aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Admin.php38
-rw-r--r--Zotlabs/Module/Oep.php2
-rw-r--r--Zotlabs/Module/Sources.php19
-rw-r--r--Zotlabs/Project/System.php23
-rwxr-xr-xboot.php3
-rw-r--r--include/api.php2
-rw-r--r--include/identity.php64
-rwxr-xr-xinclude/items.php34
-rwxr-xr-xinclude/oembed.php177
-rw-r--r--include/text.php31
-rw-r--r--include/zot.php2
-rw-r--r--install/schema_mysql.sql1
-rw-r--r--install/schema_postgres.sql3
-rw-r--r--install/update.php11
-rw-r--r--version.inc1
-rwxr-xr-xview/tpl/admin_security.tpl12
-rw-r--r--view/tpl/sources_edit.tpl1
-rw-r--r--view/tpl/sources_new.tpl1
-rw-r--r--view/tpl/zcard_embed.tpl8
19 files changed, 337 insertions, 96 deletions
diff --git a/Zotlabs/Module/Admin.php b/Zotlabs/Module/Admin.php
index 1d37b41bc..6dad11ab8 100644
--- a/Zotlabs/Module/Admin.php
+++ b/Zotlabs/Module/Admin.php
@@ -221,7 +221,7 @@ class Admin extends \Zotlabs\Web\Controller {
'$pending' => array( t('Pending registrations'), $pending),
'$channels' => array( t('Registered channels'), $channels),
'$plugins' => array( t('Active plugins'), $plugins ),
- '$version' => array( t('Version'), RED_VERSION),
+ '$version' => array( t('Version'), STD_VERSION),
'$build' => get_config('system', 'db_version')
));
}
@@ -568,25 +568,25 @@ class Admin extends \Zotlabs\Web\Controller {
$block_public = ((x($_POST,'block_public')) ? True : False);
set_config('system','block_public',$block_public);
- $ws = trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
+ $ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
set_config('system','whitelisted_sites',$ws);
- $bs = trim_array_elems(explode("\n",$_POST['blacklisted_sites']));
+ $bs = $this->trim_array_elems(explode("\n",$_POST['blacklisted_sites']));
set_config('system','blacklisted_sites',$bs);
- $wc = trim_array_elems(explode("\n",$_POST['whitelisted_channels']));
+ $wc = $this->trim_array_elems(explode("\n",$_POST['whitelisted_channels']));
set_config('system','whitelisted_channels',$wc);
- $bc = trim_array_elems(explode("\n",$_POST['blacklisted_channels']));
+ $bc = $this->trim_array_elems(explode("\n",$_POST['blacklisted_channels']));
set_config('system','blacklisted_channels',$bc);
$embed_coop = ((x($_POST,'embed_coop')) ? True : False);
set_config('system','embed_coop',$embed_coop);
- $we = trim_array_elems(explode("\n",$_POST['embed_allow']));
+ $we = $this->trim_array_elems(explode("\n",$_POST['embed_allow']));
set_config('system','embed_allow',$we);
- $be = trim_array_elems(explode("\n",$_POST['embed_deny']));
+ $be = $this->trim_array_elems(explode("\n",$_POST['embed_deny']));
set_config('system','embed_deny',$be);
goaway(z_root() . '/admin/security');
@@ -708,9 +708,13 @@ class Admin extends \Zotlabs\Web\Controller {
$embed_coop = intval(get_config('system','embed_coop'));
- // wait to implement this until we have a co-op in place.
