diff options
Diffstat (limited to 'Zotlabs/Module')
| -rw-r--r-- | Zotlabs/Module/Admin.php | 47 | ||||
| -rw-r--r-- | Zotlabs/Module/Editlayout.php | 164 | ||||
| -rw-r--r-- | Zotlabs/Module/Editpost.php | 40 | ||||
| -rw-r--r-- | Zotlabs/Module/Layouts.php | 81 | ||||
| -rw-r--r-- | Zotlabs/Module/Oep.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Sources.php | 19 |
6 files changed, 163 insertions, 190 deletions
diff --git a/Zotlabs/Module/Admin.php b/Zotlabs/Module/Admin.php index 1d37b41bc..e1eaa6e0e 100644 --- a/Zotlabs/Module/Admin.php +++ b/Zotlabs/Module/Admin.php @@ -221,7 +221,7 @@ class Admin extends \Zotlabs\Web\Controller { '$pending' => array( t('Pending registrations'), $pending), '$channels' => array( t('Registered channels'), $channels), '$plugins' => array( t('Active plugins'), $plugins ), - '$version' => array( t('Version'), RED_VERSION), + '$version' => array( t('Version'), STD_VERSION), '$build' => get_config('system', 'db_version') )); } @@ -568,27 +568,33 @@ class Admin extends \Zotlabs\Web\Controller { $block_public = ((x($_POST,'block_public')) ? True : False); set_config('system','block_public',$block_public); - $ws = trim_array_elems(explode("\n",$_POST['whitelisted_sites'])); + $ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites'])); set_config('system','whitelisted_sites',$ws); - $bs = trim_array_elems(explode("\n",$_POST['blacklisted_sites'])); + $bs = $this->trim_array_elems(explode("\n",$_POST['blacklisted_sites'])); set_config('system','blacklisted_sites',$bs); - $wc = trim_array_elems(explode("\n",$_POST['whitelisted_channels'])); + $wc = $this->trim_array_elems(explode("\n",$_POST['whitelisted_channels'])); set_config('system','whitelisted_channels',$wc); - $bc = trim_array_elems(explode("\n",$_POST['blacklisted_channels'])); + $bc = $this->trim_array_elems(explode("\n",$_POST['blacklisted_channels'])); set_config('system','blacklisted_channels',$bc); - $embed_coop = ((x($_POST,'embed_coop')) ? True : False); - set_config('system','embed_coop',$embed_coop); + $embed_sslonly = ((x($_POST,'embed_sslonly')) ? True : False); + set_config('system','embed_sslonly',$embed_sslonly); - $we = trim_array_elems(explode("\n",$_POST['embed_allow'])); + $we = $this->trim_array_elems(explode("\n",$_POST['embed_allow'])); set_config('system','embed_allow',$we); - $be = trim_array_elems(explode("\n",$_POST['embed_deny'])); + $be = $this->trim_array_elems(explode("\n",$_POST['embed_deny'])); set_config('system','embed_deny',$be); + $ts = ((x($_POST,'transport_security')) ? True : False); + set_config('system','transport_security_header',$ts); + + $cs = ((x($_POST,'content_security')) ? True : False); + set_config('system','content_security_policy',$cs); + goaway(z_root() . '/admin/security'); } @@ -708,9 +714,13 @@ class Admin extends \Zotlabs\Web\Controller { $embed_coop = intval(get_config('system','embed_coop')); - // wait to implement this until we have a co-op in place. - // if((! $whiteembeds) && (! $blackembeds) && (! $embed_coop)) - // $whiteembeds_str = "youtube.com\nyoutu.be\ntwitter.com\nvimeo.com\nsoundcloud.com\nwikipedia.com"; + if((! $whiteembeds) && (! $blackembeds)) { + $embedhelp1 = t("By default, unfiltered HTML is allowed in embedded media. This is inherently insecure."); + } + + $embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:"); + $embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />"); + $embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked."); $t = get_markup_template('admin_security.tpl'); return replace_macros($t, array( @@ -718,14 +728,18 @@ class Admin extends \Zotlabs\Web\Controller { '$page' => t('Security'), '$form_security_token' => get_form_security_token('admin_security'), '$block_public' => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")), + '$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(get_config('system','transport_security_header')),''), + '$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(get_config('system','content_security_policy')),''), '$whitelisted_sites' => array('whitelisted_sites', t('Allow communications only from these sites'), $whitesites_str, t('One site per line. Leave empty to allow communication from anywhere by default')), '$blacklisted_sites' => array('blacklisted_sites', t('Block communications from these sites'), $blacksites_str, ''), '$whitelisted_channels' => array('whitelisted_channels', t('Allow communications only from these channels'), $whitechannels_str, t('One