aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Daemon/Notifier.php7
-rw-r--r--Zotlabs/Module/Cdav.php2
-rw-r--r--Zotlabs/Module/Dav.php2
-rw-r--r--Zotlabs/Module/Getfile.php43
-rw-r--r--Zotlabs/Module/Zfinger.php8
-rw-r--r--Zotlabs/Zot6/Finger.php4
-rwxr-xr-xboot.php2
-rw-r--r--include/import.php4
-rwxr-xr-xinclude/items.php28
-rw-r--r--include/text.php2
10 files changed, 54 insertions, 48 deletions
diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php
index 18fc57118..626299661 100644
--- a/Zotlabs/Daemon/Notifier.php
+++ b/Zotlabs/Daemon/Notifier.php
@@ -466,13 +466,6 @@ class Notifier {
// FIXME add any additional recipients such as mentions, etc.
- // don't send deletions onward for other people's stuff
- // TODO verify this is needed - copied logic from same place in old code
-
- if(intval($target_item['item_deleted']) && (! intval($target_item['item_wall']))) {
- logger('notifier: ignoring delete notification for non-wall item', LOGGER_NORMAL, LOG_NOTICE);
- return;
- }
}
}
diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php
index f7e43e436..f5c5f4384 100644
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
@@ -50,7 +50,7 @@ class Cdav extends Controller {
if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) {
- $r = q("select * from hubloc where hubloc_addr = '%s'",
+ $r = q("select * from hubloc where hubloc_id_url = '%s'",
dbesc($keyId)
);
if($r) {
diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index 949b89950..82d773139 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -51,7 +51,7 @@ class Dav extends \Zotlabs\Web\Controller {
if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) {
- $r = q("select * from hubloc where hubloc_addr = '%s'",
+ $r = q("select * from hubloc where hubloc_id_url = '%s'",
dbesc($keyId)
);
if($r) {
diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php
index 17d1c84b8..a867f5ff7 100644
--- a/Zotlabs/Module/Getfile.php
+++ b/Zotlabs/Module/Getfile.php
@@ -6,20 +6,20 @@ use Zotlabs\Lib\Libzot;
/**
* module: getfile
- *
+ *
* used for synchronising files and photos across clones
- *
+ *
* The site initiating the file operation will send a sync packet to known clones.
* They will respond by building the DB structures they require, then will provide a
* post request to this site to grab the file data. This is sent as a stream direct to
* disk at the other end, avoiding memory issues.
*
* Since magic-auth cannot easily be used by the CURL process at the other end,
- * we will require a signed request which includes a timestamp. This should not be
- * used without SSL and is potentially vulnerable to replay if an attacker decrypts
+ * we will require a signed request which includes a timestamp. This should not be
+ * used without SSL and is potentially vulnerable to replay if an attacker decrypts
* the SSL traffic fast enough. The amount of time slop is configurable but defaults
* to 3 minutes.
