diff options
-rw-r--r-- | Zotlabs/Module/Cover_photo.php | 1 | ||||
-rw-r--r-- | Zotlabs/Module/Import.php | 61 | ||||
-rw-r--r-- | Zotlabs/Module/Photo.php | 70 | ||||
-rw-r--r-- | Zotlabs/Module/Profile_photo.php | 1 | ||||
-rw-r--r-- | include/attach.php | 39 | ||||
-rw-r--r-- | include/connections.php | 2 | ||||
-rwxr-xr-x | include/dba/dba_driver.php | 25 | ||||
-rw-r--r-- | include/import.php | 7 | ||||
-rw-r--r-- | include/network.php | 11 | ||||
-rw-r--r-- | view/css/mod_import.css | 37 | ||||
-rwxr-xr-x | view/tpl/channel_import.tpl | 61 | ||||
-rwxr-xr-x | view/tpl/cover_photo.tpl | 3 | ||||
-rwxr-xr-x | view/tpl/profile_photo.tpl | 4 |
13 files changed, 173 insertions, 149 deletions
diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index d76c1b408..76e80156c 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -355,6 +355,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { $o .= replace_macros($tpl,array( '$user' => \App::$channel['channel_address'], + '$info' => t('Your cover photo may be visible to anybody on the internet'), '$existing' => get_cover_photo(local_channel(),'array',PHOTO_RES_COVER_850), '$lbl_upfile' => t('Upload File:'), '$lbl_profiles' => t('Select a profile:'), diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 81c405f00..d031bf16b 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -6,6 +6,7 @@ require_once('include/zot.php'); require_once('include/channel.php'); require_once('include/import.php'); require_once('include/perm_upgrade.php'); +require_once('library/urlify/URLify.php'); /** @@ -38,6 +39,7 @@ class Import extends \Zotlabs\Web\Controller { $filename = basename($_FILES['filename']['name']); $filesize = intval($_FILES['filename']['size']); $filetype = $_FILES['filename']['type']; + $newname = trim(strtolower($_REQUEST['newname'])); // import channel from file if($src) { @@ -146,7 +148,20 @@ class Import extends \Zotlabs\Web\Controller { } } - $channel = import_channel($data['channel'], $account_id, $seize); + if($newname) { + $x = false; + + if(get_config('system','unicode_usernames')) { + $x = punify(mb_strtolower($newname)); + } + + if((! $x) || strlen($x) > 64) { + $x = strtolower(\URLify::transliterate($newname)); + } + $newname = $x; + } + + $channel = import_channel($data['channel'], $account_id, $seize, $newname); } else { $moving = false; @@ -363,11 +378,27 @@ class Import extends \Zotlabs\Web\Controller { continue; } - abook_store_lowlevel($abook); + $r = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc($abook['abook_xchan']), + intval($channel['channel_id']) + ); + if($r) { + foreach($abook as $k => $v) { + $r = q("UPDATE abook SET " . TQUOT . "%s" . TQUOT . " = '%s' WHERE abook_xchan = '%s' AND abook_channel = %d", + dbesc($k), + dbesc($v), + dbesc($abook['abook_xchan']), + intval($channel['channel_id']) + ); + } + } + else { + abook_store_lowlevel($abook); - $friends ++; - if(intval($abook['abook_feed'])) - $feeds ++; + $friends ++; + if(intval($abook['abook_feed'])) + $feeds ++; + } translate_abook_perms_inbound($channel,$abook_copy); @@ -516,16 +547,20 @@ class Import extends \Zotlabs\Web\Controller { '$desc' => t('Use this form to import an existing channel from a different server/hub. You may retrieve the channel identity from the old server/hub via the network or provide an export file.'), '$label_filename' => t('File to Upload'), '$choice' => t('Or provide the old server/hub details'), - '$label_old_address' => t('Your old identity address (xyz@example.com)'), - '$label_old_email' => t('Your old login email address'), - '$label_old_pass' => t('Your old login password'), + + '$old_address' => [ 'old_address', t('Your old identity address (xyz@example.com)'), '', ''], + '$email' => [ 'email', t('Your old login email address'), '', '' ], + '$password' => [ 'password', t('Your old login password'), '', '' ], + '$import_posts' => [ 'import_posts', t('Import a few months of posts if possible (limited by available memory'), false, '', [ t('No'), t('Yes') ]], + '$common' => t('For either option, please choose whether to make this hub your new primary address, or whether your old location should continue this role. You will be able to post from either location, but only one can be marked as the primary location for files, photos, and media.'), - '$label_import_primary' => t('Make this hub my primary location'), - '$label_import_moving' => t('Move this channel (disable all previous locations)'), - '$label_import_posts' => t('Import a few months of posts if possible (limited by available memory'), + + '$make_primary' => [ 'make_primary', t('Make this hub my primary location'), false, '', [ t('No'), t('Yes') ] ], + '$moving' => [ 'moving', t('Move this channel (disable all previous locations)'), false, '', [ t('No'), t('Yes') ] ], + '$newname' => [ 'newname', t('Use this channel nickname instead of the one provided'), '', t('Leave blank to keep your existing channel nickname. You will be randomly assigned a similar nickname if either name is already allocated on this site.')], + '$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'), - '$email' => '', - '$pass' => '', + '$form_security_token' => get_form_security_token('channel_import'), '$submit' => t('Submit') )); diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 8a110f925..b3171fe75 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -127,69 +127,45 @@ class Photo extends \Zotlabs\Web\Controller { } } - $r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", + $r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution) ); if($r) { - - $allowed = (($r[0]['uid']) ? perm_is_allowed($r[0]['uid'],$observer_xchan,'view_storage') : true); - - $sql_extra = permissions_sql($r[0]['uid']); - if(! $sql_extra) - $sql_extra = ' and true '; - - // Only check permissions on normal photos. Those photos we don't check includes - // profile photos, xchan photos (which are also profile photos), 'thing' photos, - // and cover photos - - $sql_extra = " and (( photo_usage = 0 $sql_extra ) or photo_usage != 0 )"; + $allowed = (-1); + if(intval($r[0]['photo_usage'])) { + $allowed = 1; + if(intval($r[0]['photo_usage']) === PHOTO_COVER) + if($resolution < PHOTO_RES_COVER_1200) + $allowed = (-1); + if(intval($r[0]['photo_usage']) === PHOTO_PROFILE) + if(! in_array($resolution,[4,5,6])) + $allowed = (-1); + } + if($allowed === (-1)) + $allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo); + $channel = channelx_by_n($r[0]['uid']); // Now we'll see if we can access the photo - $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1", + $e = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1", dbesc($photo), intval($resolution) ); - // viewing cover photos is allowed unless a plugin chooses to block it. - - if($r && intval($r[0]['photo_usage']) === PHOTO_COVER && $resolution >= PHOTO_RES_COVER_1200) - $allowed = 1; - - $d = [ 'imgscale' => $resolution, 'resource_id' => $photo, 'photo' => $r, 'allowed' => $allowed ]; - call_hooks('get_photo',$d); + $exists = (($e) ? true : false); - $resolution = $d['imgscale']; - $photo = $d['resource_id']; - $r = $d['photo']; - $allowed = $d['allowed']; - - if($r && $allowed) { - $data = dbunescbin($r[0]['content']); - $mimetype = $r[0]['mimetype']; - if(intval($r[0]['os_storage'])) { + if($exists && $allowed) { + $data = dbunescbin($e[0]['content']); + $mimetype = $e[0]['mimetype']; + if(intval($e[0]['os_storage'])) { $streaming = $data; } } else { - - // Does the picture exist? It may be a remote person with no credentials, - // but who should otherwise be able to view it. Show a default image to let - // them know permissions was denied. It may be possible to view the image - // through an authenticated profile visit. - // There won't be many completely unauthorised people seeing this because - // they won't have the photo link, so there's a reasonable chance that the person - // might be able to obtain permission to view it. - - $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", - dbesc($photo), - intval($resolution) - ); - - if($r) { + if(! $allowed) { logger('mod_photo: forbidden. ' . \App::$query_string); $observer = \App::get_observer(); logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)')); @@ -201,9 +177,6 @@ class Photo extends \Zotlabs\Web\Controller { } } - - - if(! isset($data)) { if(isset($resolution)) { switch($resolution) { @@ -295,7 +268,6 @@ class Photo extends \Zotlabs\Web\Controller { } killme(); - // NOTREACHED } } diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 2ce8686b9..751c4338f 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -451,6 +451,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { $o .= replace_macros($tpl,array( '$user' => \App::$channel['channel_address'], + '$info' => ((count($profiles) > 1) ? t('Your default profile photo is visible to anybody on the internet. Profile photos for alternate profiles will inherit the permissions of the profile') : t('Your profile photo is visible to anybody on the internet and may be distributed to other websites.')), '$importfile' => (($importing) ? \App::$data['importfile'] : ''), '$lbl_upfile' => t('Upload File:'), '$lbl_profiles' => t('Select a profile:'), diff --git a/include/attach.php b/include/attach.php index 27bf0218a..0d2b43b58 100644 --- a/include/attach.php +++ b/include/attach.php @@ -266,14 +266,12 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { return $ret; } - if(! perm_is_allowed($r[0]['uid'], $observer_hash, 'view_storage')) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $hash)) { $ret['message'] = t('Permission denied.'); return $ret; } - $sql_extra = permissions_sql($r[0]['uid'],$observer_hash); - - // Now we'll see if we can access the attachment + // We've already checked for existence and permissions $r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1", dbesc($hash), @@ -281,20 +279,12 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { ); if(! $r) { - $ret['message'] = t('Permission denied.'); + $ret['message'] = t('Unknown error.'); return $ret; } $r[0]['content'] = dbunescbin($r[0]['content']); - if($r[0]['folder']) { - $x = attach_can_view_folder($r[0]['uid'],$observer_hash,$r[0]['folder']); - if(! $x) { - $ret['message'] = t('Permission denied.'); - return $ret; - } - } - $ret['success'] = true; $ret['data'] = $r[0]; @@ -302,6 +292,29 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { } +function attach_can_view($uid,$ob_hash,$resource) { + + $sql_extra = permissions_sql($uid,$ob_hash); + $hash = $resource; + + if(! perm_is_allowed($uid,$ob_hash,'view_storage')) { + return false; + } + + $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", + dbesc($hash), + intval($uid) + ); + if(! $r) { + return false; + } + + return attach_can_view_folder($uid,$ob_hash,$r[0]['folder']); + +} + + + function attach_can_view_folder($uid,$ob_hash,$folder_hash) { $sql_extra = permissions_sql($uid,$ob_hash); diff --git a/include/connections.php b/include/connections.php index e5bf07d96..32baa94bd 100644 --- a/include/connections.php +++ b/include/connections.php @@ -127,7 +127,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { return replace_macros(get_markup_template('xchan_vcard.tpl'),array( '$name' => $xchan['xchan_name'], '$photo' => ((is_array(App::$profile) && array_key_exists('photo',App::$profile)) ? App::$profile['photo'] : $xchan['xchan_photo_l']), - '$follow' => $xchan['xchan_addr'], + '$follow' => (($xchan['xchan_addr']) ? $xchan['xchan_addr'] : $xchan['xchan_url']), '$link' => zid($xchan['xchan_url']), '$connect' => $connect, '$newwin' => (($mode === 'chanview') ? t('New window') : ''), diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index b3298b673..9e9f24bb3 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -460,3 +460,28 @@ function db_logger($s,$level = LOGGER_NORMAL,$syslog = LOG_INFO) { \DBA::$logging = false; \DBA::$dba->debug = $saved; } + + +function db_columns($table) { + + if($table) { + if(ACTIVE_DBTYPE === DBTYPE_POSTGRES) { + $r = q("SELECT column_name as field FROM information_schema.columns WHERE table_schema = 'public' AND table_name = '%s'", + dbesc($table) + ); + if($r) { + return ids_to_array($r,'field'); + } + } + else { + $r = q("show columns in %s", + dbesc($table) + ); + if($r) { + return ids_to_array($r,'Field'); + } + } + } + + return []; +}