- // if((! $whiteembeds) && (! $blackembeds) && (! $embed_coop))
- // $whiteembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com\nwikipedia.com";
+ if((! $whiteembeds) && (! $blackembeds)) {
+ $embedhelp1 = t("By default, unfiltered HTML is allowed in embedded media. This is inherently insecure.");
+ }
+
+ $embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:");
+ $embedhelp3 = t("youtube.com<br />youtu.be<br />twitter.com<br />vimeo.com<br />soundcloud.com<br />wikipedia.com<br />");
+ $embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked.");
$t = get_markup_template('admin_security.tpl');
return replace_macros($t, array(
@@ -722,10 +726,15 @@ class Admin extends \Zotlabs\Web\Controller {
'$blacklisted_sites' => array('blacklisted_sites', t('Block communications from these sites'), $blacksites_str, ''),
'$whitelisted_channels' => array('whitelisted_channels', t('Allow communications only from these channels'), $whitechannels_str, t('One channel (hash) per line. Leave empty to allow from any channel by default')),
'$blacklisted_channels' => array('blacklisted_channels', t('Block communications from these channels'), $blackchannels_str, ''),
- '$embed_allow' => array('embed_allow', t('Allow embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. Leave empty to allow from any site by default')),
+ '$embed_allow' => array('embed_allow', t('Allow unfiltered embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. Leave empty to allow from any site by default')),
'$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''),
// '$embed_coop' => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
+ '$embedhelp1' => $embedhelp1,
+ '$embedhelp2' => $embedhelp2,
+ '$embedhelp3' => $embedhelp3,
+ '$embedhelp4' => $embedhelp4,
+
'$submit' => t('Submit')
));
}
@@ -1327,6 +1336,8 @@ class Admin extends \Zotlabs\Web\Controller {
}
}
+ usort($plugins,'self::plugin_sort');
+
$t = get_markup_template('admin_plugins.tpl');
return replace_macros($t, array(
'$title' => t('Administration'),
@@ -1340,6 +1351,11 @@ class Admin extends \Zotlabs\Web\Controller {
));
}
+ static public function plugin_sort($a,$b) {
+ return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name'])));
+ }
+
+
/**
* @param array $themes
* @param string $th
diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php
index f36a452e8..638ea7e2d 100644
--- a/Zotlabs/Module/Oep.php
+++ b/Zotlabs/Module/Oep.php
@@ -220,7 +220,7 @@ class Oep extends \Zotlabs\Web\Controller {
$ret['width'] = intval($width);
$ret['height'] = intval($height);
- $ret['html'] = get_zcard($c,get_observer_hash(),array('width' => $width, 'height' => $height));
+ $ret['html'] = get_zcard_embed($c,get_observer_hash(),array('width' => $width, 'height' => $height));
return $ret;
diff --git a/Zotlabs/Module/Sources.php b/Zotlabs/Module/Sources.php
index cca9e5ebf..a180d9b6e 100644
--- a/Zotlabs/Module/Sources.php
+++ b/Zotlabs/Module/Sources.php
@@ -7,7 +7,7 @@ class Sources extends \Zotlabs\Web\Controller {
function post() {
if(! local_channel())
return;
-
+
if(! feature_enabled(local_channel(),'channel_sources'))
return '';
@@ -17,6 +17,7 @@ class Sources extends \Zotlabs\Web\Controller {
$words = $_REQUEST['words'];
$frequency = $_REQUEST['frequency'];
$name = $_REQUEST['name'];
+ $tags = $_REQUEST['tags'];
$channel = \App::get_channel();
@@ -36,14 +37,15 @@ class Sources extends \Zotlabs\Web\Controller {
notice ( t('Failed to create source. No channel selected.') . EOL);
return;
}
-
+
if(! $source) {
- $r = q("insert into source ( src_channel_id, src_channel_xchan, src_xchan, src_patt )
- values ( %d, '%s', '%s', '%s' ) ",
+ $r = q("insert into source ( src_channel_id, src_channel_xchan, src_xchan, src_patt, src_tag )
+ values ( %d, '%s', '%s', '%s', '%s' ) ",
intval(local_channel()),
dbesc($channel['channel_hash']),
dbesc($xchan),
- dbesc($words)
+ dbesc($words),
+ dbesc($tags)
);
if($r) {
info( t('Source created.') . EOL);
@@ -51,9 +53,10 @@ class Sources extends \Zotlabs\Web\Controller {
goaway(z_root() . '/sources');
}
else {
- $r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d",
+ $r = q("update source set src_xchan = '%s', src_patt = '%s', src_tag = '%s' where src_channel_id = %d and src_id = %d",
dbesc($xchan),
dbesc($words),
+ dbesc($tags),
intval(local_channel()),
intval($source)
