diff options
Diffstat (limited to 'Zotlabs/Module')
68 files changed, 1771 insertions, 485 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 83fafbdff..e164875e8 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -21,7 +21,7 @@ class Acl extends \Zotlabs\Web\Controller { function init() { - // logger('mod_acl: ' . print_r($_REQUEST,true)); + logger('mod_acl: ' . print_r($_REQUEST,true)); $start = (x($_REQUEST,'start') ? $_REQUEST['start'] : 0); $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 500); @@ -33,6 +33,7 @@ class Acl extends \Zotlabs\Web\Controller { // $type = // '' => standard ACL request // 'g' => Groups only ACL request + // 'f' => forums only ACL request // 'c' => Connections only ACL request or editor (textarea) mention request // $_REQUEST['search'] contains ACL search text. @@ -56,12 +57,12 @@ class Acl extends \Zotlabs\Web\Controller { $search = $_REQUEST['query']; } - if( (! local_channel()) && (! ($type == 'x' || $type == 'c'))) + if( (! local_channel()) && (! in_array($type, [ 'x', 'c', 'f' ]))) killme(); $permitted = []; - if(in_array($type, [ 'm', 'a', 'c' ])) { + if(in_array($type, [ 'm', 'a', 'c', 'f' ])) { // These queries require permission checking. We'll create a simple array of xchan_hash for those with // the requisite permissions which we can check against. @@ -154,7 +155,7 @@ class Acl extends \Zotlabs\Web\Controller { } } - if($type == '' || $type == 'c') { + if($type == '' || $type == 'c' || $type === 'f') { $extra_channels_sql = ''; @@ -307,7 +308,7 @@ class Acl extends \Zotlabs\Web\Controller { $contacts[] = array( "photo" => $g['photo'], "name" => $g['name'], - "nick" => $g['address'], + "nick" => $g['address'] ); } } @@ -324,18 +325,24 @@ class Acl extends \Zotlabs\Web\Controller { $r = array(); if($r) { - foreach($r as $g){ + foreach($r as $g) { - // remove RSS feeds from ACLs - they are inaccessible - if(strpos($g['hash'],'/') && $type != 'a') + if(($g['network'] === 'rss') && ($type != 'a')) continue; - - if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) { + + $g['hash'] = urlencode($g['hash']); + + if(! $g['nick']) { + $t = explode(' ',strtolower($g['name'])); + $g['nick'] = $t[0] . '@'; + } + + if(in_array($g['hash'],$permitted) && in_array($type, [ 'c', 'f' ]) && (! $noforums)) { $contacts[] = array( "type" => "c", "photo" => "images/twopeople.png", - "name" => $g['name'] . '+', - "id" => $g['id'] . '+', + "name" => $g['name'] . (($type === 'f') ? '' : '+'), + "id" => urlencode($g['id']) . (($type === 'f') ? '' : '+'), "xid" => $g['hash'], "link" => $g['nick'], "nick" => substr($g['nick'],0,strpos($g['nick'],'@')), @@ -344,18 +351,20 @@ class Acl extends \Zotlabs\Web\Controller { "label" => t('network') ); } - $contacts[] = array( - "type" => "c", - "photo" => $g['micro'], - "name" => $g['name'], - "id" => $g['id'], - "xid" => $g['hash'], - "link" => $g['nick'], - "nick" => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : t('RSS')), - "self" => (intval($g['abook_self']) ? 'abook-self' : ''), - "taggable" => '', - "label" => '', - ); + if($type !== 'f') { + $contacts[] = array( + "type" => "c", + "photo" => $g['micro'], + "name" => $g['name'], + "id" => urlencode($g['id']), + "xid" => $g['hash'], + "link" => $g['nick'], + "nick" => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']), + "self" => (intval($g['abook_self']) ? 'abook-self' : ''), + "taggable" => '', + "label" => '', + ); + } } } diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 4c5b82e78..d3d058c53 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -62,6 +62,7 @@ class Site { $feed_contacts = ((x($_POST,'feed_contacts')) ? intval($_POST['feed_contacts']) : 0); $verify_email = ((x($_POST,'verify_email')) ? 1 : 0); $techlevel_lock = ((x($_POST,'techlock')) ? intval($_POST['techlock']) : 0); + $imagick_path = ((x($_POST,'imagick_path')) ? trim($_POST['imagick_path']) : ''); $techlevel = null; if(array_key_exists('techlevel', $_POST)) @@ -82,6 +83,7 @@ class Site { set_config('system', 'reply_address', $reply_address); set_config('system', 'from_email', $from_email); set_config('system', 'from_email_name' , $from_email_name); + set_config('system', 'imagick_convert_path' , $imagick_path); set_config('system', 'techlevel_lock', $techlevel_lock); @@ -206,7 +208,7 @@ class Site { // directory server should not be set or settable unless we are a directory client if($dirmode == DIRECTORY_MODE_NORMAL) { - $x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s'", + $x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s' and site_dead = 0", intval(DIRECTORY_MODE_SECONDARY), intval(DIRECTORY_MODE_PRIMARY), dbesc($realm) @@ -317,6 +319,7 @@ class Site { '$delivery_interval' => array('delivery_interval', t("Delivery interval"), (x(get_config('system','delivery_interval'))?get_config('system','delivery_interval'):2), t("Delay background delivery processes by this many seconds to reduce system load. Recommend: 4-5 for shared hosts, 2-3 for virtual private servers. 0-1 for large dedicated servers.")), '$delivery_batch_count' => array('delivery_batch_count', t('Deliveries per process'),(x(get_config('system','delivery_batch_count'))?get_config('system','delivery_batch_count'):1), t("Number of deliveries to attempt in a single operating system process. Adjust if necessary to tune system performance. Recommend: 1-5.")), '$poll_interval' => array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")), + '$imagick_path' => array('imagick_path', t("Path to ImageMagick convert program"), get_config('system','imagick_convert_path'), t("If set, use this program to generate photo thumbnails for huge images ( > 4000 pixels in either dimension), otherwise memory exhaustion may occur. Example: /usr/bin/convert")), '$maxloadavg' => array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")), '$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')), '$form_security_token' => get_form_security_token("admin_site"), diff --git a/Zotlabs/Module/Ap_probe.php b/Zotlabs/Module/Ap_probe.php deleted file mode 100644 index 769cd4c4e..000000000 --- a/Zotlabs/Module/Ap_probe.php +++ /dev/null @@ -1,38 +0,0 @@ -<?php -namespace Zotlabs\Module; - -require_once('include/zot.php'); - - -class Ap_probe extends \Zotlabs\Web\Controller { - - function get() { - - $o .= '<h3>ActivityPub Probe Diagnostic</h3>'; - - $o .= '<form action="ap_probe" method="get">'; - $o .= 'Lookup URI: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" /><br>'; - $o .= 'Request Signed version: <input type=checkbox name="magenv" value="1" ><br>'; - $o .= '<input type="submit" name="submit" value="Submit" /></form>'; - - $o .= '<br /><br />'; - - if(x($_GET,'addr')) { - $addr = $_GET['addr']; - - if($_GET['magenv']) { - $headers = 'Accept: application/magic-envelope+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"'; - } - else { - $headers = 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams"'; - } - - $redirects = 0; - $x = z_fetch_url($addr,true,$redirects, [ 'headers' => [ $headers ]]); - if($x['success']) - $o .= '<pre>' . str_replace(['\\n','\\'],["\n",''],jindent($x['body'])) . '</pre>'; - } - return $o; - } - -} diff --git a/Zotlabs/Module/Apporder.php b/Zotlabs/Module/Apporder.php index 1097a01eb..956548d1f 100644 --- a/Zotlabs/Module/Apporder.php +++ b/Zotlabs/Module/Apporder.php @@ -11,30 +11,35 @@ class Apporder extends \Zotlabs\Web\Controller { } function get() { - $syslist = array(); - $list = Zlib\Apps::app_list(local_channel(), false, 'nav_featured_app'); - if($list) { - foreach($list as $li) { - $syslist[] = Zlib\Apps::app_encode($li); - } - } - Zlib\Apps::translate_system_apps($syslist); - usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare'); + if(! local_channel()) + return; - $syslist = Zlib\Apps::app_order(local_channel(),$syslist); + nav_set_selected('Order Apps'); - foreach($syslist as $app) { - $nav_apps[] = Zlib\Apps::app_render($app,'nav-order'); + $syslist = array(); + $list = Zlib\Apps::app_list(local_channel(), false, 'nav_featured_app'); + if($list) { + foreach($list as $li) { + $syslist[] = Zlib\Apps::app_encode($li); + } + } + Zlib\Apps::translate_system_apps($syslist); + + usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare'); + + $syslist = Zlib\Apps::app_order(local_channel(),$syslist); + foreach($syslist as $app) { + $nav_apps[] = Zlib\Apps::app_render($app,'nav-order'); } - return replace_macros(get_markup_template('apporder.tpl'), - [ - '$header' => t('Change Order of Navigation Apps'), - '$desc' => t('Use arrows to move the corresponding app up or down in the display list'), - '$nav_apps' => $nav_apps - ] - ); + return replace_macros(get_markup_template('apporder.tpl'), + [ + '$header' => t('Change Order of Navigation Apps'), + '$desc' => t('Use arrows to move the corresponding app up or down in the display list'), + '$nav_apps' => $nav_apps + ] + ); } } diff --git a/Zotlabs/Module/Apps.php b/Zotlabs/Module/Apps.php index 261615997..2f61f2932 100644 --- a/Zotlabs/Module/Apps.php +++ b/Zotlabs/Module/Apps.php @@ -7,6 +7,8 @@ use \Zotlabs\Lib as Zlib; class Apps extends \Zotlabs\Web\Controller { function get() { + + nav_set_selected('Apps'); if(argc() == 2 && argv(1) == 'edit') $mode = 'edit'; diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index 94f46978a..490d5edd0 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller { $unsafe_types = array('text/html','text/css','application/javascript'); - if(in_array($r['data']['filetype'],$unsafe_types)) { + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) { header('Content-type: text/plain'); } else { diff --git a/Zotlabs/Module/Bookmarks.php b/Zotlabs/Module/Bookmarks.php index e62f5ce96..e147ffe6c 100644 --- a/Zotlabs/Module/Bookmarks.php +++ b/Zotlabs/Module/Bookmarks.php @@ -8,7 +8,7 @@ class Bookmarks extends \Zotlabs\Web\Controller { if(! local_channel()) return; - nav_set_selected(t('View Bookmarks')); + nav_set_selected('View Bookmarks'); $item_id = intval($_REQUEST['item']); $burl = trim($_REQUEST['burl']); diff --git a/Zotlabs/Module/Card_edit.php b/Zotlabs/Module/Card_edit.php new file mode 100644 index 000000000..7cc563fd2 --- /dev/null +++ b/Zotlabs/Module/Card_edit.php @@ -0,0 +1,138 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/channel.php'); +require_once('include/acl_selectors.php'); +require_once('include/conversation.php'); + +class Card_edit extends \Zotlabs\Web\Controller { + + + function get() { + + // Figure out which post we're editing + $post_id = ((argc() > 1) ? intval(argv(1)) : 0); + + if(! $post_id) { + notice( t('Item not found') . EOL); + return; + } + + $itm = q("SELECT * FROM item WHERE id = %d and item_type = %d LIMIT 1", + intval($post_id), + intval(ITEM_TYPE_CARD) + ); + if($itm) { + $item_id = q("select * from iconfig where cat = 'system' and k = 'CARD' and iid = %d limit 1", + intval($itm[0]['id']) + ); + if($item_id) + $card_title = $item_id[0]['v']; + } + else { + notice( t('Item not found') . EOL); + return; + } + + $owner = $itm[0]['uid']; + $uid = local_channel(); + + $observer = \App::get_observer(); + + $channel = channelx_by_n($owner); + if(! $channel) { + notice( t('Channel not found.') . EOL); + return; + } + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = (($uid && $uid == $owner) ? true : false); + + $o = ''; + + + + $category = ''; + $catsenabled = ((feature_enabled($owner,'categories')) ? 'categories' : ''); + + if ($catsenabled){ + $itm = fetch_post_tags($itm); + + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); + + foreach ($cats as $cat) { + if (strlen($category)) + $category .= ', '; + $category .= $cat['term']; + } + } + + if($itm[0]['attach']) { + $j = json_decode($itm[0]['attach'],true); + if($j) { + foreach($j as $jj) { + $itm[0]['body'] .= "\n" . '[attachment]' . basename($jj['href']) . ',' . $jj['revision'] . '[/attachment]' . "\n"; + } + } + } + + + $mimetype = $itm[0]['mimetype']; + + $content = $itm[0]['body']; + + + + $rp = 'cards/' . $channel['channel_address']; + + $x = array( + 'nickname' => $channel['channel_address'], + 'bbco_autocomplete'=> 'bbcode', + 'return_path' => $rp, + 'webpage' => ITEM_TYPE_CARD, + 'button' => t('Edit'), + 'writefiles' => perm_is_allowed($owner, get_observer_hash(), 'write_pages'), + 'weblink' => t('Insert web link'), + 'hide_voting' => false, + 'hide_future' => false, + 'hide_location' => false, + 'hide_expire' => false, + 'showacl' => true, + 'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')), + 'permissions' => $itm[0], + 'lockstate' => (($itm[0]['allow_cid'] || $itm[0]['allow_gid'] || $itm[0]['deny_cid'] || $itm[0]['deny_gid']) ? 'lock' : 'unlock'), + 'ptyp' => $itm[0]['type'], + 'mimeselect' => false, + 'mimetype' => $itm[0]['mimetype'], + 'body' => undo_post_tagging($content), + 'post_id' => $post_id, + 'visitor' => true, + 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'placeholdertitle' => t('Title (optional)'), + 'pagetitle' => $card_title, + 'profile_uid' => (intval($channel['channel_id'])), + 'catsenabled' => $catsenabled, + 'category' => $category, + 'bbcode' => (($mimetype == 'text/bbcode') ? true : false) + ); + + $editor = status_editor($a, $x); + + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( + '$title' => t('Edit Card'), + '$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false), + '$id' => $itm[0]['id'], + '$editor' => $editor + )); + + return $o; + + } + +} diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php new file mode 100644 index 000000000..22c5d673c --- /dev/null +++ b/Zotlabs/Module/Cards.php @@ -0,0 +1,187 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/channel.php'); +require_once('include/conversation.php'); +require_once('include/acl_selectors.php'); + + +class Cards extends \Zotlabs\Web\Controller { + + function init() { + + if(argc() > 1) + $which = argv(1); + else + return; + + profile_load($which); + + } + + function get($update = 0, $load = false) { + + if(observer_prohibited(true)) { + return login(); + } + + if(! \App::$profile) { + notice( t('Requested profile is not available.') . EOL ); + \App::$error = 404; + return; + } + + if(! feature_enabled(\App::$profile_uid,'cards')) { + return; + } + + nav_set_selected(t('Cards')); + + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); + + + $category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : ''); + + if($category) { + $sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY)); + } + + + $which = argv(1); + + $selected_card = ((argc() > 2) ? argv(2) : ''); + + $_SESSION['return_url'] = \App::$query_string; + + $uid = local_channel(); + $owner = \App::$profile_uid; + $observer = \App::get_observer(); + + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); + + if(! perm_is_allowed($owner,$ob_hash,'view_pages')) { + notice( t('Permission denied.') . EOL); + return; + } + + $is_owner = ($uid && $uid == $owner); + + $channel = channelx_by_n($owner); + + if($channel) { + $channel_acl = array( + 'allow_cid' => $channel['channel_allow_cid'], + 'allow_gid' => $channel['channel_allow_gid'], + 'deny_cid' => $channel['channel_deny_cid'], + 'deny_gid' => $channel['channel_deny_gid'] + ); + } + else { + $channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ]; + } + + + + if(perm_is_allowed($owner,$ob_hash,'write_pages')) { + + $x = [ + 'webpage' => ITEM_TYPE_CARD, + 'is_owner' => true, + 'content_label' => t('Add Card'), + 'button' => t('Create'), + 'nickname' => $channel['channel_address'], + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] + || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'acl' => (($is_owner) ? populate_acl($channel_acl, false, + \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''), + 'permissions' => $channel_acl, + 'showacl' => (($is_owner) ? true : false), + 'visitor' => true, + 'hide_location' => false, + 'hide_voting' => false, + 'profile_uid' => intval($owner), + 'mimetype' => 'text/bbcode', + 'mimeselect' => false, + 'layoutselect' => false, + 'expanded' => false, + 'novoting' => false, + 'catsenabled' => feature_enabled($owner,'categories'), + 'bbco_autocomplete' => 'bbcode', + 'bbcode' => true + ]; + + if($_REQUEST['title']) + $x['title'] = $_REQUEST['title']; + if($_REQUEST['body']) + $x['body'] = $_REQUEST['body']; + $editor = status_editor($a,$x); + + } + else { + $editor = ''; + } + + + $sql_extra = item_permissions_sql($owner); + + if($selected_card) { + $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1", + dbesc($selected_card) + ); + if($r) { + $sql_extra .