aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Lib/ThreadItem.php3
-rw-r--r--Zotlabs/Module/Attach.php2
-rw-r--r--Zotlabs/Module/Getfile.php2
-rw-r--r--Zotlabs/Module/Like.php2
-rw-r--r--Zotlabs/Module/Oep.php4
-rw-r--r--Zotlabs/Module/Rpost.php41
-rw-r--r--Zotlabs/Storage/File.php4
-rw-r--r--Zotlabs/Zot/Auth.php1
-rw-r--r--Zotlabs/Zot/Finger.php2
-rw-r--r--include/bbcode.php7
-rw-r--r--include/channel.php4
-rw-r--r--include/conversation.php1
-rw-r--r--include/text.php8
-rw-r--r--include/zot.php3
-rw-r--r--view/tpl/cards.tpl13
-rwxr-xr-xview/tpl/conv_item.tpl2
-rwxr-xr-xview/tpl/conv_list.tpl2
-rwxr-xr-xview/tpl/jot-header.tpl27
18 files changed, 87 insertions, 41 deletions
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php
index d33f3c183..d916ce2c1 100644
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -313,7 +313,8 @@ class ThreadItem {
$tmp_item = array(
'template' => $this->get_template(),
- 'mode' => $mode,
+ 'mode' => $mode,
+ 'item_type' => intval($item['item_type']),
'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
'body' => $body['html'],
'tags' => $body['tags'],
diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php
index 94f46978a..490d5edd0 100644
--- a/Zotlabs/Module/Attach.php
+++ b/Zotlabs/Module/Attach.php
@@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller {
$unsafe_types = array('text/html','text/css','application/javascript');
- if(in_array($r['data']['filetype'],$unsafe_types)) {
+ if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
header('Content-type: text/plain');
}
else {
diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php
index 0b05d78a4..413a68e0c 100644
--- a/Zotlabs/Module/Getfile.php
+++ b/Zotlabs/Module/Getfile.php
@@ -108,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller {
$unsafe_types = array('text/html','text/css','application/javascript');
- if(in_array($r['data']['filetype'],$unsafe_types)) {
+ if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) {
header('Content-type: text/plain');
}
else {
diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php
index c995079ce..b104a5f5f 100644
--- a/Zotlabs/Module/Like.php
+++ b/Zotlabs/Module/Like.php
@@ -255,7 +255,7 @@ class Like extends \Zotlabs\Web\Controller {
// get the item. Allow linked photos (which are normally hidden) to be liked
$r = q("SELECT * FROM item WHERE id = %d
- and item_type = 0 and item_deleted = 0 and item_unpublished = 0
+ and (item_type = 0 or item_type = 6) and item_deleted = 0 and item_unpublished = 0
and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1",
intval($item_id)
);
diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php
index 9a1317142..5e06d3540 100644
--- a/Zotlabs/Module/Oep.php
+++ b/Zotlabs/Module/Oep.php
@@ -172,7 +172,7 @@ class Oep extends \Zotlabs\Web\Controller {
if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages'))
return $ret;
- $sql_extra = items_permissions_sql($channel['channel_id'],get_observer_hash());
+ $sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash());
$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
dbesc($res)
@@ -183,7 +183,7 @@ class Oep extends \Zotlabs\Web\Controller {
else {
return $ret;
}
-
+
$r = q("select * from item
where item.uid = %d and item_type = %d
$sql_extra order by item.created desc",
diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php
index 56f4f23f6..e716d1330 100644
--- a/Zotlabs/Module/Rpost.php
+++ b/Zotlabs/Module/Rpost.php
@@ -20,6 +20,7 @@ require_once('include/zot.php');
* body= Body of post
* url= URL which will be parsed and the results appended to the body
* source= Source application
+ * post_id= post_id of post to 'share' (local use only)
* remote_return= absolute URL to return after posting is finished
* type= choices are 'html' or 'bbcode', default is 'bbcode'
*
@@ -108,6 +109,46 @@ class Rpost extends \Zotlabs\Web\Controller {
if($x['success'])
$_REQUEST['body'] = $_REQUEST['body'] . $x['body'];
}
+
+ if($_REQUEST['post_id']) {
+ $r = q("SELECT * from item WHERE id = %d LIMIT 1",
+ intval($_REQUEST['post_id'])
+ );
+ if(($r) && (! intval($r[0]['item_private']))) {
+ $sql_extra = item_permissions_sql($r[0]['uid']);
+
+ $r = q("select * from item where id = %d $sql_extra",
+ intval($_REQUEST['post_id'])
+ );
+ if($r && $r[0]['mimetype'] === 'text/bbcode') {
+
+ xchan_query($r);
+
+ $is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false);
+ if($is_photo) {
+ $object = json_decode($r[0]['obj'],true);
+ $photo_bb = $object['body'];
+ }
+
+ if (strpos($r[0]['body'], "[/share]") !== false) {
+ $pos = strpos($r[0]['body'], "[share");
+ $i = substr($r[0]['body'], $pos);
+ } else {
+ $i = "[share author='".urlencode($r[0]['author']['xchan_name']).
