aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xboot.php188
-rw-r--r--include/Import/Importer.php38
-rw-r--r--include/Import/refimport.php2
-rw-r--r--include/permissions.php166
-rw-r--r--include/security.php117
-rw-r--r--include/widgets.php158
6 files changed, 397 insertions, 272 deletions
diff --git a/boot.php b/boot.php
index 3fdaa55f0..8a212a11d 100755
--- a/boot.php
+++ b/boot.php
@@ -27,7 +27,6 @@
* documented.
*/
-
require_once('include/config.php');
require_once('include/network.php');
require_once('include/plugin.php');
@@ -570,7 +569,7 @@ define ( 'ITEM_RSS', 0x8000); // Item comes from a feed. Use this t
define ( 'DBTYPE_MYSQL', 0 );
define ( 'DBTYPE_POSTGRES', 1 );
-
+
/**
*
* Reverse the effect of magic_quotes_gpc if it is enabled.
@@ -614,10 +613,10 @@ function startup() {
}
/**
- *
* class: App
*
- * Our main application structure for the life of this page
+ * @brief Our main application structure for the life of this page.
+ *
* Primarily deals with the URL that got us here
* and tries to make some sense of it, and
* stores our page contents and config storage
@@ -683,11 +682,15 @@ class App {
public $force_max_items = 0;
public $theme_thread_allow = true;
- // An array for all theme-controllable parameters
- // Mostly unimplemented yet. Only options 'template_engine' and
- // beyond are used.
-
- private $theme = array(
+ /**
+ * @brief An array for all theme-controllable parameters
+ *
+ * Mostly unimplemented yet. Only options 'template_engine' and
+ * beyond are used.
+ *
+ * @var array
+ */
+ private $theme = array(
'sourcename' => '',
'videowidth' => 425,
'videoheight' => 350,
@@ -697,9 +700,17 @@ class App {
'template_engine' => 'smarty3',
);
- // array of registered template engines ('name'=>'class name')
+ /**
+ * array of registered template engines ('name'=>'class name')
+ *
+ * @var array
+ */
public $template_engines = array();
- // array of instanced template engines ('name'=>'instance')
+ /**
+ * array of instanced template engines ('name'=>'instance')
+ *
+ * @var array
+ */
public $template_engine_instance = array();
private $ldelim = array(
@@ -716,7 +727,9 @@ class App {
private $baseurl;
private $path;
-
+ /**
+ * App constructor.
+ */
function __construct() {
// we'll reset this after we read our config file
date_default_timezone_set('UTC');
@@ -759,8 +772,8 @@ class App {
set_include_path("include/$this->hostname" . PATH_SEPARATOR . get_include_path());
- if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'],0,2) === "q=") {
- $this->query_string = substr($_SERVER['QUERY_STRING'],2);
+ if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'], 0, 2) === "q=") {
+ $this->query_string = substr($_SERVER['QUERY_STRING'], 2);
// removing trailing / - maybe a nginx problem
if (substr($this->query_string, 0, 1) == "/")
$this->query_string = substr($this->query_string, 1);
@@ -770,8 +783,8 @@ class App {
// unix style "homedir"
- if(substr($this->cmd,0,1) === '~')
- $this->cmd = 'channel/' . substr($this->cmd,1);
+ if(substr($this->cmd, 0, 1) === '~')
+ $this->cmd = 'channel/' . substr($this->cmd, 1);
/**
@@ -855,7 +868,6 @@ class App {
}
function set_baseurl($url) {
-
if(is_array($this->config)
&& array_key_exists('system',$this->config)
&& is_array($this->config['system'])
@@ -888,7 +900,7 @@ class App {
}
function set_path($p) {
- $this->path = trim(trim($p),'/');
+ $this->path = trim(trim($p), '/');
}
function get_path() {
@@ -1030,6 +1042,7 @@ class App {
* return engine defined by theme, or default
*
* @param string $name Template engine name
+ *
* @return object Template Engine instance
*/
function template_engine($name = ''){
@@ -1056,6 +1069,11 @@ class App {
echo "template engine <tt>$template_engine</tt> is not registered!\n"; killme();
}
+ /**
+ * @brief Returns the active template engine.
+ *
+ * @return string
+ */
function get_template_engine() {
return $this->theme['template_engine'];
}
@@ -1097,9 +1115,13 @@ class App {
} // End App class
-// retrieve the App structure
-// useful in functions which require it but don't get it passed to them
-
+/**
+ * @brief Retrieve the App structure.
+ *
+ * Useful in functions which require it but don't get it passed to them
+ *
+ * @return App
+ */
function get_app() {
global $a;
return $a;
@@ -1117,7 +1139,8 @@ function get_app() {
*
* @param string|array $s variable to check
* @param string $k key inside the array to check
- * @return bool
+ *
+ * @return bool|int
*/
function x($s, $k = null) {
if($k != null) {
@@ -1167,24 +1190,43 @@ function z_path() {
return $base;
}
+/**
+ * @brief Returns the baseurl.
+ *
+ * @see App::get_baseurl()
+ *
+ * @return string
+ */
function z_root() {
global $a;
return $a->get_baseurl();
}
+/**
+ * @brief Return absolut URL for given $path.
+ *
+ * @param string $path
+ *
+ * @return string
+ */
function absurl($path) {
- if(strpos($path,'/') === 0)
+ if(strpos($path, '/') === 0)
return z_path() . $path;
return $path;
}
-function os_mkdir($path,$mode = 0777,$recursive = false) {
+function os_mkdir($path, $mode = 0777, $recursive = false) {
$oldumask = @umask(0);
@mkdir($path, $mode, $recursive);
@umask($oldumask);
}
+/**
+ * @brief Function to check if request was an AJAX (xmlhttprequest) request.
+ *
+ * @return boolean
+ */
function is_ajax() {
return (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
}
@@ -1332,11 +1374,11 @@ function check_config(&$a) {
else
$installed = array();
- $plugins = get_config('system','addon');
+ $plugins = get_config('system', 'addon');
$plugins_arr = array();
if($plugins)
- $plugins_arr = explode(',',str_replace(' ', '',$plugins));
+ $plugins_arr = explode(',', str_replace(' ', '', $plugins));
$a->plugins = $plugins_arr;
@@ -1344,7 +1386,7 @@ function check_config(&$a) {
if(count($installed)) {
foreach($installed as $i) {
- if(! in_array($i['name'],$plugins_arr)) {
+ if(! in_array($i['name'], $plugins_arr)) {
unload_plugin($i['name']);
}
else {
@@ -1355,7 +1397,7 @@ function check_config(&$a) {
if(count($plugins_arr)) {
foreach($plugins_arr as $p) {
- if(! in_array($p,$installed_arr)) {
+ if(! in_array($p, $installed_arr)) {
load_plugin($p);
}
}
@@ -1365,7 +1407,7 @@ function check_config(&$a) {
}
-function fix_system_urls($oldurl,$newurl) {
+function fix_system_urls($oldurl, $newurl) {
require_once('include/crypto.php');
@@ -1456,7 +1498,7 @@ function login($register = false, $form_id = 'main-login', $hiddens=false) {
$a = get_app();
$o = '';
$reg = false;
- $reglink = get_config('system','register_link');
+ $reglink = get_config('system', 'register_link');
if(! strlen($reglink))
$reglink = 'register';
@@ -1472,7 +1514,7 @@ function login($register = false, $form_id = 'main-login', $hiddens=false) {
$tpl = get_markup_template("logout.tpl");
}
else {
- $a->page['htmlhead'] .= replace_macros(get_markup_template("login_head.tpl"),array(
+ $a->page['htmlhead'] .= replace_macros(get_markup_template("login_head.tpl"), array(
'$baseurl' => $a->get_baseurl(true)
));
@@ -1501,16 +1543,17 @@ function login($register = false, $form_id = 'main-login', $hiddens=false) {
}
-// Used to end the current process, after saving session state.