= "and item.id = " . intval($r[0]['iid']) . " "; + } + } + + $r = q("select * from item + where item.uid = %d and item_type = %d + $sql_extra order by item.created desc", + intval($owner), + intval(ITEM_TYPE_CARD) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 + and item.item_blocked = 0 "; + + if($r) { + + $parents_str = ids_to_querystr($r,'id'); + + $items = q("SELECT item.*, item.id AS item_id + FROM item + WHERE item.uid = %d $item_normal + AND item.parent IN ( %s ) + $sql_extra $sql_extra2 ", + intval(\App::$profile['profile_uid']), + dbesc($parents_str) + ); + if($items) { + xchan_query($items); + $items = fetch_post_tags($items, true); + $items = conv_sort($items,'updated'); + } + else + $items = []; + } + + $mode = 'cards'; + + $content = conversation($items,$mode,false,'traditional'); + + $o = replace_macros(get_markup_template('cards.tpl'), [ + '$title' => t('Cards'), + '$editor' => $editor, + '$content' => $content, + '$pager' => alt_pager($a,count($items)) + ]); + + return $o; + } + +} diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index d0619ef0b..77052f97c 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -3,31 +3,81 @@ namespace Zotlabs\Module; require_once('include/event.php'); +require_once('include/auth.php'); +require_once('include/security.php'); + class Cdav extends \Zotlabs\Web\Controller { function init() { + $record = null; + $channel_login = false; + if((argv(1) !== 'calendar') && (argv(1) !== 'addressbook')) { - // workaround for HTTP-auth in CGI mode - if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + + /* Basic authentication */ + + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') { + $userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + break; } - } - if (x($_SERVER, 'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; + /* Signature authentication */ + + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { + if($head !== 'HTTP_AUTHORIZATION') { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; + continue; + } + + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + if($sigblock) { + $keyId = $sigblock['keyId']; + if($keyId) { + $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + dbesc($keyId) + ); + if($r) { + $c = channelx_by_hash($r[0]['hubloc_hash']); + if($c) { + $a = q("select * from account where account_id = %d limit 1", + intval($c['channel_account_id']) + ); + if($a) { + $record = [ 'channel' => $c, 'account' => $a[0] ]; + $channel_login = $c['channel_id']; + } + } + } + if(! $record) + continue; + + if($record) { + $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); + if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { + $record = null; + } + if($record['account']) { + authenticate_success($record['account']); + if($channel_login) { + change_channel($channel_login); + } + } + break; + } + } + } } } + /** * This server combines both CardDAV and CalDAV functionality into a single * server. It is assumed that the server runs at the root of a HTTP domain (be @@ -774,7 +824,7 @@ class Cdav extends \Zotlabs\Web\Controller { } if(argv(1) === 'calendar') { - nav_set_selected(t('CalDAV')); + nav_set_selected('CalDAV'); $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo); $calendars = $caldavBackend->getCalendarsForUser($principalUri); } @@ -975,7 +1025,7 @@ class Cdav extends \Zotlabs\Web\Controller { if(argv(1) === 'addressbook') { - nav_set_selected(t('CardDAV')); + nav_set_selected('CardDAV'); $carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo); $addressbooks = $carddavBackend->getAddressBooksForUser($principalUri); } diff --git a/Zotlabs/Module/Changeaddr.php b/Zotlabs/Module/Changeaddr.php new file mode 100644 index 000000000..5cd236394 --- /dev/null +++ b/Zotlabs/Module/Changeaddr.php @@ -0,0 +1,88 @@ +<?php +namespace Zotlabs\Module; + + +class Changeaddr extends \Zotlabs\Web\Controller { + + function post() { + + if(! local_channel()) + return; + + if($_SESSION['delegate']) + return; + + if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password'])))) + return; + + if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify'])))) + return; + + if($_POST['verify'] !== $_SESSION['remove_account_verify']) + return; + + + $account = \App::get_account(); + $channel = \App::get_channel(); + + $x = account_verify_password($account['account_email'],$_POST['qxz_password']); + if(! ($x && $x['account'])) + return; + + if($account['account_password_changed'] > NULL_DATE) { + $d1 = datetime_convert('UTC','UTC','now - 48 hours'); + if($account['account_password_changed'] > d1) { + notice( t('Channel name changes are not allowed within 48 hours of changing the account password.') . EOL); + return; + } + } + + $new_address = trim($_POST['newname']); + + if($new_address === $channel['channel_address']) + return; + + if($new_address === 'sys') { + notice( t('Reserved nickname. Please choose another.') . EOL); + return; + } + + if(check_webbie(array($new_address)) !== $new_address) { + notice( t('Nickname has unsupported characters or is already being used on this site.') . EOL); + return $ret; + } + + channel_change_address($channel,$new_address); + + goaway(z_root() . '/changeaddr'); + + } + + + function get() { + + if(! local_channel()) + goaway(z_root()); + + $channel = \App::get_channel(); + + $hash = random_string(); + + $_SESSION['remove_account_verify'] = $hash; + + $tpl = get_markup_template('channel_rename.tpl'); + $o .= replace_macros($tpl, array( + '$basedir' => z_root(), + '$hash' => $hash, + '$title' => t('Change channel nickname/address'), + '$desc' => array(t('WARNING: '), t('Any/all connections on other networks will be lost!')), + '$passwd' => t('Please enter your password for verification:'), + '$newname' => array('newname', t('New channel address'),$channel['channel_address'], ''), + '$submit' => t('Rename Channel') + )); + + return $o; + + } + +} diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index a44984c97..14d02d873 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -92,11 +92,6 @@ class Channel extends \Zotlabs\Web\Controller { // Ensure we've got a profile owner if updating. \App::$profile['profile_uid'] = \App::$profile_uid = $update; } - else { - if(\App::$profile['profile_uid'] == local_channel()) { - nav_set_selected(t('Channel Home')); - } - } $is_owner = (((local_channel()) && (\App::$profile['profile_uid'] == local_channel())) ? true : false); @@ -119,11 +114,13 @@ class Channel extends \Zotlabs\Web\Controller { if(! $update) { + nav_set_selected('Channel Home'); + $static = channel_manual_conv_update(\App::$profile['profile_uid']); //$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']); - $o .= common_friends_visitor_widget(\App::$profile['profile_uid']); + // $o .= common_friends_visitor_widget(\App::$profile['profile_uid']); if($channel && $is_owner) { $channel_acl = array( @@ -169,6 +166,7 @@ class Channel extends \Zotlabs\Web\Controller { */ $item_normal = item_normal(); + $item_normal_update = item_normal_update(); $sql_extra = item_permissions_sql(\App::$profile['profile_uid']); if(get_pconfig(\App::$profile['profile_uid'],'system','channel_list_mode') && (! $mid)) @@ -180,7 +178,12 @@ class Channel extends \Zotlabs\Web\Controller { $simple_update = (($update) ? " AND item_unseen = 1 " : ''); - \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n"; + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); if($update && $_SESSION['loadtime']) $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; @@ -188,12 +191,12 @@ class Channel extends \Zotlabs\Web\Controller { $simple_update = ''; if($static && $simple_update) - $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; + $simple_update .= " and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; if(($update) && (! $load)) { if($mid) { - $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal + $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal_update AND item_wall = 1 $simple_update $sql_extra limit 1", dbesc($mid . '%'), intval(\App::$profile['profile_uid']) @@ -203,7 +206,7 @@ class Channel extends \Zotlabs\Web\Controller { else { $r = q("SELECT distinct parent AS item_id, created from item left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) - WHERE uid = %d $item_normal + WHERE uid = %d $item_normal_update AND item_wall = 1 $simple_update AND (abook.abook_blocked = 0 or abook.abook_flags is null) $sql_extra @@ -236,7 +239,7 @@ class Channel extends \Zotlabs\Web\Controller { if($load || ($checkjs->disabled())) { if($mid) { - $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal + $r = q("SELECT distinct parent AS item_id from item where mid like '%s' and uid = %d $item_normal AND item_wall = 1 $sql_extra limit 1", dbesc($mid . '%'), intval(\App::$profile['profile_uid']) @@ -358,9 +361,13 @@ class Channel extends \Zotlabs\Web\Controller { } if($is_owner && $update_unseen) { - $r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d $update_unseen", - intval(local_channel()) - ); + $x = [ 'channel_id' => local_channel(), 'update' => 'unset' ]; + call_hooks('update_unseen',$x); + if($x['update'] === 'unset' || intval($x['update'])) { + $r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d $update_unseen", + intval(local_channel()) + ); + } } diff --git a/Zotlabs/Module/Chat.php b/Zotlabs/Module/Chat.php index 138ca1cb5..378c9f4dd 100644 --- a/Zotlabs/Module/Chat.php +++ b/Zotlabs/Module/Chat.php @@ -91,7 +91,7 @@ class Chat extends \Zotlabs\Web\Controller { if(local_channel()) { $channel = \App::get_channel(); - nav_set_selected(t('My Chatrooms')); + nav_set_selected('My Chatrooms'); } $ob = \App::get_observer(); diff --git a/Zotlabs/Module/Common.php b/Zotlabs/Module/Common.php index 2f3c57267..eebc56d2b 100644 --- a/Zotlabs/Module/Common.php +++ b/Zotlabs/Module/Common.php @@ -25,7 +25,7 @@ class Common extends \Zotlabs\Web\Controller { } - function get() { + function get() { $o = ''; @@ -34,38 +34,37 @@ class Common extends \Zotlabs\Web\Controller { $observer_hash = get_observer_hash(); - if(! perm_is_allowed(\App::$profile['profile_uid'],$observer_hash,'view_contacts')) { notice( t('Permission denied.') . EOL); return; } - $o .= '<h2>' . t('Common connections') . '</h2>'; - $t = count_common_friends(\App::$profile['profile_uid'],$observer_hash); if(! $t) { notice( t('No connections in common.') . EOL); - return $o; + return; } $r = common_friends(\App::$profile['profile_uid'],$observer_hash); if($r) { - - $tpl = get_markup_template('common_friends.tpl'); - foreach($r as $rr) { - $o .= replace_macros($tpl,array( - '$url' => $rr['xchan_url'], - '$name' => $rr['xchan_name'], - '$photo' => $rr['xchan_photo_m'], - '$tags' => '' - )); + $items[] = [ + 'url' => $rr['xchan_url'], + 'name' => $rr['xchan_name'], + 'photo' => $rr['xchan_photo_m'], + 'tags' => '' + ]; } - - $o .= cleardiv(); } + + $tpl = get_markup_template('common_friends.tpl'); + + $o = replace_macros($tpl, [ + '$title' => t('View Common Connections'), + '$items' => $items + ]); return $o; } diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 6ad1e9528..f42ff9b84 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -30,7 +30,7 @@ class Connections extends \Zotlabs\Web\Controller { return login(); } - nav_set_selected(t('Connections')); + nav_set_selected('Connections'); $blocked = false; $hidden = false; diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index d301c2d45..23c5282e3 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -248,6 +248,10 @@ class Connedit extends \Zotlabs\Web\Controller { notice( t('Failed to update connection record.') . EOL); if(! intval(\App::$poi['abook_self'])) { + if($new_friend) { + \Zotlabs\Daemon\Master::Summon( [ 'Notifier', 'permission_accept', $contact_id ] ); + } + \Zotlabs\Daemon\Master::Summon( [ 'Notifier', (($new_friend) ? 'permission_create' : 'permission_update'), @@ -841,7 +845,7 @@ class Connedit extends \Zotlabs\Web\Controller { } } else - $locstr = t('none'); + $locstr = $contact['xchan_url']; $clone_warn = ''; $clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false); @@ -866,6 +870,7 @@ class Connedit extends \Zotlabs\Web\Controller { '$permcat_new' => t('Add permission role'), '$permcat_enable' => feature_enabled(local_channel(),'permcats'), '$addr' => $contact['xchan_addr'], + '$primeurl' => $contact['xchan_url'], '$section' => $section, '$sections' => $sections, '$vcard' => $vcard, diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 8ae2e8991..d506fe9f5 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -12,6 +12,9 @@ use \Sabre\DAV as SDAV; use \Zotlabs\Storage; require_once('include/attach.php'); +require_once('include/auth.php'); +require_once('include/security.php'); + class Dav extends \Zotlabs\Web\Controller { @@ -21,22 +24,65 @@ class Dav extends \Zotlabs\Web\Controller { */ function init() { - // workaround for HTTP-auth in CGI mode - if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + + /* Basic authentication */ + + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') { + $userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + break; } - } - if (x($_SERVER, 'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; + /* Signature authentication */ + + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { + if($head !