff --git a/mod/photo.php b/mod/photo.php
index c4a93769a..3a7025120 100755
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -23,7 +23,7 @@ function photo_init(&$a) {
// NOTREACHED
}
- $default = 'images/default-profile.jpg';
+ $default = 'images/person-175.jpg';
if(isset($type)) {
@@ -39,12 +39,12 @@ function photo_init(&$a) {
break;
case 'micro':
$resolution = 6;
- $default = 'images/default-profile-mm.jpg';
+ $default = 'images/person-48.jpg';
break;
case 'avatar':
default:
$resolution = 5;
- $default = 'images/default-profile-sm.jpg';
+ $default = 'images/person-80.jpg';
break;
}
@@ -115,8 +115,24 @@ function photo_init(&$a) {
}
if(! isset($data)) {
- killme();
- // NOTREACHED
+ if(isset($resolution)) {
+ switch($resolution) {
+
+ case 4:
+ $data = file_get_contents('images/person-175.jpg');
+ break;
+ case 5:
+ $data = file_get_contents('images/person-80.jpg');
+ break;
+ case 6:
+ $data = file_get_contents('images/person-48.jpg');
+ break;
+ default:
+ killme();
+ // NOTREACHED
+ break;
+ }
+ }
}
if(isset($customres) && $customres > 0 && $customres < 500) {
diff --git a/mod/photos.php b/mod/photos.php
index e40ae0d74..2a808cb41 100755
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -38,21 +38,22 @@ function photos_init(&$a) {
$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_baseurl() . '/photo/profile/' . $a->data['user']['uid'] . '.jpg" alt="' . $a->data['user']['username'] . '" /></div>';
$o .= '</div>';
- $o .= '<div id="side-bar-photos-albums" class="widget">';
- $o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '">' . t('Photo Albums') . '</a></h3>';
+ if(! intval($a->data['user']['hidewall'])) {
+ $o .= '<div id="side-bar-photos-albums" class="widget">';
+ $o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '">' . t('Photo Albums') . '</a></h3>';
- $o .= '<ul>';
- foreach($albums as $album) {
+ $o .= '<ul>';
+ foreach($albums as $album) {
- // don't show contact photos. We once translated this name, but then you could still access it under
- // a different language setting. Now we store the name in English and check in English (and translated for legacy albums).
+ // don't show contact photos. We once translated this name, but then you could still access it under
+ // a different language setting. Now we store the name in English and check in English (and translated for legacy albums).
- if((! strlen($album['album'])) || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos')))
- continue;
- $o .= '<li>' . '<a href="photos/' . $a->argv[1] . '/album/' . bin2hex($album['album']) . '" >' . $album['album'] . '</a></li>';
+ if((! strlen($album['album'])) || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos')))
+ continue;
+ $o .= '<li>' . '<a href="photos/' . $a->argv[1] . '/album/' . bin2hex($album['album']) . '" >' . $album['album'] . '</a></li>';
+ }
+ $o .= '</ul>';
}
- $o .= '</ul>';
-
if(local_user() && $a->data['user']['uid'] == local_user()) {
$o .= '<div id="photo-albums-upload-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload" >' .t('Upload New Photos') . '</a></div>';
}
@@ -1081,6 +1082,17 @@ function photos_content(&$a) {
}
+ if(! $cmd !== 'edit') {
+ $a->page['htmlhead'] .= '<script>
+ $(document).keydown(function(event) {' . "\n";
+
+ if($prevlink)
+ $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n";
+ if($nextlink)
+ $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n";
+ $a->page['htmlhead'] .= '});</script>';
+ }
+
if($prevlink)
$prevlink = array($prevlink, '<div class="icon prev"></div>') ;
diff --git a/mod/pretheme.php b/mod/pretheme.php
new file mode 100644
index 000000000..0efa587d8
--- /dev/null
+++ b/mod/pretheme.php
@@ -0,0 +1,16 @@
+<?php
+
+function pretheme_init(&$a) {
+
+ if($_REQUEST['theme']) {
+ $theme = $_REQUEST['theme'];
+ $info = get_theme_info($theme);
+ if($info) {
+ // unfortunately there will be no translation for this string
+ $desc = $info['description'] . ' ' . $info['version'];
+ }
+ else $desc = '';
