aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mod/acl.php15
-rw-r--r--mod/message.php63
2 files changed, 70 insertions, 8 deletions
diff --git a/mod/acl.php b/mod/acl.php
index 248ba23d0..7bd11765f 100644
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -29,7 +29,10 @@ function acl_init(&$a){
if ($search!=""){
$sql_extra = "AND `name` LIKE '%%".dbesc($search)."%%'";
$sql_extra2 = "AND (`attag` LIKE '%%".dbesc($search)."%%' OR `name` LIKE '%%".dbesc($search)."%%' OR `nick` LIKE '%%".dbesc($search)."%%')";
- $sql_extra3 = "AND ( xchan_name like '%%" . dbesc($search) . "%%' )";
+
+ $col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' );
+ $sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
+
} else {
$sql_extra = $sql_extra2 = $sql_extra3 = "";
}
@@ -127,12 +130,16 @@ function acl_init(&$a){
);
}
elseif($type == 'm') {
- $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_photo_s as micro, xchan_url as url from xchan
- where 1
+dbg(1);
+ $r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
+ FROM abook left join xchan on abook_xchan = xchan_hash
+ WHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d ))
$sql_extra3
ORDER BY `xchan_name` ASC ",
- intval(local_user())
+ intval(local_user()),
+ intval(PERMS_W_MAIL)
);
+dbg(0);
}
elseif($type == 'a') {
$r = q("SELECT abook_id as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag FROM abook left join xchan on abook_xchan = xchan_hash
diff --git a/mod/message.php b/mod/message.php
index 9e8a54fed..e3a67b23e 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -2,6 +2,7 @@
require_once('include/acl_selectors.php');
require_once('include/message.php');
+require_once('include/zot.php');
function message_init(&$a) {
$tabs = array();
@@ -45,10 +46,64 @@ function message_post(&$a) {
return;
}
- $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : '');
- $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : '');
- $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
- $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : '');
+ $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : '');
+ $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : '');
+ $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
+ $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : '');
+ $rstr = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : '');
+
+ if(! $recipient) {
+ $channel = $a->get_channel();
+
+ $ret = zot_finger($rstr,$channel);
+
+ if(! $ret) {
+ notice( t('Unable to lookup recipient.') . EOL);
+ return;
+ }
+ $j = json_decode($ret['body'],true);
+
+ logger('message_post: lookup: ' . $url . ' ' . print_r($j,true));
+
+ if(! ($j['success'] && $j['guid'])) {
+ notice( t('Unable to communicate with requested channel.'));
+ return;
+ }
+
+ $x = import_xchan($j);
+
+ if(! $x['success']) {
+ notice( t('Cannot verify requested channel.'));
+ return;
+ }
+
+ $recipient = $x['hash'];
+
+ $their_perms = 0;
+
+ $global_perms = get_perms();
+
+ if($j['permissions']['data']) {
+ $permissions = aes_unencapsulate($j['permissions'],$channel['channel_prvkey']);
+ if($permissions)
+ $permissions = json_decode($permissions);
+ logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA);
+ }
+ else
+ $permissions = $j['permissions'];
+
+ foreach($permissions as $k => $v) {
+ if($v) {
+ $their_perms = $their_perms | intval($global_perms[$k][1]);
+ }
+ }
+
+ if(! ($their_perms & PERMS_W_MAIL)) {
+ notice( t('Selected channel has private message restrictions. Send failed.'));
+ return;
+ }
+ }
+
if(feature_enabled(local_user(),'richtext')) {
$body = fix_mce_lf($body);