== 'HTTP_AUTHORIZATION') { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; + continue; + } + + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + if($sigblock) { + $keyId = $sigblock['keyId']; + if($keyId) { + $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + dbesc($keyId) + ); + if($r) { + $c = channelx_by_hash($r[0]['hubloc_hash']); + if($c) { + $a = q("select * from account where account_id = %d limit 1", + intval($c['channel_account_id']) + ); + if($a) { + $record = [ 'channel' => $c, 'account' => $a[0] ]; + $channel_login = $c['channel_id']; + } + } + } + if(! $record) + continue; + + if($record) { + $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); + if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { + $record = null; + } + if($record['account']) { + authenticate_success($record['account']); + if($channel_login) { + change_channel($channel_login); + } + } + break; + } + } + } } } diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 6268e99c6..caf0190ae 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -77,7 +77,7 @@ class Directory extends \Zotlabs\Web\Controller { $pubforums = get_directory_setting($observer, 'pubforums'); $o = ''; - nav_set_selected(t('Directory')); + nav_set_selected('Directory'); if(x($_POST,'search')) $search = notags(trim($_POST['search'])); diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index df3cb1e2b..d5afdd787 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -17,20 +17,18 @@ class Display extends \Zotlabs\Web\Controller { if($load) $_SESSION['loadtime'] = datetime_convert(); - if(observer_prohibited()) { notice( t('Public access denied.') . EOL); return; } - if(argc() > 1 && argv(1) !== 'load') $item_hash = argv(1); if($_REQUEST['mid']) $item_hash = $_REQUEST['mid']; - if(! $item_hash) { + if(! $item_hash) { \App::$error = 404; notice( t('Item not found.') . EOL); return; @@ -38,21 +36,18 @@ class Display extends \Zotlabs\Web\Controller { $observer_is_owner = false; $updateable = false; - - + if(local_channel() && (! $update)) { $channel = \App::get_channel(); - - + $channel_acl = array( 'allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid'] ); - - + $x = array( 'is_owner' => true, 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), @@ -76,7 +71,6 @@ class Display extends \Zotlabs\Web\Controller { $o = '<div id="jot-popup">'; $o .= status_editor($a,$x); $o .= '</div>'; - } // This page can be viewed by anybody so the query could be complicated @@ -95,14 +89,18 @@ class Display extends \Zotlabs\Web\Controller { if($decoded) $item_hash = $decoded; - $r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1", - dbesc($item_hash . '%'), - dbesc($decoded . '%') + $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid like '%s' limit 1", + dbesc($item_hash . '%') ); if($r) { $target_item = $r[0]; } + + //if the item is to be moderated redirect to /moderate + if($target_item['item_blocked'] == ITEM_MODERATED) { + goaway(z_root() . '/moderate/' . $target_item['id']); + } $r = null; @@ -138,10 +136,16 @@ class Display extends \Zotlabs\Web\Controller { $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; if((! $update) && (! $load)) { - - $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0); - + $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); + + //if the target item is not a post (eg a like) we want to address its thread parent + $mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']); + + //if we got a decoded hash we must encode it again before handing to javascript + if($decoded) + $mid = 'b64.' . base64url_encode($mid); + $o .= '<div id="live-display"></div>' . "\r\n"; $o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1)) . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n"; @@ -173,25 +177,31 @@ class Display extends \Zotlabs\Web\Controller { '$dend' => '', '$dbegin' => '', '$verb' => '', - '$mid' => $item_hash + '$mid' => $mid )); - - + + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); + } - + $observer_hash = get_observer_hash(); $item_normal = item_normal(); - + $item_normal_update = item_normal_update(); + $sql_extra = public_permissions_sql($observer_hash); if(($update && $load) || ($checkjs->disabled())) { - - + $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start'])); - + if($load || ($checkjs->disabled())) { $r = null; - + require_once('include/channel.php'); $sys = get_sys_channel(); $sysid = $sys['channel_id']; @@ -207,25 +217,22 @@ class Display extends \Zotlabs\Web\Controller { ); if($r) { $updateable = true; - } - } if($r === null) { - + // in case somebody turned off public access to sys channel content using permissions - // make that content unsearchable by ensuring the owner_xchan can't match - + // make that content unsearchable by ensuring the owner uid can't match + if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - - + $r = q("SELECT item.id as item_id from item WHERE mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR uid = %d ) $sql_extra ) $item_normal @@ -233,7 +240,6 @@ class Display extends \Zotlabs\Web\Controller { dbesc($target_item['parent_mid']), intval($sysid) ); - } } } @@ -249,7 +255,7 @@ class Display extends \Zotlabs\Web\Controller { $r = q("SELECT item.parent AS item_id from item WHERE uid = %d and parent_mid = '%s' - $item_normal + $item_normal_update $simple_update limit 1", intval(local_channel()), @@ -265,15 +271,15 @@ class Display extends \Zotlabs\Web\Controller { // make that content unsearchable by ensuring the owner_xchan can't match if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - + $r = q("SELECT item.parent AS item_id from item WHERE parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) - and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) + and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) OR uid = %d ) $sql_extra ) - $item_normal + $item_normal_update $simple_update limit 1", dbesc($target_item['parent_mid']), @@ -288,10 +294,8 @@ class Display extends \Zotlabs\Web\Controller { } if($r) { - $parents_str = ids_to_querystr($r,'item_id'); if($parents_str) { - $items = q("SELECT item.*, item.id AS item_id FROM item WHERE parent in ( %s ) $item_normal ", @@ -302,11 +306,11 @@ class Display extends \Zotlabs\Web\Controller { $items = fetch_post_tags($items,true); $items = conv_sort($items,'created'); } - } else { + } + else { $items = array(); } - if ($checkjs->disabled()) { $o .= conversation($items, 'display', $update, 'traditional'); if ($items[0]['title']) @@ -324,17 +328,13 @@ class Display extends \Zotlabs\Web\Controller { } $o .= '<div id="content-complete"></div>'; - - return $o; - - - /* - elseif((! $update) && (! { + + if((($update && $load) || $checkjs->disabled()) && (! $items)) { - $r = q("SELECT id, item_flags FROM item WHERE id = '%s' OR mid = '%s' LIMIT 1", - dbesc($item_hash), + $r = q("SELECT id, item_deleted FROM item WHERE mid = '%s' LIMIT 1", dbesc($item_hash) ); + if($r) { if(intval($r[0]['item_deleted'])) { notice( t('Item has been removed.') . EOL ); @@ -348,8 +348,9 @@ class Display extends \Zotlabs\Web\Controller { } } - */ + + return $o; + } - - + } diff --git a/Zotlabs/Module/Events.php b/Zotlabs/Module/Events.php index 0541f5e9b..33c8b8249 100644 --- a/Zotlabs/Module/Events.php +++ b/Zotlabs/Module/Events.php @@ -272,7 +272,7 @@ class Events extends \Zotlabs\Web\Controller { return; } - nav_set_selected(t('Events')); + nav_set_selected('Events'); if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { $r = q("update event set dismissed = 1 where id = %d and uid = %d", diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php index 29a7bd137..5c4b9a502 100644 --- a/Zotlabs/Module/File_upload.php +++ b/Zotlabs/Module/File_upload.php @@ -34,10 +34,26 @@ class File_upload extends \Zotlabs\Web\Controller { $_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']); if($_REQUEST['filename']) { - $r = attach_mkdir($channel,get_observer_hash(),$_REQUEST); + $r = attach_mkdir($channel, get_observer_hash(), $_REQUEST); + if($r['success']) { + $hash = $r['data']['hash']; + + $sync = attach_export_data($channel,$hash); + if($sync) { + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + } + goaway(z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']); + + } } else { - $r = attach_store($channel,get_observer_hash(), '', $_REQUEST); + $r = attach_store($channel, get_observer_hash(), '', $_REQUEST); + if($r['success']) { + $sync = attach_export_data($channel,$r['data']['hash']); + if($sync) + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + + } } goaway(z_root() . '/' . $_REQUEST['return_url']); diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index d6f363e77..55713027a 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -18,7 +18,7 @@ class Filestorage extends \Zotlabs\Web\Controller { $recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0); $resource = ((x($_POST, 'filehash')) ? notags($_POST['filehash']) : ''); - $notify = ((x($_POST, 'notify')) ? intval($_POST['notify']) : 0); + $notify = ((x($_POST, 'notify_edit')) ? intval($_POST['notify_edit']) : 0); if(! $resource) { notice(t('Item not found.') . EOL); @@ -31,16 +31,16 @@ class Filestorage extends \Zotlabs\Web\Controller { $acl->set_from_array($_POST); $x = $acl->get(); - $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource); + $url = get_cloud_url($channel_id, $channel['channel_address'], $resource); //get the object before permissions change so we can catch eventual former allowed members - $object = get_file_activity_object($channel_id, $resource, $cloudPath); + $object = get_file_activity_object($channel_id, $resource, $url); attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true); file_activity($channel_id, $object, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], 'post', $notify); - goaway($cloudPath); + goaway(dirname($url)); } function get() { @@ -99,11 +99,11 @@ class Filestorage extends \Zotlabs\Web\Controller { $f = $r[0]; $channel = \App::get_channel(); - $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); + $url = get_cloud_url($channel['channel_id'], $channel['channel_address'], $f['hash']); attach_delete($owner, $f['hash']); - goaway($parentpath); + goaway(dirname($url)); } if(argc() > 3 && argv(3) === 'edit') { @@ -123,7 +123,6 @@ class Filestorage extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $cloudpath = get_cloudpath($f); - $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); $aclselect_e = populate_acl($f, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')); $is_a_dir = (intval($f['is_dir']) ? true : false); @@ -138,7 +137,6 @@ class Filestorage extends \Zotlabs\Web\Controller { '$header' => t('Edit file permissions'), '$file' => $f, '$cloudpath' => z_root() . '/' . $encoded_path, - '$parentpath' => $parentpath, '$uid' => $channel['channel_id'], '$channelnick' => $channel['channel_address'], '$permissions' => t('Permissions'), @@ -157,7 +155,7 @@ class Filestorage extends \Zotlabs\Web\Controller { '$submit' => t('Submit'), '$attach_btn_title' => t('Share this file'), '$link_btn_title' => t('Show URL to this file'), - '$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes'))), + '$notify' => array('notify_edit', t('Show in your contacts shared folder'), 0, '', array(t('No'), t('Yes'))), )); echo $o; diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 0b05d78a4..413a68e0c 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -108,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller { $unsafe_types = array('text/html','text/css','application/javascript'); - if(in_array($r['data']['filetype'],$unsafe_types)) { + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) { header('Content-type: text/plain'); } else { diff --git a/Zotlabs/Module/Help.php b/Zotlabs/Module/Help.php index e98cb9d4d..f1b1acaef 100644 --- a/Zotlabs/Module/Help.php +++ b/Zotlabs/Module/Help.php @@ -15,7 +15,7 @@ require_once('include/help.php'); class Help extends \Zotlabs\Web\Controller { function get() { - nav_set_selected(t('Help')); + nav_set_selected('Help'); if($_REQUEST['search']) { $o .= '<div id="help-content" class="generic-content-wrapper">'; @@ -88,12 +88,15 @@ class Help extends \Zotlabs\Web\Controller { $heading = $headings[argv(1)]; $content = get_help_content(); + + $language = determine_help_language()['language']; return replace_macros(get_markup_template('help.tpl'), array( '$title' => t('$Projectname Documentation'), '$tocHeading' => t('Contents'), '$content' => $content, - '$heading' => $heading + '$heading' => $heading, + '$language' => $language )); } diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 40ce8f6d1..2b16ff4e1 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -278,20 +278,31 @@ class Import extends \Zotlabs\Web\Controller { create_table_from_array('xchan',$xchan); require_once('include/photo/photo_driver.php'); - $photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']); - if($photos[4]) - $photodate = NULL_DATE; - else - $photodate = $xchan['xchan_photo_date']; - - $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'", - dbesc($photos[0]), - dbesc($photos[1]), - dbesc($photos[2]), - dbesc($photos[3]), - dbesc($photodate), - dbesc($xchan['xchan_hash']) - ); + + if($xchan['xchan_hash'] === $channel['channel_hash']) { + $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s' where xchan_hash = '%s'", + dbesc(z_root() . '/photo/profile/l/' . $channel['channel_id']), + dbesc(z_root() . '/photo/profile/m/' . $channel['channel_id']), + dbesc(z_root() . '/photo/profile/s/' . $channel['channel_id']), + dbesc($xchan['xchan_hash']) + ); + } + else { + $photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']); + if($photos[4]) + $photodate = NULL_DATE; + else + $photodate = $xchan['xchan_photo_date']; + + $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'", + dbesc($photos[0]), + dbesc($photos[1]), + dbesc($photos[2]), + dbesc($photos[3]), + dbesc($photodate), + dbesc($xchan['xchan_hash']) + ); + } } logger('import step 7'); diff --git a/Zotlabs/Module/Invite.php b/Zotlabs/Module/Invite.php index bbd98150d..0bcd1c1fa 100644 --- a/Zotlabs/Module/Invite.php +++ b/Zotlabs/Module/Invite.php @@ -95,7 +95,7 @@ class Invite extends \Zotlabs\Web\Controller { return; } - nav_set_selected(t('Invite')); + nav_set_selected('Invite'); $tpl = get_markup_template('invite.tpl'); $invonly = false; diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index eb8b60931..9e5dcfaff 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -659,14 +659,23 @@ class Item extends \Zotlabs\Web\Controller { // BBCODE end alert if(strlen($categories)) { + $cats = explode(',',$categories); foreach($cats as $cat) { + + if($webpage == ITEM_TYPE_CARD) { + $catlink = z_root() . '/cards/' . $channel['channel_address'] . '?f=&cat=' . urlencode(trim($cat)); + } + else { + $catlink = $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)); + } + $post_tags[] = array( 'uid' => $profile_uid, 'ttype' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), - 'url' => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)) + 'url' => $catlink ); } } @@ -734,7 +743,9 @@ class Item extends \Zotlabs\Web\Controller { if($parent_item) $parent_mid = $parent_item['mid']; - + + + // Fallback so that we alway have a thr_parent if(!