diff options
| -rw-r--r-- | addon/facebook/facebook.php | 50 | ||||
| -rw-r--r-- | boot.php | 5 | ||||
| -rw-r--r-- | database.sql | 5 | ||||
| -rw-r--r-- | images/icons.png | bin | 11885 -> 12389 bytes | |||
| -rw-r--r-- | include/EmailNotification.php | 7 | ||||
| -rw-r--r-- | include/api.php | 2 | ||||
| -rw-r--r-- | include/auth.php | 4 | ||||
| -rw-r--r-- | include/bbcode.php | 5 | ||||
| -rw-r--r-- | include/conversation.php | 9 | ||||
| -rw-r--r-- | include/diaspora.php | 240 | ||||
| -rw-r--r-- | include/email.php | 15 | ||||
| -rw-r--r-- | include/group.php | 20 | ||||
| -rw-r--r-- | include/items.php | 9 | ||||
| -rw-r--r-- | include/poller.php | 5 | ||||
| -rw-r--r-- | mod/dfrn_notify.php | 25 | ||||
| -rw-r--r-- | mod/hostxrd.php | 3 | ||||
| -rw-r--r-- | mod/item.php | 13 | ||||
| -rw-r--r-- | mod/network.php | 112 | ||||
| -rw-r--r-- | mod/openid.php | 2 | ||||
| -rw-r--r-- | mod/profile_photo.php | 8 | ||||
| -rw-r--r-- | mod/pubsub.php | 4 | ||||
| -rw-r--r-- | mod/receive.php | 34 | ||||
| -rw-r--r-- | mod/salmon.php | 4 | ||||
| -rw-r--r-- | mod/xrd.php | 1 | ||||
| -rw-r--r-- | update.php | 29 | ||||
| -rw-r--r-- | view/theme/duepuntozero/style.css | 1 | ||||
| -rw-r--r-- | view/theme/greenzero/greenicons.png | bin | 11888 -> 12317 bytes | |||
| -rw-r--r-- | view/theme/loozah/style.css | 1 | ||||
| -rw-r--r-- | view/xrd_host.tpl | 13 | ||||
| -rw-r--r-- | view/xrd_person.tpl | 11 |
30 files changed, 417 insertions, 220 deletions
diff --git a/addon/facebook/facebook.php b/addon/facebook/facebook.php index 10f6b1399..3268cb254 100644 --- a/addon/facebook/facebook.php +++ b/addon/facebook/facebook.php @@ -111,7 +111,8 @@ function facebook_init(&$a) { $token = substr($token,0,strpos($token,'&')); set_pconfig($uid,'facebook','access_token',$token); set_pconfig($uid,'facebook','post','1'); - set_pconfig($uid,'facebook','no_linking',1); + if(get_pconfig($uid,'facebook','no_linking') === false) + set_pconfig($uid,'facebook','no_linking',1); fb_get_self($uid); fb_get_friends($uid); fb_consume_all($uid); @@ -138,6 +139,12 @@ function fb_get_self($uid) { function fb_get_friends($uid) { + $r = q("SELECT `id` FROM `user` WHERE `uid` = %d AND `account_expired` = 0 LIMIT 1", + intval($uid) + ); + if(! count($r)) + return; + $access_token = get_pconfig($uid,'facebook','access_token'); $no_linking = get_pconfig($uid,'facebook','no_linking'); @@ -275,6 +282,9 @@ function facebook_post(&$a) { $no_wall = ((x($_POST,'facebook_no_wall')) ? intval($_POST['facebook_no_wall']) : 0); set_pconfig($uid,'facebook','no_wall',$no_wall); + + $private_wall = ((x($_POST,'facebook_private_wall')) ? intval($_POST['facebook_private_wall']) : 0); + set_pconfig($uid,'facebook','private_wall',$private_wall); $linkvalue = ((x($_POST,'facebook_linking')) ? intval($_POST['facebook_linking']) : 0); @@ -352,6 +362,12 @@ function facebook_content(&$a) { $o .= '<div id="facebook-disable-wrapper">'; $o .= '<a href="' . $a->get_baseurl() . '/facebook/remove' . '">' . t('Remove Facebook connector') . '</a></div>'; + + $o .= '<div id="facebook-enable-wrapper">'; + + $o .= '<a href="https://www.facebook.com/dialog/oauth?client_id=' . $appid . '&redirect_uri=' + . $a->get_baseurl() . '/facebook/' . $a->user['nickname'] . '&scope=publish_stream,read_stream,offline_access">' . t('Re-authenticate [This is necessary whenever your Facebook password is changed.]') . '</a>'; + $o .= '</div>'; $o .= '<div id="facebook-post-default-form">'; $o .= '<form action="facebook" method="post" >'; @@ -361,12 +377,22 @@ function facebook_content(&$a) { $no_linking = get_pconfig(local_user(),'facebook','no_linking'); $checked = (($no_linking) ? '' : ' checked="checked" '); - $o .= '<input type="checkbox" name="facebook_linking" value="1"' . $checked . '/>' . ' ' . t('Link all your Facebook friends and conversations') . EOL ; + $o .= '<input type="checkbox" name="facebook_linking" value="1"' . $checked . '/>' . ' ' . t('Link all your Facebook friends and conversations on this website') . EOL ; + + $o .= '<p>' . t('Facebook conversations consist of your <em>profile wall</em> and your friend <em>stream</em>.'); + $o .= ' ' . t('On this website, your Facebook friend stream is only visible to you.'); + $o .= ' ' . t('The following settings determine the privacy of your Facebook profile wall on this website.') . '</p>'; + + $private_wall = get_pconfig(local_user(),'facebook','private_wall'); + $checked = (($private_wall) ? ' checked="checked" ' : ''); + $o .= '<input type="checkbox" name="facebook_private_wall" value="1"' . $checked . '/>' . ' ' . t('On this website your Facebook profile wall conversations will only be visible to you') . EOL ; + $no_wall = get_pconfig(local_user(),'facebook','no_wall'); $checked = (($no_wall) ? ' checked="checked" ' : ''); - $o .= '<input type="checkbox" name="facebook_no_wall" value="1"' . $checked . '/>' . ' ' . t('Do not link your Facebook profile wall posts - as these could be visible to people that would not be able to see them on Facebook.') . EOL ; + $o .= '<input type="checkbox" name="facebook_no_wall" value="1"' . $checked . '/>' . ' ' . t('Do not import your Facebook profile wall conversations') . EOL ; + $o .= '<p>' . t('If you choose to link conversations and leave both of these boxes unchecked, your Facebook profile wall will be merged with your profile wall on this website and your privacy settings on this website will be used to determine who may see the conversations.') . '</p>'; $o .