-
+/**
+ * @brief Used to end the current process, after saving session state.
+ */
function killme() {
session_write_close();
exit;
}
-
-// redirect to another URL and terminate this process.
-
+/**
+ * @brief Redirect to another URL and terminate this process.
+ */
function goaway($s) {
header("Location: $s");
killme();
@@ -1532,7 +1575,7 @@ function get_account_id() {
}
/**
- * @brief Returns the entity id of locally logged in user or false.
+ * @brief Returns the entity id (channel_id) of locally logged in user or false.
*
* Returns authenticated numeric channel_id if authenticated and connected to
* a channel or 0. Sometimes referred to as $uid in the code.
@@ -1546,22 +1589,28 @@ function local_user() {
return false;
}
-
-// Returns contact id of authenticated site visitor or false
-
+/**
+ * @brief Returns contact id (visitor_id) of authenticated site visitor or false.
+ *
+ * @return int|bool visitor_id or false
+ */
function remote_user() {
- if((x($_SESSION,'authenticated')) && (x($_SESSION,'visitor_id')))
+ if((x($_SESSION, 'authenticated')) && (x($_SESSION, 'visitor_id')))
return $_SESSION['visitor_id'];
+
return false;
}
-
-// contents of $s are displayed prominently on the page the next time
-// a page is loaded. Usually used for errors or alerts.
-
+/**
+ * Contents of $s are displayed prominently on the page the next time
+ * a page is loaded. Usually used for errors or alerts.
+ *
+ * @param string $s Text to display
+ */
function notice($s) {
$a = get_app();
if(! x($_SESSION, 'sysmsg')) $_SESSION['sysmsg'] = array();
+
if($a->interactive) {
// shameless plug, permission is denied and they have no identity.
// There's a fairly good chance that they've not got zot.
@@ -1572,7 +1621,13 @@ function notice($s) {
}
}
-
+/**
+ * Contents of $s are displayed prominently on the page the next time a page is
+ * loaded. Usually used for information.
+ * For error and alerts use notice().
+ *
+ * @param string $s Text to display
+ */
function info($s) {
$a = get_app();
if(! x($_SESSION, 'sysmsg_info')) $_SESSION['sysmsg_info'] = array();
@@ -1736,13 +1791,19 @@ function current_theme(){
/**
- * Return full URL to theme which is currently in effect.
+ * @brief Return full URL to theme which is currently in effect.
+ *
* Provide a sane default if nothing is chosen or the specified theme does not exist.
+ *
+ * @param bool $installing default false
+ *
+ * @return string
*/
-
function current_theme_url($installing = false) {
global $a;
+
$t = current_theme();
+
$opts = '';
$opts = (($a->profile_uid) ? '?f=&puid=' . $a->profile_uid : '');
$opts .= ((x($a->layout,'schema')) ? '&schema=' . $a->layout['schema'] : '');
@@ -1761,10 +1822,12 @@ function current_theme_url($installing = false) {
*/
function is_site_admin() {
$a = get_app();
+
if((intval($_SESSION['authenticated']))
&& (is_array($a->account))
&& ($a->account['account_roles'] & ACCOUNT_ROLE_ADMIN))
return true;
+
return false;
}
@@ -1816,6 +1879,7 @@ function load_contact_links($uid) {
*
* @param array $params mapped array with query parameters
* @param string $name of parameter, default null
+ *
* @return string
*/
function build_querystring($params, $name = null) {
@@ -1857,6 +1921,11 @@ function dba_timer() {
return microtime(true);
}
+/**
+ * @brief Returns xchan_hash from the observer.
+ *
+ * @return string Empty if no observer, otherwise xchan_hash from observer
+ */
function get_observer_hash() {
$observer = get_app()->get_observer();
if(is_array($observer))
@@ -1892,6 +1961,7 @@ function curPageURL() {
*
* @param App $a global application object
* @param string $navname
+ *
* @return mixed
*/
function get_custom_nav(&$a, $navname) {
@@ -2043,12 +2113,20 @@ function construct_page(&$a) {
);
}
-
+/**
+ * @brief Returns RedMatrix's root directory.
+ *
+ * @return string
+ */
function appdirpath() {
return dirname(__FILE__);
}
-
+/**
+ * @brief Set a pageicon.
+ *
+ * @param string $icon
+ */
function head_set_icon($icon) {
global $a;
@@ -2056,6 +2134,11 @@ function head_set_icon($icon) {
// logger('head_set_icon: ' . $icon);
}
+/**
+ * @brief Get the pageicon.
+ *
+ * @return string absolut path to pageicon
+ */
function head_get_icon() {
global $a;
@@ -2066,6 +2149,11 @@ function head_get_icon() {
return $icon;
}
+/**
+ * @brief Return the Realm of the directory.
+ *
+ * @return string
+ */
function get_directory_realm() {
if($x = get_config('system', 'directory_realm'))
return $x;
diff --git a/include/Import/Importer.php b/include/Import/Importer.php
index c42344236..5e684cd8e 100644
--- a/include/Import/Importer.php
+++ b/include/Import/Importer.php
@@ -1,26 +1,28 @@
<?php /** @file */
-namespace Redmatrix\Import;
-
+namespace RedMatrix\Import;
+/**
+ * @brief Class Import
+ *
+ * @package RedMatrix\Import
+ */
class Import {
- $credentials = null;
- $itemlist = null;
- $src_items = null;
+ private $credentials = null;
- $items = null;
+ protected $itemlist = null;
+ protected $src_items = null;
+ protected $items = null;
function get_credentials() {
-
+ return $this->credentials;
}
function get_itemlist() {
-
-
+ return $this->itemlist;
}
-
function get_item_ident($item) {
}
@@ -43,19 +45,17 @@ class Import {
function convert_taxonomy($item_ident) {
-
}
function convert_child($child) {
}
- function store($item,$update = false) {
+ function store($item, $update = false) {
}
function run() {
-
$this->credentials = $this->get_credentials();
$this->itemlist = $this->get_itemlist();
if($this->itemlist) {
@@ -77,18 +77,6 @@ class Import {
}
$cnt ++;
}
-
-
-
-
}
-
-
-
-
-
-
}
-
-
} \ No newline at end of file
diff --git a/include/Import/refimport.php b/include/Import/refimport.php
index 4f2572660..181b2b398 100644
--- a/include/Import/refimport.php
+++ b/include/Import/refimport.php
@@ -13,8 +13,6 @@ require_once('include/hubloc.php');
// with a browser until all the posts had been imported.
