diff options
-rw-r--r-- | doc/hook/attach_delete.bb | 11 | ||||
-rw-r--r-- | doc/hook/content_security_policy.bb | 39 | ||||
-rw-r--r-- | doc/hook/dreport_process.bb | 7 | ||||
-rw-r--r-- | doc/hook/dropdown_extras.bb | 17 | ||||
-rw-r--r-- | doc/hook/permit_hook.bb | 0 | ||||
-rw-r--r-- | doc/hooklist.bb | 29 | ||||
-rwxr-xr-x | include/plugin.php | 19 |
7 files changed, 115 insertions, 7 deletions
diff --git a/doc/hook/attach_delete.bb b/doc/hook/attach_delete.bb new file mode 100644 index 000000000..3b63f28d3 --- /dev/null +++ b/doc/hook/attach_delete.bb @@ -0,0 +1,11 @@ +[h2]attach_delete[/h2] + +Invoked when an attachment is deleted using attach_delete(). + +[code] +$arr = ['channel_id' => $channel_id, 'resource' => $resource, 'is_photo'=>$is_photo]; +call_hooks("attach_delete",$arr); +[/code] + + +See include/attach.php diff --git a/doc/hook/content_security_policy.bb b/doc/hook/content_security_policy.bb new file mode 100644 index 000000000..96b8095ae --- /dev/null +++ b/doc/hook/content_security_policy.bb @@ -0,0 +1,39 @@ +[h2]content_security_policy[/h2] + +Called to modify CSP settings prior to the output of the Content-Security-Policy header. + +This hook permits addons to modify the content-security-policy if necessary to allow loading of foreign js libraries or css styles. + +[code] +if(App::$config['system']['content_security_policy']) { + $cspsettings = Array ( + 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"), + 'style-src' => Array ("'self'","'unsafe-inline'") + ); + call_hooks('content_security_policy',$cspsettings); + + // Legitimate CSP directives (cxref: https://content-security-policy.com/) + $validcspdirectives=Array( + "default-src", "script-src", "style-src", + "img-src", "connect-src", "font-src", + "object-src", "media-src", 'frame-src', + 'sandbox', 'report-uri', 'child-src', + 'form-action', 'frame-ancestors', 'plugin-types' + ); + $cspheader = "Content-Security-Policy:"; + foreach ($cspsettings as $cspdirective => $csp) { + if (!in_array($cspdirective,$validcspdirectives)) { + logger("INVALID CSP DIRECTIVE: ".$cspdirective,LOGGER_DEBUG); + continue; + } + $cspsettingsarray=array_unique($cspsettings[$cspdirective]); + $cspsetpolicy = implode(' ',$cspsettingsarray); + if ($cspsetpolicy) { + $cspheader .= " ".$cspdirective." ".$cspsetpolicy.";"; + } + } + header($cspheader); +} +[/code] + +see: boot.php diff --git a/doc/hook/dreport_process.bb b/doc/hook/dreport_process.bb new file mode 100644 index 000000000..3ad331f41 --- /dev/null +++ b/doc/hook/dreport_process.bb @@ -0,0 +1,7 @@ +[h2]dreport_process[/h2] + +Called for each delivery report received + +Passed a delivery_report array. + +see: include/zot.php diff --git a/doc/hook/dropdown_extras.bb b/doc/hook/dropdown_extras.bb new file mode 100644 index 000000000..6d7110a76 --- /dev/null +++ b/doc/hook/dropdown_extras.bb @@ -0,0 +1,17 @@ +[h2]dropdown_extras[/h2] + +Modify the dropdown menu available through the cog of items as displayed by conv_item.tpl + +This hook allows plugins to add arbitrary html to the cog dropdown of thread items displayed with the conv_item.tpl template. + +It is fed an array of ['item' => $item, 'dropdown_extras' => '']. Any additions to the cog menu should be prepended/appended to +the ['dropdown_extras'] element. + +[code] +$dropdown_extras_arr = [ 'item' => $item , 'dropdown_extras' => '' ]; +call_hooks('dropdown_extras',$dropdown_extras_arr); +$dropdown_extras = $dropdown_extras_arr['dropdown_extras']; +[/code] + +see: Zotlabs/Lib/ThreadItem.php +see: view/tpl/conv_item.tpl diff --git a/doc/hook/permit_hook.bb b/doc/hook/permit_hook.bb new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/doc/hook/permit_hook.bb diff --git a/doc/hooklist.bb b/doc/hooklist.bb index 4b36fa3e0..1b48df6e6 100644 --- a/doc/hooklist.bb +++ b/doc/hooklist.bb @@ -52,6 +52,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the [zrl=[baseurl]/help/hook/app_menu]app_menu[/zrl] Called when generating the app_menu dropdown (may be obsolete) +[zrl=[baseurl]/help/hook/attach_delete]attach_delete[/zrl] + Called when attachments are deleted from the attach table + [zrl=[baseurl]/help/hook/atom_author]atom_author[/zrl] Called when generating an author or owner element for an Atom ActivityStream feed @@ -113,7 +116,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the Validate the email provided in an account registration [zrl=[baseurl]/help/hook/check_account_invite]check_account_invite[/zrl] - Validate an invitation code when using site invitations + Validate an invitation code when using site invitations [zrl=[baseurl]/help/hook/check_account_password]check_account_password[/zrl] Used