+ echo json_encode(array('img' => get_theme_screenshot($theme), 'desc' => $desc));
+ }
+ killme();
+}
diff --git a/mod/profile.php b/mod/profile.php
index 428679ffc..782d17d83 100755
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -107,7 +107,7 @@ function profile_content(&$a, $update = 0) {
$is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
- if($a->user['hidewall'] && (! $is_owner) && (! $remote_contact)) {
+ if($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) {
notice( t('Access to this profile has been restricted.') . EOL);
return;
}
diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index d1fd08eba..ace8dadd4 100755
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -151,7 +151,7 @@ function profile_photo_content(&$a) {
return;
};
- check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+// check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
$resource_id = $a->argv[2];
//die(":".local_user());
diff --git a/mod/register.php b/mod/register.php
index 388b3e250..6d0e2700b 100755
--- a/mod/register.php
+++ b/mod/register.php
@@ -150,6 +150,16 @@ function register_post(&$a) {
if(count($r))
$err .= t('Nickname is already registered. Please choose another.') . EOL;
+ // Check deleted accounts that had this nickname. Doesn't matter to us,
+ // but could be a security issue for federated platforms.
+
+ $r = q("SELECT * FROM `userd`
+ WHERE `username` = '%s' LIMIT 1",
+ dbesc($nickname)
+ );
+ if(count($r))
+ $err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
+
if(strlen($err)) {
notice( $err );
return;
diff --git a/mod/regmod.php b/mod/regmod.php
index 17e728ba2..21f41eb01 100755
--- a/mod/regmod.php
+++ b/mod/regmod.php
@@ -64,6 +64,11 @@ function user_allow($hash) {
}
+
+// This does not have to go through user_remove() and save the nickname
+// permanently against re-registration, as the person was not yet
+// allowed to have friends on this system
+
function user_deny($hash) {
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
diff --git a/mod/search.php b/mod/search.php
index 386592ea1..50e7a6abc 100755
--- a/mod/search.php
+++ b/mod/search.php
@@ -93,8 +93,9 @@ function search_content(&$a) {
return $o;
// Here is the way permissions work in the search module...
- // Only public wall posts can be shown
+ // Only public posts can be shown
// OR your own posts if you are a logged in member
+ // No items will be shown if the member has a blocked profile wall.
$s_regx = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )",
dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\['));
@@ -104,7 +105,7 @@ function search_content(&$a) {
$r = q("SELECT COUNT(*) AS `total`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
- AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0)
+ AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0)
OR `item`.`uid` = %d )
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$search_alg ",
@@ -127,7 +128,7 @@ function search_content(&$a) {
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
- AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 )
+ AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 )
OR `item`.`uid` = %d )
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$search_alg
diff --git a/mod/settings.php b/mod/settings.php
index f694b5840..99bf8842d 100755
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -263,7 +263,7 @@ function settings_post(&$a) {
$suggestme = ((x($_POST,'suggestme')) ? intval($_POST['suggestme']) : 0);
$hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0);
$hidewall = (($_POST['hidewall'] == 1) ? 1: 0);
-
+ $nosmile = ((x($_POST,'nosmile')) ? intval($_POST['nosmile']) : 0);
$notify = 0;
@@ -322,6 +322,7 @@ function settings_post(&$a) {
$str_contact_deny = perms2str($_POST['contact_deny']);
$openidserver = $a->user['openidserver'];
+ $openid = normalise_openid($openid);
// If openid has changed or if there's an openid but no openidserver, try and discover it.