-
-
define('REDMATRIX_IMPORTCHANNEL','mike');
define('REFLECT_EXPORTUSERNAME','mike');
define('REFLECT_BLOGNAME','Diary and Other Rantings');
diff --git a/include/permissions.php b/include/permissions.php
index b078de4d5..563d574db 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -1,6 +1,19 @@
-<?php /** @file */
-
+<?php
+/**
+ * @file incldue/permissions.php
+ *
+ * This file conntains functions to check and work with permissions.
+ */
+/**
+ * @brief Return an array with all available permissions.
+ *
+ * These are channel specific permissions.
+ * The list of available permissions can get manipulated by the <i>hook</i>
+ * <b>global_permissions</b>.
+ *
+ * @return array associative array containing all permissions
+ */
function get_perms() {
// thinking about making element[2] a bitmask instead of boolean so that we can provide a list of applicable selections
@@ -14,8 +27,8 @@ function get_perms() {
'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my default channel profile'), ''),
'view_photos' => array('channel_r_photos', intval(PERMS_R_PHOTOS), true, t('Can view my photo albums'), ''),
'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my connections'), ''),
- 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''),
- 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''),
+ 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''),
+ 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''),
// Write permissions
'send_stream' => array('channel_w_stream', intval(PERMS_W_STREAM), false, t('Can send me their channel stream and posts'), ''),
@@ -23,19 +36,20 @@ function get_perms() {
'post_comments' => array('channel_w_comment', intval(PERMS_W_COMMENT), false, t('Can comment on or like my posts'), ''),
'post_mail' => array('channel_w_mail', intval(PERMS_W_MAIL), false, t('Can send me private mail messages'), ''),
'post_photos' => array('channel_w_photos', intval(PERMS_W_PHOTOS), false, t('Can post photos to my photo albums'), ''),
- 'post_like' => array('channel_w_like', intval(PERMS_W_LIKE), false, t('Can like/dislike stuff'), t('Profiles and things other than posts/comments')),
+ 'post_like' => array('channel_w_like', intval(PERMS_W_LIKE), false, t('Can like/dislike stuff'), t('Profiles and things other than posts/comments')),
'tag_deliver' => array('channel_w_tagwall', intval(PERMS_W_TAGWALL), false, t('Can forward to all my channel contacts via post @mentions'), t('Advanced - useful for creating group forum channels')),
'chat' => array('channel_w_chat', intval(PERMS_W_CHAT), false, t('Can chat with me (when available)'), t('')),
- 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''),
- 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''),
+ 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''),
+ 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''),
- 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')),
+ 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')),
- 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')),
+ 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')),
);
$ret = array('global_permissions' => $global_perms);
- call_hooks('global_permissions',$ret);
+ call_hooks('global_permissions', $ret);
+
return $ret['global_permissions'];
}
@@ -43,13 +57,13 @@ function get_perms() {
/**
* get_all_perms($uid,$observer_xchan)
*
- * @param $uid : The channel_id associated with the resource owner
- * @param $observer_xchan: The xchan_hash representing the observer
+ * @param int $uid The channel_id associated with the resource owner
+ * @param string $observer_xchan The xchan_hash representing the observer
+ * @param bool $internal_use (default true)
*
- * @returns: array of all permissions, key is permission name, value is true or false
+ * @returns array of all permissions, key is permission name, value is true or false
*/
-
-function get_all_perms($uid,$observer_xchan,$internal_use = true) {
+function get_all_perms($uid, $observer_xchan, $internal_use = true) {
$global_perms = get_perms();
@@ -85,7 +99,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
continue;
}
-
// Next we're going to check for blocked or ignored contacts.
// These take priority over all other settings.
@@ -94,7 +107,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
$ret[$perm_name] = true;
continue;
}
-
+
if(! $abook_checked) {
$x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1",
@@ -105,7 +118,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
if(! $x) {
// not in address book, see if they've got an xchan
$y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
+ dbesc($observer_xchan)
);
}
@@ -113,7 +126,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
}
// If they're blocked - they can't read or write
-
+
if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) {
$ret[$perm_name] = false;
continue;
@@ -130,7 +143,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
// system is blocked to anybody who is not authenticated
- if((! $observer_xchan) && intval(get_config('system','block_public'))) {
+ if((! $observer_xchan) && intval(get_config('system', 'block_public'))) {
$ret[$perm_name] = false;
continue;
}
@@ -177,14 +190,14 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
$onsite_checked = true;
}
-
+
if($c)
$ret[$perm_name] = true;
else
$ret[$perm_name] = false;
continue;
- }
+ }
// From here on we require that the observer be a connection and
// handle whether we're allowing any, approved or specific ones
@@ -226,7 +239,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
$ret[$perm_name] = false;
continue;
-
}
$arr = array(
@@ -235,11 +247,23 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) {
'permissions' => $ret);
call_hooks('get_all_perms',$arr);
+
return $arr['permissions'];
}
-
-function perm_is_allowed($uid,$observer_xchan,$permission) {
+/**
+ * @brief Checks if given permission is allowed for given observer on a channel.
+ *
+ * Checks if the given observer with the hash $observer_xchan has permission
+ * $permission on channel_id $uid.
+ * $permission is one defined in get_perms();
+ *
+ * @param int $uid The channel_id associated with the resource owner
+ * @param string $observer_xchan The xchan_hash representing the observer
+ * @param string $permission
+ * @return bool true if permission is allowed for observer on channel
+ */
+function perm_is_allowed($uid, $observer_xchan, $permission) {
$arr = array(
'channel_id' => $uid,
@@ -247,7 +271,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
'permission' => $permission,
'result' => false);
- call_hooks('perm_is_allowed',$arr);
+ call_hooks('perm_is_allowed', $arr);
if($arr['result'])
return true;
@@ -279,21 +303,21 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED))
return false;
-
+
if(($x) && (! $global_perms[$permission][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED))
return false;
if(! $x) {
// not in address book, see if they've got an xchan
$y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
+ dbesc($observer_xchan)
);
}
}
// system is blocked to anybody who is not authenticated
- if((! $observer_xchan) && intval(get_config('system','block_public')))
+ if((! $observer_xchan) && intval(get_config('system', 'block_public')))
return false;
// Check if this $uid is actually the $observer_xchan
@@ -301,7 +325,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
if($r[0]['channel_hash'] === $observer_xchan)
return true;
-
if($r[0][$channel_perm] & PERMS_PUBLIC)
return true;
@@ -326,6 +349,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
);
if($c)
return true;
+
return false;
}
@@ -361,25 +385,32 @@ function perm_is_allowed($uid,$observer_xchan,$permission) {
// No permissions allowed.