- *
+ *
*/
@@ -54,13 +54,14 @@ class Getfile extends \Zotlabs\Web\Controller {
$keyId = $sigblock['keyId'];
if($keyId) {
- $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where hubloc_addr = '%s'",
- dbesc(str_replace('acct:','',$keyId))
+ $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
+ WHERE hubloc_addr = '%s' OR hubloc_id_url = '%s'",
+ dbesc(str_replace('acct:','',$keyId)),
+ dbesc($keyId)
);
if($r) {
$hubloc = Libzot::zot_record_preferred($r);
- $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']);
+ $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']);
if($verified && $verified['header_signed'] && $verified['header_valid'] && $hash == $hubloc['hubloc_hash']) {
$header_verified = true;
}
@@ -74,15 +75,15 @@ class Getfile extends \Zotlabs\Web\Controller {
logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO);
if($header_verified) {
logger('HTTPSig verified');
- }
-
+ }
+
$channel = channelx_by_hash($hash);
if((! $channel) || (! $time) || (! $sig)) {
logger('error: missing info');
killme();
}
-
+
if(isset($_POST['resolution']))
$resolution = intval($_POST['resolution']);
elseif(substr($resource,-2,1) == '-') {
@@ -91,21 +92,21 @@ class Getfile extends \Zotlabs\Web\Controller {
}
else {
$resolution = (-1);
- }
+ }
$slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop'));
if($slop < 1)
$slop = 3;
-
+
$d1 = datetime_convert('UTC','UTC',"now + $slop minutes");
- $d2 = datetime_convert('UTC','UTC',"now - $slop minutes");
-
+ $d2 = datetime_convert('UTC','UTC',"now - $slop minutes");
+
if(! $header_verified) {
if(($time > $d1) || ($time < $d2)) {
logger('time outside allowable range');
killme();
}
-
+
if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) {
logger('verify failed.');
killme();
@@ -137,20 +138,20 @@ class Getfile extends \Zotlabs\Web\Controller {
else {
echo dbunescbin($r[0]['content']);
}
- }
+ }
killme();
}
$r = attach_by_hash($resource,$channel['channel_hash'],$revision);
-
+
if(! $r['success']) {
logger('attach_by_hash failed: ' . $r['message']);
notice( $r['message'] . EOL);
return;
}
-
+
$unsafe_types = array('text/html','text/css','application/javascript');
-
+
if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) {
header('Content-type: text/plain');
}
diff --git a/Zotlabs/Module/Zfinger.php b/Zotlabs/Module/Zfinger.php
index 533f0a5db..ce7117ad8 100644
--- a/Zotlabs/Module/Zfinger.php
+++ b/Zotlabs/Module/Zfinger.php
@@ -7,7 +7,7 @@ use Zotlabs\Lib\Libzot;
class Zfinger extends \Zotlabs\Web\Controller {
function init() {
-
+
require_once('include/zot.php');
require_once('include/crypto.php');
@@ -26,7 +26,7 @@ class Zfinger extends \Zotlabs\Web\Controller {
if($chan) {
$headers['Digest'] = HTTPSig::generate_digest_header($ret);
- $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],'acct:' . channel_reddress($chan));
+ $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'], channel_url($chan));
HTTPSig::set_headers($h);
}
else {
@@ -37,7 +37,7 @@ class Zfinger extends \Zotlabs\Web\Controller {
echo $ret;
killme();
-
+
}
-
+
}
diff --git a/Zotlabs/Zot6/Finger.php b/Zotlabs/Zot6/Finger.php
index 22ce4685d..cec3f98ab 100644
--- a/Zotlabs/Zot6/Finger.php
+++ b/Zotlabs/Zot6/Finger.php
@@ -88,7 +88,7 @@ class Finger {
$headers = [];
$headers['X-Zot-Channel'] = $channel['channel_address'] . '@' . \App::get_hostname();
$headers['X-Zot-Nonce'] = random_string();
- $xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel));
+ $xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel));
$retries = 0;
@@ -100,7 +100,7 @@ class Finger {
$result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]);
}
}
- }
+ }
else {
$rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token;
diff --git a/boot.php b/boot.php
index f9430bcb5..8fd1f4257 100755
--- a/boot.php
+++ b/boot.php
@@ -50,7 +50,7 @@ require_once('include/attach.php');
require_once('include/bbcode.php');
define ( 'PLATFORM_NAME', 'hubzilla' );
-define ( 'STD_VERSION', '5.2RC2' );