$thr_parent) @@ -744,6 +755,21 @@ class Item extends \Zotlabs\Web\Controller { $item_thread_top = ((! $parent) ? 1 : 0); + + // fix permalinks for cards + + if($webpage == ITEM_TYPE_CARD) { + $plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : substr($mid,0,16)); + } + if(($parent_item) && ($parent_item['item_type'] == ITEM_TYPE_CARD)) { + $r = q("select v from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.iid = %d limit 1", + intval($parent_item['id']) + ); + if($r) { + $plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . $r[0]['v']; + } + } + if ((! $plink) && ($item_thread_top)) { $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid; } @@ -1079,21 +1105,28 @@ class Item extends \Zotlabs\Web\Controller { // if this is a different page type or it's just a local delete // but not by the item author or owner, do a simple deletion - + + $complex = false; + if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) { drop_item($i[0]['id']); } else { // complex deletion that needs to propagate and be performed in phases drop_item($i[0]['id'],true,DROPITEM_PHASE1); - $r = q("select * from item where id = %d", - intval($i[0]['id']) - ); - if($r) { - xchan_query($r); - $sync_item = fetch_post_tags($r); - build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true)))); - } + $complex = true; + } + + $r = q("select * from item where id = %d", + intval($i[0]['id']) + ); + if($r) { + xchan_query($r); + $sync_item = fetch_post_tags($r); + build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true)))); + } + + if($complex) { tag_deliver($i[0]['uid'],$i[0]['id']); } } diff --git a/Zotlabs/Module/Lang.php b/Zotlabs/Module/Lang.php index 84776c3ea..0e5d85d05 100644 --- a/Zotlabs/Module/Lang.php +++ b/Zotlabs/Module/Lang.php @@ -5,7 +5,7 @@ namespace Zotlabs\Module; class Lang extends \Zotlabs\Web\Controller { function get() { - nav_set_selected(t('Language')); + nav_set_selected('Language'); return lang_selector(); } diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index c995079ce..b104a5f5f 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -255,7 +255,7 @@ class Like extends \Zotlabs\Web\Controller { // get the item. Allow linked photos (which are normally hidden) to be liked $r = q("SELECT * FROM item WHERE id = %d - and item_type = 0 and item_deleted = 0 and item_unpublished = 0 + and (item_type = 0 or item_type = 6) and item_deleted = 0 and item_unpublished = 0 and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1", intval($item_id) ); diff --git a/Zotlabs/Module/Linkinfo.php b/Zotlabs/Module/Linkinfo.php index 8f8231c49..78c34583e 100644 --- a/Zotlabs/Module/Linkinfo.php +++ b/Zotlabs/Module/Linkinfo.php @@ -95,7 +95,7 @@ class Linkinfo extends \Zotlabs\Web\Controller { echo $arr['text']; killme(); } - + if($process_oembed) { $x = oembed_process($url); if($x) { diff --git a/Zotlabs/Module/Logout.php b/Zotlabs/Module/Logout.php new file mode 100644 index 000000000..6aa11d110 --- /dev/null +++ b/Zotlabs/Module/Logout.php @@ -0,0 +1,12 @@ +<?php + +namespace Zotlabs\Module; + +class Logout extends \Zotlabs\Web\Controller { + + function init() { + \App::$session->nuke(); + goaway(z_root()); + + } +}
\ No newline at end of file diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 9ee5f9324..879085f96 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -17,6 +17,7 @@ class Magic extends \Zotlabs\Web\Controller { $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); $parsed = parse_url($dest); @@ -132,12 +133,32 @@ class Magic extends \Zotlabs\Web\Controller { if(local_channel()) { $channel = \App::get_channel(); + // OpenWebAuth + + if($owa) { + + $headers = []; + $headers['Accept'] = 'application/x-zot+json' ; + $headers['X-Open-Web-Auth'] = random_string(); + $headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], + 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); + $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]); + + if($x['success']) { + $j = json_decode($x['body'],true); + if($j['success'] && $j['token']) { + $x = strpbrk($dest,'?&'); + $args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : ''); + + goaway($dest . $args); + } + } + goaway($dest); + } + + $token = random_string(); - $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); - - $channel['token'] = $token; - $channel['token_sig'] = $token_sig; - + \Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']); $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel)) diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index e5509961a..12f3b8152 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -140,7 +140,7 @@ class Mail extends \Zotlabs\Web\Controller { function get() { $o = ''; - nav_set_selected(t('Mail')); + nav_set_selected('Mail'); if(! local_channel()) { notice( t('Permission denied.') . EOL); diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php index 2d8f39ded..9c5c32294 100644 --- a/Zotlabs/Module/Manage.php +++ b/Zotlabs/Module/Manage.php @@ -11,7 +11,7 @@ class Manage extends \Zotlabs\Web\Controller { return; } - nav_set_selected('Manage'); + nav_set_selected('Channel Manager'); require_once('include/security.php'); diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php index 9af43420d..cf1625a6b 100644 --- a/Zotlabs/Module/Moderate.php +++ b/Zotlabs/Module/Moderate.php @@ -14,6 +14,24 @@ class Moderate extends \Zotlabs\Web\Controller { return; } + //show all items + if(argc() == 1) { + $r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60", + intval(local_channel()), + intval(ITEM_MODERATED) + ); + } + + //show a single item + if(argc() == 2) { + $post_id = intval(argv(1)); + + $r = q("select item.id as item_id, item.* from item where item.id = %d and item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60", + intval($post_id), + intval(local_channel()), + intval(ITEM_MODERATED) + ); + } if(argc() > 2) { $post_id = intval(argv(1)); @@ -55,10 +73,6 @@ class Moderate extends \Zotlabs\Web\Controller { goaway(z_root() . '/moderate'); } } - $r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60", - intval(local_channel()), - intval(ITEM_MODERATED) - ); if($r) { xchan_query($r); @@ -73,4 +87,4 @@ class Moderate extends \Zotlabs\Web\Controller { } -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Mood.php b/Zotlabs/Module/Mood.php index 85c8a3042..ad29ec7e8 100644 --- a/Zotlabs/Module/Mood.php +++ b/Zotlabs/Module/Mood.php @@ -117,7 +117,7 @@ class Mood extends \Zotlabs\Web\Controller { return; } - nav_set_selected(t('Mood')); + nav_set_selected('Mood'); $parent = ((x($_GET,'parent')) ? intval($_GET['parent']) : '0'); diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index e5c059af5..ee736ff42 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -44,6 +44,7 @@ class Network extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $item_normal = item_normal(); + $item_normal_update = item_normal_update(); $datequery = $datequery2 = ''; @@ -116,7 +117,6 @@ class Network extends \Zotlabs\Web\Controller { $spam = ((x($_GET,'spam')) ? intval($_GET['spam']) : 0); $cmin = ((x($_GET,'cmin')) ? intval($_GET['cmin']) : 0); $cmax = ((x($_GET,'cmax')) ? intval($_GET['cmax']) : 99); - $firehose = ((x($_GET,'fh')) ? intval($_GET['fh']) : 0); $file = ((x($_GET,'file')) ? $_GET['file'] : ''); $xchan = ((x($_GET,'xchan')) ? $_GET['xchan'] : ''); @@ -154,7 +154,7 @@ class Network extends \Zotlabs\Web\Controller { )); } - nav_set_selected(t('Activity')); + nav_set_selected('Grid'); $channel_acl = array( 'allow_cid' => $channel['channel_allow_cid'], @@ -290,9 +290,6 @@ class Network extends \Zotlabs\Web\Controller { // We only launch liveUpdate if you aren't filtering in some incompatible // way and also you aren't writing a comment (discovered in javascript). - if($gid || $cid || $cmin || ($cmax != 99) || $star || $liked || $conv || $spam || $nouveau || $list) - $firehose = 0; - $maxheight = get_pconfig(local_channel(),'system','network_divmore_height'); if(! $maxheight) $maxheight = 400; @@ -315,7 +312,7 @@ class Network extends \Zotlabs\Web\Controller { '$liked' => (($liked) ? $liked : '0'), '$conv' => (($conv) ? $conv : '0'), '$spam' => (($spam) ? $spam : '0'), - '$fh' => (($firehose) ? $firehose : '0'), + '$fh' => '0', '$nouveau' => (($nouveau) ? $nouveau : '0'), '$wall' => '0', '$static' => $static, @@ -409,17 +406,7 @@ class Network extends \Zotlabs\Web\Controller { } $abook_uids = " and abook.abook_channel = " . local_channel() . " "; - - $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; - if($firehose && (! $disable_discover_tab)) { - require_once('include/channel.php'); - $sys = get_sys_channel(); - $uids = " and item.uid = " . intval($sys['channel_id']) . " "; - \App::$data['firehose'] = intval($sys['channel_id']); - } - else { - $uids = " and item.uid = " . local_channel() . " "; - } + $uids = " and item.uid = " . local_channel() . " "; if(get_pconfig(local_channel(),'system','network_list_mode')) $page_mode = 'list'; @@ -491,10 +478,11 @@ class Network extends \Zotlabs\Web\Controller { } else { + // this is an update $r = q("SELECT item.parent AS item_id FROM item left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids ) - WHERE true $uids $item_normal $simple_update + WHERE true $uids $item_normal_update $simple_update and (abook.abook_blocked = 0 or abook.abook_flags is null) $sql_extra3 $sql_extra $sql_nets " ); @@ -516,14 +504,14 @@ class Network extends \Zotlabs\Web\Controller { dbesc($parents_str) ); - xchan_query($items,true,(($firehose) ? local_channel() : 0)); + xchan_query($items,true); $items = fetch_post_tags($items,true); $items = conv_sort($items,$ordering); } else { $items = array(); } - + if($page_mode === 'list') { /** @@ -535,20 +523,26 @@ class Network extends \Zotlabs\Web\Controller { if($parents_str) { $update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )"; + $update_unseen .= " AND obj_type != '" . dbesc(ACTIVITY_OBJ_FILE) . "'"; $update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) "; } } else { if($parents_str) { - $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )"; + $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " ) AND obj_type != '" . dbesc(ACTIVITY_OBJ_FILE) . "'"; } } } - if(($update_unseen) && (! $firehose)) - $r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d $update_unseen ", - intval(local_channel()) - ); + if($update_unseen) { + $x = [ 'channel_id' => local_channel(), 'update' => 'unset' ]; + call_hooks('update_unseen',$x); + if($x['update'] === 'unset' || intval($x['update'])) { + $r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d $update_unseen ", + intval(local_channel()) + ); + } + } $mode = (($nouveau) ? 'network-new' : 'network'); diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php index cfd45e909..2b73fa191 100644 --- a/Zotlabs/Module/New_channel.php +++ b/Zotlabs/Module/New_channel.php @@ -9,7 +9,7 @@ require_once('include/permissions.php'); class New_channel extends \Zotlabs\Web\Controller { function init() { - + $cmd = ((argc() > 1) ? argv(1) : ''); if($cmd === 'autofill.json') { diff --git a/Zotlabs/Module/Notifications.php b/Zotlabs/Module/Notifications.php index 652648701..dfa007548 100644 --- a/Zotlabs/Module/Notifications.php +++ b/Zotlabs/Module/Notifications.php @@ -12,25 +12,44 @@ class Notifications extends \Zotlabs\Web\Controller { return; } - nav_set_selected('notifications'); + nav_set_selected('Notifications'); $o = ''; - - $r = q("SELECT * from notify where uid = %d and seen = 0 order by created desc", + + $r = q("select count(*) as total from notify where uid = %d and seen = 0", intval(local_channel()) ); + if($r && intval($t[0]['total']) > 49) { + $r = q("select * from notify where uid = %d + and seen = 0 order by created desc limit 50", + intval(local_channel()) + ); + } else { + $r1 = q("select * from notify where uid = %d + and seen = 0 order by created desc limit 50", + intval(local_channel()) + ); + $r2 = q("select * from notify where uid = %d + and seen = 1 order by created desc limit %d", + intval(local_channel()), + intval(50 - intval($t[0]['total'])) + ); + $r = array_merge($r1,$r2); + } if($r) { $notifications_available = 1; - foreach ($r as $it) { - $x = strip_tags(bbcode($it['msg'])); + foreach ($r as $rr) { + $x = strip_tags(bbcode($rr['msg'])); if(strpos($x,',')) $x = substr($x,strpos($x,',')+1); $notif_content .= replace_macros(get_markup_template('notify.tpl'),array( - '$item_link' => z_root().'/notify/view/'. $it['id'], - '$item_image' => $it['photo'], + '$item_link' => z_root().'