diff options
-rw-r--r-- | Zotlabs/Lib/ThreadItem.php | 3 | ||||
-rw-r--r-- | Zotlabs/Module/Attach.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Getfile.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Like.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Oep.php | 4 | ||||
-rw-r--r-- | Zotlabs/Module/Rpost.php | 41 | ||||
-rw-r--r-- | Zotlabs/Storage/File.php | 4 | ||||
-rw-r--r-- | Zotlabs/Zot/Auth.php | 1 | ||||
-rw-r--r-- | Zotlabs/Zot/Finger.php | 2 | ||||
-rw-r--r-- | include/bbcode.php | 7 | ||||
-rw-r--r-- | include/channel.php | 4 | ||||
-rw-r--r-- | include/conversation.php | 1 | ||||
-rw-r--r-- | include/text.php | 8 | ||||
-rw-r--r-- | include/zot.php | 3 | ||||
-rw-r--r-- | view/tpl/cards.tpl | 13 | ||||
-rwxr-xr-x | view/tpl/conv_item.tpl | 2 | ||||
-rwxr-xr-x | view/tpl/conv_list.tpl | 2 | ||||
-rwxr-xr-x | view/tpl/jot-header.tpl | 27 |
18 files changed, 87 insertions, 41 deletions
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index d33f3c183..d916ce2c1 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -313,7 +313,8 @@ class ThreadItem { $tmp_item = array( 'template' => $this->get_template(), - 'mode' => $mode, + 'mode' => $mode, + 'item_type' => intval($item['item_type']), 'type' => implode("",array_slice(explode("/",$item['verb']),-1)), 'body' => $body['html'], 'tags' => $body['tags'], diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index 94f46978a..490d5edd0 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller { $unsafe_types = array('text/html','text/css','application/javascript'); - if(in_array($r['data']['filetype'],$unsafe_types)) { + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) { header('Content-type: text/plain'); } else { diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 0b05d78a4..413a68e0c 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -108,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller { $unsafe_types = array('text/html','text/css','application/javascript'); - if(in_array($r['data']['filetype'],$unsafe_types)) { + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) { header('Content-type: text/plain'); } else { diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index c995079ce..b104a5f5f 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -255,7 +255,7 @@ class Like extends \Zotlabs\Web\Controller { // get the item. Allow linked photos (which are normally hidden) to be liked $r = q("SELECT * FROM item WHERE id = %d - and item_type = 0 and item_deleted = 0 and item_unpublished = 0 + and (item_type = 0 or item_type = 6) and item_deleted = 0 and item_unpublished = 0 and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1", intval($item_id) ); diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index 9a1317142..5e06d3540 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -172,7 +172,7 @@ class Oep extends \Zotlabs\Web\Controller { if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages')) return $ret; - $sql_extra = items_permissions_sql($channel['channel_id'],get_observer_hash()); + $sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash()); $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1", dbesc($res) @@ -183,7 +183,7 @@ class Oep extends \Zotlabs\Web\Controller { else { return $ret; } - + $r = q("select * from item where item.uid = %d and item_type = %d $sql_extra order by item.created desc", diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php index 56f4f23f6..e716d1330 100644 --- a/Zotlabs/Module/Rpost.php +++ b/Zotlabs/Module/Rpost.php @@ -20,6 +20,7 @@ require_once('include/zot.php'); * body= Body of post * url= URL which will be parsed and the results appended to the body * source= Source application + * post_id= post_id of post to 'share' (local use only) * remote_return= absolute URL to return after posting is finished * type= choices are 'html' or 'bbcode', default is 'bbcode' * @@ -108,6 +109,46 @@ class Rpost extends \Zotlabs\Web\Controller { if($x['success']) $_REQUEST['body'] = $_REQUEST['body'] . $x['body']; } + + if($_REQUEST['post_id']) { + $r = q("SELECT * from item WHERE id = %d LIMIT 1", + intval($_REQUEST['post_id']) + ); + if(($r) && (! intval($r[0]['item_private']))) { + $sql_extra = item_permissions_sql($r[0]['uid']); + + $r = q("select * from item where id = %d $sql_extra", + intval($_REQUEST['post_id']) + ); + if($r && $r[0]['mimetype'] === 'text/bbcode') { + + xchan_query($r); + + $is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false); + if($is_photo) { + $object = json_decode($r[0]['obj'],true); + $photo_bb = $object['body']; + } + + if (strpos($r[0]['body'], "[/share]") !