- return false;
+ return false;
}
// Check a simple array of observers against a permissions
// return a simple array of those with permission
-function check_list_permissions($uid,$arr,$perm) {
+function check_list_permissions($uid, $arr, $perm) {
$result = array();
if($arr)
foreach($arr as $x)
- if(perm_is_allowed($uid,$x,$perm))
+ if(perm_is_allowed($uid, $x, $perm))
$result[] = $x;
+
return($result);
}
-
+/**
+ * @brief Sets site wide default permissions.
+ *
+ * @return array
+ */
function site_default_perms() {
+ $ret = array();
+
$typical = array(
'view_stream' => PERMS_PUBLIC,
'view_profile' => PERMS_PUBLIC,
@@ -401,14 +432,14 @@ function site_default_perms() {
);
$global_perms = get_perms();
- $ret = array();
foreach($global_perms as $perm => $v) {
- $x = get_config('default_perms',$perm);
+ $x = get_config('default_perms', $perm);
if($x === false)
$x = $typical[$perm];
$ret[$perm] = $x;
}
+
return $ret;
}
@@ -449,7 +480,7 @@ function get_role_perms($role) {
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
$ret['channel_r_stream'] = PERMS_PUBLIC;
$ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_photos'] = PERMS_PUBLIC;
+ $ret['channel_r_photos'] = PERMS_PUBLIC;
$ret['channel_r_abook'] = PERMS_PUBLIC;
$ret['channel_w_stream'] = PERMS_CONTACTS;
$ret['channel_w_wall'] = PERMS_CONTACTS;
@@ -465,9 +496,8 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = 0;
$ret['channel_a_republish'] = PERMS_SPECIFIC;
$ret['channel_w_like'] = PERMS_NETWORK;
-
- break;
+ break;
case 'social_restricted':
$ret['perms_auto'] = false;
@@ -482,7 +512,7 @@ function get_role_perms($role) {
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
$ret['channel_r_stream'] = PERMS_PUBLIC;
$ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_photos'] = PERMS_PUBLIC;
+ $ret['channel_r_photos'] = PERMS_PUBLIC;
$ret['channel_r_abook'] = PERMS_PUBLIC;
$ret['channel_w_stream'] = PERMS_CONTACTS;
$ret['channel_w_wall'] = PERMS_CONTACTS;
@@ -498,9 +528,8 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = 0;
$ret['channel_a_republish'] = PERMS_SPECIFIC;
$ret['channel_w_like'] = PERMS_CONTACTS;
-
- break;
+ break;
case 'social_private':
$ret['perms_auto'] = false;
@@ -515,7 +544,7 @@ function get_role_perms($role) {
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
$ret['channel_r_stream'] = PERMS_PUBLIC;
$ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_photos'] = PERMS_PUBLIC;
+ $ret['channel_r_photos'] = PERMS_PUBLIC;
$ret['channel_r_abook'] = PERMS_CONTACTS;
$ret['channel_w_stream'] = PERMS_CONTACTS;
$ret['channel_w_wall'] = PERMS_CONTACTS;
@@ -531,7 +560,7 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = 0;
$ret['channel_a_republish'] = PERMS_SPECIFIC;
$ret['channel_w_like'] = PERMS_CONTACTS;
-
+
break;
case 'forum':
@@ -547,7 +576,7 @@ function get_role_perms($role) {
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL;
$ret['channel_r_stream'] = PERMS_PUBLIC;
$ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_photos'] = PERMS_PUBLIC;
+ $ret['channel_r_photos'] = PERMS_PUBLIC;
$ret['channel_r_abook'] = PERMS_PUBLIC;
$ret['channel_w_stream'] = 0;
$ret['channel_w_wall'] = PERMS_CONTACTS;
@@ -563,7 +592,7 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = 0;
$ret['channel_a_republish'] = PERMS_SPECIFIC;
$ret['channel_w_like'] = PERMS_NETWORK;
-
+
break;
case 'forum_restricted':
@@ -579,7 +608,7 @@ function get_role_perms($role) {
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL;
$ret['channel_r_stream'] = PERMS_PUBLIC;
$ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_photos'] = PERMS_PUBLIC;
+ $ret['channel_r_photos'] = PERMS_PUBLIC;
$ret['channel_r_abook'] = PERMS_PUBLIC;
$ret['channel_w_stream'] = 0;
$ret['channel_w_wall'] = PERMS_CONTACTS;
@@ -595,9 +624,8 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = 0;
$ret['channel_a_republish'] = PERMS_SPECIFIC;
$ret['channel_w_like'] = PERMS_CONTACTS;
-
- break;
+ break;
case 'forum_private':
$ret['perms_auto'] = false;
@@ -612,7 +640,7 @@ function get_role_perms($role) {
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
$ret['channel_r_stream'] = PERMS_PUBLIC;
$ret['channel_r_profile'] = PERMS_CONTACTS;
- $ret['channel_r_photos'] = PERMS_CONTACTS;
+ $ret['channel_r_photos'] = PERMS_CONTACTS;
$ret['channel_r_abook'] = PERMS_CONTACTS;
$ret['channel_w_stream'] = 0;
$ret['channel_w_wall'] = PERMS_CONTACTS;
@@ -628,7 +656,7 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = 0;
$ret['channel_a_republish'] = PERMS_SPECIFIC;
$ret['channel_w_like'] = PERMS_CONTACTS;
-
+
break;
case 'feed':
@@ -644,7 +672,7 @@ function get_role_perms($role) {
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
$ret['channel_r_stream'] = PERMS_PUBLIC;
$ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_photos'] = PERMS_PUBLIC;
+ $ret['channel_r_photos'] = PERMS_PUBLIC;
$ret['channel_r_abook'] = PERMS_PUBLIC;
$ret['channel_w_stream'] = PERMS_CONTACTS;
$ret['channel_w_wall'] = PERMS_CONTACTS;
@@ -660,11 +688,10 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = 0;
$ret['channel_a_republish'] = PERMS_NETWORK;
$ret['channel_w_like'] = PERMS_NETWORK;
-
+
break;
case 'feed_restricted':
-
$ret['perms_auto'] = false;
$ret['default_collection'] = true;
$ret['directory_publish'] = false;
@@ -677,7 +704,7 @@ function get_role_perms($role) {
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE;
$ret['channel_r_stream'] = PERMS_PUBLIC;
$ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_photos'] = PERMS_PUBLIC;
+ $ret['channel_r_photos'] = PERMS_PUBLIC;
$ret['channel_r_abook'] = PERMS_PUBLIC;
$ret['channel_w_stream'] = PERMS_CONTACTS;
$ret['channel_w_wall'] = PERMS_CONTACTS;
@@ -693,7 +720,7 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = 0;
$ret['channel_a_republish'] = PERMS_SPECIFIC;
$ret['channel_w_like'] = PERMS_NETWORK;
-
+
break;
case 'soapbox':
@@ -707,7 +734,7 @@ function get_role_perms($role) {
|PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE;
$ret['channel_r_stream'] = PERMS_PUBLIC;
$ret['channel_r_profile'] = PERMS_PUBLIC;
- $ret['channel_r_photos'] = PERMS_PUBLIC;
+ $ret['channel_r_photos'] = PERMS_PUBLIC;
$ret['channel_r_abook'] = PERMS_PUBLIC;
$ret['channel_w_stream'] = 0;
$ret['channel_w_wall'] = 0;
@@ -723,7 +750,7 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = 0;
$ret['channel_a_republish'] = PERMS_SPECIFIC;
$ret['channel_w_like'] = PERMS_NETWORK;
-
+
break;
case 'repository':
@@ -755,14 +782,11 @@ function get_role_perms($role) {
$ret['channel_w_pages'] = PERMS_CONTACTS;
$ret['channel_a_republish'] = PERMS_SPECIFIC;
$ret['channel_w_like'] = PERMS_NETWORK;
-
- break;
-
+ break;
default:
break;
-
}
$x = get_config('system','role_perms');
@@ -775,7 +799,12 @@ function get_role_perms($role) {
return $ret;
}
-
+/**
+ * @brief Creates a HTML select field with all available roles.