/notify/view/'. $rr['id'], + '$item_image' => $rr['photo'], '$item_text' => $x, - '$item_when' => relative_date($it['created']) + '$item_when' => relative_date($rr['created']), + '$item_seen' => (($rr['seen']) ? true : false), + '$new' => t('New') )); } } diff --git a/Zotlabs/Module/Notify.php b/Zotlabs/Module/Notify.php index f592f6f37..3d6e1c2e7 100644 --- a/Zotlabs/Module/Notify.php +++ b/Zotlabs/Module/Notify.php @@ -15,12 +15,16 @@ class Notify extends \Zotlabs\Web\Controller { intval(local_channel()) ); if($r) { - q("update notify set seen = 1 where (( parent != '' and parent = '%s' and otype = '%s' ) or link = '%s' ) and uid = %d", - dbesc($r[0]['parent']), - dbesc($r[0]['otype']), - dbesc($r[0]['link']), - intval(local_channel()) - ); + $x = [ 'channel_id' => local_channel(), 'update' => 'unset' ]; + call_hooks('update_unseen',$x); + if($x['update'] === 'unset' || intval($x['update'])) { + q("update notify set seen = 1 where (( parent != '' and parent = '%s' and otype = '%s' ) or link = '%s' ) and uid = %d", + dbesc($r[0]['parent']), + dbesc($r[0]['otype']), + dbesc($r[0]['link']), + intval(local_channel()) + ); + } goaway($r[0]['link']); } goaway(z_root()); diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index 9c05f5e3f..5e06d3540 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -1,6 +1,8 @@ <?php namespace Zotlabs\Module; +require_once('include/security.php'); + // oembed provider @@ -41,6 +43,8 @@ class Oep extends \Zotlabs\Web\Controller { $arr = $this->oep_profile_reply($_REQUEST); elseif(fnmatch('*/profile/*',$url)) $arr = $this->oep_profile_reply($_REQUEST); + elseif(fnmatch('*/cards/*',$url)) + $arr = $this->oep_cards_reply($_REQUEST); if($arr) { if($html) { @@ -66,45 +70,70 @@ class Oep extends \Zotlabs\Web\Controller { $url = $args['url']; $maxwidth = intval($args['maxwidth']); $maxheight = intval($args['maxheight']); - - if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) { - $chn = $matches[3]; - $res = $matches[5]; + logger('processing display'); + if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) { + $res = $matches[2]; } - - if(! ($chn && $res)) - return; - $c = q("select * from channel where channel_address = '%s' limit 1", - dbesc($chn) + + if(strpos($res,'b64.') === 0) { + $res = base64url_decode(substr($res,4)); + } + + $item_normal = item_normal(); + + $p = q("select * from item where mid like '%s' limit 1", + dbesc($res . '%') ); - - if(! $c) + + if(! $p) return; + + $c = channelx_by_n($p[0]['uid']); + - $sql_extra = item_permissions_sql($c[0]['channel_id']); + if(! ($c && $res)) + return; + + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream')) + return; + + $sql_extra = item_permissions_sql($c['channel_id']); - $p = q("select * from item where mid = '%s' and uid = %d $sql_extra limit 1", - dbesc($res), - intval($c[0]['channel_id']) + $p = q("select * from item where mid like '%s' and uid = %d $sql_extra $item_normal limit 1", + dbesc($res . '%'), + intval($c['channel_id']) ); + if(! $p) return; xchan_query($p,true); $p = fetch_post_tags($p,true); + + // This function can get tripped up if the item is already a reshare + // (the multiple share declarations do not parse cleanly if nested) + // So build a template with a known nonsense string as the content, and then + // replace that known string with the actual rendered content, sending + // each content layer through bbcode() separately. + + $x = '2eGriplW^*Jmf4'; + $o = "[share author='".urlencode($p[0]['author']['xchan_name']). - "' profile='".$p[0]['author']['xchan_url'] . - "' avatar='".$p[0]['author']['xchan_photo_s']. - "' link='".$p[0]['plink']. - "' posted='".$p[0]['created']. - "' message_id='".$p[0]['mid']."']"; + "' profile='".$p[0]['author']['xchan_url'] . + "' avatar='".$p[0]['author']['xchan_photo_s']. + "' link='".$p[0]['plink']. + "' posted='".$p[0]['created']. + "' message_id='".$p[0]['mid']."']"; if($p[0]['title']) - $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; - $o .= $p[0]['body']; - $o .= "[/share]"; + $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; + + $o .= $x; + $o .= "[/share]"; $o = bbcode($o); + $o = str_replace($x,bbcode($p[0]['body']),$o); + $ret['type'] = 'rich'; $w = (($maxwidth) ? $maxwidth : 640); @@ -118,6 +147,91 @@ class Oep extends \Zotlabs\Web\Controller { return $ret; } + + + function oep_cards_reply($args) { + + $ret = []; + $url = $args['url']; + $maxwidth = intval($args['maxwidth']); + $maxheight = intval($args['maxheight']); + + if(preg_match('#//(.*?)/cards/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) { + $nick = $matches[2]; + $res = $matches[3]; + } + if(! ($nick && $res)) + return $ret; + + $channel = channelx_by_nick($nick); + + if(! $channel) + return $ret; + + + if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages')) + return $ret; + + $sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash()); + + $r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1", + dbesc($res) + ); + if($r) { + $sql_extra = "and item.id = " . intval($r[0]['iid']) . " "; + } + else { + return $ret; + } + + $r = q("select * from item + where item.uid = %d and item_type = %d + $sql_extra order by item.created desc", + intval($channel['channel_id']), + intval(ITEM_TYPE_CARD) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 + and item.item_blocked = 0 "; + + if($r) { + xchan_query($r); + $p = fetch_post_tags($r, true); + } + + $x = '2eGriplW^*Jmf4'; + + + $o = "[share author='".urlencode($p[0]['author']['xchan_name']). + "' profile='".$p[0]['author']['xchan_url'] . + "' avatar='".$p[0]['author']['xchan_photo_s']. + "' link='".$p[0]['plink']. + "' posted='".$p[0]['created']. + "' message_id='".$p[0]['mid']."']"; + if($p[0]['title']) + $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; + + $o .= $x; + $o .= "[/share]"; + $o = bbcode($o); + + $o = str_replace($x,bbcode($p[0]['body']),$o); + + $ret['type'] = 'rich'; + + $w = (($maxwidth) ? $maxwidth : 640); + $h = (($maxheight) ? $maxheight : intval($w * 2 / 3)); + + $ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>'; + + $ret['width'] = $w; + $ret['height'] = $h; + + return $ret; + + } + function oep_mid_reply($args) { @@ -139,6 +253,9 @@ class Oep extends \Zotlabs\Web\Controller { if(! $c) return; + + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream')) + return; $sql_extra = item_permissions_sql($c[0]['channel_id']); @@ -151,19 +268,29 @@ class Oep extends \Zotlabs\Web\Controller { xchan_query($p,true); $p = fetch_post_tags($p,true); - + + // This function can get tripped up if the item is already a reshare + // (the multiple share declarations do not parse cleanly if nested) + // So build a template with a known nonsense string as the content, and then + // replace that known string with the actual rendered content, sending + // each content layer through bbcode() separately. + + $x = '2eGriplW^*Jmf4'; + $o = "[share author='".urlencode($p[0]['author']['xchan_name']). - "' profile='".$p[0]['author']['xchan_url'] . - "' avatar='".$p[0]['author']['xchan_photo_s']. - "' link='".$p[0]['plink']. - "' posted='".$p[0]['created']. - "' message_id='".$p[0]['mid']."']"; - if($p[0]['title']) - $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; - $o .= $p[0]['body']; - $o .= "[/share]"; + "' profile='".$p[0]['author']['xchan_url'] . + "' avatar='".$p[0]['author']['xchan_photo_s']. + "' link='".$p[0]['plink']. + "' posted='".$p[0]['created']. + "' message_id='".$p[0]['mid']."']"; + if($p[0]['title']) + $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n"; + $o .= $x; + $o .= "[/share]"; $o = bbcode($o); + $o = str_replace($x,bbcode($p[0]['body']),$o); + $ret['type'] = 'rich'; $w = (($maxwidth) ? $maxwidth : 640); @@ -247,6 +374,9 @@ class Oep extends \Zotlabs\Web\Controller { if(! $c) return; + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files')) + return; + $sql_extra = permissions_sql($c[0]['channel_id']); $p = q("select resource_id from photo where album = '%s' and uid = %d and imgscale = 0 $sql_extra order by created desc limit 1", @@ -308,6 +438,9 @@ class Oep extends \Zotlabs\Web\Controller { if(! $c) return; + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files')) + return; + $sql_extra = permissions_sql($c[0]['channel_id']); $p = q("select resource_id from photo where uid = %d and imgscale = 0 $sql_extra order by created desc limit 1", @@ -368,7 +501,10 @@ class Oep extends \Zotlabs\Web\Controller { if(! $c) return; - + + if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files')) + return; + $sql_extra = permissions_sql($c[0]['channel_id']); diff --git a/Zotlabs/Module/Ofeed.php b/Zotlabs/Module/Ofeed.php index 2b7acff99..58488d4af 100644 --- a/Zotlabs/Module/Ofeed.php +++ b/Zotlabs/Module/Ofeed.php @@ -18,7 +18,7 @@ class Ofeed extends \Zotlabs\Web\Controller { $params['pages'] = ((x($_REQUEST,'pages')) ? intval($_REQUEST['pages']) : 0); $params['top'] = ((x($_REQUEST,'top')) ? intval($_REQUEST['top']) : 0); $params['start'] = ((x($params,'start')) ? intval($params['start']) : 0); - $params['records'] = ((x($params,'records')) ? intval($params['records']) : 40); + $params['records'] = ((x($params,'records')) ? intval($params['records']) : 10); $params['direction'] = ((x($params,'direction')) ? dbesc($params['direction']) : 'desc'); $params['cat'] = ((x($_REQUEST,'cat')) ? escape_tags($_REQUEST['cat']) : ''); $params['compat'] = ((x($_REQUEST,'compat')) ? intval($_REQUEST['compat']) : 1); diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php new file mode 100644 index 000000000..4b0d855c5 --- /dev/null +++ b/Zotlabs/Module/Owa.php @@ -0,0 +1,53 @@ +<?php + +namespace Zotlabs\Module; + +/** + * OpenWebAuth verifier and token generator + * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home + * Requests to this endpoint should be signed using HTTP Signatures + * using the 'Authorization: Signature' authentication method + * If the signature verifies a token is returned. + * + * This token may be exchanged for an authenticated cookie. + */ + +class Owa extends \Zotlabs\Web\Controller { + + function init() { + + $ret = [ 'success' => false ]; + + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { + if($head !== 'HTTP_AUTHORIZATION') { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; + continue; + } + + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + if($sigblock) { + $keyId = $sigblock['keyId']; + + if($keyId) { + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where hubloc_addr = '%s' limit 1", + dbesc(str_replace('acct:','',$keyId)) + ); + if($r) { + $hubloc = $r[0]; + $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); + if($verified && $verified['header_signed'] && $verified['header_valid']) { + $ret['success'] = true; + $token = random_string(32); + \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); + $ret['token'] = $token; + } + } + } + } + } + } + json_return_and_die($ret,'application/x-zot+json'); + } +} diff --git a/Zotlabs/Module/Pdledit.php b/Zotlabs/Module/Pdledit.php index 618444480..f8af470ac 100644 --- a/Zotlabs/Module/Pdledit.php +++ b/Zotlabs/Module/Pdledit.php @@ -14,7 +14,7 @@ class Pdledit extends \Zotlabs\Web\Controller { if(! trim($_REQUEST['content'])) { del_pconfig(local_channel(),'system','mod_' . $_REQUEST['module'] . '.pdl'); - goaway(z_root() . '/pdledit/' . $_REQUEST['module']); + goaway(z_root() . '/pdledit'); } set_pconfig(local_channel(),'system','mod_' . $_REQUEST['module'] . '.pdl',escape_tags($_REQUEST['content'])); build_sync_packet(); @@ -34,19 +34,38 @@ class Pdledit extends \Zotlabs\Web\Controller { notice( t('Feature disabled.') . EOL); return; } - + + if(argc() > 2 && argv(2) === 'reset') { + del_pconfig(local_channel(),'system','mod_' . argv(1) . '.pdl'); + goaway(z_root() . '/pdledit'); + } + if(argc() > 1) $module = 'mod_' . argv(1) . '.pdl'; else { $o .= '<div class="generic-content-wrapper-styled">'; $o .= '<h1>' . t('Edit System Page Description') . '</h1>'; + + $edited = []; + + $r = q("select k from pconfig where uid = %d and cat = 'system' and k like '%s' ", + intval(local_channel()), + dbesc('mod_%.pdl') + ); + + if($r) { + foreach($r as $rv) { + $edited[] = substr(str_replace('.pdl','',$rv['k']),4); + } + } + $files = glob('Zotlabs/Module/*.php'); if($files) { foreach($files as $f) { $name = lcfirst(basename($f,'.php')); $x = theme_include('mod_' . $name . '.pdl'); if($x) { - $o .= '<a href="pdledit/' . $name . '" >' . $name . '</a><br />'; + $o .= '<a href="pdledit/' . $name . '" >' . $name . '</a>' . ((in_array($name,$edited)) ? ' ' . t('(modified)') . ' <a href="pdledit/' . $name . '/reset" >' . t('Reset') . '</a>': '' ) . '<br />'; } } } @@ -69,6 +88,7 @@ class Pdledit extends \Zotlabs\Web\Controller { '$header' => t('Edit System Page Description'), '$mname' => t('Module Name:'), '$help' => t('Layout Help'), + '$another' => t('Edit another layout'), '$module' => argv(1), '$content' => htmlspecialchars($t,ENT_COMPAT,'UTF-8'), '$submit' => t('Submit') diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 85dae46a5..caef45d98 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -555,7 +555,7 @@ class Photos extends \Zotlabs\Web\Controller { $sql_extra = permissions_sql($owner_uid,get_observer_hash(),'photo'); $sql_attach = permissions_sql($owner_uid,get_observer_hash(),'attach'); - nav_set_selected(t('Photos')); + nav_set_selected('Photos'); $o = ""; @@ -671,8 +671,13 @@ class Photos extends \Zotlabs\Web\Controller { */ if($datatype === 'album') { - - \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n"; + + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) { \App::set_pager_itemspage(60); @@ -765,7 +770,7 @@ class Photos extends \Zotlabs\Web\Controller { if($photos) { $o = replace_macros(get_markup_template('photosajax.tpl'),array( '$photos' => $photos, - '$album_id' => bin2hex($album) + '$album_id' => $datum )); } else { diff --git a/Zotlabs/Module/Ping.php b/Zotlabs/Module/Ping.php index bf2fa5cc9..c91659f2f 100644 --- a/Zotlabs/Module/Ping.php +++ b/Zotlabs/Module/Ping.php @@ -19,6 +19,7 @@ class Ping extends \Zotlabs\Web\Controller { * @result JSON */ function init() { + $result = array(); $notifs = array(); @@ -36,6 +37,11 @@ class Ping extends \Zotlabs\Web\Controller { $result['all_events_today'] = 0; $result['notice'] = array(); $result['info'] = array(); + $result['pubs'] = 0; + $result['files'] = 0; + + if(! $_SESSION['static_loadtime']) + $_SESSION['static_loadtime'] = datetime_convert(); $t0 = dba_timer(); @@ -134,6 +140,61 @@ class Ping extends \Zotlabs\Web\Controller { db_utcnow(), db_quoteinterval('3 MINUTE') ); + $discover_tab_on = ((get_config('system','disable_discover_tab') != 1) ? true : false); + $notify_pubs = ((local_channel()) ? ($vnotify & VNOTIFY_PUBS) && $discover_tab_on : $discover_tab_on); + + if($notify_pubs) { + $sys = get_sys_channel(); + + $pubs = q("SELECT count(id) as total from item + WHERE uid = %d + AND author_xchan != '%s' + AND obj_type != '%s' + AND item_unseen = 1 + AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "' + $item_normal", + intval($sys['channel_id']), + dbesc(get_observer_hash()), + dbesc(ACTIVITY_OBJ_FILE) + ); + + if($pubs) + $result['pubs'] = intval($pubs[0]['total']); + } + + if((argc() > 1) && (argv(1) === 'pubs') && ($notify_pubs)) { + $sys = get_sys_channel(); + $result = array(); + + $r = q("SELECT * FROM item + WHERE uid = %d + AND author_xchan != '%s' + AND obj_type != '%s' + AND item_unseen = 1 + AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "' + $item_normal + ORDER BY created DESC + LIMIT 300", + intval($sys['channel_id']), + dbesc(get_observer_hash()), + dbesc(ACTIVITY_OBJ_FILE) + ); + + if($r) { + xchan_query($r); + foreach($r as $rr) { + $rr['llink'] = str_replace('display/', 'pubstream/?f=&mid=', $rr['llink']); + $result[] = \Zotlabs\Lib\Enotify::format($rr); + } + } + +// logger('ping (network||home): ' . print_r($result, true), LOGGER_DATA); + echo json_encode(array('notify' => $result)); + killme(); + } + + $t1 = dba_timer(); + if((! local_channel()) || ($result['invalid'])) { echo json_encode($result); killme(); @@ -177,6 +238,9 @@ class Ping extends \Zotlabs\Web\Controller { intval(local_channel()) ); break; + case 'pubs': + unset($_SESSION['static_loadtime']); + break; default: break; } @@ -194,37 +258,20 @@ class Ping extends \Zotlabs\Web\Controller { * dropdown menu. */ if(argc() > 1 && argv(1) === 'notify') { - $t = q("select count(*) as total from notify where uid = %d and seen = 0", + $t = q("select * from notify where uid = %d and seen = 0 order by created desc", intval(local_channel()) ); - if($t && intval($t[0]['total']) > 49) { - $z = q("select * from notify where uid = %d - and seen = 0 order by created desc limit 50", - intval(local_channel()) - ); - } else { - $z1 = q("select * from notify where uid = %d - and seen = 0 order by created desc limit 50", - intval(local_channel()) - ); - $z2 = q("select * from notify where uid = %d - and seen = 1 order by created desc limit %d", - intval(local_channel()), - intval(50 - intval($t[0]['total'])) - ); - $z = array_merge($z1,$z2); - } - if(count($z)) { - foreach($z as $zz) { + if($t) { + foreach($t as $tt) { $notifs[] = array( - 'notify_link' => z_root() . '/notify/view/' . $zz['id'], - 'name' => $zz['xname'], - 'url' => $zz['url'], - 'photo' => $zz['photo'], - 'when' => relative_date($zz['created']), - 'hclass' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'), - 'message' => strip_tags(bbcode($zz['msg'])) + 'notify_link' => z_root() . '/notify/view/' . $tt['id'], + 'name' => $tt['xname'], + 'url' => $tt['url'], + 'photo' => $tt['photo'], + 'when' => relative_date($tt['created']), + 'hclass' => (($tt['seen']) ? 