== false) { + $pos = strpos($r[0]['body'], "[share"); + $i = substr($r[0]['body'], $pos); + } else { + $i = "[share author='".urlencode($r[0]['author']['xchan_name']). + "' profile='".$r[0]['author']['xchan_url'] . + "' avatar='".$r[0]['author']['xchan_photo_s']. + "' link='".$r[0]['plink']. + "' posted='".$r[0]['created']. + "' message_id='".$r[0]['mid']."']"; + if($r[0]['title']) + $i .= '[b]'.$r[0]['title'].'[/b]'."\r\n"; + $i .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']); + $i .= "[/share]"; + } + } + } + $_REQUEST['body'] = $_REQUEST['body'] . $i; + } $x = array( 'is_owner' => true, diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php index 7a102134f..332bf6896 100644 --- a/Zotlabs/Storage/File.php +++ b/Zotlabs/Storage/File.php @@ -254,7 +254,7 @@ class File extends DAV\Node implements DAV\IFile { // @todo this should be a global definition $unsafe_types = array('text/html', 'text/css', 'application/javascript'); - if (in_array($r[0]['filetype'], $unsafe_types)) { + if (in_array($r[0]['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) { header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"'); header('Content-type: text/plain'); } @@ -300,7 +300,7 @@ class File extends DAV\Node implements DAV\IFile { public function getContentType() { // @todo this should be a global definition. $unsafe_types = array('text/html', 'text/css', 'application/javascript'); - if (in_array($this->data['filetype'], $unsafe_types)) { + if (in_array($this->data['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) { return 'text/plain'; } return $this->data['filetype']; diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php index 44f01174e..8d198f506 100644 --- a/Zotlabs/Zot/Auth.php +++ b/Zotlabs/Zot/Auth.php @@ -167,7 +167,6 @@ class Auth { dbesc($hubloc['hubloc_url']) ); - // needs a nonce!!!! $p = zot_build_packet($channel,$type = 'auth_check', array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), $hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec); diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index e205b136f..dab7d9e01 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -122,7 +122,7 @@ class Finger { $x = json_decode($result['body'], true); - $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''); + $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : '')); if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); diff --git a/include/bbcode.php b/include/bbcode.php index 470854f06..9a2a6eb9b 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -327,11 +327,16 @@ function bb_ShareAttributes($match) { if ($avatar != "") $headline .= '<a href="' . zid($profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>'; + if(strpos($link,'/cards/')) + $type = t('card'); + else + $type = t('post'); + // Bob Smith wrote the following post 2 hours ago $fmt = sprintf( t('%1$s wrote the following %2$s %3$s'), '<a href="' . zid($profile) . '" >' . $author . '</a>', - '<a href="' . zid($link) . '" >' . t('post') . '</a>', + '<a href="' . zid($link) . '" >' . $type . '</a>', $reldate ); diff --git a/include/channel.php b/include/channel.php index faf28df28..41feca362 100644 --- a/include/channel.php +++ b/include/channel.php @@ -52,7 +52,7 @@ function identity_check_service_class($account_id) { * * This action is pluggable. * We're currently only checking for an empty name or one that exceeds our - * storage limit (255 chars). 255 chars is probably going to create a mess on + * storage limit (191 chars). 191 chars is probably going to create a mess on * some pages. * Plugins can set additional policies such as full name requirements, character * sets, multi-byte length, etc. @@ -67,7 +67,7 @@ function validate_channelname($name) { if (! $name) return t('Empty name'); - if (strlen($name) > 255) + if (mb_strlen($name) > 191) return t('Name too long'); $arr = ['name' => $name]; diff --git a/include/conversation.php b/include/conversation.php index ec445ba4c..c034e8a65 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -709,6 +709,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa $tmp_item = array( 'template' => $tpl, 'toplevel' => 'toplevel_item', + 'item_type' => intval($item['item_type']), 'mode' => $mode, 'approve' => t('Approve'), 'delete' => t('Delete'), diff --git a/include/text.php b/include/text.php index ea21e2184..a3c2bbc08 100644 --- a/include/text.php +++ b/include/text.php @@ -1984,14 +1984,14 @@ function is_a_date_arg($s) { } function legal_webbie($s) { - if(! strlen($s)) + if(! $s) return ''; - // WARNING: This regex will not work in a federated environment. + // WARNING: This regex may not work in a federated environment. // You will probably want something like // preg_replace('/([^a-z0-9\_])/','',strtolower($s)); - $r = preg_replace('/([^a-z0-9\-\_\.])