diff options
-rw-r--r-- | Zotlabs/Daemon/Notifier.php | 7 | ||||
-rw-r--r-- | Zotlabs/Module/Cdav.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Dav.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Getfile.php | 43 | ||||
-rw-r--r-- | Zotlabs/Module/Zfinger.php | 8 | ||||
-rw-r--r-- | Zotlabs/Zot6/Finger.php | 4 | ||||
-rwxr-xr-x | boot.php | 2 | ||||
-rw-r--r-- | include/import.php | 4 | ||||
-rwxr-xr-x | include/items.php | 28 | ||||
-rw-r--r-- | include/text.php | 2 |
10 files changed, 54 insertions, 48 deletions
diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php index 18fc57118..626299661 100644 --- a/Zotlabs/Daemon/Notifier.php +++ b/Zotlabs/Daemon/Notifier.php @@ -466,13 +466,6 @@ class Notifier { // FIXME add any additional recipients such as mentions, etc. - // don't send deletions onward for other people's stuff - // TODO verify this is needed - copied logic from same place in old code - - if(intval($target_item['item_deleted']) && (! intval($target_item['item_wall']))) { - logger('notifier: ignoring delete notification for non-wall item', LOGGER_NORMAL, LOG_NOTICE); - return; - } } } diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index f7e43e436..f5c5f4384 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -50,7 +50,7 @@ class Cdav extends Controller { if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { - $r = q("select * from hubloc where hubloc_addr = '%s'", + $r = q("select * from hubloc where hubloc_id_url = '%s'", dbesc($keyId) ); if($r) { diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 949b89950..82d773139 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -51,7 +51,7 @@ class Dav extends \Zotlabs\Web\Controller { if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { - $r = q("select * from hubloc where hubloc_addr = '%s'", + $r = q("select * from hubloc where hubloc_id_url = '%s'", dbesc($keyId) ); if($r) { diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 17d1c84b8..a867f5ff7 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -6,20 +6,20 @@ use Zotlabs\Lib\Libzot; /** * module: getfile - * + * * used for synchronising files and photos across clones - * + * * The site initiating the file operation will send a sync packet to known clones. * They will respond by building the DB structures they require, then will provide a * post request to this site to grab the file data. This is sent as a stream direct to * disk at the other end, avoiding memory issues. * * Since magic-auth cannot easily be used by the CURL process at the other end, - * we will require a signed request which includes a timestamp. This should not be - * used without SSL and is potentially vulnerable to replay if an attacker decrypts + * we will require a signed request which includes a timestamp. This should not be + * used without SSL and is potentially vulnerable to replay if an attacker decrypts * the SSL traffic fast enough. The amount of time slop is configurable but defaults * to 3 minutes. - * + * */ @@ -54,13 +54,14 @@ class Getfile extends \Zotlabs\Web\Controller { $keyId = $sigblock['keyId']; if($keyId) { - $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where hubloc_addr = '%s'", - dbesc(str_replace('acct:','',$keyId)) + $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash + WHERE hubloc_addr = '%s' OR hubloc_id_url = '%s'", + dbesc(str_replace('acct:','',$keyId)), + dbesc($keyId) ); if($r) { $hubloc = Libzot::zot_record_preferred($r); - $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']); + $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid'] && $hash == $hubloc['hubloc_hash']) { $header_verified = true; } @@ -74,15 +75,15 @@ class Getfile extends \Zotlabs\Web\Controller { logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO); if($header_verified) { logger('HTTPSig verified'); - } - + } + $channel = channelx_by_hash($hash); if((! $channel) || (! $time) || (! $sig)) { logger('error: missing info'); killme(); } - + if(isset($_POST['resolution'])) $resolution = intval($_POST['resolution']); elseif(substr($resource,-2,1) == '-') { @@ -91,21 +92,21 @@ class Getfile extends \Zotlabs\Web\Controller { } else { $resolution = (-1); - } + } $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop')); if($slop < 1) $slop = 3; - + $d1 = datetime_convert('UTC','UTC',"now + $slop minutes"); - $d2 = datetime_convert('UTC','UTC',"now - $slop minutes"); - + $d2 = datetime_convert('UTC','UTC',"now - $slop minutes"); + if(! $header_verified) { if(($time > $d1) || ($time < $d2)) { logger('time outside allowable range'); killme(); } - + if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) { logger('verify failed.'); killme(); @@ -137,20 +138,20 @@ class Getfile extends \Zotlabs\Web\Controller { else { echo dbunescbin($r[0]['content']); } - } + } killme(); } $r = attach_by_hash($resource,$channel['channel_hash'],$revision); - + if(! $r['success']) { logger('attach_by_hash failed: ' . $r['message']); notice( $r['message'] . EOL); return; } - + $unsafe_types = array('text/html','text/css','application/javascript'); - + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) { header('Content-type: text/plain'); } diff --git a/Zotlabs/Module/Zfinger.php b/Zotlabs/Module/Zfinger.php index 533f0a5db..ce7117ad8 100644 --- a/Zotlabs/Module/Zfinger.php +++ b/Zotlabs/Module/Zfinger.php @@ -7,7 +7,7 @@ use Zotlabs\Lib\Libzot; class Zfinger extends \Zotlabs\Web\Controller { function init() { - + require_once('include/zot.php'); require_once('include/crypto.php'); @@ -26,7 +26,7 @@ class Zfinger extends \Zotlabs\Web\Controller { if($chan) { $headers['Digest'] = HTTPSig::generate_digest_header($ret); - $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],'acct:' . channel_reddress($chan)); + $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'], channel_url($chan)); HTTPSig::set_headers($h); } else { @@ -37,7 +37,7 @@ class Zfinger extends \Zotlabs\Web\Controller { echo $ret; killme(); - + } - + } diff --git a/Zotlabs/Zot6/Finger.php b/Zotlabs/Zot6/Finger.php index 22ce4685d..cec3f98ab 100644 --- a/Zotlabs/Zot6/Finger.php +++ b/Zotlabs/Zot6/Finger.php @@ -88,7 +88,7 @@ class Finger { $headers = []; $headers['X-Zot-Channel'] = $channel['channel_address'] . '@' . \App::get_hostname(); $headers['X-Zot-Nonce'] = random_string(); - $xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel)); + $xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel)); $retries = 0; @@ -100,7 +100,7 @@ class Finger { $result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]); } } - } + } else { $rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token; @@ -50,7 +50,7 @@ require_once('include/attach.php'); require_once('include/bbcode.php'); define ( 'PLATFORM_NAME', 'hubzilla' ); -define ( 'STD_VERSION', '5.2RC2' ); +define ( 'STD_VERSION', '5.2RC3' ); define ( 'ZOT_REVISION', '6.0' ); define ( 'DB_UPDATE_VERSION', 1240 ); diff --git a/include/import.php b/include/import.php index d02cc1e1f..82d6cfe07 100644 --- a/include/import.php +++ b/include/import.php @@ -1358,7 +1358,7 @@ function sync_files($channel, $files) { $headers = []; $headers['Accept'] = 'application/x-zot+json' ; $headers['Sigtoken'] = random_string(); - $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], 'acct:' . channel_reddress($channel),true,'sha512'); + $headers = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_reddress($channel), true, 'sha512'); $x = z_post_url($fetch_url,$parr,$redirects,[ 'filep' => $fp, 'headers' => $headers]); fclose($fp); @@ -1463,7 +1463,7 @@ function sync_files($channel, $files) { $headers = []; $headers['Accept'] = 'application/x-zot+json' ; $headers['Sigtoken'] = random_string(); - $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel),true,'sha512'); + $headers = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_url($channel), true, 'sha512'); $x = z_post_url($fetch_url,$parr,$redirects,[ 'filep' => $fp, 'headers' => $headers]); fclose($fp); diff --git a/include/items.php b/include/items.php index a90ddd208..85465192d 100755 --- a/include/items.php +++ b/include/items.php @@ -2206,6 +2206,7 @@ function item_store_update($arr, $allow_exec = false, $deliver = true) { return $ret; } + // override the unseen flag with the original $arr['item_unseen'] = $orig[0]['item_unseen']; @@ -2682,6 +2683,12 @@ function tag_deliver($uid, $item_id) { if ($is_group && intval($item['item_thread_top']) && intval($item['item_wall']) && $item['author_xchan'] !== $item['owner_xchan']) { + + if($item['resource_type'] === 'group_item') { + logger('resource_type group_item: already shared'); + return; + } + if (strpos($item['body'],'[/share]')) { logger('W2W post already shared'); return; @@ -3113,11 +3120,12 @@ function tgroup_check($uid, $item) { } } } -*/ + if(! $found) { logger('tgroup_check: mention was in a reshare or exceeded max_tagged_forums - ignoring'); continue; } +*/ return true; } @@ -3203,16 +3211,18 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false $arr = []; if ($edit) { + // process edit or delete action - $r = q("select * from item where source_xchan = '%s' and body like '%s' and uid = %d limit 1", - dbesc($item['owner_xchan']), - dbesc("%message_id='" . $item['mid'] . "'%"), - intval($channel['channel_id']) + $r = q("select * from item where uid = %d and resource_id = '%s' and source_xchan = '%s' and resource_type = 'group_item' limit 1", + intval($channel['channel_id']), + dbesc($item['mid']), + dbesc($item['author_xchan']) ); + if ($r) { if (intval($item['item_deleted'])) { - drop_item($r[0]['id'],false,DROPITEM_PHASE1); - Master::Summon([ 'Notifier','drop',$r[0]['id'] ]); + drop_item($r[0]['id'], false, DROPITEM_PHASE1); + Master::Summon([ 'Notifier', 'drop', $r[0]['id'] ]); return; } $arr['id'] = intval($r[0]['id']); @@ -3242,6 +3252,9 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false $arr['item_uplink'] = 0; $arr['source_xchan'] = $item['owner_xchan']; + $arr['resource_id'] = $item['mid']; + $arr['resource_type'] = 'group_item'; + $arr['item_private'] = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 1 : 0); @@ -3269,7 +3282,6 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false } $arr['body'] = $bb; - $arr['term'] = $item['term']; $arr['author_xchan'] = $channel['channel_hash']; diff --git a/include/text.php b/include/text.php index 76df9e17b..d6b196f1e 100644 --- a/include/text.php +++ b/include/text.php @@ -1801,7 +1801,7 @@ function prepare_body(&$item,$attach = false,$opts = false) { $tags = format_hashtags($item); - if($item['resource_type']) + if($item['resource_type'] == 'photo') $mentions = format_mentions($item); $categories = format_categories($item,$writeable); |