diff options
| -rw-r--r-- | mod/acl.php | 15 | ||||
| -rw-r--r-- | mod/message.php | 63 |
2 files changed, 70 insertions, 8 deletions
diff --git a/mod/acl.php b/mod/acl.php index 248ba23d0..7bd11765f 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -29,7 +29,10 @@ function acl_init(&$a){ if ($search!=""){ $sql_extra = "AND `name` LIKE '%%".dbesc($search)."%%'"; $sql_extra2 = "AND (`attag` LIKE '%%".dbesc($search)."%%' OR `name` LIKE '%%".dbesc($search)."%%' OR `nick` LIKE '%%".dbesc($search)."%%')"; - $sql_extra3 = "AND ( xchan_name like '%%" . dbesc($search) . "%%' )"; + + $col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' ); + $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " "; + } else { $sql_extra = $sql_extra2 = $sql_extra3 = ""; } @@ -127,12 +130,16 @@ function acl_init(&$a){ ); } elseif($type == 'm') { - $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_photo_s as micro, xchan_url as url from xchan - where 1 +dbg(1); + $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )) $sql_extra3 ORDER BY `xchan_name` ASC ", - intval(local_user()) + intval(local_user()), + intval(PERMS_W_MAIL) ); +dbg(0); } elseif($type == 'a') { $r = q("SELECT abook_id as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag FROM abook left join xchan on abook_xchan = xchan_hash diff --git a/mod/message.php b/mod/message.php index 9e8a54fed..e3a67b23e 100644 --- a/mod/message.php +++ b/mod/message.php @@ -2,6 +2,7 @@ require_once('include/acl_selectors.php'); require_once('include/message.php'); +require_once('include/zot.php'); function message_init(&$a) { $tabs = array(); @@ -45,10 +46,64 @@ function message_post(&$a) { return; } - $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : ''); - $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : ''); - $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); - $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : ''); + $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : ''); + $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : ''); + $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); + $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : ''); + $rstr = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : ''); + + if(! $recipient) { + $channel = $a->get_channel(); + + $ret = zot_finger($rstr,$channel); + + if(! $ret) { + notice( t('Unable to lookup recipient.') . EOL); + return; + } + $j = json_decode($ret['body'],true); + + logger('message_post: lookup: ' . $url . ' ' . print_r($j,true)); + + if(! ($j['success'] && $j['guid'])) { + notice( t('Unable to communicate with requested channel.')); + return; + } + + $x = import_xchan($j); + + if(! $x['success']) { + notice( t('Cannot verify requested channel.')); + return; + } + + $recipient = $x['hash']; + + $their_perms = 0; + + $global_perms = get_perms(); + + if($j['permissions']['data']) { + $permissions = aes_unencapsulate($j['permissions'],$channel['channel_prvkey']); + if($permissions) + $permissions = json_decode($permissions); + logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA); + } + else + $permissions = $j['permissions']; + + foreach($permissions as $k => $v) { + if($v) { + $their_perms = $their_perms | intval($global_perms[$k][1]); + } + } + + if(! ($their_perms & PERMS_W_MAIL)) { + notice( t('Selected channel has private message restrictions. Send failed.')); + return; + } + } + if(feature_enabled(local_user(),'richtext')) { $body = fix_mce_lf($body); |