= '<input type="submit" name="submit" value="' . t('Submit') . '" /></form></div>'; } @@ -770,11 +796,12 @@ function fb_consume_all($uid) { return; if(! get_pconfig($uid,'facebook','no_wall')) { + $private_wall = intval(get_pconfig($uid,'facebook','private_wall')); $s = fetch_url('https://graph.facebook.com/me/feed?access_token=' . $access_token); if($s) { $j = json_decode($s); logger('fb_consume_stream: wall: ' . print_r($j,true), LOGGER_DATA); - fb_consume_stream($uid,$j,true); + fb_consume_stream($uid,$j,($private_wall) ? false : true); } } $s = fetch_url('https://graph.facebook.com/me/home?access_token=' . $access_token); @@ -787,8 +814,18 @@ function fb_consume_all($uid) { } function fb_consume_stream($uid,$j,$wall = false) { + $a = get_app(); + + $user = q("SELECT `nickname`, `blockwall` FROM `user` WHERE `uid` = %d AND `account_expired` = 0 LIMIT 1", + intval($uid) + ); + if(! count($user)) + return; + + $my_local_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname']; + $no_linking = get_pconfig($uid,'facebook','no_linking'); if($no_linking) return; @@ -797,11 +834,6 @@ function fb_consume_stream($uid,$j,$wall = false) { intval($uid) ); - $user = q("SELECT `nickname`, `blockwall` FROM `user` WHERE `uid` = %d LIMIT 1", - intval($uid) - ); - if(count($user)) - $my_local_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname']; $self_id = get_pconfig($uid,'facebook','self_id'); if(! count($j->data) || (! strlen($self_id))) @@ -7,9 +7,9 @@ require_once('include/text.php'); require_once("include/pgettext.php"); -define ( 'FRIENDIKA_VERSION', '2.2.1103' ); +define ( 'FRIENDIKA_VERSION', '2.3.1108' ); define ( 'DFRN_PROTOCOL_VERSION', '2.21' ); -define ( 'DB_UPDATE_VERSION', 1087 ); +define ( 'DB_UPDATE_VERSION', 1090 ); define ( 'EOL', "<br />\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); @@ -164,6 +164,7 @@ define ( 'ACTIVITY_OBJ_PHOTO', NAMESPACE_ACTIVITY_SCHEMA . 'photo' ); define ( 'ACTIVITY_OBJ_P_PHOTO', NAMESPACE_ACTIVITY_SCHEMA . 'profile-photo' ); define ( 'ACTIVITY_OBJ_ALBUM', NAMESPACE_ACTIVITY_SCHEMA . 'photo-album' ); define ( 'ACTIVITY_OBJ_EVENT', NAMESPACE_ACTIVITY_SCHEMA . 'event' ); +define ( 'ACTIVITY_OBJ_TAGTERM', NAMESPACE_DFRN . '/tagterm' ); /** * item weight for query ordering diff --git a/database.sql b/database.sql index ff339929e..b1580ec2c 100644 --- a/database.sql +++ b/database.sql @@ -174,6 +174,7 @@ CREATE TABLE IF NOT EXISTS `item` ( `thr-parent` char(255) NOT NULL, `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `edited` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', + `commented` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `received` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `changed` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `owner-name` char(255) NOT NULL, @@ -406,12 +407,16 @@ CREATE TABLE IF NOT EXISTS `user` ( `blocked` tinyint(1) unsigned NOT NULL DEFAULT '0', `blockwall` tinyint(1) unsigned NOT NULL DEFAULT '0', `hidewall` tinyint(1) unsigned NOT NULL DEFAULT '0', + `blocktags` tinyint(1) unsigned NOT NULL DEFAULT '0', `notify-flags` int(11) unsigned NOT NULL DEFAULT '65535', `page-flags` int(11) unsigned NOT NULL DEFAULT '0', `prvnets` tinyint(1) NOT NULL DEFAULT '0', `pwdreset` char(255) NOT NULL, `maxreq` int(11) NOT NULL DEFAULT '10', `expire` int(11) unsigned NOT NULL DEFAULT '0', + `account_expired` tinyint( 1 ) NOT NULL DEFAULT '0', + `account_expires_on` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', + `expire_notification_sent` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `allow_cid` mediumtext NOT NULL, `allow_gid` mediumtext NOT NULL, `deny_cid` mediumtext NOT NULL, diff --git a/images/icons.png b/images/icons.png Binary files differindex 494555aa6..dd3af3aee 100644 --- a/images/icons.png +++ b/images/icons.png diff --git a/include/EmailNotification.php b/include/EmailNotification.php index 78912c0b9..8861e8f5d 100644 --- a/include/EmailNotification.php +++ b/include/EmailNotification.php @@ -1,4 +1,7 @@ <?php + +require_once('include/email.php'); + class EmailNotification { /** * Send a multipart/alternative message with Text and HTML versions @@ -12,6 +15,10 @@ class EmailNotification { * @param textVersion text only version of the message */ static public function sendTextHtmlEmail($fromName,$fromEmail,$replyTo,$toEmail,$messageSubject,$htmlVersion,$textVersion) { + + $fromName = email_header_encode($fromName,'UTF-8'); + $messageSubject = email_header_encode($messageSubject,'UTF-8'); + // generate a mime boundary $mimeBoundary =rand(0,9)."-" diff --git a/include/api.php b/include/api.php index 5d008c290..74b4aaf6e 100644 --- a/include/api.php +++ b/include/api.php @@ -55,7 +55,7 @@ // process normal login request $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) - AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", + AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc(trim($user)), dbesc(trim($user)), dbesc($encrypted) diff --git a/include/auth.php b/include/auth.php index b7b96bdc0..1f16b3504 100644 --- a/include/auth.php +++ b/include/auth.php @@ -49,7 +49,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p } $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` - FROM `user` WHERE `uid` = %d LIMIT 1", + FROM `user` WHERE `uid` = %d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", intval($_SESSION['uid']) ); @@ -186,7 +186,7 @@ else { $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) - AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", + AND `password` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc(trim($_POST['openid_url'])), dbesc(trim($_POST['openid_url'])), dbesc($encrypted) diff --git a/include/bbcode.php b/include/bbcode.php index 3886af37d..cbe19de54 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -113,6 +113,9 @@ function bbcode($Text,$preserve_nl = false) { // Check for [quote] text $Text = preg_replace("/\[quote\](.*?)\[\/quote\]/ism","$QuoteLayout", $Text); + // [img=widthxheight]image source[/img] + $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '<img src="$3" style="height: $2px; width: $1px;" >', $Text); + // Images // [img]pathtoimage[/img] $Text = preg_replace("/\[img\](.*?)