\ No newline at end of file diff --git a/include/import.php b/include/import.php index 0d3fb8c32..ae6a0ab6a 100644 --- a/include/import.php +++ b/include/import.php @@ -14,7 +14,7 @@ require_once('include/perm_upgrade.php'); * @param int $seize * @return boolean|array */ -function import_channel($channel, $account_id, $seize) { +function import_channel($channel, $account_id, $seize, $newname = '') { if(! array_key_exists('channel_system',$channel)) { $channel['channel_system'] = (($channel['channel_pageflags'] & 0x1000) ? 1 : 0); @@ -30,6 +30,11 @@ function import_channel($channel, $account_id, $seize) { $channel['channel_hash'] = make_xchan_hash($channel['channel_guid'],$channel['channel_guid_sig']); + if($newname) { + $channel['channel_address'] = $newname; + } + + // Check for duplicate channels $r = q("select * from channel where (channel_guid = '%s' or channel_hash = '%s' or channel_address = '%s' ) limit 1", diff --git a/include/network.php b/include/network.php index 72f1dacaf..8b7490a8a 100644 --- a/include/network.php +++ b/include/network.php @@ -648,6 +648,7 @@ function parse_xml_string($s, $strict = true) { libxml_use_internal_errors(true); + $x = @simplexml_load_string($s2); if($x === false) { logger('libxml: parse: error: ' . $s2, LOGGER_DATA); @@ -661,6 +662,16 @@ function parse_xml_string($s, $strict = true) { return $x; } + +function sxml2array ( $xmlObject, $out = array () ) +{ + foreach ( (array) $xmlObject as $index => $node ) + $out[$index] = ( is_object ( $node ) ) ? sxml2array ( $node ) : $node; + + return $out; +} + + /** * @brief Scales an external image. * diff --git a/view/css/mod_import.css b/view/css/mod_import.css deleted file mode 100644 index 8b988b324..000000000 --- a/view/css/mod_import.css +++ /dev/null @@ -1,37 +0,0 @@ -h2 { - margin-left: 15%; - margin-top: 8%; -} - -#import-channel-form { - font-size: 1.4em; - margin-left: 15%; - margin-top: 5%; - width: 50%; -} - - - -#import-channel-form .descriptive-paragraph { - color: #888; - margin-left: 20px; - margin-bottom: 25px; -} - -.import-label { - float: left; - width: 275px; -} - -.import-input { - float: left; - width: 275px; - padding: 5px; -} - - -.import-field-end { - clear: both; - margin-bottom: 20px; -} - diff --git a/view/tpl/channel_import.tpl b/view/tpl/channel_import.tpl index baffe9b06..c7cbb1742 100755 --- a/view/tpl/channel_import.tpl +++ b/view/tpl/channel_import.tpl @@ -1,43 +1,36 @@ -<h2>{{$title}}</h2> +<div class="generic-content-wrapper"> + <div class="section-title-wrapper"> + <h2>{{$title}}</h2> + <div class="clear"></div> + </div> + <div class="section-content-wrapper"> -<form action="import" method="post" enctype="multipart/form-data" id="import-channel-form"> - <input type="hidden" name="form_security_token" value="{{$form_security_token}}"> - <div id="import-desc" class="descriptive-paragraph">{{$desc}}</div> + <form action="import" method="post" enctype="multipart/form-data" id="import-channel-form"> + <input type="hidden" name="form_security_token" value="{{$form_security_token}}"> + <div id="import-desc" class="section-content-info-wrapper">{{$desc}}</div> - <label for="import-filename" id="label-import-filename" class="import-label" >{{$label_filename}}</label> - <input type="file" name="filename" id="import-filename" class="import-input" value="" /> - <div id="import-filename-end" class="import-field-end"></div> + <label