@@ -346,6 +347,7 @@ function settings_post(&$a) {
set_pconfig(local_user(),'system','suggestme', $suggestme);
set_pconfig(local_user(),'system','update_interval', $browser_update);
set_pconfig(local_user(),'system','itemspage_network', $itemspage_network);
+ set_pconfig(local_user(),'system','no_smilies',$nosmile);
$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `blockwall` = %d, `hidewall` = %d, `blocktags` = %d WHERE `uid` = %d LIMIT 1",
dbesc($username),
@@ -652,20 +654,20 @@ function settings_content(&$a) {
$blocktags = $a->user['blocktags'];
$expire_items = get_pconfig(local_user(), 'expire','items');
- $expire_items = (($expire_items===false)?1:$expire_items); // default if not set: 1
+ $expire_items = (($expire_items===false)? '1' : $expire_items); // default if not set: 1
$expire_notes = get_pconfig(local_user(), 'expire','notes');
- $expire_notes = (($expire_notes===false)?1:$expire_notes); // default if not set: 1
+ $expire_notes = (($expire_notes===false)? '1' : $expire_notes); // default if not set: 1
$expire_starred = get_pconfig(local_user(), 'expire','starred');
- $expire_starred = (($expire_starred===false)?1:$expire_starred); // default if not set: 1
+ $expire_starred = (($expire_starred===false)? '1' : $expire_starred); // default if not set: 1
$expire_photos = get_pconfig(local_user(), 'expire','photos');
- $expire_photos = (($expire_photos===false)?0:$expire_photos); // default if not set: 0
+ $expire_photos = (($expire_photos===false)? '0' : $expire_photos); // default if not set: 0
$suggestme = get_pconfig(local_user(), 'system','suggestme');
- $suggestme = (($suggestme===false)?0:$suggestme); // default if not set: 0
+ $suggestme = (($suggestme===false)? '0': $suggestme); // default if not set: 0
$browser_update = intval(get_pconfig(local_user(), 'system','update_interval'));
$browser_update = (($browser_update == 0) ? 40 : $browser_update / 1000); // default if not set: 40 seconds
@@ -673,6 +675,9 @@ function settings_content(&$a) {
$itemspage_network = intval(get_pconfig(local_user(), 'system','itemspage_network'));
$itemspage_network = (($itemspage_network > 0 && $itemspage_network < 101) ? $itemspage_network : 40); // default if not set: 40 items
+ $nosmile = get_pconfig(local_user(),'system','no_smilies');
+ $nosmile = (($nosmile===false)? '0': $nosmile); // default if not set: 0
+
if(! strlen($a->user['timezone']))
$timezone = date_default_timezone_get();
@@ -736,13 +741,13 @@ function settings_content(&$a) {
));
$blockwall = replace_macros($opt_tpl,array(
- '$field' => array('blockwall', t('Allow friends to post to your profile page?'), ! $a->user['blockwall'], '', array(t('No'),t('Yes'))),
+ '$field' => array('blockwall', t('Allow friends to post to your profile page?'), (intval($a->user['blockwall']) ? '0' : '1'), '', array(t('No'),t('Yes'))),
));
$blocktags = replace_macros($opt_tpl,array(
- '$field' => array('blocktags', t('Allow friends to tag your posts?'), ! $a->user['blocktags'], '', array(t('No'),t('Yes'))),
+ '$field' => array('blocktags', t('Allow friends to tag your posts?'), (intval($a->user['blocktags']) ? '0' : '1'), '', array(t('No'),t('Yes'))),
));
@@ -840,6 +845,7 @@ function settings_content(&$a) {
'$theme' => array('theme', t('Display Theme:'), $theme_selected, '', $themes),
'$ajaxint' => array('browser_update', t("Update browser every xx seconds"), $browser_update, t('Minimum of 10 seconds, no maximum')),
'$itemspage_network' => array('itemspage_network', t("Number of items to display on the network page:"), $itemspage_network, t('Maximum of 100 items')),
+ '$nosmile' => array('nosmile', t("Don't show emoticons"), $nosmile, ''),
'$h_prv' => t('Security and Privacy Settings'),
diff --git a/mod/viewsrc.php b/mod/viewsrc.php
index 94847ec7b..3fa4eaed5 100755
--- a/mod/viewsrc.php
+++ b/mod/viewsrc.php
@@ -25,7 +25,12 @@ function viewsrc_content(&$a) {
);
if(count($r))
- $o .= str_replace("\n",'<br />',$r[0]['body']);
+ if(is_ajax()) {
+ echo str_replace("\n",'<br />',$r[0]['body']);
+ killme();
+ } else {
+ $o .= str_replace("\n",'<br />',$r[0]['body']);
+ }
return $o;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-31 09:03:44 +0000