);
@@ -62,6 +65,7 @@ class Sources extends \Zotlabs\Web\Controller {
}
}
+
}
@@ -105,6 +109,8 @@ class Sources extends \Zotlabs\Web\Controller {
'$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'),
'$words' => array( 'words', t('Only import content with these words (one per line)'),'',t('Leave blank to import all public content')),
'$name' => array( 'name', t('Channel Name'), '', ''),
+ '$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),'',t('Optional')),
+
'$submit' => t('Submit')
));
return $o;
@@ -138,6 +144,7 @@ class Sources extends \Zotlabs\Web\Controller {
'$words' => array( 'words', t('Only import content with these words (one per line)'),$r[0]['src_patt'],t('Leave blank to import all public content')),
'$xchan' => $r[0]['src_xchan'],
'$abook' => $x[0]['abook_id'],
+ '$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),$r[0]['src_tag'],t('Optional')),
'$name' => array( 'name', t('Channel Name'), $r[0]['xchan_name'], ''),
'$submit' => t('Submit')
));
diff --git a/Zotlabs/Project/System.php b/Zotlabs/Project/System.php
index a67742db5..f61313da0 100644
--- a/Zotlabs/Project/System.php
+++ b/Zotlabs/Project/System.php
@@ -4,56 +4,51 @@ namespace Zotlabs\Project;
class System {
- function get_platform_name() {
+ static public function get_platform_name() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['platform_name'])
return \App::$config['system']['platform_name'];
return PLATFORM_NAME;
}
- function get_site_name() {
+ static public function get_site_name() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['sitename'])
return \App::$config['system']['sitename'];
return '';
}
- function get_project_version() {
+ static public function get_project_version() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
return '';
- return RED_VERSION;
+ return self::get_std_version();
}
- function get_update_version() {
+ static public function get_update_version() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
return '';
return DB_UPDATE_VERSION;
}
- function get_notify_icon() {
+ static public function get_notify_icon() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['email_notify_icon_url'])
return \App::$config['system']['email_notify_icon_url'];
return z_root() . '/images/hz-white-32.png';
}
- function get_site_icon() {
+ static public function get_site_icon() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['site_icon_url'])
return \App::$config['system']['site_icon_url'];
return z_root() . '/images/hz-32.png';
}
- function get_server_role() {
+ static public function get_server_role() {
if(UNO)
return 'basic';
return 'advanced';
}
- // return the standardised version. Since we can't easily compare
- // before the STD_VERSION definition was applied, we have to treat
- // all prior release versions the same. You can dig through them
- // with other means (such as RED_VERSION) if necessary.
-
- function get_std_version() {
+ static public function get_std_version() {
if(defined('STD_VERSION'))
return STD_VERSION;
return '0.0.0';
diff --git a/boot.php b/boot.php
index 2a8bf0d17..95f41dfda 100755
--- a/boot.php
+++ b/boot.php
@@ -46,11 +46,10 @@ require_once('include/account.php');
define ( 'PLATFORM_NAME', 'hubzilla' );
-define ( 'RED_VERSION', trim(file_get_contents('version.inc')));
define ( 'STD_VERSION', '1.4.4' );
define ( 'ZOT_REVISION', 1 );
-define ( 'DB_UPDATE_VERSION', 1166 );
+define ( 'DB_UPDATE_VERSION', 1167 );
/**
diff --git a/include/api.php b/include/api.php
index e64c86695..3b2c71923 100644
--- a/include/api.php
+++ b/include/api.php
@@ -2108,7 +2108,7 @@ require_once('include/api_auth.php');
'shorturllength' => '30',
'hubzilla' => array(
'PLATFORM_NAME' => Zotlabs\Project\System::get_platform_name(),
- 'RED_VERSION' => Zotlabs\Project\System::get_project_version(),
+ 'STD_VERSION' => Zotlabs\Project\System::get_project_version(),
'ZOT_REVISION' => ZOT_REVISION,
'DB_UPDATE_VERSION' => Zotlabs\Project\System::get_update_version()
)
diff --git a/include/identity.php b/include/identity.php
index 1c899048a..c60c846c0 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -491,7 +491,7 @@ function identity_basic_export($channel_id, $items = false) {
// use constants here as otherwise we will have no idea if we can import from a site
// with a non-standard platform and version.