+ *
+ * @param string $current The current role
+ * @return string Returns the complete HTML code for this privacy-role-select field.
+ */
function role_selector($current) {
if(! $current)
@@ -792,16 +821,17 @@ function role_selector($current) {
array('soapbox' => t('Celebrity/Soapbox'), 'repository' => t('Group Repository'))),
'other' => array( t('Other'),
array('custom' => t('Custom/Expert Mode'))));
+
$o = '<select name="permissions_role" id="privacy-role-select">';
foreach($roles as $k => $v) {
- $o .= '<optgroup label="'. htmlspecialchars($v[0]) . '" >';
+ $o .= '<optgroup label="'. htmlspecialchars($v[0]) . '">';
foreach($v[1] as $kk => $vv) {
- $selected = (($kk === $current) ? ' selected="selected" ' : '');
- $o .= '<option value="' . $kk . '" ' . $selected . '>' . htmlspecialchars($vv) . '</option>';
+ $selected = (($kk === $current) ? ' selected="selected"' : '');
+ $o .= '<option value="' . $kk . '"' . $selected . '>' . htmlspecialchars($vv) . '</option>';
}
$o .= '</optgroup>';
}
$o .= '</select>';
- return $o;
-}
+ return $o;
+}
diff --git a/include/security.php b/include/security.php
index 8066a76f6..ca5411bde 100644
--- a/include/security.php
+++ b/include/security.php
@@ -1,12 +1,24 @@
-<?php /** @file */
-
-function authenticate_success($user_record, $login_initial = false, $interactive = false,$return = false,$update_lastlog = false) {
+<?php
+/**
+ * @file include/security.php
+ *
+ * Some security related functions.
+ */
+
+/**
+ * @param int $user_record The account_id
+ * @param bool $login_initial default false
+ * @param bool $interactive default false
+ * @param bool $return
+ * @param bool $update_lastlog
+ */
+function authenticate_success($user_record, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) {
$a = get_app();
$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
- if(x($user_record,'account_id')) {
+ if(x($user_record, 'account_id')) {
$a->account = $user_record;
$_SESSION['account_id'] = $user_record['account_id'];
$_SESSION['authenticated'] = 1;
@@ -39,7 +51,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
// might want to log success here
}
- if($return || x($_SESSION,'workflow')) {
+ if($return || x($_SESSION, 'workflow')) {
unset($_SESSION['workflow']);
return;
}
@@ -70,7 +82,13 @@ function authenticate_success($user_record, $login_initial = false, $interactive
/* else just return */
}
-
+/**
+ * @brief Change to another channel with current logged-in account.
+ *
+ * @param int $change_channel The channel_id of the channel you want to change to
+ *
+ * @return bool|array false or channel record of the new channel
+ */
function change_channel($change_channel) {
$ret = false;
@@ -83,17 +101,17 @@ function change_channel($change_channel) {
);
// It's not there. Is this an administrator, and is this the sys channel?
- if (is_developer()) {
- if (! $r) {
- if (is_site_admin()) {
- $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1",
- intval($change_channel),
- intval(PAGE_SYSTEM),
- intval(PAGE_REMOVED)
- );
+ if (is_developer()) {
+ if (! $r) {
+ if (is_site_admin()) {
+ $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1",
+ intval($change_channel),
+ intval(PAGE_SYSTEM),
+ intval(PAGE_REMOVED)
+ );
+ }
}
}
- }
if($r) {
$hash = $r[0]['channel_hash'];
@@ -109,23 +127,28 @@ function change_channel($change_channel) {
);
if($x) {
$_SESSION['my_url'] = $x[0]['xchan_url'];
- $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(),strpos(get_app()->get_baseurl(),'://')+3);
+ $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(), strpos(get_app()->get_baseurl(), '://') + 3);
get_app()->set_observer($x[0]);
- get_app()->set_perms(get_all_perms(local_user(),$hash));
+ get_app()->set_perms(get_all_perms(local_user(), $hash));
}
if(! is_dir('store/' . $r[0]['channel_address']))
@os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS,true);
-
}
return $ret;
-
}
-
-
-function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
+/**
+ * @brief Creates an addiontal SQL where statement to check permissions.
+ *
+ * @param int $owner_id
+ * @param bool $remote_verified default false, not used at all
+ * @param string $groups this param is not used at all
+ *
+ * @return string additional SQL where statement
+ */
+function permissions_sql($owner_id, $remote_verified = false, $groups = null) {
if(defined('STATUSNET_PRIVACY_COMPATIBILITY'))
return '';
@@ -142,8 +165,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
$sql = " AND allow_cid = ''
AND allow_gid = ''
AND deny_cid = ''
- AND deny_gid = ''
-
+ AND deny_gid = ''
";
/**
@@ -162,7 +184,6 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
* done this and passed the groups into this function.
*/
-
else {
$observer = get_observer_hash();
if($observer) {
@@ -191,7 +212,16 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
return $sql;
}
-function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) {
+/**
+ * @brief Creates an addiontal SQL where statement to check permissions for an item.