'notify-seen' : 'notify-unseen'), + 'message' => strip_tags(bbcode($tt['msg'])) ); } } @@ -233,7 +280,7 @@ class Ping extends \Zotlabs\Web\Controller { killme(); } - if(argc() > 1 && argv(1) === 'messages') { + if(argc() > 1 && argv(1) === 'mail') { $channel = \App::get_channel(); $t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan where channel_id = %d and mail_seen = 0 and mail_deleted = 0 @@ -265,9 +312,12 @@ class Ping extends \Zotlabs\Web\Controller { $r = q("SELECT * FROM item WHERE item_unseen = 1 and uid = %d $item_normal - and author_xchan != '%s' ORDER BY created DESC limit 300", + AND author_xchan != '%s' + AND obj_type != '%s' + ORDER BY created DESC limit 300", intval(local_channel()), - dbesc($ob_hash) + dbesc($ob_hash), + dbesc(ACTIVITY_OBJ_FILE) ); if($r) { @@ -308,6 +358,30 @@ class Ping extends \Zotlabs\Web\Controller { killme(); } + if((argc() > 1 && (argv(1) === 'register')) && is_site_admin()) { + $result = array(); + + $r = q("SELECT account_email, account_created from account where (account_flags & %d) > 0", + intval(ACCOUNT_PENDING) + ); + if($r) { + foreach($r as $rr) { + $result[] = array( + 'notify_link' => z_root() . '/admin/accounts', + 'name' => $rr['account_email'], + 'url' => '', + 'photo' => get_default_profile_photo(48), + 'when' => relative_date($rr['account_created']), + 'hclass' => ('notify-unseen'), + 'message' => t('requires approval') + ); + } + } + logger('ping (register): ' . print_r($result, true), LOGGER_DATA); + echo json_encode(array('notify' => $result)); + killme(); + } + if(argc() > 1 && (argv(1) === 'all_events')) { $bd_format = t('g A l F d') ; // 8 AM Friday January 18 @@ -345,6 +419,39 @@ class Ping extends \Zotlabs\Web\Controller { killme(); } + if(argc() > 1 && (argv(1) === 'files')) { + $result = array(); + + $r = q("SELECT item.created, xchan.xchan_name, xchan.xchan_url, xchan.xchan_photo_s FROM item + LEFT JOIN xchan on author_xchan = xchan_hash + WHERE item.verb = '%s' + AND item.obj_type = '%s' + AND item.uid = %d + AND item.owner_xchan != '%s' + AND item.item_unseen = 1", + dbesc(ACTIVITY_POST), + dbesc(ACTIVITY_OBJ_FILE), + intval(local_channel()), + dbesc($ob_hash) + ); + if($r) { + foreach($r as $rr) { + $result[] = array( + 'notify_link' => z_root() . '/sharedwithme', + 'name' => $rr['xchan_name'], + 'url' => $rr['xchan_url'], + 'photo' => $rr['xchan_photo_s'], + 'when' => relative_date($rr['created']), + 'hclass' => ('notify-unseen'), + 'message' => t('shared a file with you') + ); + } + } + logger('ping (files): ' . print_r($result, true), LOGGER_DATA); + echo json_encode(array('notify' => $result)); + killme(); + } + /** * Normal ping - just the counts, no detail */ @@ -356,15 +463,35 @@ class Ping extends \Zotlabs\Web\Controller { $result['notify'] = intval($t[0]['total']); } - $t1 = dba_timer(); + $t2 = dba_timer(); + + if($vnotify & VNOTIFY_FILES) { + $files = q("SELECT count(id) as total FROM item + WHERE verb = '%s' + AND obj_type = '%s' + AND uid = %d + AND owner_xchan != '%s' + AND item_unseen = 1", + dbesc(ACTIVITY_POST), + dbesc(ACTIVITY_OBJ_FILE), + intval(local_channel()), + dbesc($ob_hash) + ); + if($files) + $result['files'] = intval($files[0]['total']); + } + + $t3 = dba_timer(); if($vnotify & (VNOTIFY_NETWORK|VNOTIFY_CHANNEL)) { $r = q("SELECT id, item_wall FROM item WHERE item_unseen = 1 and uid = %d $item_normal - and author_xchan != '%s'", + AND author_xchan != '%s' + AND obj_type != '%s'", intval(local_channel()), - dbesc($ob_hash) + dbesc($ob_hash), + dbesc(ACTIVITY_OBJ_FILE) ); if($r) { @@ -384,20 +511,20 @@ class Ping extends \Zotlabs\Web\Controller { if(! ($vnotify & VNOTIFY_CHANNEL)) $result['home'] = 0; - $t2 = dba_timer(); + $t4 = dba_timer(); if($vnotify & VNOTIFY_INTRO) { $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ", intval(local_channel()) ); - $t3 = dba_timer(); + $t5 = dba_timer(); if($intr) $result['intros'] = intval($intr[0]['total']); } - $t4 = dba_timer(); + $t6 = dba_timer(); $channel = \App::get_channel(); if($vnotify & VNOTIFY_MAIL) { @@ -420,7 +547,7 @@ class Ping extends \Zotlabs\Web\Controller { } } - $t5 = dba_timer(); + $t7 = dba_timer(); if($vnotify & (VNOTIFY_EVENT|VNOTIFY_EVENTTODAY|VNOTIFY_BIRTHDAY)) { $events = q("SELECT etype, dtstart, adjust FROM event @@ -466,9 +593,9 @@ class Ping extends \Zotlabs\Web\Controller { $x = json_encode($result); - $t6 = dba_timer(); + $t8 = dba_timer(); -// logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0)); +// logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t8 - $t7, $t7 - $t6, $t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0)); echo $x; killme(); diff --git a/Zotlabs/Module/Poke.php b/Zotlabs/Module/Poke.php index 0bd1187c7..d13ec5ced 100644 --- a/Zotlabs/Module/Poke.php +++ b/Zotlabs/Module/Poke.php @@ -150,7 +150,7 @@ class Poke extends \Zotlabs\Web\Controller { return; } - nav_set_selected(t('Poke')); + nav_set_selected('Poke'); $name = ''; $id = ''; diff --git a/Zotlabs/Module/Post.php b/Zotlabs/Module/Post.php index c78484a45..f67cbf020 100644 --- a/Zotlabs/Module/Post.php +++ b/Zotlabs/Module/Post.php @@ -19,16 +19,16 @@ class Post extends \Zotlabs\Web\Controller { function init() { if(array_key_exists('auth', $_REQUEST)) { $x = new \Zotlabs\Zot\Auth($_REQUEST); - exit; } } function post() { - $z = new \Zotlabs\Zot\Receiver($_REQUEST['data'], get_config('system', 'prvkey'), new \Zotlabs\Zot\ZotHandler()); + if(array_key_exists('data',$_REQUEST)) { + $z = new \Zotlabs\Zot\Receiver($_REQUEST['data'], get_config('system', 'prvkey'), new \Zotlabs\Zot\ZotHandler()); + exit; + } - // notreached; - exit; } } diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php index 859bed315..2e65f107c 100644 --- a/Zotlabs/Module/Probe.php +++ b/Zotlabs/Module/Probe.php @@ -8,7 +8,7 @@ class Probe extends \Zotlabs\Web\Controller { function get() { - nav_set_selected(t('Remote Diagnostics')); + nav_set_selected('Remote Diagnostics'); $o .= '<h3>Probe Diagnostic</h3>'; diff --git a/Zotlabs/Module/Profile.php b/Zotlabs/Module/Profile.php index 6930d50ca..43106e3af 100644 --- a/Zotlabs/Module/Profile.php +++ b/Zotlabs/Module/Profile.php @@ -94,7 +94,6 @@ class Profile extends \Zotlabs\Web\Controller { echo \App::$profile['profile_vcard']; killme(); } - $is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false); @@ -102,11 +101,14 @@ class Profile extends \Zotlabs\Web\Controller { notice( t('Permission denied.') . EOL); return; } - - //$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']); - - \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n"; - + + head_add_link([ + 'rel' => 'alternate', + 'type' => 'application/json+oembed', + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'title' => 'oembed' + ]); + $o .= advanced_profile($a); call_hooks('profile_advanced',$o); return $o; diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 47b627015..27e6bc445 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -158,6 +158,9 @@ class Profile_photo extends \Zotlabs\Web\Controller { intval(local_channel()) ); + + + send_profile_photo_activity($channel,$base_image,$profile); } @@ -174,12 +177,17 @@ class Profile_photo extends \Zotlabs\Web\Controller { // We'll set the updated profile-photo timestamp even if it isn't the default profile, // so that browsers will do a cache update unconditionally + // Also set links back to site-specific profile photo url in case it was + // changed to a generic URL by a clone operation. Otherwise the new photo may + // not get pushed to other sites correctly. - - $r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s' + $r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s' where xchan_hash = '%s'", dbesc($im->getType()), dbesc(datetime_convert()), + dbesc(z_root() . '/photo/profile/l/' . $channel['channel_id']), + dbesc(z_root() . '/photo/profile/m/' . $channel['channel_id']), + dbesc(z_root() . '/photo/profile/s/' . $channel['channel_id']), dbesc($channel['xchan_hash']) ); diff --git a/Zotlabs/Module/Pubsites.php b/Zotlabs/Module/Pubsites.php index d87967189..daec5dde3 100644 --- a/Zotlabs/Module/Pubsites.php +++ b/Zotlabs/Module/Pubsites.php @@ -30,13 +30,14 @@ class Pubsites extends \Zotlabs\Web\Controller { if($ret['success']) { $j = json_decode($ret['body'],true); if($j) { - $o .= '<table class="table table-striped table-hover"><tr><td>' . t('Hub URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td><td>' . t('Stats') . '</td><td>' . t('Software') . '</td>'; + $o .= '<table class="table table-striped table-hover"><tr><td>' . t('Hub URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td><!--td>' . t('Stats') . '</td--><td>' . t('Software') . '</td>'; if($rating_enabled) $o .= '<td colspan="2">' . t('Ratings') . '</td>'; $o .= '</tr>'; if($j['sites']) { foreach($j['sites'] as $jj) { - if(! \Zotlabs\Lib\System::compatible_project($jj['project'])) + $projectname = explode(' ',$jj['project']); + if(! \Zotlabs\Lib\System::compatible_project($projectname[0])) continue; if(strpos($jj['version'],' ')) { $x = explode(' ', $jj['version']); @@ -54,7 +55,7 @@ class Pubsites extends \Zotlabs\Web\Controller { $location = '<br /> '; } $urltext = str_replace(array('https://'), '', $jj['url']); - $o .= '<tr><td><a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url'] . '/register' ) . '" ><i class="fa fa-link"></i> ' . $urltext . '</a>' . $location . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><td>' . '<a target="stats" href="https://hubchart-tarine.rhcloud.com/hub.jsp?hubFqdn=' . $m['host'] . '"><i class="fa fa-area-chart"></i></a></td><td>' . ucwords($jj['project']) . (($jj['version']) ? ' ' . $jj['version'] : '') . '</td>'; + $o .= '<tr><td><a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url'] . '/register' ) . '" ><i class="fa fa-link"></i> ' . $urltext . '</a>' . $location . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><!--td>' . '<a target="stats" href="https://hubchart-tarine.rhcloud.com/hub.jsp?hubFqdn=' . $m['host'] . '"><i class="fa fa-area-chart"></i></a></td--><td>' . ucwords($jj['project']) . (($jj['version']) ? ' ' . $jj['version'] : '') . '</td>'; if($rating_enabled) $o .= '<td><a href="ratings/' . $host . '" class="btn-btn-default"><i class="fa fa-eye"></i> ' . t('View') . '</a></td>' . $rate_links ; $o .= '</tr>'; diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index 42aa2b51b..15e2d8a74 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -7,10 +7,10 @@ require_once('include/conversation.php'); class Pubstream extends \Zotlabs\Web\Controller { function get($update = 0, $load = false) { - + if($load) $_SESSION['loadtime'] = datetime_convert(); - + if(observer_prohibited(true)) { return login(); @@ -19,15 +19,28 @@ class Pubstream extends \Zotlabs\Web\Controller { $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; if($disable_discover_tab) return; - + + $mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : ''); + + if(strpos($mid,'b64.') === 0) + $decoded = @base64url_decode(substr($mid,4)); + if($decoded) + $mid = $decoded; + $item_normal = item_normal(); + $item_normal_update = item_normal_update(); $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); - if(! $update) { + if(! $update && !$load) { + + nav_set_selected(t('Public Stream')); - $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0); + if(!$mid) + $_SESSION['static_loadtime'] = datetime_convert(); + + $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); $maxheight = get_config('system','home_divmore_height'); if(! $maxheight) @@ -38,6 +51,10 @@ class Pubstream extends \Zotlabs\Web\Controller { . "; var profile_page = " . \App::$pager['page'] . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; + //if we got a decoded hash we must encode it again before handing to javascript + if($decoded) + $mid = 'b64.' . base64url_encode($mid); + \App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( '$baseurl' => z_root(), '$pgtype' => 'pubstream', @@ -63,7 +80,7 @@ class Pubstream extends \Zotlabs\Web\Controller { '$cats' => '', '$tags' => '', '$dend' => '', - '$mid' => '', + '$mid' => $mid, '$verb' => '', '$dbegin' => '' )); @@ -105,7 +122,7 @@ class Pubstream extends \Zotlabs\Web\Controller { $simple_update = ''; if($static && $simple_update) - $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; + $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; //logger('update: ' . $update . ' load: ' . $load); @@ -114,29 +131,46 @@ class Pubstream extends \Zotlabs\Web\Controller { $ordering = "commented"; if($load) { - - // Fetch a page full of parent items for this page - - $r = q("SELECT distinct item.id AS item_id, $ordering FROM item - left join abook on item.author_xchan = abook.abook_xchan - WHERE true $uids $item_normal - AND item.parent = item.id - and (abook.abook_blocked = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets - ORDER BY $ordering DESC $pager_sql " - ); - - + if($mid) { + $r = q("SELECT parent AS item_id FROM item + left join abook on item.author_xchan = abook.abook_xchan + WHERE mid like '%s' $uids $item_normal + and (abook.abook_blocked = 0 or abook.abook_flags is null) + $sql_extra3 $sql_extra $sql_nets LIMIT 1", + dbesc($mid . '%') + ); + } + else { + // Fetch a page full of parent items for this page + $r = q("SELECT distinct item.id AS item_id, $ordering FROM item + left join abook on item.author_xchan = abook.abook_xchan + WHERE true $uids $item_normal + AND item.parent = item.id + and (abook.abook_blocked = 0 or abook.abook_flags is null) + $sql_extra3 $sql_extra $sql_nets + ORDER BY $ordering DESC $pager_sql " + ); + } } elseif($update) { - - $r = q("SELECT distinct item.id AS item_id, $ordering FROM item - left join abook on item.author_xchan = abook.abook_xchan - WHERE true $uids $item_normal - AND item.parent = item.id $simple_update - and (abook.abook_blocked = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets" - ); + if($mid) { + $r = q("SELECT parent AS item_id FROM item + left join abook on item.author_xchan = abook.abook_xchan + WHERE mid like '%s' $uids $item_normal_update $simple_update + and (abook.abook_blocked = 0 or abook.abook_flags is null) + $sql_extra3 $sql_extra $sql_nets LIMIT 1", + dbesc($mid . '%') + ); + } + else { + $r = q("SELECT distinct item.id AS item_id, $ordering FROM item + left join abook on item.author_xchan = abook.abook_xchan + WHERE true $uids $item_normal_update + AND item.parent = item.id $simple_update + and (abook.abook_blocked = 0 or abook.abook_flags is null) + $sql_extra3 $sql_extra $sql_nets" + ); + } $_SESSION['loadtime'] = datetime_convert(); } // Then fetch all the children of the parents that are on this page @@ -168,6 +202,9 @@ class Pubstream extends \Zotlabs\Web\Controller { $mode = ('network'); $o .= conversation($items,$mode,$update,$page_mode); + + if($mid) + $o .= '<div id="content-complete"></div>'; if(($items) && (! $update)) $o .= alt_pager($a,count($items)); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index d4573156c..95e3ca96f 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -27,7 +27,7 @@ class Register extends \Zotlabs\Web\Controller { $result = check_account_email($_REQUEST['email']); break; case 'password_check.json': - $result = check_account_password($_REQUEST['password']); + $result = check_account_password($_REQUEST['password1']); break; default: break; @@ -123,12 +123,19 @@ class Register extends \Zotlabs\Web\Controller { if($policy == REGISTER_OPEN ) { if($email_verify) { $res = verify_email_address($result); + if($res) { + info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ; + } } else { $res = send_register_success_email($result['email'],$result['password']); } if($res) { - info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ; + if($invite_code) { + info( t('Registration successful. Continue to create your first channel...') . EOL ) ; + } else { + info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ; + } } } elseif($policy == REGISTER_APPROVE) { @@ -167,7 +174,8 @@ class Register extends \Zotlabs\Web\Controller { $next_page = $x; $_SESSION['workflow'] = true; } - + + unset($_SESSION['login_return_url']); goaway(z_root() . '/' . $next_page); } @@ -231,8 +239,8 @@ class Register extends \Zotlabs\Web\Controller { $enable_tos = 1 - intval(get_config('system','no_termsofservice')); $email = array('email', t('Your email address'), ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : "")); - $password = array('password', t('Choose a password'), ((x($_REQUEST,'password')) ? trim($_REQUEST['password']) : "")); - $password2 = array('password2', t('Please re-enter your password'), ((x($_REQUEST,'password2')) ? trim($_REQUEST['password2']) : "")); + $password = array('password', t('Choose a password'), ''); + $password2 = array('password2', t('Please re-enter your password'), ''); $invite_code = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : "")); $name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"')); $nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl')); diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 9fcc72441..bfc03f6ec 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -17,8 +17,8 @@ class Rmagic extends \Zotlabs\Web\Controller { if($r) { if($r[0]['hubloc_url'] === z_root()) goaway(z_root() . '/login'); - $dest = z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string); - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&dest=' . $dest); + $dest = z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest); } } } @@ -61,9 +61,9 @@ class Rmagic extends \Zotlabs\Web\Controller { if($_SESSION['return_url']) $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url'])); else - $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string)); + $dest = urlencode(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string)); - goaway($url . '/magic' . '?f=&dest=' . $dest); + goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest); } } } diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php index 731eab82e..5d2f0d7e8 100644 --- a/Zotlabs/Module/Rpost.php +++ b/Zotlabs/Module/Rpost.php @@ -20,6 +20,7 @@ require_once('include/zot.php'); * body= Body of post * url= URL which will be parsed and the results appended to the body * source= Source application + * post_id= post_id of post to 'share' (local use only) * remote_return= absolute URL to return after posting is finished * type= choices are 'html' or 'bbcode', default is 'bbcode' * @@ -60,7 +61,7 @@ class Rpost extends \Zotlabs\Web\Controller { return login(); } - nav_set_selected(t('Post')); + nav_set_selected('Post'); // If we have saved rpost session variables, but nothing in the current $_REQUEST, recover the saved variables @@ -90,8 +91,6 @@ class Rpost extends \Zotlabs\Web\Controller { } $plaintext = true; - // if(feature_enabled(local_channel(),'richtext')) - // $plaintext = false; if(array_key_exists('type', $_REQUEST) && $_REQUEST['type'] === 'html') { require_once('include/html2bbcode.php'); @@ -110,28 +109,67 @@ class Rpost extends \Zotlabs\Web\Controller { if($x['success']) $_REQUEST['body'] = $_REQUEST['body'] . $x['body']; } + + if($_REQUEST['post_id']) { + $r = q("SELECT * from item WHERE id = %d LIMIT 1", + intval($_REQUEST['post_id']) + ); + if(($r) && (! intval($r[0]['item_private']))) { + $sql_extra = item_permissions_sql($r[0]['uid']); + + $r = q("select * from item where id = %d $sql_extra", + intval($_REQUEST['post_id']) + ); + if($r && $r[0]['mimetype'] === 'text/bbcode') { + + xchan_query($r); + + $is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false); + if($is_photo) { + $object = json_decode($r[0]['obj'],true); + $photo_bb = $object['body']; + } + + if (strpos($r[0]['body'], "[/share]") !== false) { + $pos = strpos($r[0]['body'], "[share"); + $i = substr($r[0]['body'], $pos); + } else { + $i = "[share author='".urlencode($r[0]['author']['xchan_name']). + "' profile='".$r[0]['author']['xchan_url'] . + "' avatar='".$r[0]['author']['xchan_photo_s']. + "' link='".$r[0]['plink']. + "' posted='".$r[0]['created']. + "' message_id='".$r[0]['mid']."']"; + if($r[0]['title']) + $i .= '[b]'.$r[0]['title'].'[/b]'."\r\n"; + $i .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']); + $i .= "[/share]"; + } + } + } + $_REQUEST['body'] = $_REQUEST['body'] . $i; + } $x = array( - 'is_owner' => true, - 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), - 'default_location' => $channel['channel_location'], - 'nickname' => $channel['channel_address'], - 'lockstate' => (($acl->is_private()) ? 'lock' : 'unlock'), - 'acl' => populate_acl($channel_acl, true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), - 'permissions' => $channel_acl, - 'bang' => '', - 'visitor' => true, - 'profile_uid' => local_channel(), - 'title' => $_REQUEST['title'], - 'body' => $_REQUEST['body'], - 'attachment' => $_REQUEST['attachment'], - 'source' => ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''), - 'return_path' => 'rpost/return', - 'bbco_autocomplete' => 'bbcode', - 'editor_autocomplete'=> true, - 'bbcode' => true, - 'jotnets' => true - + 'is_owner' => true, + 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), + 'default_location' => $channel['channel_location'], + 'nickname' => $channel['channel_address'], + 'lockstate' => (($acl->is_private()) ? 'lock' : 'unlock'), + 'acl' => populate_acl($channel_acl, true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), + 'permissions' => $channel_acl, + 'bang' => '', + 'visitor' => true, + 'profile_uid' => local_channel(), + 'title' => $_REQUEST['title'], + 'body' => $_REQUEST['body'], + 'attachment' => $_REQUEST['attachment'], + 'source' => ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''), + 'return_path' => 'rpost/return', + 'bbco_autocomplete' => 'bbcode', + 'editor_autocomplete' => true, + 'bbcode' => true, + 'jotnets' => true ); $editor = status_editor($a,$x); diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index e1d35b879..37e9a336f 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -22,7 +22,7 @@ class Search extends \Zotlabs\Web\Controller { if($load) $_SESSION['loadtime'] = datetime_convert(); - nav_set_selected(t('Search')); + nav_set_selected('Search'); require_once("include/bbcode.php"); require_once('include/security.php'); diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index 3e6adcf8d..41e23b717 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -199,6 +199,10 @@ class Channel { $vnotify += intval($_POST['vnotify10']); if(x($_POST,'vnotify11')) $vnotify += intval($_POST['vnotify11']); + if(x($_POST,'vnotify12')) + $vnotify += intval($_POST['vnotify12']); + if(x($_POST,'vnotify13') && (get_config('system', 'disable_discover_tab') != 1)) + $vnotify += intval($_POST['vnotify13']); $always_show_in_notices = x($_POST,'always_show_in_notices') ? 1 : 0; @@ -505,7 +509,7 @@ class Channel { '$expire' => array('expire',t('Expire other channel content after this many days'),$expire, t('0 or blank to use the website limit.') . ' ' . ((intval($sys_expire)) ? sprintf( t('This website expires after %d days.'),intval($sys_expire)) : t('This website does not expire imported content.')) . ' ' . t('The website limit takes precedence if lower than your limit.')), '$maxreq' => array('maxreq', t('Maximum Friend Requests/Day:'), intval($channel['channel_max_friend_req']) , t('May reduce spam activity')), - '$permissions' => t('Default Access Control List (ACL)'), + '$permissions' => t('Default Privacy Group'), '$permdesc' => t("\x28click to open/close\x29"), '$aclselect' => populate_acl($perm_defaults, false, \Zotlabs\Lib\PermissionDescription::fromDescription(t('Use my default audience setting for the type of object published'))), '$allow_cid' => acl2json($perm_defaults['allow_cid']), @@ -555,6 +559,8 @@ class Channel { '$vnotify9' => array('vnotify9', t('System critical alerts'), ($vnotify & VNOTIFY_ALERT), VNOTIFY_ALERT, t('Recommended'), $yes_no), '$vnotify10' => array('vnotify10', t('New connections'), ($vnotify & VNOTIFY_INTRO), VNOTIFY_INTRO, t('Recommended'), $yes_no), '$vnotify11' => array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no), + '$vnotify12' => array('vnotify12', t('Unseen shared files'), ($vnotify & VNOTIFY_FILES), VNOTIFY_FILES, '', $yes_no), + '$vnotify13' => ((get_config('system', 'disable_discover_tab') != 1) ? array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no) : array()), '$always_show_in_notices' => array('always_show_in_notices', t('Also show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no), '$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')), diff --git a/Zotlabs/Module/Suggest.php b/Zotlabs/Module/Suggest.php index c3f4a6d5a..f79e4e245 100644 --- a/Zotlabs/Module/Suggest.php +++ b/Zotlabs/Module/Suggest.php @@ -29,7 +29,7 @@ class Suggest extends \Zotlabs\Web\Controller { return; } - nav_set_selected(t('Suggest Channels')); + nav_set_selected('Suggest Channels'); $_SESSION['return_url'] = z_root() . '/' . \App::$cmd; diff --git a/Zotlabs/Module/Tasks.php b/Zotlabs/Module/Tasks.php index c8deb11bf..0709f31f6 100644 --- a/Zotlabs/Module/Tasks.php +++ b/Zotlabs/Module/Tasks.php @@ -19,8 +19,8 @@ class Tasks extends \Zotlabs\Web\Controller { $arr['all'] = 1; $x = tasks_fetch($arr); + $x['html'] = ''; if($x['tasks']) { - $x['html'] = ''; foreach($x['tasks'] as $y) { $x['html'] .