- $ret['compatibility'] = array('project' => PLATFORM_NAME, 'version' => RED_VERSION, 'database' => DB_UPDATE_VERSION, 'server_role' => Zotlabs\Project\System::get_server_role());
+ $ret['compatibility'] = array('project' => PLATFORM_NAME, 'version' => STD_VERSION, 'database' => DB_UPDATE_VERSION, 'server_role' => Zotlabs\Project\System::get_server_role());
$r = q("select * from channel where channel_id = %d limit 1",
intval($channel_id)
@@ -1878,3 +1878,65 @@ function get_zcard($channel,$observer_hash = '',$args = array()) {
return $o;
}
+
+
+function get_zcard_embed($channel,$observer_hash = '',$args = array()) {
+
+ logger('get_zcard_embed');
+
+ $maxwidth = (($args['width']) ? intval($args['width']) : 0);
+ $maxheight = (($args['height']) ? intval($args['height']) : 0);
+
+
+ if(($maxwidth > 1200) || ($maxwidth < 1))
+ $maxwidth = 1200;
+
+ if($maxwidth <= 425) {
+ $width = 425;
+ $size = 'hz_small';
+ $cover_size = PHOTO_RES_COVER_425;
+ $pphoto = array('type' => $channel['xchan_photo_mimetype'], 'width' => 80 , 'height' => 80, 'href' => $channel['xchan_photo_m']);
+ }
+ elseif($maxwidth <= 900) {
+ $width = 900;
+ $size = 'hz_medium';
+ $cover_size = PHOTO_RES_COVER_850;
+ $pphoto = array('type' => $channel['xchan_photo_mimetype'], 'width' => 160 , 'height' => 160, 'href' => $channel['xchan_photo_l']);
+ }
+ elseif($maxwidth <= 1200) {
+ $width = 1200;
+ $size = 'hz_large';
+ $cover_size = PHOTO_RES_COVER_1200;
+ $pphoto = array('type' => $channel['xchan_photo_mimetype'], 'width' => 300 , 'height' => 300, 'href' => $channel['xchan_photo_l']);
+ }
+
+ $channel['channel_addr'] = $channel['channel_address'] . '@' . App::get_hostname();
+ $zcard = array('chan' => $channel);
+
+ $r = q("select height, width, resource_id, scale, type from photo where uid = %d and scale = %d and photo_usage = %d",
+ intval($channel['channel_id']),
+ intval($cover_size),
+ intval(PHOTO_COVER)
+ );
+
+ if($r) {
+ $cover = $r[0];
+ $cover['href'] = z_root() . '/photo/' . $r[0]['resource_id'] . '-' . $r[0]['scale'];
+ }
+ else {
+ $cover = $pphoto;
+ }
+
+ $o .= replace_macros(get_markup_template('zcard_embed.tpl'),array(
+ '$maxwidth' => $maxwidth,
+ '$scale' => $scale,
+ '$translate' => $translate,
+ '$size' => $size,
+ '$cover' => $cover,
+ '$pphoto' => $pphoto,
+ '$zcard' => $zcard
+ ));
+
+ return $o;
+
+}
diff --git a/include/items.php b/include/items.php
index 2720dd841..b3c9403e0 100755
--- a/include/items.php
+++ b/include/items.php
@@ -3400,6 +3400,37 @@ function tgroup_check($uid,$item) {
*/
function start_delivery_chain($channel, $item, $item_id, $parent) {
+ $sourced = check_item_source($channel['channel_id'],$item);
+
+ if($sourced) {
+ $r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' or src_xchan = '*' ) limit 1",
+ intval($channel['channel_id']),
+ dbesc(($item['source_xchan']) ? $item['source_xchan'] : $item['owner_xchan'])
+ );
+ if($r) {
+ $t = trim($r[0]['src_tag']);
+ if($t) {
+ $tags = explode(',',$t);
+ if($tags) {
+ foreach($tags as $tt) {
+ $tt = trim($tt);
+ if($tt) {
+ q("insert into term (uid,oid,otype,type,term,url)
+ values(%d,%d,%d,%d,'%s','%s') ",
+ intval($channel['channel_id']),
+ intval($item_id),
+ intval(TERM_OBJ_POST),
+ intval(TERM_CATEGORY),
+ dbesc($tt),