+ *
+ * @param int $owner_id
+ * @param bool $remote_verified default false, not used at all
+ * @param string $groups this param is not used at all
+ *
+ * @return string additional SQL where statement
+ */
+function item_permissions_sql($owner_id, $remote_verified = false, $groups = null) {
if(defined('STATUSNET_PRIVACY_COMPATIBILITY'))
return '';
@@ -206,7 +236,6 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
*/
$sql = " AND item_private=0 ";
-
/**
* Profile owner - everything is visible
@@ -224,7 +253,6 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
* done this and passed the groups into this function.
*/
-
else {
$observer = get_observer_hash();
@@ -250,12 +278,18 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
);
}
}
+
return $sql;
}
+/**
+ * @param string $observer_hash
+ *
+ * @return string additional SQL where statement
+ */
function public_permissions_sql($observer_hash) {
- $observer = get_app()->get_observer();
+ //$observer = get_app()->get_observer();
$groups = init_groups_visitor($observer_hash);
$gs = '<<>>'; // should be impossible to match
@@ -263,7 +297,7 @@ function public_permissions_sql($observer_hash) {
if(is_array($groups) && count($groups)) {
foreach($groups as $g)
$gs .= '|<' . $g . '>';
- }
+ }
$sql = '';
if($observer_hash) {
$regexop = db_getfunc('REGEXP');
@@ -341,11 +375,11 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f
}
}
+
// Returns an array of group id's this contact is a member of.
// This array will only contain group id's related to the uid of this
// DFRN contact. They are *not* neccessarily unique across the entire site.
-
if(! function_exists('init_groups_visitor')) {
function init_groups_visitor($contact_id) {
$groups = array();
@@ -361,8 +395,6 @@ function init_groups_visitor($contact_id) {
-
-
// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the
// public_timeline, and we can use this in a community page by making
// $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in.
@@ -382,19 +414,22 @@ function stream_perms_api_uids($perms = NULL ) {
intval($perms),
intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED)
);
- if($r)
+ if($r) {
foreach($r as $rr)
- if(! in_array($rr['channel_id'],$ret))
+ if(! in_array($rr['channel_id'], $ret))
$ret[] = $rr['channel_id'];
+ }
$str = '';
- if($ret)
+ if($ret) {
foreach($ret as $rr) {
if($str)
$str .= ',';
$str .= intval($rr);
}
+ }
logger('stream_perms_api_uids: ' . $str, LOGGER_DEBUG);
+
return $str;
}
@@ -409,19 +444,21 @@ function stream_perms_xchans($perms = NULL ) {
intval($perms),
intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED)
);
- if($r)
+ if($r) {
foreach($r as $rr)
- if(! in_array($rr['channel_hash'],$ret))
+ if(! in_array($rr['channel_hash'], $ret))
$ret[] = $rr['channel_hash'];
+ }
$str = '';
- if($ret)
+ if($ret) {
foreach($ret as $rr) {
if($str)
$str .= ',';
$str .= "'" . dbesc($rr) . "'";
}
+ }
logger('stream_perms_xchans: ' . $str, LOGGER_DEBUG);
+
return $str;
}
-
diff --git a/include/widgets.php b/include/widgets.php
index e686fd5bd..b13be4922 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -1,4 +1,9 @@
-<?php /** @file */
+<?php
+/**
+ * @file include/widgets.php
+ *
+ * @brief This file contains the widgets.
+ */
require_once('include/dir_fns.php');
require_once('include/contact_widgets.php');
@@ -6,7 +11,7 @@ require_once('include/contact_widgets.php');
function widget_profile($args) {
$a = get_app();
- $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false);
+ $block = (((get_config('system', 'block_public')) && (! local_user()) && (! remote_user())) ? true : false);
return profile_sidebar($a->profile, $block, true);
}
@@ -16,14 +21,15 @@ function widget_profile($args) {
function widget_tagcloud($args) {
$o = '';
- $tab = 0;
+ //$tab = 0;
$a = get_app();
$uid = $a->profile_uid;
$count = ((x($args,'count')) ? intval($args['count']) : 24);
$flags = 0;
$type = TERM_CATEGORY;
- $r = tagadelic($uid,$count,$authors,$flags,ITEM_WEBPAGE,$type);
+ // FIXME there exists no $authors variable
+ $r = tagadelic($uid, $count, $authors, $flags, ITEM_WEBPAGE, $type);
if($r) {
$o = '<div class="tagblock widget"><h3>' . t('Categories') . '</h3><div class="tags" align="center">';
@@ -75,9 +81,8 @@ function widget_collections($args) {
return '';
break;
}
-
- return group_side($every, $each, $edit, $current, $abook_id, $wmode);
+ return group_side($every, $each, $edit, $current, $abook_id, $wmode);
}
@@ -93,7 +98,6 @@ function widget_appselect($arr) {
}
-
function widget_suggestions($arr) {
if((! local_user()) || (! feature_enabled(local_user(),'suggest')))
@@ -114,16 +118,13 @@ function widget_suggestions($arr) {
// This will throw some entropy intot he situation so you won't
// be looking at the same two mug shots every time the widget runs
-
$index = ((count($r) > 2) ? mt_rand(0,count($r) - 2) : 0);
-
for($x = $index; $x <= ($index+1); $x ++) {
-
$rr = $r[$x];
if(! $rr['xchan_url'])
break;
-
+
$connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr'];
$arr[] = array(
@@ -138,7 +139,6 @@ function widget_suggestions($arr) {
);
}
-
$o = replace_macros(get_markup_template('suggest_widget.tpl'),array(
'$title' => t('Suggestions'),
'$more' => t('See more...'),
@@ -146,13 +146,13 @@ function widget_suggestions($arr) {
));
return $o;
-
}
function widget_follow($args) {
if(! local_user())
return '';
+
$a = get_app();
$uid =$a->channel['channel_id'];
$r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ",
@@ -163,10 +163,10 @@ function widget_follow($args) {
$total_channels = $r[0]['total'];
$limit = service_class_fetch($uid,'total_channels');
if($limit !== false) {
- $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit);
+ $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit);
}
else {
- $abook_usage_message = '';
+ $abook_usage_message = '';
}
return replace_macros(get_markup_template('follow.tpl'),array(
'$connect' => t('Add New Connection'),
@@ -175,7 +175,6 @@ function widget_follow($args) {
'$follow' => t('Connect'),
'$abook_usage_message' => $abook_usage_message
));
-
}
@@ -192,6 +191,7 @@ function widget_notes($arr) {
'$text' => $text,
'$save' => t('Save'),