/','',strtolower($s)); + $r = preg_replace('/([^a-z0-9\-\_])/','',strtolower($s)); $x = [ 'input' => $s, 'output' => $r ]; call_hooks('legal_webbie',$x); @@ -2003,7 +2003,7 @@ function legal_webbie_text() { // WARNING: This will not work in a federated environment. - $s = t('a-z, 0-9, -, _, and . only'); + $s = t('a-z, 0-9, -, and _ only'); $x = [ 'text' => $s ]; call_hooks('legal_webbie_text',$x); diff --git a/include/zot.php b/include/zot.php index 56bd7d212..cb213eff3 100644 --- a/include/zot.php +++ b/include/zot.php @@ -137,7 +137,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot } if ($secret) { - $data['secret'] = $secret; + $data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret); $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method)); } @@ -4621,7 +4621,6 @@ function zot_reply_auth_check($data,$encrypted_packet) { // First verify their signature. We will have obtained a zot-info packet from them as part of the sender // verification. - // needs a nonce!!!! if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; diff --git a/view/tpl/cards.tpl b/view/tpl/cards.tpl index a06e2fd22..60e6163ae 100644 --- a/view/tpl/cards.tpl +++ b/view/tpl/cards.tpl @@ -1,9 +1,4 @@ -<div class="generic-content-wrapper"> - <div class="section-title-wrapper"> - <h2>{{$title}}</h2> - </div> - <div id="live-cards"></div> - {{$editor}} - {{$content}} -</div> - {{$pager}} +<div id="live-cards"></div> +{{$editor}} +{{$content}} +{{$pager}} diff --git a/view/tpl/conv_item.tpl b/view/tpl/conv_item.tpl index 663b02890..b3fe60750 100755 --- a/view/tpl/conv_item.tpl +++ b/view/tpl/conv_item.tpl @@ -151,7 +151,7 @@ </button> <div class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="wall-item-menu-{{$item.id}}"> {{if $item.share}} - <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a> + <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}},{{$item.item_type}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a> {{/if}} {{if $item.plink}} <a class="dropdown-item" href="{{$item.plink.href}}" title="{{$item.plink.title}}" class="u-url"><i class="generic-icons-nav fa fa-fw fa-external-link"></i>{{$item.plink.title}}</a> diff --git a/view/tpl/conv_list.tpl b/view/tpl/conv_list.tpl index e442dd3cc..e599f84b5 100755 --- a/view/tpl/conv_list.tpl +++ b/view/tpl/conv_list.tpl @@ -150,7 +150,7 @@ </button> <div class="dropdown-menu dropdown-menu-right" role="menu" aria-labelledby="wall-item-menu-{{$item.id}}"> {{if $item.share}} - <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a> + <a class="dropdown-item" href="#" onclick="jotShare({{$item.id}},{{$item.item_type}}); return false"><i class="generic-icons-nav fa fa-fw fa-retweet" title="{{$item.share.0}}"></i>{{$item.share.0}}</a> {{/if}} {{if $item.plink}} <a class="dropdown-item" href="{{$item.plink.href}}" title="{{$item.plink.title}}" class="u-url"><i class="generic-icons-nav fa fa-fw fa-external-link"></i>{{$item.plink.title}}</a> diff --git a/view/tpl/jot-header.tpl b/view/tpl/jot-header.tpl index 91c30423d..2d37b3ca2 100755 --- a/view/tpl/jot-header.tpl +++ b/view/tpl/jot-header.tpl @@ -247,18 +247,23 @@ var activeCommentText = ''; } - function jotShare(id) { - if ($('#jot-popup').length != 0) $('#jot-popup').show(); - - $('#like-rotator-' + id).spin('tiny'); - $.get('{{$baseurl}}/share/' + id, function(data) { - if (!editor) $("#profile-jot-text").val(""); - initEditor(function(){ - addeditortext(data); - $('#like-rotator-' + id).spin(false); - $(window).scrollTop(0); + function jotShare(id,post_type) { + if(post_type == 6) { + window.location.href = 'rpost?f=&post_id='+id; + } + else { + if ($('#jot-popup').length != 0) $('#jot-popup').show(); + + $('#like-rotator-' + id).spin('tiny'); + $.get('{{$baseurl}}/share/' + id, function(data) { + if (!editor) $("#profile-jot-text").val(""); + initEditor(function(){ + addeditortext(data); + $('#like-rotator-' + id).spin(false); + $(window).scrollTop(0); + }); }); - }); + } } function linkdropper(event) { |