+ dbesc(z_root() . '/channel/' . $channel['channel_address'] . '?f=&cat=' . urlencode($tt))
+ );
+ }
+ }
+ }
+ }
+ }
+ }
+
// Change this copy of the post to a forum head message and deliver to all the tgroup members
// also reset all the privacy bits to the forum default permissions
@@ -3459,6 +3490,9 @@ function start_delivery_chain($channel, $item, $item_id, $parent) {
intval($item_id)
);
+
+
+
if($r)
proc_run('php','include/notifier.php','tgroup',$item_id);
else {
diff --git a/include/oembed.php b/include/oembed.php
index 3994af0fb..356b9f961 100755
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -3,67 +3,117 @@ function oembed_replacecb($matches){
$embedurl=$matches[1];
+ $action = oembed_action($embedurl);
+ if($action === 'block') {
+ return '<a href="' . $embedurl . '">' . $embedurl . '</a>';
+ }
+
+ $j = oembed_fetch_url($embedurl);
+ $s = oembed_format_object($j);
+ return $s;
+}
+
+
+function oembed_action($embedurl) {
+
+ $host = '';
+
+ $action = 'allow';
+
+ // The default action is 'allow'. This is insecure. We might want to
+ // change this to 'filter' except it will be a support burden because
+ // then youtube videos won't work out of the box and will need to be
+ // explicitly enabled.
+
+ $embedurl = str_replace('&amp;','&', $embedurl);
+
+ logger('oembed_action: ' . $embedurl);
+
+ $p = parse_url($embedurl);
+
+ if($p)
+ $host = $p['host'];
+
+ // These media files should now be caught in bbcode.php
+ // left here as a fallback in case this is called from another source
+
+ $noexts = array("mp3","mp4","ogg","ogv","oga","ogm","webm","opus");
+ $ext = pathinfo(strtolower($embedurl),PATHINFO_EXTENSION);
+
// site white/black list
if(($x = get_config('system','embed_deny'))) {
- $l = explode("\n",$x);
- if($l) {
- foreach($l as $ll) {
- if(trim($ll) && strpos($embedurl,trim($ll)) !== false)
- return '<a href="' . $embedurl . '">' . $embedurl . '</a>';
+ if(($x) && (! is_array($x)))
+ $x = explode("\n",$x);
+ if($x) {
+ foreach($x as $ll) {
+ $t = trim($ll);
+
+ // don't allow somebody to provide a url like https://foobar.com/something/youtube
+ // to bypass a block or allow of youtube
+
+ if($t && (strpos($embedurl,$t) !== false || strpos($t,$host) !== false)) {
+ $action = 'block';
+ break;
+ }
}
}
}
+
+ $found = false;
+
if(($x = get_config('system','embed_allow'))) {
- $found = false;
- $l = explode("\n",$x);
- if($l) {
- foreach($l as $ll) {
- if(trim($ll) && strpos($embedurl,trim($ll)) !== false) {
+ if(($x) && (! is_array($x)))
+ $x = explode("\n",$x);
+ if($x) {
+ foreach($x as $ll) {
+ $t = trim($ll);
+
+ // don't allow somebody to provide a url like https://foobar.com/something/youtube
+ // to bypass a block or allow of youtube
+
+ if($t && (strpos($embedurl,$t) !== false || strpos($t,$host) !== false)) {
$found = true;
+ $action = 'allow';
break;
}
}
}
- if(! $found) {
- return '<a href="' . $embedurl . '">' . $embedurl . '</a>';
+ if((! $found) && ($action !== 'block')) {
+ $action = 'filter';
}
}
- // implements a personal embed white/black list for logged in members
+ // allow individual members to block something that wasn't blocked already.
+ // They cannot over-ride the site to allow or change the filtering on an
+ // embed that is not allowed by the site.