\[\/img\]/ism", '<img src="$1" alt="' . t('Image/photo') . '" />', $Text); @@ -125,8 +128,6 @@ function bbcode($Text,$preserve_nl = false) { $Text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '<iframe src="$1" width="425" height="350"><a href="$1">$1</a></iframe>', $Text); - // [img=widthxheight]image source[/img] - $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '<img src="$3" style="height:{$2}px; width:{$1}px;" >', $Text); if (get_pconfig(local_user(), 'oembed', 'use_for_youtube' )==1){ // use oembed for youtube links diff --git a/include/conversation.php b/include/conversation.php index 6aad2485a..7cea54db5 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -211,7 +211,7 @@ function conversation(&$a, $items, $mode, $update) { $o .= replace_macros($tpl,array( '$id' => $item['item_id'], - '$linktitle' => sprintf( t('View %s\'s profile'), $profile_name), + '$linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])), '$profile_url' => $profile_link, '$item_photo_menu' => item_photo_menu($item), '$name' => $profile_name, @@ -485,9 +485,10 @@ function conversation(&$a, $items, $mode, $update) { $tmp_item = replace_macros($template,array( + '$body' => $body, '$id' => $item['item_id'], - '$linktitle' => sprintf( t('View %s\'s profile'), $profile_name), - '$olinktitle' => sprintf( t('View %s\'s profile'), $owner_name), + '$linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])), + '$olinktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])), '$to' => t('to'), '$wall' => t('Wall-to-Wall'), '$vwall' => t('via Wall-To-Wall:'), @@ -498,7 +499,6 @@ function conversation(&$a, $items, $mode, $update) { '$osparkle' => $osparkle, '$sparkle' => $sparkle, '$title' => $item['title'], - '$body' => $body, '$ago' => ((($item['app']) && ($item['id'] == $item['parent'])) ? sprintf( t('%s from %s'),relative_date($item['created']),$item['app']) : relative_date($item['created'])), '$lock' => $lock, '$location' => $location, @@ -514,6 +514,7 @@ function conversation(&$a, $items, $mode, $update) { '$like' => $like, '$dislike' => $dislike, '$comment' => $comment + )); diff --git a/include/diaspora.php b/include/diaspora.php index 6d070ecba..425bc722f 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -5,34 +5,55 @@ require_once('include/items.php'); require_once('include/bb2diaspora.php'); require_once('include/contact_selectors.php'); + +function diaspora_dispatch_public($msg) { + + $r = q("SELECT `user`.* FROM `user` WHERE `user`.`uid` IN ( SELECT `contact`.`uid` FROM `contact` WHERE `contact`.`network` = '%s' AND `contact`.`addr` = '%s' ) AND `account_expired` = 0 ", + dbesc(NETWORK_DIASPORA), + dbesc($msg['author']) + ); + if(count($r)) { + foreach($r as $rr) { + logger('diaspora_public: delivering to: ' . $rr['username']); + diaspora_dispatch($rr,$msg); + } + } + else + logger('diaspora_public: no subscribers'); +} + + + function diaspora_dispatch($importer,$msg) { + $ret = 0; + $parsed_xml = parse_xml_string($msg['message'],false); $xmlbase = $parsed_xml->post; if($xmlbase->request) { - diaspora_request($importer,$xmlbase->request); + $ret = diaspora_request($importer,$xmlbase->request); } elseif($xmlbase->status_message) { - diaspora_post($importer,$xmlbase->status_message); + $ret = diaspora_post($importer,$xmlbase->status_message); } elseif($xmlbase->comment) { - diaspora_comment($importer,$xmlbase->comment,$msg); + $ret = diaspora_comment($importer,$xmlbase->comment,$msg); } elseif($xmlbase->like) { - diaspora_like($importer,$xmlbase->like,$msg); + $ret = diaspora_like($importer,$xmlbase->like,$msg); } elseif($xmlbase->retraction) { - diaspora_retraction($importer,$xmlbase->retraction,$msg); + $ret = diaspora_retraction($importer,$xmlbase->retraction,$msg); } elseif($xmlbase->photo) { - diaspora_photo($importer,$xmlbase->photo,$msg); + $ret = diaspora_photo($importer,$xmlbase->photo,$msg); } else { logger('diaspora_dispatch: unknown message type: ' . print_r($xmlbase,true)); } - return; + return $ret; } function diaspora_get_contact_by_handle($uid,$handle) { @@ -82,6 +103,52 @@ function get_diaspora_key($uri) { } +function diaspora_pubmsg_build($msg,$user,$contact,$prvkey,$pubkey) { + $a = get_app(); + + logger('diaspora_pubmsg_build: ' . $msg, LOGGER_DATA); + + + $handle = $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + + $b64_data = base64_encode($msg); + $b64url_data = base64url_encode($b64_data); + + $data = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data); + + $type = 'application/xml'; + $encoding = 'base64url'; + $alg = 'RSA-SHA256'; + + $signable_data = $data . '.' . base64url_encode($type) . '.' + . base64url_encode($encoding) . '.' . base64url_encode($alg) ; + + $signature = rsa_sign($signable_data,$prvkey); + $sig = base64url_encode($signature); + +$magic_env = <<< EOT +<?xml version='1.0' encoding='UTF-8'?> +<diaspora xmlns="https://joindiaspora.org/protocol" xmlns:me="http://salmon-protocol.org/ns/magic-env" > + <header> + <author_id>$handle</author_id> + </header> + <me:env> + <me:encoding>base64url</me:encoding> + <me:alg>RSA-SHA256</me:alg> + <me:data type="application/xml">$data</me:data> + <me:sig>$sig</me:sig> + </me:env> +</diaspora> +EOT; + + logger('diaspora_pubmsg_build: magic_env: ' . $magic_env, LOGGER_DATA); + return $magic_env; + +} + + + + function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { $a = get_app(); @@ -97,7 +164,7 @@ function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { $outer_iv = random_string(16); $b_outer_iv = base64_encode($outer_iv); - $handle = 'acct:' . $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $handle = $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $padded_data = pkcs5_pad($msg,16); $inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv); @@ -106,16 +173,14 @@ function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) { $b64url_data = base64url_encode($b64_data); - $b64url_stripped = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data); - $lines = str_split($b64url_stripped,60); - $data = implode("\n",$lines); - $data = $data . (($data[-1] != "\n") ? "\n" : '') ; - $type = 'application/atom+xml'; + $data = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data); + + $type = 'application/xml'; $encoding = 'base64url'; $alg = 'RSA-SHA256'; - $signable_data = $data . '.' . base64url_encode($type) . "\n" . '.' - . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; + $signable_data = $data . '.' . base64url_encode($type) . '.' + . base64url_encode($encoding) . '.' . base64url_encode($alg) ; $signature = rsa_sign($signable_data,$prvkey); $sig = base64url_encode($signature); @@ -124,10 +189,7 @@ $decrypted_header = <<< EOT <decrypted_header> <iv>$b_inner_iv</iv> <aes_key>$b_inner_aes_key</aes_key> - <author> - <name>{$user['username']}</name> - <uri>$handle</uri> - </author> + <author_id>$handle</author_id> </decrypted_header> EOT; @@ -152,15 +214,15 @@ EOT; $magic_env = <<< EOT <?xml version='1.0' encoding='UTF-8'?> -<entry xmlns='http://www.w3.org/2005/Atom'> +<diaspora xmlns="https://joindiaspora.org/protocol" xmlns:me="http://salmon-protocol.org/ns/magic-env" > $encrypted_header - <me:env xmlns:me="http://salmon-protocol.org/ns/magic-env"> + <me:env> <me:encoding>base64url</me:encoding> <me:alg>RSA-SHA256</me:alg> - <me:data type="application/atom+xml">$data</me:data> + <me:data type="application/xml">$data</me:data> <me:sig>$sig</me:sig> </me:env> -</entry> +</diaspora> EOT; logger('diaspora_msg_build: magic_env: ' . $magic_env, LOGGER_DATA); @@ -185,50 +247,67 @@ EOT; function diaspora_decode($importer,$xml) { + $public = false; $basedom = parse_xml_string($xml); - $atom = $basedom->children(NAMESPACE_ATOM1); + $children = $basedom->children('https://joindiaspora.com/protocol'); - // Diaspora devs: This is kind of sucky - 'encrypted_header' does not belong in the atom namespace + if($children->header) { + $public = true; + $author_link = str_replace('acct:','',$children->header->author_id); + } + else { - $encrypted_header = json_decode(base64_decode($atom->encrypted_header)); + $encrypted_header = json_decode(base64_decode($children->encrypted_header)); - $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key); - $ciphertext = base64_decode($encrypted_header->ciphertext); + $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key); + $ciphertext = base64_decode($encrypted_header->ciphertext); + + $outer_key_bundle = ''; + openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']); - $outer_key_bundle = ''; - openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']); + $j_outer_key_bundle = json_decode($outer_key_bundle); - $j_outer_key_bundle = json_decode($outer_key_bundle); + $outer_iv = base64_decode($j_outer_key_bundle->iv); + $outer_key = base64_decode($j_outer_key_bundle->key); - $outer_iv = base64_decode($j_outer_key_bundle->iv); - $outer_key = base64_decode($j_outer_key_bundle->key); + $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); - $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); + $decrypted = pkcs5_unpad($decrypted); - $decrypted = pkcs5_unpad($decrypted); + /** + * $decrypted now contains something like + * + * <decrypted_header> + * <iv>8e+G2+ET8l5BPuW0sVTnQw==</iv> + * <aes_key>UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU=</aes_key> - /** - * $decrypted now contains something like - * - * <decrypted_header> - * <iv>8e+G2+ET8l5BPuW0sVTnQw==</iv> - * <aes_key>UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU=</aes_key> - * <author> - * <name>Ryan Hughes</name> - * <uri>acct:galaxor@diaspora.pirateship.org</uri> - * </author> - * </decrypted_header> - */ +***** OBSOLETE - logger('decrypted: ' . $decrypted, LOGGER_DEBUG); - $idom = parse_xml_string($decrypted,false); + * <author> + * <name>Ryan Hughes</name> + * <uri>acct:galaxor@diaspora.pirateship.org</uri> + * </author> - $inner_iv = base64_decode($idom->iv); - $inner_aes_key = base64_decode($idom->aes_key); +***** CURRENT - $author_link = str_replace('acct:','',$idom->author->uri); + * <author_id>acct:galaxor@diaspora.priateship.org</author_id> + +***** END DIFFS + + * </decrypted_header> + */ + + logger('decrypted: ' . $decrypted, LOGGER_DEBUG); + $idom = parse_xml_string($decrypted,false); + + $inner_iv = base64_decode($idom->iv); + $inner_aes_key = base64_decode($idom->aes_key); + + $author_link = str_replace('acct:','',$idom->author_id); + + } $dom = $basedom->children(NAMESPACE_SALMON_ME); @@ -255,16 +334,6 @@ function diaspora_decode($importer,$xml) { // strip whitespace so our data element will return to one big base64 blob $data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data); - // Add back the 60 char linefeeds - - // This completely violates the entire principle of salmon magic signatures, - // which was to have a message signing format that was completely ambivalent to linefeeds - // and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby - // use different linelengths for base64 output. - - $lines = str_split($data,60); - $data = implode("\n",$lines); - // stash away some other stuff for later @@ -273,22 +342,25 @@ function diaspora_decode($importer,$xml) { $encoding = $base->encoding; $alg = $base->alg; - // I can't even begin to tell you how sucky this is. Please read the spec. - $signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; + $signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg); // decode the data $data = base64url_decode($data); - // Now pull out the inner encrypted blob - $inner_encrypted = base64_decode($data); + if($public) { + $inner_decrypted = $data; + } + else { - $inner_decrypted = - $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv); + // Decode the encrypted blob - $inner_decrypted = pkcs5_unpad($inner_decrypted); + $inner_encrypted = base64_decode($data); + $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv); + $inner_decrypted = pkcs5_unpad($inner_decrypted); + } if(! $author_link) { logger('mod-diaspora: Could not retrieve author URI.'); @@ -321,7 +393,6 @@ function diaspora_decode($importer,$xml) { } - function diaspora_request($importer,$xml) { $sender_handle = unxmlify($xml->sender_handle); @@ -332,7 +403,6 @@ function diaspora_request($importer,$xml) { $contact = diaspora_get_contact_by_handle($importer['uid'],$sender_handle); - if($contact) { // perhaps we were already sharing with this person. Now they're sharing with us. @@ -408,8 +478,7 @@ function diaspora_post($importer,$xml) { if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { logger('diaspora_post: Ignoring this author.'); - http_status_exit(202); - // NOTREACHED + return 202; } $message_id = $diaspora_handle . ':' . $guid; @@ -493,8 +562,7 @@ function diaspora_comment($importer,$xml,$msg) { if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { logger('diaspora_comment: Ignoring this author.'); - http_status_exit(202); - // NOTREACHED + return 202; } $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", @@ -535,7 +603,7 @@ function diaspora_comment($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha256')) { logger('diaspora_comment: verification failed.'); return; } @@ -548,7 +616,7 @@ function diaspora_comment($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha256')) { logger('diaspora_comment: owner verification failed.'); return; } @@ -633,8 +701,7 @@ function diaspora_photo($importer,$xml,$msg) { if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { logger('diaspora_photo: Ignoring this author.'); - http_status_exit(202); - // NOTREACHED + return 202; } $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", @@ -686,8 +753,7 @@ function diaspora_like($importer,$xml,$msg) { if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { logger('diaspora_like: Ignoring this author.'); - http_status_exit(202); - // NOTREACHED + return 202; } $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", @@ -743,7 +809,7 @@ function diaspora_like($importer,$xml,$msg) { } } - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha')) { + if(! rsa_verify($author_signed_data,$author_signature,$key,'sha256')) { logger('diaspora_like: verification failed.'); return; } @@ -756,7 +822,7 @@ function diaspora_like($importer,$xml,$msg) { $key = $msg['key']; - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha')) { + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha256')) { logger('diaspora_like: owner verification failed.'); return; } @@ -877,7 +943,7 @@ function diaspora_retraction($importer,$xml) { } } - http_exit_status(202); + return 202; // NOTREACHED } @@ -1044,7 +1110,7 @@ function diaspora_send_followup($item,$owner,$contact) { else $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr; - $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha')); + $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); $msg = replace_macros($tpl,array( '$guid' => xmlify($item['guid']), @@ -1131,7 +1197,7 @@ function diaspora_send_relay($item,$owner,$contact) { else $signed_text = $item['guid'] . ';' . $parent_guid . ';' . $text . ';' . $myaddr; - $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha')); + $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($item['id']), @@ -1145,7 +1211,7 @@ function diaspora_send_relay($item,$owner,$contact) { // sign it - $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha')); + $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); $msg = replace_macros($tpl,array( '$guid' => xmlify($item['guid']), diff --git a/include/email.php b/include/email.php index a36d9adab..3e6a8186d 100644 --- a/include/email.php +++ b/include/email.php @@ -169,6 +169,17 @@ function email_get_part($mbox,$uid,$p,$partno) { function email_header_encode($in_str, $charset) { $out_str = $in_str; + $need_to_convert = false; + + for($x = 0; $x < strlen($in_str); $x ++) { + if((ord($in_str[$x]) == 0) || ((ord($in_str[$x]) > 128))) { + $need_to_convert = true; + } + } + + if(! $need_to_convert) + return $in_str; + if ($out_str && $charset) { // define start delimimter, end delimiter and spacer @@ -205,4 +216,6 @@ function email_header_encode($in_str, $charset) { $out_str = $start . $out_str . $end; } return $out_str; -}
\ No newline at end of file +} + + diff --git a/include/group.php b/include/group.php index d92e24e20..4f3d5ee91 100644 --- a/include/group.php +++ b/include/group.php @@ -6,8 +6,26 @@ function group_add($uid,$name) { $ret = false; if(x($uid) && x($name)) { $r = group_byname($uid,$name); // check for dups - if($r !== false) + if($r !== false) { + + // This could be a problem. + // Let's assume we've just created a group which we once deleted + // all the old members are gone, but the group remains so we don't break any security + // access lists. What we're doing here is reviving the dead group, but old content which + // was restricted to this group may now be seen by the new group members. + + $z = q("SELECT * FROM `group` WHERE `id` = %d LIMIT 1", + intval($r) + ); + if(count($z) && $z[0]['deleted']) { + $r = q("UPDATE `group` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1", + intval($uid), + dbesc($name) + ); + notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); + } return true; + } $r = q("INSERT INTO `group` ( `uid`, `name` ) VALUES( %d, '%s' ) ", intval($uid), diff --git a/include/items.php b/include/items.php index facd8b2d4..b433381a7 100644 --- a/include/items.php +++ b/include/items.php @@ -717,6 +717,7 @@ function item_store($arr,$force_parent = false) { $arr['owner-avatar'] = ((x($arr,'owner-avatar')) ? notags(trim($arr['owner-avatar'])) : ''); $arr['created'] = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert()); $arr['edited'] = ((x($arr,'edited') !