to provide policy control over account passwords (minimum length, character set inclusion, etc.) @@ -137,7 +140,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the Called when posting to the features/addon settings page [zrl=[baseurl]/help/hook/construct_page]construct_page[/zrl] - General purpose hook to provide content to certain page regions. Called when constructing the Comanche page. + General purpose hook to provide content to certain page regions. Called when constructing the Comanche page. [zrl=[baseurl]/help/hook/contact_block_end]contact_block_end[/zrl] Called when generating the sidebar "Connections" widget @@ -151,8 +154,11 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the [zrl=[baseurl]/help/hook/contact_select_options]contact_select_options[/zrl] Deprecated/unused +[zrl=[baseurl]/help/hook/content_security_policy]content_security_policy[/zrl] + Called prior to output of the Content-Security-Policy header + [zrl=[baseurl]/help/hook/conversation_start]conversation_start[/zrl] - Called in the beginning of rendering a conversation (message or message collection or stream) + Called in the beginning of rendering a conversation (message or message collection or stream) [zrl=[baseurl]/help/hook/cover_photo_content_end]cover_photo_content_end[/zrl] Called after a cover photo has been uplaoded @@ -183,7 +189,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the [zrl=[baseurl]/help/hook/display_item]display_item[/zrl] Called for each item being displayed in a conversation thread - + [zrl=[baseurl]/help/hook/display_settings]display_settings[/zrl] Called from settings module when displaying the 'display settings' section @@ -202,6 +208,12 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the [zrl=[baseurl]/help/hook/dreport_is_storable]dreport_is_storable[/zrl] called before storing a dreport record to determine whether to store it +[zrl=[baseurl]/help/hook/dreport_process]dreport_process[/zrl] + called for each valid delivery report + +[zrl=[baseurl]/help/hook/dropdown_extras]dropdown_extras[/zrl] + Add additional items to the dropdown cog when item/threads are displayed. + [zrl=[baseurl]/help/hook/drop_item]drop_item[/zrl] called when an 'item' is removed @@ -260,7 +272,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the called to generate the HTML for displaying a map location by text location [zrl=[baseurl]/help/hook/get_all_api_perms]get_all_api_perms[/zrl] - Called when retrieving the permissions for API uses + Called when retrieving the permissions for API uses [zrl=[baseurl]/help/hook/get_all_perms]get_all_perms[/zrl] called when get_all_perms() is used @@ -446,7 +458,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the Called when probing a URL to generate post content from it [zrl=[baseurl]/help/hook/pdl_selector]pdl_selector[/zrl] - Called when creating a layout selection in a form + Called when creating a layout selection in a form [zrl=[baseurl]/help/hook/perm_is_allowed]perm_is_allowed[/zrl] Called during perm_is_allowed() to determine if a permission is allowed for this channel and observer @@ -457,6 +469,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the [zrl=[baseurl]/help/hook/permissions_update]permissions_update[/zrl] Called when a permissions refresh is transmitted +[zrl=[baseurl]/help/hook/permit_hook]permit_hook[/zrl] + Called before a registered hook is actually executed to determine if it should be allowed or blocked + [zrl=[baseurl]/help/hook/personal_xrd]personal_xrd[/zrl] Called when generating the personal XRD for "old webfinger" (Diaspora) @@ -540,7 +555,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the [zrl=[baseurl]/help/hook/queue_deliver]queue_deliver[/zrl] Called when delivering a queued message - + [zrl=[baseurl]/help/hook/register_account]register_account[/zrl] Called when an account has been created diff --git a/include/plugin.php b/include/plugin.php index 9757be356..fdc62b3a7 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -458,6 +458,25 @@ function call_hooks($name, &$data = null) { if (isset(App::$hooks[$name])) { foreach(App::$hooks[$name] as $hook) { + + if ($name != 'permit_hook') { // avoid looping + $checkhook = [ + 'name'=>$name, + 'hook'=>$hook, + 'data'=>$data, + // Note: Since PHP uses COPY-ON-WRITE + // for variables, there is no cost to + // passing the $data structure (unless + // the permit_hook processors change the + // information it contains. + 'permit'=>true + ]; + call_hooks('permit_hook',$checkhook); + if (!$checkhook['permit']) { + continue; + } + $data = $checkhook['data']; + } $origfn = $hook[1]; if($hook[0]) @include_once($hook[0]); |