+
if(local_channel()) {
if(($x = get_pconfig(local_channel(),'system','embed_deny'))) {
- $l = explode("\n",$x);
- if($l) {
- foreach($l as $ll) {
- if(trim($ll) && strpos($embedurl,trim($ll)) !== false)
- return '<a href="' . $embedurl . '">' . $embedurl . '</a>';
- }
- }
- }
- if(($x = get_pconfig(local_channel(),'system','embed_allow'))) {
- $found = false;
- $l = explode("\n",$x);
- if($l) {
- foreach($l as $ll) {
- if(trim($ll) && strpos($embedurl,trim($ll)) !== false) {
- $found = true;
+ if(($x) && (! is_array($x)))
+ $x = explode("\n",$x);
+ if($x) {
+ foreach($x as $ll) {
+ $t = trim($ll);
+
+ // don't allow somebody to provide a url like https://foobar.com/something/youtube
+ // to bypass a block or allow of youtube
+
+ if($t && (strpos($embedurl,$t) !== false || strpos($t,$host) !== false)) {
+ $action = 'block';
break;
}
}
}
- if(! $found) {
- return '<a href="' . $embedurl . '">' . $embedurl . '</a>';
- }
}
}
- $j = oembed_fetch_url($embedurl);
- $s = oembed_format_object($j);
- return $s;
-}
+ logger('action: ' . $action . ' url: ' . $embedurl, LOGGER_DEBUG,LOG_DEBUG);
+ return $action;
+
+}
// if the url is embeddable with oembed, return the bbcode link.
@@ -79,42 +129,48 @@ function oembed_process($url) {
function oembed_fetch_url($embedurl){
- $a = get_app();
+ // These media files should now be caught in bbcode.php
+ // left here as a fallback in case this is called from another source
+
+ $noexts = array("mp3","mp4","ogg","ogv","oga","ogm","webm","opus");
+ $ext = pathinfo(strtolower($embedurl),PATHINFO_EXTENSION);
+
+ $action = oembed_action($embedurl);
$embedurl = str_replace('&amp;','&', $embedurl);
-// logger('fetch: ' . $embedurl);
+ $txt = null;
- $txt = Cache::get(App::$videowidth . $embedurl);
+ if($action !== 'block') {
+ $txt = Cache::get(App::$videowidth . $embedurl);
- if(strstr($txt,'youtu') && strstr(z_root(),'https:')) {
- $txt = str_replace('http:','https:',$txt);
+ if(strstr($txt,'youtu') && strstr(z_root(),'https:')) {
+ $txt = str_replace('http:','https:',$txt);
+ }
}
+
+ if(is_null($txt)) {
- // These media files should now be caught in bbcode.php
- // left here as a fallback in case this is called from another source
-
- $noexts = array("mp3","mp4","ogg","ogv","oga","ogm","webm","opus");
- $ext = pathinfo(strtolower($embedurl),PATHINFO_EXTENSION);
-
-
- if(is_null($txt)){
$txt = "";
-
- if (in_array($ext, $noexts)) {
+ $furl = $embedurl;
+ $zrl = false;
+
+ if(local_channel()) {
require_once('include/hubloc.php');
- $zrl = is_matrix_url($embedurl);
+ $zrl = is_matrix_url($furl);
if($zrl)
- $embedurl = zid($embedurl);
+ $furl = zid($furl);
}
- else {
+
+
+ if (! in_array($ext, $noexts) && $action !== 'block') {
// try oembed autodiscovery
$redirects = 0;
- $result = z_fetch_url($embedurl, false, $redirects, array('timeout' => 15, 'accept_content' => "text/*", 'novalidate' => true ));
+ $result = z_fetch_url($furl, false, $redirects, array('timeout' => 15, 'accept_content' => "text/*", 'novalidate' => true ));
if($result['success'])
$html_text = $result['body'];
- if($html_text){
+ if($html_text) {
$dom = @DOMDocument::loadHTML($html_text);
if ($dom){
$xpath = new DOMXPath($dom);
@@ -149,6 +205,7 @@ function oembed_fetch_url($embedurl){
}
$txt=trim($txt);
+
if ($txt[0]!="{") $txt='{"type":"error"}';
//save in cache
@@ -160,6 +217,16 @@ function oembed_fetch_url($embedurl){