== false) ? datetime_convert('UTC','UTC',$arr['edited']) : datetime_convert()); + $arr['commented'] = datetime_convert(); $arr['received'] = datetime_convert(); $arr['changed'] = datetime_convert(); $arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : ''); @@ -865,6 +866,14 @@ function item_store($arr,$force_parent = false) { intval($current_post) ); + // update the commented timestamp on the parent + + q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1", + dbesc(datetime_convert()), + dbesc(datetime_convert()), + intval($parent_id) + ); + if($dsprsig) { q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($current_post), diff --git a/include/poller.php b/include/poller.php index e80b696bf..dbae1deec 100644 --- a/include/poller.php +++ b/include/poller.php @@ -86,11 +86,12 @@ function poller_run($argv, $argc){ // and which have a polling address and ignore Diaspora since // we are unable to match those posts with a Diaspora GUID and prevent duplicates. - $contacts = q("SELECT `id` FROM `contact` + $contacts = q("SELECT `contact`.`id` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` WHERE ( `rel` = %d OR `rel` = %d ) AND `poll` != '' AND `network` != '%s' $sql_extra - AND `self` = 0 AND `blocked` = 0 AND `readonly` = 0 ORDER BY RAND()", + AND `self` = 0 AND `contact`.`blocked` = 0 AND `contact`.`readonly` = 0 + AND `user`.`account_expired` = 0 ORDER BY RAND()", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND), dbesc(NETWORK_DIASPORA) diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 84cb2fc16..bd665c208 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -72,7 +72,7 @@ function dfrn_notify_post(&$a) { FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid` WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND `user`.`nickname` = '%s' $sql_extra LIMIT 1", + AND `user`.`nickname` = '%s' AND `user`.`account_expired` = 0 $sql_extra LIMIT 1", dbesc($a->argv[1]) ); @@ -807,7 +807,7 @@ function dfrn_notify_content(&$a) { intval(time() + 90 ) ); - logger('dfrn_notify: challenge=' . $hash ); + logger('dfrn_notify: challenge=' . $hash, LOGGER_DEBUG ); $sql_extra = ''; switch($direction) { @@ -829,7 +829,8 @@ function dfrn_notify_content(&$a) { } $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` - WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s' $sql_extra LIMIT 1", + WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s' + AND `user`.`account_expired` = 0 $sql_extra LIMIT 1", dbesc($a->argv[1]) ); @@ -840,14 +841,18 @@ function dfrn_notify_content(&$a) { $encrypted_id = ''; $id_str = $my_id . '.' . mt_rand(1000,9999); - if((($r[0]['duplex']) && strlen($r[0]['prvkey'])) || (! strlen($r[0]['pubkey']))) { - openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); - openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); - } - else { - openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); - openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); + if(strlen($r[0]['prvkey']) || strlen($r[0]['pubkey'])) { + if(($r[0]['duplex']) || (! strlen($r[0]['pubkey']))) { + openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']); + openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']); + } + else { + openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']); + openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']); + } } + else + $status = 1; $challenge = bin2hex($challenge); $encrypted_id = bin2hex($encrypted_id); diff --git a/mod/hostxrd.php b/mod/hostxrd.php index c7861d26d..1cc18da7a 100644 --- a/mod/hostxrd.php +++ b/mod/hostxrd.php @@ -4,7 +4,8 @@ function hostxrd_init(&$a) { header('Access-Control-Allow-Origin: *'); header("Content-type: text/xml"); $tpl = file_get_contents('view/xrd_host.tpl'); - echo str_replace(array('$zroot','$domain'),array(z_root(),z_path()),$tpl); + echo str_replace(array( + '$zroot','$domain','$zot_post'),array(z_root(),z_path(),z_root() . '/post'),$tpl); session_write_close(); exit(); diff --git a/mod/item.php b/mod/item.php index 025a12a32..cad72122b 100644 --- a/mod/item.php +++ b/mod/item.php @@ -501,6 +501,7 @@ function item_post(&$a) { $datarray['author-avatar'] = $author['thumb']; $datarray['created'] = datetime_convert(); $datarray['edited'] = datetime_convert(); + $datarray['commented'] = datetime_convert(); $datarray['received'] = datetime_convert(); $datarray['changed'] = datetime_convert(); $datarray['uri'] = $uri; @@ -561,9 +562,9 @@ function item_post(&$a) { $r = q("INSERT INTO `item` (`guid`, `uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, - `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `received`, `changed`, `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`, + `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `commented`, `received`, `changed`, `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`, `tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach`, `bookmark` ) - VALUES( '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d )", + VALUES( '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d )", dbesc($datarray['guid']), intval($datarray['uid']), dbesc($datarray['type']), @@ -578,6 +579,7 @@ function item_post(&$a) { dbesc($datarray['author-avatar']), dbesc($datarray['created']), dbesc($datarray['edited']), + dbesc($datarray['commented']), dbesc($datarray['received']), dbesc($datarray['changed']), dbesc($datarray['uri']), @@ -803,6 +805,13 @@ function item_post(&$a) { // NOTREACHED } + // update the commented timestamp on the parent + + q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1", + dbesc(datetime_convert()), + dbesc(datetime_convert()), + intval($parent) + ); $datarray['id'] = $post_id; $datarray['plink'] = $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id; diff --git a/mod/network.php b/mod/network.php index 438b3417d..5faeee453 100644 --- a/mod/network.php +++ b/mod/network.php @@ -315,44 +315,27 @@ function network_content(&$a, $update = 0) { else { // Normal conversation view - // Show conversation by activity date - if($order === 'post') { - $r = q("SELECT `item`.`id` AS `item_id`, `contact`.`uid` AS `contact_uid` - FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND `item`.`parent` = `item`.