));
+
return $o;
}
@@ -228,8 +228,6 @@ function widget_savedsearch($arr) {
$search = '';
}
-
-
$srchurl = $a->query_string;
$srchurl = rtrim(preg_replace('/searchsave\=[^\&].*?(\&|$)/is','',$srchurl),'&');
@@ -240,7 +238,7 @@ function widget_savedsearch($arr) {
$srchurl = rtrim(preg_replace('/search\=[^\&].*?(\&|$)/is','',$srchurl),'&');
$srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl);
$hasq = ((strpos($srchurl,'?') !== false) ? true : false);
-
+
$o = '';
$r = q("select `tid`,`term` from `term` WHERE `uid` = %d and `type` = %d ",
@@ -252,31 +250,28 @@ function widget_savedsearch($arr) {
if(count($r)) {
foreach($r as $rr) {
-
$saved[] = array(
'id' => $rr['tid'],
- 'term' => $rr['term'],
+ 'term' => $rr['term'],
'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&amp;searchremove=1&amp;search=' . urlencode($rr['term']),
'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&amp;search=' . urlencode($rr['term']),
'displayterm' => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'),
- 'encodedterm' => urlencode($rr['term']),
- 'delete' => t('Remove term'),
- 'selected' => ($search==$rr['term']),
+ 'encodedterm' => urlencode($rr['term']),
+ 'delete' => t('Remove term'),
+ 'selected' => ($search==$rr['term']),
);
}
- }
+ }
-
$tpl = get_markup_template("saved_searches.tpl");
$o = replace_macros($tpl, array(
'$title' => t('Saved Searches'),
'$add' => t('add'),
- '$searchbox' => searchbox($search,'netsearch-box',$srchurl . (($hasq) ? '' : '?f='),true),
+ '$searchbox' => searchbox($search, 'netsearch-box', $srchurl . (($hasq) ? '' : '?f='), true),
'$saved' => $saved,
));
return $o;
-
}
@@ -306,7 +301,6 @@ function widget_filer($arr) {
'$all' => t('Everything'),
'$terms' => $terms,
'$base' => z_root() . '/' . $a->cmd
-
));
}
@@ -327,7 +321,6 @@ function widget_archive($arr) {
if(! perm_is_allowed($uid,get_observer_hash(),'view_stream'))
return '';
-
$wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0);
$style = ((array_key_exists('style', $arr)) ? $arr['style'] : 'select');
$showend = ((get_pconfig($uid,'system','archive_show_end_date')) ? true : false);
@@ -336,10 +329,8 @@ function widget_archive($arr) {
if(! $visible_years)
$visible_years = 5;
-
$url = z_root() . '/' . $a->cmd;
-
$ret = list_post_dates($uid,$wall,$mindate);
if(! count($ret))
@@ -367,7 +358,7 @@ function widget_fullprofile($arr) {
if(! $a->profile['profile_uid'])
return;
- $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false);
+ $block = (((get_config('system', 'block_public')) && (! local_user()) && (! remote_user())) ? true : false);
return profile_sidebar($a->profile, $block);
}
@@ -375,41 +366,43 @@ function widget_fullprofile($arr) {
function widget_categories($arr) {
$a = get_app();
-
if($a->profile['profile_uid'] && (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')))
return '';
-
$cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : '');
$srchurl = $a->query_string;
$srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&');
$srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl);
- return categories_widget($srchurl,$cat);
+ return categories_widget($srchurl, $cat);
}
function widget_tagcloud_wall($arr) {
$a = get_app();
+
if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash']))
return '';
- if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream'))
+ if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream'))
return '';
- $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50);
- if(feature_enabled($a->profile['profile_uid'],'tagadelic'))
- return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL);
+ $limit = ((array_key_exists('limit', $arr)) ? intval($arr['limit']) : 50);
+ if(feature_enabled($a->profile['profile_uid'], 'tagadelic'))
+ return tagblock('search', $a->profile['profile_uid'], $limit, $a->profile['channel_hash'], ITEM_WALL);
+
return '';
}
+
function widget_catcloud_wall($arr) {
$a = get_app();
+
if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash']))
return '';
- if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream'))
+ if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream'))
return '';
$limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50);
- return catblock($a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL);
- return '';
+
+ return catblock($a->profile['profile_uid'], $limit, $a->profile['channel_hash'], ITEM_WALL);
}
@@ -438,6 +431,7 @@ function widget_affinity($arr) {
call_hooks('main_slider',$arr);
return $arr['html'];
}
+
return '';
}
@@ -463,20 +457,19 @@ function widget_settings_menu($arr) {
if($abk)
$abook_self_id = $abk[0]['abook_id'];
-
$tabs = array(
array(
'label' => t('Account settings'),
'url' => $a->get_baseurl(true).'/settings/account',
'selected' => ((argv(1) === 'account') ? 'active' : ''),
),
-
+
array(
'label' => t('Channel settings'),
'url' => $a->get_baseurl(true).'/settings/channel',
'selected' => ((argv(1) === 'channel') ? 'active' : ''),
),
-
+
array(
'label' => t('Additional features'),
'url' => $a->get_baseurl(true).'/settings/features',
@@ -494,7 +487,7 @@ function widget_settings_menu($arr) {
'url' => $a->get_baseurl(true).'/settings/display',
'selected' => ((argv(1) === 'display') ? 'active' : ''),
),
-
+
array(
'label' => t('Connected apps'),
'url' => $a->get_baseurl(true) . '/settings/oauth',
@@ -512,7 +505,6 @@ function widget_settings_menu($arr) {
'url' => $a->get_baseurl(true) . '/uexport/complete',
'selected' => ''
),
-
);
if($role === false || $role === 'custom') {
@@ -529,7 +521,6 @@ function widget_settings_menu($arr) {
'url' => $a->get_baseurl(true) . '/connect/' . $channel['channel_address'],
'selected' => ''
);
-
}
if(feature_enabled(local_user(),'channel_sources')) {
@@ -538,18 +529,14 @@ function widget_settings_menu($arr) {
'url' => $a->get_baseurl(true) . '/sources',
'selected' => ''
);
-
}
-
-
$tabtpl = get_markup_template("generic_links_widget.tpl");
return replace_macros($tabtpl, array(
'$title' => t('Settings'),
'$class' => 'settings-widget',
'$items' => $tabs,
));
-
}
@@ -560,9 +547,7 @@ function widget_mailmenu($arr) {
$a = get_app();
return replace_macros(get_markup_template('message_side.tpl'), array(