for="import-filename" id="label-import-filename" class="import-label" >{{$label_filename}}</label> + <input type="file" name="filename" id="import-filename" class="import-input" value="" /> + <div id="import-filename-end" class="import-field-end"></div> - <div id="import-choice" class="descriptive-paragraph">{{$choice}}</div> + <div id="import-choice" class="section-content-info-wrapper">{{$choice}}</div> - <label for="import-old-address" id="label-import-old-address" class="import-label" >{{$label_old_address}}</label> - <input type="text" name="old_address" id="import-old-address" class="import-input" value="" /> - <div id="import-old-address-end" class="import-field-end"></div> + {{include file="field_input.tpl" field=$old_address}} + {{include file="field_input.tpl" field=$email}} + {{include file="field_password.tpl" field=$password}} + {{include file="field_checkbox.tpl" field=$import_posts}} - <label for="import-old-email" id="label-import-old-email" class="import-label" >{{$label_old_email}}</label> - <input type="text" name="email" id="import-old-email" class="import-input" value="{{$email}}" /> - <div id="import-old-email-end" class="import-field-end"></div> + <div id="import-common-desc" class="section-content-info-wrapper">{{$common}}</div> - <label for="import-old-pass" id="label-import-old-pass" class="import-label" >{{$label_old_pass}}</label> - <input type="password" name="password" id="import-old-pass" class="import-input" value="{{$pass}}" /> - <div id="import-old-pass-end" class="import-field-end"></div> + {{include file="field_checkbox.tpl" field=$make_primary}} + {{include file="field_checkbox.tpl" field=$moving}} + {{include file="field_input.tpl" field=$newname}} - <input type="checkbox" name="import_posts" id="import-posts" value="1" /> - <label for="import-posts" id="label-import-posts">{{$label_import_posts}}</label> - <div id="import-posts-end" class="import-field-end"></div> + <div id="import-common-desc" class="section-content-info-wrapper">{{$pleasewait}}</div> - <div id="import-common-desc" class="descriptive-paragraph">{{$common}}</div> + <input type="submit" class="btn btn-primary" name="submit" id="import-submit-button" value="{{$submit}}" /> + <div id="import-submit-end" class="import-field-end"></div> - <input type="checkbox" name="make_primary" id="import-make-primary" value="1" /> - <label for="import-make-primary" id="label-import-make-primary">{{$label_import_primary}}</label> - <div id="import-make-primary-end" class="import-field-end"></div> - - <input type="checkbox" name="moving" id="import-moving" value="1" /> - <label for="import-moving" id="label-import-moving">{{$label_import_moving}}</label> - <div id="import-moving-end" class="import-field-end"></div> - - <input type="submit" name="submit" id="import-submit-button" value="{{$submit}}" /> - <div id="import-submit-end" class="import-field-end"></div> - - <div id="import-common-desc" class="descriptive-paragraph">{{$pleasewait}}</div> -</form> + </form> + </div> +</div> diff --git a/view/tpl/cover_photo.tpl b/view/tpl/cover_photo.tpl index 92efcdf02..5a5bf2286 100755 --- a/view/tpl/cover_photo.tpl +++ b/view/tpl/cover_photo.tpl @@ -86,6 +86,9 @@ <h2>{{$title}}</h2> </div> <div class="section-content-wrapper"> + {{if $info}} + <div class="section-content-warning-wrapper">{{$info}}</div> + {{/if}} {{if $existing}} <img class="cover-photo-review" style="max-width: 100%;" src="{{$existing.url}}" alt="{{t('Cover Photo')}}" /> {{/if}} diff --git a/view/tpl/profile_photo.tpl b/view/tpl/profile_photo.tpl index e48d05330..819502df5 100755 --- a/view/tpl/profile_photo.tpl +++ b/view/tpl/profile_photo.tpl @@ -94,7 +94,9 @@ <input type='hidden' name='form_security_token' value='{{$form_security_token}}'> <div id="profile-photo-upload-wrapper"> - + {{if $info}} + <div class="section-content-warning-wrapper">{{$info}}</div> + {{/if}} {{if $importfile}} <input type="hidden" name="importfile" value="{{$importfile}}"> {{else}} |