$j = json_decode($txt);
+
+ if($j->html && $action === 'filter') {
+ $orig = $j->html;
+ $allow_position = (($zrl) ? true : false);
+ $j->html = purify_html($j->html,$allow_position);
+ if($j->html != $orig) {
+ logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j->html, LOGGER_DEBUG, LOG_INFO);
+ }
+ }
+
$j->embedurl = $embedurl;
// logger('fetch return: ' . print_r($j,true));
diff --git a/include/text.php b/include/text.php
index c61c5fbd4..66a49d4b5 100644
--- a/include/text.php
+++ b/include/text.php
@@ -122,7 +122,7 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
-function purify_html($s) {
+function purify_html($s, $allow_position = false) {
require_once('library/HTMLPurifier.auto.php');
require_once('include/html2bbcode.php');
@@ -202,6 +202,35 @@ function purify_html($s) {
$def->addElement('header', 'Block', 'Flow', 'Common');
$def->addElement('footer', 'Block', 'Flow', 'Common');
+
+ if($allow_position) {
+ $cssDefinition = $config->getCSSDefinition();
+
+ $cssDefinition->info['position'] = new HTMLPurifier_AttrDef_Enum(array('absolute', 'fixed', 'relative', 'static', 'inherit'), false);
+
+ $cssDefinition->info['left'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_CSS_Length(),
+ new HTMLPurifier_AttrDef_CSS_Percentage()
+ ));
+
+ $cssDefinition->info['right'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_CSS_Length(),
+ new HTMLPurifier_AttrDef_CSS_Percentage()
+ ));
+
+ $cssDefinition->info['top'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_CSS_Length(),
+ new HTMLPurifier_AttrDef_CSS_Percentage()
+ ));
+
+ $cssDefinition->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array(
+ new HTMLPurifier_AttrDef_CSS_Length(),
+ new HTMLPurifier_AttrDef_CSS_Percentage()
+ ));
+
+ }
+
+
$purifier = new HTMLPurifier($config);
return $purifier->purify($s);
diff --git a/include/zot.php b/include/zot.php
index 1ca1b862b..157354afa 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -3914,7 +3914,7 @@ function zotinfo($arr) {
$ret['site']['channels'] = channel_total();
- $ret['site']['version'] = Zotlabs\Project\System::get_platform_name() . ' ' . RED_VERSION . '[' . DB_UPDATE_VERSION . ']';
+ $ret['site']['version'] = Zotlabs\Project\System::get_platform_name() . ' ' . STD_VERSION . '[' . DB_UPDATE_VERSION . ']';
$ret['site']['admin'] = get_config('system','admin_email');
diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql
index c36bfaa57..2305d4a0b 100644
--- a/install/schema_mysql.sql
+++ b/install/schema_mysql.sql
@@ -1181,6 +1181,7 @@ CREATE TABLE IF NOT EXISTS `source` (
`src_channel_xchan` char(255) NOT NULL DEFAULT '',
`src_xchan` char(255) NOT NULL DEFAULT '',
`src_patt` mediumtext NOT NULL,
+ `src_tag` mediumtext NOT NULL,
PRIMARY KEY (`src_id`),
KEY `src_channel_id` (`src_channel_id`),
KEY `src_channel_xchan` (`src_channel_xchan`),
diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql
index d4bb54b1e..2c0847cbf 100644
--- a/install/schema_postgres.sql
+++ b/install/schema_postgres.sql
@@ -1166,7 +1166,8 @@ CREATE TABLE "source" (
"src_channel_id" bigint NOT NULL DEFAULT '0',
"src_channel_xchan" text NOT NULL DEFAULT '',
"src_xchan" text NOT NULL DEFAULT '',
- "src_patt" text NOT NULL,
+ "src_patt" text NOT NULL DEFAULT '',
+ "src_tag" text NOT NULL DEFAULT '',
PRIMARY KEY ("src_id")
);
create index "src_channel_id" on "source" ("src_channel_id");