'$title' => t('Messages'),
-
'$tabs'=> array(),
-
'$check'=>array(
'label' => t('Check Mail'),
'url' => $a->get_baseurl(true) . '/message',
@@ -573,9 +558,7 @@ function widget_mailmenu($arr) {
'url' => $a->get_baseurl(true) . '/mail/new',
'sel'=> (argv(1) == 'new'),
)
-
));
-
}
function widget_design_tools($arr) {
@@ -586,7 +569,7 @@ function widget_design_tools($arr) {
if($a->profile['profile_uid'])
if(($a->profile['profile_uid'] != local_user()) && (! $a->is_sys))
- return '';
+ return '';
if(! local_user())
return '';
@@ -601,24 +584,25 @@ function widget_findpeople($arr) {
function widget_photo_albums($arr) {
$a = get_app();
+
if(! $a->profile['profile_uid'])
return '';
$channelx = channelx_by_n($a->profile['profile_uid']);
- if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_photos')))
+ if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_photos')))
return '';
require_once('include/photos.php');
- return photos_album_widget($channelx,$a->get_observer());
+ return photos_album_widget($channelx, $a->get_observer());
}
function widget_vcard($arr) {
require_once ('include/Contact.php');
- return vcard_from_xchan('',get_app()->get_observer());
+ return vcard_from_xchan('', get_app()->get_observer());
}
-/**
+/*
* The following directory widgets are only useful on the directory page
*/
@@ -631,21 +615,23 @@ function widget_dirsort($arr) {
}
function widget_dirtags($arr) {
- return dir_tagblock(z_root() . '/directory',null);
+ return dir_tagblock(z_root() . '/directory', null);
}
function widget_menu_preview($arr) {
if(! get_app()->data['menu_item'])
return;
require_once('include/menu.php');
+
return menu_render(get_app()->data['menu_item']);
}
function widget_chatroom_list($arr) {
$a = get_app();
+
require_once("include/chat.php");
$r = chatroom_list($a->profile['profile_uid']);
- return replace_macros(get_markup_template('chatroomlist.tpl'),array(
+ return replace_macros(get_markup_template('chatroomlist.tpl'), array(
'$header' => t('Chat Rooms'),
'$baseurl' => z_root(),
'$nickname' => $a->profile['channel_address'],
@@ -658,7 +644,7 @@ function widget_bookmarkedchats($arr) {
if(! $h)
return;
$r = q("select * from xchat where xchat_xchan = '%s' group by xchat_url order by xchat_desc",
- dbesc($h)
+ dbesc($h)
);
if($r) {
for($x = 0; $x < count($r); $x ++) {
@@ -692,17 +678,17 @@ function widget_suggestedchats($arr) {
}
function widget_item($arr) {
+ // FIXME there is no $a here
$uid = $a->profile['profile_uid'];
if((! $uid) || (! $arr['mid']))
return '';
- if(! perm_is_allowed($uid,get_observer_hash(),'view_pages'))
+ if(! perm_is_allowed($uid, get_observer_hash(), 'view_pages'))
return '';
require_once('include/security.php');
$sql_extra = item_permissions_sql($uid);
-
$r = q("select * from item where mid = '%s' and uid = %d and item_restrict = " . intval(ITEM_WEBPAGE) . " $sql_extra limit 1",
dbesc($arr['mid']),
intval($uid)
@@ -712,11 +698,10 @@ function widget_item($arr) {
return '';
xchan_query($r);
- $r = fetch_post_tags($r,true);
+ $r = fetch_post_tags($r, true);
- $o .= prepare_page($r[0]);
+ $o = prepare_page($r[0]);
return $o;
-
}
function widget_clock($arr) {
@@ -786,18 +771,17 @@ return $o;
* URL must be an http or https URL
*/
-
function widget_photo($arr) {
$style = $zrl = false;
- $params = '';
- if(array_key_exists('src',$arr) && isset($arr['src']))
+
+ if(array_key_exists('src', $arr) && isset($arr['src']))
$url = $arr['src'];
if(strpos($url,'http') !== 0)
return '';
- if(array_key_exists('style',$arr) && isset($arr['style']))
+ if(array_key_exists('style', $arr) && isset($arr['style']))
$style = $arr['style'];
// ensure they can't sneak in an eval(js) function
@@ -805,7 +789,7 @@ function widget_photo($arr) {
if(strpos($style,'(') !== false)
return '';
- if(array_key_exists('zrl',$arr) && isset($arr['zrl']))
+ if(array_key_exists('zrl', $arr) && isset($arr['zrl']))
$zrl = (($arr['zrl']) ? true : false);
if($zrl)
@@ -815,7 +799,7 @@ function widget_photo($arr) {
$o .= '<img ' . (($zrl) ? ' class="zrl" ' : '')
. (($style) ? ' style="' . $style . '"' : '')
- . ' src="' . $url . '" alt="' . t('photo/image') . '" />';
+ . ' src="' . $url . '" alt="' . t('photo/image') . '">';
$o .= '</div>';
@@ -826,15 +810,15 @@ function widget_photo($arr) {
function widget_photo_rand($arr) {
require_once('include/photos.php');
- $style = $zrl = false;
- $params = '';
- if(array_key_exists('album',$arr) && isset($arr['album']))
+ $style = false;
+
+ if(array_key_exists('album', $arr) && isset($arr['album']))
$album = $arr['album'];
else
$album = '';
$channel_id = 0;
- if(array_key_exists('channel_id',$arr) && intval($arr['channel_id']))
+ if(array_key_exists('channel_id', $arr) && intval($arr['channel_id']))
$channel_id = intval($arr['channel_id']);
if(! $channel_id)
$channel_id = get_app()->profile_uid;
@@ -844,7 +828,7 @@ function widget_photo_rand($arr) {
$scale = ((array_key_exists('scale',$arr)) ? intval($arr['scale']) : 0);
$ret = photos_list_photos(array('channel_id' => $channel_id),get_app()->get_observer(),$album);
-
+
$filtered = array();
if($ret['success'] && $ret['photos'])
foreach($ret['photos'] as $p)
@@ -852,14 +836,14 @@ function widget_photo_rand($arr) {
$filtered[] = $p['src'];
if($filtered) {
- $e = mt_rand(0,count($filtered)-1);
+ $e = mt_rand(0, count($filtered) - 1);
$url = $filtered[$e];
}
- if(strpos($url,'http') !== 0)
+ if(strpos($url, 'http') !== 0)
return '';
- if(array_key_exists('style',$arr) && isset($arr['style']))
+ if(array_key_exists('style', $arr) && isset($arr['style']))
$style = $arr['style'];
// ensure they can't sneak in an eval(js) function
@@ -873,7 +857,7 @@ function widget_photo_rand($arr) {
$o .= '<img class="zrl" '
. (($style) ? ' style="' . $style . '"' : '')
- . ' src="' . $url . '" alt="' . t('photo/image') . '" />';
+ . ' src="' . $url . '" alt="' . t('photo/image') . '">';
$o .= '</div>';
@@ -913,10 +897,10 @@ function widget_random_block($arr) {
$o = '<div class="widget bblock">';
if($r[0]['title'])
$o .= '<h3>' . $r[0]['title'] . '</h3>';
+
$o .= prepare_text($r[0]['body'],$r[0]['mimetype']);
$o .= '</div>';
-
}
- return $o;
+ return $o;
}