`id` - $sql_extra - ORDER BY `item`.`created` DESC LIMIT %d ,%d ", - intval(local_user()), - intval($a->pager['start']), - intval($a->pager['itemspage']) - ); - } - else { - // $order === 'comment' - // First fetch a known number of parent items - - $r = q("SELECT `item`.`id` AS `item_id`, `contact`.`uid` AS `contact_uid` - FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - , (SELECT `_com`.`parent`,max(`_com`.`created`) as `created` - FROM `item` AS `_com` - WHERE `_com`.`uid`=%d AND - (`_com`.`parent`!=`_com`.`id` OR `_com`.`id` NOT IN (SELECT `__com`.`parent` FROM `item` as `__com` WHERE `__com`.`parent`!=`__com`.`id`)) - GROUP BY `_com`.`parent` ORDER BY `created` DESC) AS `com` - WHERE `item`.`id`=`com`.`parent` AND - `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $sql_extra - ORDER BY `com`.`created` DESC LIMIT %d ,%d ", - intval(local_user()), - intval(local_user()), - intval($a->pager['start']), - intval($a->pager['itemspage']) - ); - } + if($order === 'post') + $ordering = "`created`"; + else + $ordering = "`commented`"; + + // Fetch a page full of parent items for this page + + $r = q("SELECT `item`.`id` AS `item_id`, `contact`.`uid` AS `contact_uid` + FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + AND `item`.`parent` = `item`.`id` + $sql_extra + ORDER BY `item`.$ordering DESC LIMIT %d ,%d ", + intval(local_user()), + intval($a->pager['start']), + intval($a->pager['itemspage']) + ); + // Then fetch all the children of the parents that are on this page $parents_arr = array(); @@ -363,48 +346,21 @@ function network_content(&$a, $update = 0) { $parents_arr[] = $rr['item_id']; $parents_str = implode(', ', $parents_arr); - if($order === 'post') { - // parent created order - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`writable`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, (SELECT `p`.`id`,`p`.`created` FROM `item` AS `p` WHERE `p`.`parent`=`p`.`id`) as `parentitem`, `contact` - WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND `item`.`parent` = `parentitem`.`id` AND `item`.`parent` IN ( %s ) - $sql_extra - ORDER BY `parentitem`.`created` DESC, `item`.`gravity` ASC, `item`.`created` ASC ", - intval(local_user()), - dbesc($parents_str) - ); - } - else { - // $order === 'comment' - - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, - `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`writable`, - `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, - `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` - FROM `item`, `contact`, - (SELECT `_com`.`parent`,max(`_com`.`created`) as `created` - FROM `item` AS `_com` - WHERE `_com`.`uid`=%d AND - (`_com`.`parent`!=`_com`.`id` OR `_com`.`id` NOT IN (SELECT `__com`.`parent` FROM `item` as `__com` WHERE `__com`.`parent`!=`__com`.`id`)) - GROUP BY `_com`.`parent` ORDER BY `created` DESC) AS `com` - WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 - AND `contact`.`id` = `item`.`contact-id` - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - AND `item`.`parent` = `com`.`parent` AND `item`.`parent` IN ( %s ) - $sql_extra - ORDER BY `com`.`created` DESC, `item`.`gravity` ASC, `item`.`created` ASC ", - intval(local_user()), - intval(local_user()), - dbesc($parents_str) - ); - } - } + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`writable`, + `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, + `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` + FROM `item`, (SELECT `p`.`id`,`p`.`created`,`p`.`commented` FROM `item` AS `p` WHERE `p`.`parent`=`p`.`id`) as `parentitem`, `contact` + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + AND `contact`.`id` = `item`.`contact-id` + AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + AND `item`.`parent` = `parentitem`.`id` AND `item`.`parent` IN ( %s ) + $sql_extra + ORDER BY `parentitem`.$ordering DESC, `item`.`gravity` ASC, `item`.`created` ASC ", + intval(local_user()), + dbesc($parents_str) + ); + } } // Set this so that the conversation function can find out contact info for our wall-wall items diff --git a/mod/openid.php b/mod/openid.php index 3c3293147..b8734f023 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -56,7 +56,7 @@ function openid_content(&$a) { $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` - FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", + FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", dbesc($_SESSION['openid']) ); if(! count($r)) { diff --git a/mod/profile_photo.php b/mod/profile_photo.php index 8dc896653..4de3aaa3e 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -155,9 +155,15 @@ function profile_photo_content(&$a) { notice( t('Permission denied.') . EOL ); return; } + $havescale = false; + foreach($r as $rr) { + if($rr['scale'] == 5) + $havescale = true; + } + // set an already uloaded photo as profile photo // if photo is in 'Profile Photos', change it in db - if ($r[0]['album']== t('Profile Photos')){ + if (($r[0]['album']== t('Profile Photos')) && ($havescale)){ $r=q("UPDATE `photo` SET `profile`=0 WHERE `profile`=1 AND `uid`=%d", intval(local_user())); diff --git a/mod/pubsub.php b/mod/pubsub.php index 4dff5d531..b2f006927 100644 --- a/mod/pubsub.php +++ b/mod/pubsub.php @@ -44,7 +44,7 @@ function pubsub_init(&$a) { $subscribe = (($hub_mode === 'subscribe') ? 1 : 0); - $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", + $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 LIMIT 1", dbesc($nick) ); if(! count($r)) @@ -99,7 +99,7 @@ function pubsub_post(&$a) { $nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : ''); $contact_id = (($a->argc > 2) ? intval($a->argv[2]) : 0 ); - $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", + $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 LIMIT 1", dbesc($nick) ); if(! count($r)) diff --git a/mod/receive.php b/mod/receive.php index 34128518b..950bf0bd3 100644 --- a/mod/receive.php +++ b/mod/receive.php @@ -12,18 +12,26 @@ require_once('include/diaspora.php'); function receive_post(&$a) { - if($a->argc != 3 || $a->argv[1] !