+ "' profile='".$r[0]['author']['xchan_url'] .
+ "' avatar='".$r[0]['author']['xchan_photo_s'].
+ "' link='".$r[0]['plink'].
+ "' posted='".$r[0]['created'].
+ "' message_id='".$r[0]['mid']."']";
+ if($r[0]['title'])
+ $i .= '[b]'.$r[0]['title'].'[/b]'."\r\n";
+ $i .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']);
+ $i .= "[/share]";
+ }
+ }
+ }
+ $_REQUEST['body'] = $_REQUEST['body'] . $i;
+ }
$x = array(
'is_owner' => true,
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php
index 7a102134f..332bf6896 100644
--- a/Zotlabs/Storage/File.php
+++ b/Zotlabs/Storage/File.php
@@ -254,7 +254,7 @@ class File extends DAV\Node implements DAV\IFile {
// @todo this should be a global definition
$unsafe_types = array('text/html', 'text/css', 'application/javascript');
- if (in_array($r[0]['filetype'], $unsafe_types)) {
+ if (in_array($r[0]['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
header('Content-type: text/plain');
}
@@ -300,7 +300,7 @@ class File extends DAV\Node implements DAV\IFile {
public function getContentType() {
// @todo this should be a global definition.
$unsafe_types = array('text/html', 'text/css', 'application/javascript');
- if (in_array($this->data['filetype'], $unsafe_types)) {
+ if (in_array($this->data['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
return 'text/plain';
}
return $this->data['filetype'];
diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php
index 44f01174e..8d198f506 100644
--- a/Zotlabs/Zot/Auth.php
+++ b/Zotlabs/Zot/Auth.php
@@ -167,7 +167,6 @@ class Auth {
dbesc($hubloc['hubloc_url'])
);
- // needs a nonce!!!!
$p = zot_build_packet($channel,$type = 'auth_check',
array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])),
$hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec);
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index e205b136f..dab7d9e01 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -122,7 +122,7 @@ class Finger {
$x = json_decode($result['body'], true);
- $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : '');
+ $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''));
if($x && (! $verify['header_valid'])) {
$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);
diff --git a/include/bbcode.php b/include/bbcode.php
index 470854f06..9a2a6eb9b 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -327,11 +327,16 @@ function bb_ShareAttributes($match) {
if ($avatar != "")
$headline .= '<a href="' . zid($profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>';
+ if(strpos($link,'/cards/'))
+ $type = t('card');
+ else
+ $type = t('post');
+
// Bob Smith wrote the following post 2 hours ago
$fmt = sprintf( t('%1$s wrote the following %2$s %3$s'),
'<a href="' . zid($profile) . '" >' . $author . '</a>',
- '<a href="' . zid($link) . '" >' . t('post') . '</a>',
+ '<a href="' . zid($link) . '" >' . $type . '</a>',
$reldate
);
diff --git a/include/channel.php b/include/channel.php
index faf28df28..41feca362 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -52,7 +52,7 @@ function identity_check_service_class($account_id) {
*
* This action is pluggable.
* We're currently only checking for an empty name or one that exceeds our
- * storage limit (255 chars). 255 chars is probably going to create a mess on
+ * storage limit (191 chars). 191 chars is probably going to create a mess on
* some pages.
* Plugins can set additional policies such as full name requirements, character
* sets, multi-byte length, etc.
@@ -67,7 +67,7 @@ function validate_channelname($name) {
if (! $name)
return t('Empty name');
- if (strlen($name) > 255)
+ if (mb_strlen($name) > 191)
return t('Name too long');
$arr = ['name' => $name];
diff --git a/include/conversation.php b/include/conversation.php
index ec445ba4c..c034e8a65 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -709,6 +709,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa
$tmp_item = array(
'template' => $tpl,
'toplevel' => 'toplevel_item',
+ 'item_type' => intval($item['item_type']),
'mode' => $mode,
'approve' => t('Approve'),
'delete' => t('Delete'),
diff --git a/include/text.php b/include/text.php
index ea21e2184..a3c2bbc08 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1984,14 +1984,14 @@ function is_a_date_arg($s) {
}
function legal_webbie($s) {
- if(! strlen($s))
+ if(! $s)
return '';
- // WARNING: This regex will not work in a federated environment.