+define ( 'STD_VERSION', '5.2RC3' );
define ( 'ZOT_REVISION', '6.0' );
define ( 'DB_UPDATE_VERSION', 1240 );
diff --git a/include/import.php b/include/import.php
index d02cc1e1f..82d6cfe07 100644
--- a/include/import.php
+++ b/include/import.php
@@ -1358,7 +1358,7 @@ function sync_files($channel, $files) {
$headers = [];
$headers['Accept'] = 'application/x-zot+json' ;
$headers['Sigtoken'] = random_string();
- $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], 'acct:' . channel_reddress($channel),true,'sha512');
+ $headers = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_reddress($channel), true, 'sha512');
$x = z_post_url($fetch_url,$parr,$redirects,[ 'filep' => $fp, 'headers' => $headers]);
fclose($fp);
@@ -1463,7 +1463,7 @@ function sync_files($channel, $files) {
$headers = [];
$headers['Accept'] = 'application/x-zot+json' ;
$headers['Sigtoken'] = random_string();
- $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel),true,'sha512');
+ $headers = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_url($channel), true, 'sha512');
$x = z_post_url($fetch_url,$parr,$redirects,[ 'filep' => $fp, 'headers' => $headers]);
fclose($fp);
diff --git a/include/items.php b/include/items.php
index a90ddd208..85465192d 100755
--- a/include/items.php
+++ b/include/items.php
@@ -2206,6 +2206,7 @@ function item_store_update($arr, $allow_exec = false, $deliver = true) {
return $ret;
}
+
// override the unseen flag with the original
$arr['item_unseen'] = $orig[0]['item_unseen'];
@@ -2682,6 +2683,12 @@ function tag_deliver($uid, $item_id) {
if ($is_group && intval($item['item_thread_top']) && intval($item['item_wall']) && $item['author_xchan'] !== $item['owner_xchan']) {
+
+ if($item['resource_type'] === 'group_item') {
+ logger('resource_type group_item: already shared');
+ return;
+ }
+
if (strpos($item['body'],'[/share]')) {
logger('W2W post already shared');
return;
@@ -3113,11 +3120,12 @@ function tgroup_check($uid, $item) {
}
}
}
-*/
+
if(! $found) {
logger('tgroup_check: mention was in a reshare or exceeded max_tagged_forums - ignoring');
continue;
}
+*/
return true;
}
@@ -3203,16 +3211,18 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false
$arr = [];
if ($edit) {
+
// process edit or delete action
- $r = q("select * from item where source_xchan = '%s' and body like '%s' and uid = %d limit 1",
- dbesc($item['owner_xchan']),
- dbesc("%message_id='" . $item['mid'] . "'%"),
- intval($channel['channel_id'])
+ $r = q("select * from item where uid = %d and resource_id = '%s' and source_xchan = '%s' and resource_type = 'group_item' limit 1",
+ intval($channel['channel_id']),
+ dbesc($item['mid']),
+ dbesc($item['author_xchan'])
);
+
if ($r) {
if (intval($item['item_deleted'])) {
- drop_item($r[0]['id'],false,DROPITEM_PHASE1);
- Master::Summon([ 'Notifier','drop',$r[0]['id'] ]);
+ drop_item($r[0]['id'], false, DROPITEM_PHASE1);
+ Master::Summon([ 'Notifier', 'drop', $r[0]['id'] ]);
return;
}
$arr['id'] = intval($r[0]['id']);
@@ -3242,6 +3252,9 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false
$arr['item_uplink'] = 0;
$arr['source_xchan'] = $item['owner_xchan'];
+ $arr['resource_id'] = $item['mid'];
+ $arr['resource_type'] = 'group_item';
+
$arr['item_private'] = (($channel['channel_allow_cid'] || $channel['channel_allow_gid']
|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 1 : 0);
@@ -3269,7 +3282,6 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false
}
$arr['body'] = $bb;
-
$arr['term'] = $item['term'];
$arr['author_xchan'] = $channel['channel_hash'];
diff --git a/include/text.php b/include/text.php
index 76df9e17b..d6b196f1e 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1801,7 +1801,7 @@ function prepare_body(&$item,$attach = false,$opts = false) {
$tags = format_hashtags($item);
- if($item['resource_type'])
+ if($item['resource_type'] == 'photo')
$mentions = format_mentions($item);
$categories = format_categories($item,$writeable);