== 'users') - http_status_exit(500); + $public = false; - $guid = $a->argv[2]; + if(($a->argc == 2) && ($a->argv[1] === 'public')) { + $public = true; + } + else { - $r = q("SELECT * FROM `user` WHERE `guid` = '%s' LIMIT 1", - dbesc($guid) - ); - if(! count($r)) - http_status_exit(500); + if($a->argc != 3 || $a->argv[1] !== 'users') + http_status_exit(500); + + $guid = $a->argv[2]; + + $r = q("SELECT * FROM `user` WHERE `guid` = '%s' AND `account_expired` = 0 LIMIT 1", + dbesc($guid) + ); + if(! count($r)) + http_status_exit(500); - $importer = $r[0]; + $importer = $r[0]; + } // It is an application/x-www-form-urlencoded @@ -41,9 +49,13 @@ function receive_post(&$a) { if(! is_array($msg)) http_status_exit(500); - diaspora_dispatch($importer,$msg); + $ret = 0; + if($public) + diaspora_dispatch_public($msg); + else + $ret = diaspora_dispatch($importer,$msg); - http_status_exit(200); + http_status_exit(($ret) ? $ret : 200); // NOTREACHED } diff --git a/mod/salmon.php b/mod/salmon.php index 0264e820d..6172d17a1 100644 --- a/mod/salmon.php +++ b/mod/salmon.php @@ -25,12 +25,12 @@ function salmon_post(&$a) { $xml = file_get_contents('php://input'); - logger('mod-salmon: new salmon ' . $xml); + logger('mod-salmon: new salmon ' . $xml, LOGGER_DATA); $nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : ''); $mentions = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false); - $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", + $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 LIMIT 1", dbesc($nick) ); if(! count($r)) diff --git a/mod/xrd.php b/mod/xrd.php index fcec74336..dae6e4828 100644 --- a/mod/xrd.php +++ b/mod/xrd.php @@ -45,6 +45,7 @@ function xrd_init(&$a) { '$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['nickname'], '$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'], + '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['nickname'], '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg', '$dspr' => $dspr, '$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'], diff --git a/update.php b/update.php index f94e78d72..94d0b6274 100644 --- a/update.php +++ b/update.php @@ -1,6 +1,6 @@ <?php -define( 'UPDATE_VERSION' , 1087 ); +define( 'UPDATE_VERSION' , 1090 ); /** * @@ -726,3 +726,30 @@ function update_1086() { q("ALTER TABLE `item` ADD `bookmark` tinyint(1) NOT NULL DEFAULT '0' AFTER `starred` "); } +function update_1087() { + q("ALTER TABLE `item` ADD `commented` datetime NOT NULL DEFAULT '0000-00-00 00:00:00' AFTER `edited` "); + + $r = q("SELECT `id` FROM `item` WHERE `parent` = `id` "); + if(count($r)) { + foreach($r as $rr) { + $x = q("SELECT max(`created`) AS `cdate` FROM `item` WHERE `parent` = %d LIMIT 1", + intval($rr['id']) + ); + if(count($x)) + q("UPDATE `item` SET `commented` = '%s' WHERE `id` = %d LIMIT 1", + dbesc($x[0]['cdate']), + intval($rr['id']) + ); + } + } +} + +function update_1088() { + q("ALTER TABLE `user` ADD `account_expired` TINYINT( 1 ) NOT NULL DEFAULT '0' AFTER `expire` , + ADD `account_expires_on` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00' AFTER `account_expired` , + ADD `expire_notification_sent` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00' AFTER `account_expires_on` "); +} + +function update_1089() { + q("ALTER TABLE `user` ADD `blocktags` TINYINT( 1 ) NOT NULL DEFAULT '0' AFTER `hidewall` "); +} diff --git a/view/theme/duepuntozero/style.css b/view/theme/duepuntozero/style.css index acd7d5bb5..9bed3e972 100644 --- a/view/theme/duepuntozero/style.css +++ b/view/theme/duepuntozero/style.css @@ -2749,6 +2749,7 @@ a.mail-list-link { .off { background-position: 0px -48px; } .starred { background-position: -16px -48px; } .unstarred { background-position: -32px -48px; } +.tagged { background-position: -48px -48px; } .icon.dim { opacity: 0.3;filter:alpha(opacity=30); } diff --git a/view/theme/greenzero/greenicons.png b/view/theme/greenzero/greenicons.png Binary files differindex b20ac5c0d..2644e4284 100644 --- a/view/theme/greenzero/greenicons.png +++ b/view/theme/greenzero/greenicons.png diff --git a/view/theme/loozah/style.css b/view/theme/loozah/style.css index 8636f1085..d9b0b6f2e 100644 --- a/view/theme/loozah/style.css +++ b/view/theme/loozah/style.css @@ -2732,6 +2732,7 @@ a.mail-list-link { .off { background-position: 0px -48px; } .starred { background-position: -16px -48px; } .unstarred { background-position: -32px -48px; } +.tagged { background-position: -48px -48px; } .icon.dim { opacity: 0.3;filter:alpha(opacity=30); } diff --git a/view/xrd_host.tpl b/view/xrd_host.tpl index f1d9707d5..ee687ffa9 100644 --- a/view/xrd_host.tpl +++ b/view/xrd_host.tpl @@ -9,4 +9,17 @@ <Link rel='http://services.mozilla.com/amcd/0.1' href='$domain/amcd' /> <Link rel="http://oexchange.org/spec/0.8/rel/resident-target" type="application/xrd+xml" href="$domain/oexchange/xrd" /> + + <Link rel="http://purl.org/zot/1.0/post" + href="$zot_post" /> + + <Property xmlns:zot="http://purl.og/zot/1.0" + type="http://purl.org/zot/1.0/version" + zot:version="1" /> + + <Property xmlns:zot="http://purl.og/zot/1.0" + type="http://purl.org/zot/1.0/accept" + zot:accept="application/atom+xml" /> + + </XRD> diff --git a/view/xrd_person.tpl b/view/xrd_person.tpl index fd11ad600..7373499bf 100644 --- a/view/xrd_person.tpl +++ b/view/xrd_person.tpl @@ -5,6 +5,17 @@ <Alias>$accturi</Alias> <Alias>$profile_url</Alias> + <Link rel="http://purl.org/zot/1.0/post" + href="$zot_post" /> + + <Property xmlns:zot="http://purl.og/zot/1.0" + type="http://purl.org/zot/1.0/version" + zot:version="1" /> + + <Property xmlns:zot="http://purl.og/zot/1.0" + type="http://purl.org/zot/1.0/accept" + zot:accept="application/atom+xml" /> + <Link rel="http://purl.org/macgirvin/dfrn/1.0" href="$profile_url" /> <Link rel="http://schemas.google.com/g/2010#updates-from" |