+ // WARNING: This regex may not work in a federated environment.
// You will probably want something like
// preg_replace('/([^a-z0-9\_])/','',strtolower($s));
- $r = preg_replace('/([^a-z0-9\-\_\.])/','',strtolower($s));
+ $r = preg_replace('/([^a-z0-9\-\_])/','',strtolower($s));
$x = [ 'input' => $s, 'output' => $r ];
call_hooks('legal_webbie',$x);
@@ -2003,7 +2003,7 @@ function legal_webbie_text() {
// WARNING: This will not work in a federated environment.
- $s = t('a-z, 0-9, -, _, and . only');
+ $s = t('a-z, 0-9, -, and _ only');
$x = [ 'text' => $s ];
call_hooks('legal_webbie_text',$x);
diff --git a/include/zot.php b/include/zot.php
index 56bd7d212..cb213eff3 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -137,7 +137,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
}
if ($secret) {
- $data['secret'] = $secret;
+ $data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret);
$data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method));
}
@@ -4621,7 +4621,6 @@ function zot_reply_auth_check($data,$encrypted_packet) {
// First verify their signature. We will have obtained a zot-info packet from them as part of the sender
// verification.
- // needs a nonce!!!!
if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
$ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL;
diff --git a/view/tpl/cards.tpl b/view/tpl/cards.tpl
index a06e2fd22..60e6163ae 100644
--- a/view/tpl/cards.tpl
+++ b/view/tpl/cards.tpl
@@ -1,9 +1,4 @@
-<div class="generic-content-wrapper">
- <div class="section-title-wrapper">
- <h2>{{$title}}</h2>
- </div>
- <div id="live-cards"></div>
- {{$editor}}
- {{$content}}
-</div>
- {{$pager}}
+<div id="live-cards"></div>
+{{$editor}}
+{{$content}}
+{{$pager}}
diff --git a/view/tpl/conv_item.tpl b/view/tpl/conv_item.tpl
index 663b02890..b3fe60750 100755
--- a/view/tpl/conv_item.tpl
+++ b/view/tpl/conv_item.tpl
@@ -151,7 +151,7 @@
</button>
<div class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="wall-item-menu-{{$item.id}}">
{{if $item.share}}
- <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a>
+ <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}},{{$item.item_type}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a>
{{/if}}
{{if $item.plink}}
<a class="dropdown-item" href="{{$item.plink.href}}" title="{{$item.plink.title}}" class="u-url"><i class="generic-icons-nav fa fa-fw fa-external-link"></i>{{$item.plink.title}}</a>
diff --git a/view/tpl/conv_list.tpl b/view/tpl/conv_list.tpl
index e442dd3cc..e599f84b5 100755
--- a/view/tpl/conv_list.tpl
+++ b/view/tpl/conv_list.tpl
@@ -150,7 +150,7 @@
</button>
<div class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="wall-item-menu-{{$item.id}}">
{{if $item.share}}
- <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a>
+ <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}},{{$item.item_type}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a>
{{/if}}
{{if $item.plink}}
<a class="dropdown-item" href="{{$item.plink.href}}" title="{{$item.plink.title}}" class="u-url"><i class="generic-icons-nav fa fa-fw fa-external-link"></i>{{$item.plink.title}}</a>
diff --git a/view/tpl/jot-header.tpl b/view/tpl/jot-header.tpl
index 91c30423d..2d37b3ca2 100755
--- a/view/tpl/jot-header.tpl
+++ b/view/tpl/jot-header.tpl
@@ -247,18 +247,23 @@ var activeCommentText = '';
}
- function jotShare(id) {
- if ($('#jot-popup').length != 0) $('#jot-popup').show();
-
- $('#like-rotator-' + id).spin('tiny');
- $.get('{{$baseurl}}/share/' + id, function(data) {
- if (!editor) $("#profile-jot-text").val("");
- initEditor(function(){
- addeditortext(data);
- $('#like-rotator-' + id).spin(false);
- $(window).scrollTop(0);
+ function jotShare(id,post_type) {
+ if(post_type == 6) {
+ window.location.href = 'rpost?f=&post_id='+id;
+ }
+ else {
+ if ($('#jot-popup').length != 0) $('#jot-popup').show();
+
+ $('#like-rotator-' + id).spin('tiny');
+ $.get('{{$baseurl}}/share/' + id, function(data) {
+ if (!editor) $("#profile-jot-text").val("");
+ initEditor(function(){
+ addeditortext(data);
+ $('#like-rotator-' + id).spin(false);
+ $(window).scrollTop(0);
+ });
});
- });
+ }
}
function linkdropper(event) {