diff --git a/install/update.php b/install/update.php
index 2dc4a6db3..b8e20786c 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
<?php
-define( 'UPDATE_VERSION' , 1166 );
+define( 'UPDATE_VERSION' , 1167 );
/**
*
@@ -2071,3 +2071,12 @@ function update_r1165() {
return UPDATE_FAILED;
}
+function update_r1166() {
+
+ $r = q("alter table source add src_tag text not null default '' ");
+ if($r)
+ return UPDATE_SUCCESS;
+ return UPDATE_FAILED;
+}
+
+
diff --git a/version.inc b/version.inc
deleted file mode 100644
index 8c803549a..000000000
--- a/version.inc
+++ /dev/null
@@ -1 +0,0 @@
-2016-04-29.1381H
diff --git a/view/tpl/admin_security.tpl b/view/tpl/admin_security.tpl
index 3823d8235..39f389e54 100755
--- a/view/tpl/admin_security.tpl
+++ b/view/tpl/admin_security.tpl
@@ -15,6 +15,18 @@
{{include file="field_textarea.tpl" field=$whitelisted_channels}}
{{include file="field_textarea.tpl" field=$blacklisted_channels}}
+ {{if $embedhelp1}}
+ <div class="section-content-info-wrapper">{{$embedhelp1}}</div>
+ {{/if}}
+
+ <div style="margin-left: 15px; margin-bottom: 10px;">
+ <div class="descriptive-text">{{$embedhelp2}}</div>
+ <div style="margin-left: 15px;">
+ <div class="descriptive-text">{{$embedhelp3}}</div>
+ </div>
+ <div class="descriptive-text">{{$embedhelp4}}</div>
+ </div>
+
{{include file="field_textarea.tpl" field=$embed_allow}}
{{include file="field_textarea.tpl" field=$embed_deny}}
diff --git a/view/tpl/sources_edit.tpl b/view/tpl/sources_edit.tpl
index a5b384ca3..61f6e8cb0 100644
--- a/view/tpl/sources_edit.tpl
+++ b/view/tpl/sources_edit.tpl
@@ -7,6 +7,7 @@
<input type="hidden" name="source" value="{{$id}}" />
<input type="hidden" id="id_abook" name="abook" value="{{$abook}}" />
{{include file="field_input.tpl" field=$name}}
+{{include file="field_input.tpl" field=$tags}}
{{include file="field_textarea.tpl" field=$words}}
<div class="sources-submit-wrapper" >
diff --git a/view/tpl/sources_new.tpl b/view/tpl/sources_new.tpl
index 3c8a54373..bbc22df84 100644
--- a/view/tpl/sources_new.tpl
+++ b/view/tpl/sources_new.tpl
@@ -6,6 +6,7 @@
<form action="sources" method="post">
<input type="hidden" id="id_abook" name="abook" value="{{$abook}}" />
{{include file="field_input.tpl" field=$name}}
+{{include file="field_input.tpl" field=$tags}}
{{include file="field_textarea.tpl" field=$words}}
<div class="sources-submit-wrapper" >
diff --git a/view/tpl/zcard_embed.tpl b/view/tpl/zcard_embed.tpl
new file mode 100644
index 000000000..7981e3b0b
--- /dev/null
+++ b/view/tpl/zcard_embed.tpl
@@ -0,0 +1,8 @@
+<div class="hz_card {{$size}}">
+ <div class="hz_cover_photo" style="max-width: 100;"><img src="{{$cover.href}}" alt="{{$zcard.chan.xchan_name}}" />
+ <div style="position: relative;top: -40px;left: 120px;color: #fff;font-size: 18px;text-rendering: optimizelegibility;text-shadow: 0 0 3px rgba(0, 0, 0, 0.8);" >{{$zcard.chan.xchan_name}}</div>
+ <div style="position: relative;top: -40px;left: 120px;color: #fff;font-size: 10px;text-rendering: optimizelegibility;text-shadow: 0 0 3px rgba(0, 0, 0, 0.8);" >{{$zcard.chan.channel_addr}}</div>
+ </div>
+ <div style="position:relative;top: -75px;left: 20px;background-color: white;border: 1px solid #ddd;padding: 3px;width: 80px;height: 80px;"><img src="{{$pphoto.href}}" alt="{{$zcard.chan.xchan_name}}" /></div>
+</div>
+