= '<div class="tasklist-item"><input type="checkbox" onchange="taskComplete(' . $y['id'] . '); return false;" /> ' . $y['summary'] . '</div>'; } @@ -69,6 +69,7 @@ class Tasks extends \Zotlabs\Web\Controller { if($x) $ret['success'] = true; } + json_return_and_die($ret); } diff --git a/Zotlabs/Module/Thing.php b/Zotlabs/Module/Thing.php index 95c6c5636..f816632ab 100644 --- a/Zotlabs/Module/Thing.php +++ b/Zotlabs/Module/Thing.php @@ -91,6 +91,7 @@ class Thing extends \Zotlabs\Web\Controller { } $orig_record = $t[0]; if($photo != $orig_record['obj_imgurl']) { + delete_thing_photo($orig_record['obj_imgurl'],get_observer_hash()); $arr = import_xchan_photo($photo,get_observer_hash(),true); $local_photo = $arr[0]; $local_photo_type = $arr[3]; @@ -336,6 +337,9 @@ class Thing extends \Zotlabs\Web\Controller { return ''; } + + delete_thing_photo($r[0]['obj_imgurl'],get_observer_hash()); + $x = q("delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d", dbesc($thing_hash), intval(TERM_OBJ_THING), diff --git a/Zotlabs/Module/Update_cards.php b/Zotlabs/Module/Update_cards.php new file mode 100644 index 000000000..bb87357e8 --- /dev/null +++ b/Zotlabs/Module/Update_cards.php @@ -0,0 +1,39 @@ +<?php + +namespace Zotlabs\Module; + +/** + * Module: update_profile + * Purpose: AJAX synchronisation of profile page + * + */ + + +class Update_cards extends \Zotlabs\Web\Controller { + +function get() { + + $profile_uid = intval($_GET['p']); + $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); + + header("Content-type: text/html"); + echo "<!DOCTYPE html><html><body><section></section></body></html>\r\n"; + + killme(); + + + $mod = new Cards(); + + $text = $mod->get($profile_uid,$load); + + /** + * reportedly some versions of MSIE don't handle tabs in XMLHttpRequest documents very well + */ + + echo str_replace("\t",' ',$text); + echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); + echo "</body></html>\r\n"; + killme(); + +} +} diff --git a/Zotlabs/Module/Wall_attach.php b/Zotlabs/Module/Wall_attach.php index 03d4cb37b..e001ad929 100644 --- a/Zotlabs/Module/Wall_attach.php +++ b/Zotlabs/Module/Wall_attach.php @@ -97,6 +97,12 @@ class Wall_attach extends \Zotlabs\Web\Controller { $s = "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n"; } + + $sync = attach_export_data($channel,$r['data']['hash']); + if($sync) { + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + } + if($using_api) return $s; diff --git a/Zotlabs/Module/Webpages.php b/Zotlabs/Module/Webpages.php index e449a790f..97ec55ba3 100644 --- a/Zotlabs/Module/Webpages.php +++ b/Zotlabs/Module/Webpages.php @@ -35,7 +35,7 @@ class Webpages extends \Zotlabs\Web\Controller { return; } - nav_set_selected(t('Webpages')); + nav_set_selected('Webpages'); $which = argv(1); diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 07a7b7735..2e9307196 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -30,9 +30,15 @@ class Wfinger extends \Zotlabs\Web\Controller { $resource = $_REQUEST['resource']; logger('webfinger: ' . $resource,LOGGER_DEBUG); + + $root_resource = false; + + if(strcasecmp(rtrim($resource,'/'),z_root()) === 0) + $root_resource = true; + $r = null; - if($resource) { + if(($resource) && (! $root_resource)) { if(strpos($resource,'acct:') === 0) { $channel = str_replace('acct:','',$resource); @@ -60,7 +66,25 @@ class Wfinger extends \Zotlabs\Web\Controller { header('Access-Control-Allow-Origin: *'); + + if($root_resource) { + $result['subject'] = $resource; + $result['properties'] = [ + 'https://w3id.org/security/v1#publicKeyPem' => get_config('system','pubkey') + ]; + $result['links'] = [ + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + ]; + + + + } + if($resource && $r) { $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", @@ -84,7 +108,8 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['properties'] = [ 'http://webfinger.net/ns/name' => $r[0]['channel_name'], - 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'] + 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], + 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'] ]; foreach($aliases as $alias) @@ -98,7 +123,13 @@ class Wfinger extends \Zotlabs\Web\Controller { 'type' => $r[0]['xchan_photo_mimetype'], 'href' => $r[0]['xchan_photo_l'] ], - + + [ + 'rel' => 'http://microformats.org/profile/hcard', + 'type' => 'text/html', + 'href' => z_root() . '/hcard/' . $r[0]['channel_address'] + ], + [ 'rel' => 'http://webfinger.net/rel/profile-page', 'href' => z_root() . '/profile/' . $r[0]['channel_address'], @@ -124,6 +155,13 @@ class Wfinger extends \Zotlabs\Web\Controller { 'rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr'], ], + + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + [ 'rel' => 'magic-public-key', @@ -136,14 +174,16 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['zot'] = zotinfo( [ 'address' => $r[0]['xchan_addr'] ]); } } - else { + + if(! $result) { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request'); killme(); } $arr = [ 'channel' => $r[0], 'request' => $_REQUEST, 'result' => $result ]; call_hooks('webfinger',$arr); - + + json_return_and_die($arr['result'],'application/jrd+json'); } diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 4dc11c683..d6a01af11 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -76,7 +76,7 @@ class Wiki extends \Zotlabs\Web\Controller { $wiki_owner = true; - nav_set_selected(t('Wiki')); + nav_set_selected('Wiki'); // Obtain the default permission settings of the channel $owner_acl = array( @@ -113,12 +113,13 @@ class Wiki extends \Zotlabs\Web\Controller { $o = ''; // Download a wiki -/* + if((argc() > 3) && (argv(2) === 'download') && (argv(3) === 'wiki')) { $resource_id = argv(4); + $w = Zlib\NativeWiki::get_wiki($owner['channel_id'],$observer_hash,$resource_id); - $w = Zlib\NativeWiki::get_wiki($owner,$observer_hash,$resource_id); +// $w = Zlib\NativeWiki::get_wiki($owner,$observer_hash,$resource_id); if(! $w['htmlName']) { notice(t('Error retrieving wiki') . EOL); } @@ -133,8 +134,41 @@ class Wiki extends \Zotlabs\Web\Controller { $zip_filename = $w['urlName']; $zip_filepath = '/tmp/' . $zip_folder_name . '/' . $zip_filename; + // Generate the zip file - ZLib\ExtendedZip::zipTree($w['path'], $zip_filepath, \ZipArchive::CREATE); + + $zip = new \ZipArchive; + $r = $zip->open($zip_filepath, \ZipArchive::CREATE); + if($r === true) { + $pages = []; + $i = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' order by revision desc", + dbesc($resource_id) + ); + + if($i) { + foreach($i as $iv) { + if(in_array($iv['mid'],$pages)) + continue; + + if($iv['mimetype'] === 'text/plain') { + $content = html_entity_decode($iv['body'],ENT_COMPAT,'UTF-8'); + } + elseif($iv['mimetype'] === 'text/bbcode') { + $content = html_entity_decode($iv['body'],ENT_COMPAT,'UTF-8'); + } + elseif($iv['mimetype'] === 'text/markdown') { + $content = html_entity_decode(Zlib\MarkdownSoap::unescape($iv['body']),ENT_COMPAT,'UTF-8'); + } + $fname = get_iconfig($iv['id'],'nwikipage','pagetitle') . Zlib\NativeWikiPage::get_file_ext($iv); + $zip->addFromString($fname,$content); + $pages[] = $iv['mid']; + } + + + } + + } + $zip->close(); // Output the file for download @@ -153,10 +187,11 @@ class Wiki extends \Zotlabs\Web\Controller { killme(); } -*/ + switch(argc()) { case 2: $wikis = Zlib\NativeWiki::listwikis($owner, get_observer_hash()); + if($wikis) { $o .= replace_macros(get_markup_template('wikilist.tpl'), array( '$header' => t('Wikis'), @@ -170,16 +205,19 @@ class Wiki extends \Zotlabs\Web\Controller { '$create' => t('Create New'), '$submit' => t('Submit'), '$wikiName' => array('wikiName', t('Wiki name')), - '$mimeType' => array('mimeType', t('Content type'), '', '', ['text/markdown' => 'Markdown', 'text/bbcode' => 'BB Code']), + '$mimeType' => array('mimeType', t('Content type'), '', '', ['text/markdown' => t('Markdown'), 'text/bbcode' => t('BBcode'), 'text/plain' => t('Text') ]), '$name' => t('Name'), '$type' => t('Type'), + '$unlocked' => t('Any type'), '$lockstate' => $x['lockstate'], '$acl' => $x['acl'], '$allow_cid' => $x['allow_cid'], '$allow_gid' => $x['allow_gid'], '$deny_cid' => $x['deny_cid'], '$deny_gid' => $x['deny_gid'], - '$notify' => array('postVisible', t('Create a status post for this wiki'), '', '', array(t('No'), t('Yes'))) + '$typelock' => array('typelock', t('Lock content type'), '', '', array(t('No'), t('Yes'))), + '$notify' => array('postVisible', t('Create a status post for this wiki'), '', '', array(t('No'), t('Yes'))), + '$edit_wiki_name' => t('Edit Wiki Name') )); return $o; @@ -259,9 +297,11 @@ class Wiki extends \Zotlabs\Web\Controller { goaway(z_root() . '/' . argv(0) . '/' . argv(1) ); } - $mimeType = $p['mimeType']; + $mimeType = $p['pageMimeType']; $sampleContent = (($mimeType == 'text/bbcode') ? '[h3]' . t('New page') . '[/h3]' : '### ' . t('New page')); + if($mimeType === 'text/plain') + $sampleContent = t('New page'); $content = (($p['content'] == '') ? $sampleContent : $p['content']); @@ -269,7 +309,10 @@ class Wiki extends \Zotlabs\Web\Controller { if($mimeType == 'text/bbcode') { $renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName); } - else { + elseif($mimeType === 'text/plain') { + $renderedContent = str_replace(["\n",' ',"\t"],[EOL,' ',' '],htmlentities($content,ENT_COMPAT,'UTF-8',false)); + } + elseif($mimeType === 'text/markdown') { $content = Zlib\MarkdownSoap::unescape($content); $html = Zlib\NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))); $renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName); @@ -290,6 +333,9 @@ class Wiki extends \Zotlabs\Web\Controller { '$cancel' => t('Cancel') )); + $types = [ 'text/bbcode' => t('BBcode'), 'text/markdown' => t('Markdown'), 'text/plain' => 'Text' ]; + $currenttype = $types[$mimeType]; + $placeholder = t('Short description of your changes (optional)'); $o .= replace_macros(get_markup_template('wiki.tpl'),array( @@ -304,6 +350,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$resource_id' => $resource_id, '$page' => $pageUrlName, '$mimeType' => $mimeType, + '$typename' => $currenttype, '$content' => $content, '$renderedContent' => $renderedContent, '$pageRename' => array('pageRename', t('New page name'), '', ''), @@ -323,7 +370,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$modalerroralbum' => t('Error getting album'), )); - if($p['mimeType'] != 'text/bbcode') + if($p['pageMimeType'] === 'text/markdown') head_add_js('/library/ace/ace.js'); // Ace Code Editor return $o; @@ -347,17 +394,17 @@ class Wiki extends \Zotlabs\Web\Controller { if((argc() > 2) && (argv(2) === 'preview')) { $content = $_POST['content']; $resource_id = $_POST['resource_id']; + $w = Zlib\NativeWiki::get_wiki($owner['channel_id'],$observer_hash,$resource_id); $wikiURL = argv(0) . '/' . argv(1) . '/' . $w['urlName']; - $mimeType = $w['mimeType']; + $mimeType = $_POST['mimetype']; - if($mimeType == 'text/bbcode') { + if($mimeType === 'text/bbcode') { $html = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))),$wikiURL); } - else { - + elseif($mimeType === 'text/markdown') { $bb = Zlib\NativeWikiPage::bbcode($content); $x = new ZLib\MarkdownSoap($bb); $md = $x->clean(); @@ -366,6 +413,9 @@ class Wiki extends \Zotlabs\Web\Controller { $html = Zlib\NativeWikiPage::generate_toc(zidify_text($html)); $html = Zlib\NativeWikiPage::convert_links($html,$wikiURL); } + elseif($mimeType === 'text/plain') { + $html = str_replace(["\n",' ',"\t"],[EOL,' ',' '],htmlentities($content,ENT_COMPAT,'UTF-8',false)); + } json_return_and_die(array('html' => $html, 'success' => true)); } @@ -386,6 +436,7 @@ class Wiki extends \Zotlabs\Web\Controller { $wiki['htmlName'] = escape_tags($_POST['wikiName']); $wiki['urlName'] = urlencode(urlencode($_POST['wikiName'])); $wiki['mimeType'] = $_POST['mimeType']; + $wiki['typelock'] = $_POST['typelock']; if($wiki['urlName'] === '') { notice( t('Error creating wiki. Invalid name.') . EOL); @@ -406,7 +457,7 @@ class Wiki extends \Zotlabs\Web\Controller { $r = Zlib\NativeWiki::create_wiki($owner, $observer_hash, $wiki, $acl); if($r['success']) { Zlib\NativeWiki::sync_a_wiki_item($owner['channel_id'],$r['item_id'],$r['item']['resource_id']); - $homePage = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash,'Home', $r['item']['resource_id']); + $homePage = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash,'Home', $r['item']['resource_id'], $wiki['mimeType']); if(! $homePage['success']) { notice( t('Wiki created, but error creating Home page.')); goaway(z_root() . '/wiki/' . $nick . '/' . $wiki['urlName']); @@ -420,6 +471,52 @@ class Wiki extends \Zotlabs\Web\Controller { } } + // Update a wiki + // /wiki/channel/update/wiki + if ((argc() > 3) && (argv(2) === 'update') && (argv(3) === 'wiki')) { + // Only the channel owner can update a wiki, at least until we create a + // more detail permissions framework + + if (local_channel() !== intval($owner['channel_id'])) { + goaway('/' . argv(0) . '/' . $nick . '/'); + } + + $arr = []; + + $arr['urlName'] = urlencode(urlencode($_POST['origRawName'])); + + if($_POST['updateRawName']) + $arr['updateRawName'] = $_POST['updateRawName']; + + if(($arr['urlName'] || $arr['updateRawName']) === '') { + notice( t('Error updating wiki. Invalid name.') . EOL); + goaway('/wiki'); + return; //not reached + } + + $wiki = Zlib\NativeWiki::exists_by_name($owner['channel_id'], $arr['urlName']); + + if($wiki['resource_id']) { + + $arr['resource_id'] = $wiki['resource_id']; + + $acl = new \Zotlabs\Access\AccessList($owner); + $acl->set_from_array($_POST); + + $r = Zlib\NativeWiki::update_wiki($owner['channel_id'], $observer_hash, $arr, $acl); + if($r['success']) { + Zlib\NativeWiki::sync_a_wiki_item($owner['channel_id'],$r['item_id'],$r['item']['resource_id']); + goaway(z_root() . '/wiki/' . $nick); + } + else { + notice( t('Error updating wiki')); + goaway(z_root() . '/wiki'); + } + + } + goaway(z_root() . '/wiki'); + } + // Delete a wiki if ((argc() > 3) && (argv(2) === 'delete') && (argv(3) === 'wiki')) { @@ -445,11 +542,13 @@ class Wiki extends \Zotlabs\Web\Controller { // Create a page if ((argc() === 4) && (argv(2) === 'create') && (argv(3) === 'page')) { + $mimetype = $_POST['mimetype']; + $resource_id = $_POST['resource_id']; // Determine if observer has permission to create a page + - - $perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); + $perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash, $mimetype); if(! $perms['write']) { logger('Wiki write permission denied. ' . EOL); json_return_and_die(array('success' => false)); @@ -459,7 +558,7 @@ class Wiki extends \Zotlabs\Web\Controller { if(urlencode(escape_tags($_POST['pageName'])) === '') { json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false)); } - $page = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash, $name, $resource_id); + $page = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash, $name, $resource_id, $mimetype); if($page['item_id']) { $commit = Zlib\NativeWikiPage::commit(array( diff --git a/Zotlabs/Module/Xrd.php b/Zotlabs/Module/Xrd.php index 60a8f58fa..959e31cbe 100644 --- a/Zotlabs/Module/Xrd.php +++ b/Zotlabs/Module/Xrd.php @@ -50,6 +50,7 @@ class Xrd extends \Zotlabs\Web\Controller { '$accturi' => $resource, '$subject' => $subject, '$aliases' => $aliases, + '$channel_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/ofeed/' . $r[0]['channel_address'], diff --git a/Zotlabs/Module/Zfinger.php b/Zotlabs/Module/Zfinger.php index 2ff605fc9..0f7f6a64b 100644 --- a/Zotlabs/Module/Zfinger.php +++ b/Zotlabs/Module/Zfinger.php @@ -9,8 +9,36 @@ class Zfinger extends \Zotlabs\Web\Controller { require_once('include/zot.php'); require_once('include/crypto.php'); - $x = zotinfo($_REQUEST); + + if($x && $x['guid'] && $x['guid_sig']) { + $chan_hash = make_xchan_hash($x['guid'],$x['guid_sig']); + if($chan_hash) { + $chan = channelx_by_hash($chan_hash); + } + } + + $headers = []; + $headers['Content-Type'] = 'application/json' ; + $ret = json_encode($x); + + if($chan) { + $hash = \Zotlabs\Web\HTTPSig::generate_digest($ret,false); + $headers['Digest'] = 'SHA-256=' . $hash; + \Zotlabs\Web\HTTPSig::create_sig('',$headers,$chan['channel_prvkey'], + 'acct:' . $chan['channel_address'] . '@' . \App::get_hostname(),true); + } + else { + foreach($headers as $k => $v) { + header($k . ': ' . $v); + } + } + + echo $ret; + killme(); + + + json_return_and_die($x); } |