channel (hash) per line. Leave empty to allow from any channel by default')), '$blacklisted_channels' => array('blacklisted_channels', t('Block communications from these channels'), $blackchannels_str, ''), - '$embed_allow' => array('embed_allow', t('Allow embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. Leave empty to allow from any site by default')), + '$embed_sslonly' => array('embed_sslonly',t('Only allow embeds from secure (SSL) websites and links.'), intval(get_config('system','embed_sslonly')),''), + '$embed_allow' => array('embed_allow', t('Allow unfiltered embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. By default embedded content is filtered.')), '$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''), // '$embed_coop' => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')), + '$submit' => t('Submit') )); } @@ -1327,6 +1341,8 @@ class Admin extends \Zotlabs\Web\Controller { } } + usort($plugins,'self::plugin_sort'); + $t = get_markup_template('admin_plugins.tpl'); return replace_macros($t, array( '$title' => t('Administration'), @@ -1340,6 +1356,11 @@ class Admin extends \Zotlabs\Web\Controller { )); } + static public function plugin_sort($a,$b) { + return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name']))); + } + + /** * @param array $themes * @param string $th diff --git a/Zotlabs/Module/Editlayout.php b/Zotlabs/Module/Editlayout.php index cec55f5cc..c5b50235a 100644 --- a/Zotlabs/Module/Editlayout.php +++ b/Zotlabs/Module/Editlayout.php @@ -3,45 +3,45 @@ namespace Zotlabs\Module; require_once('include/identity.php'); require_once('include/acl_selectors.php'); - +require_once('include/conversation.php'); class Editlayout extends \Zotlabs\Web\Controller { function init() { - + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { $sys = get_sys_channel(); if($sys && intval($sys['channel_id'])) { \App::$is_sys = true; } } - + if(argc() > 1) $which = argv(1); else return; - + profile_load($a,$which); - + } - - function get() { - + + function get() { + if(! \App::$profile) { notice( t('Requested profile is not available.') . EOL ); \App::$error = 404; return; } - + $which = argv(1); - + $uid = local_channel(); $owner = 0; $channel = null; $observer = \App::get_observer(); - + $channel = \App::get_channel(); - + if(\App::$is_sys && is_site_admin()) { $sys = get_sys_channel(); if($sys && intval($sys['channel_id'])) { @@ -50,7 +50,7 @@ class Editlayout extends \Zotlabs\Web\Controller { $observer = $sys; } } - + if(! $owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", @@ -60,136 +60,86 @@ class Editlayout extends \Zotlabs\Web\Controller { $owner = intval($r[0]['channel_id']); } } - + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + if(! perm_is_allowed($owner,$ob_hash,'write_pages')) { notice( t('Permission denied.') . EOL); return; } - + $is_owner = (($uid && $uid == $owner) ? true : false); - + $o = ''; - + // Figure out which post we're editing $post_id = ((argc() > 2) ? intval(argv(2)) : 0); - - + if(! $post_id) { notice( t('Item not found') . EOL); return; } - + // Now we've got a post and an owner, let's find out if we're allowed to edit it - + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + $perms = get_all_perms($owner,$ob_hash); - + if(! $perms['write_pages']) { notice( t('Permission denied.') . EOL); return; } - - + $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner) ); - + $item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", intval($itm[0]['id']) ); if($item_id) $layout_title = $item_id[0]['sid']; - - $plaintext = true; - - \App::$page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array( - '$baseurl' => z_root(), - '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), - '$pretext' => '', - '$ispublic' => ' ', // t('Visible to <strong>everybody</strong>'), - '$geotag' => $geotag, - '$nickname' => $channel['channel_address'], - '$confirmdelete' => t('Delete layout?'), - '$bbco_autocomplete'=> 'comanche' - )); - - - $tpl = get_markup_template("jot.tpl"); - - $jotplugins = ''; - $jotnets = ''; - - call_hooks('jot_tool', $jotplugins); - call_hooks('jot_networks', $jotnets); - - - // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD - // instead of loading a sensible page. So, send folk to the webpage list. - + $rp = 'layouts/' . $which; - - $editor = replace_macros($tpl,array( - '$return_path' => $rp, - '$action' => 'item', - '$webpage' => ITEM_TYPE_PDL, - '$share' => t('Edit'), - '$bold' => t('Bold'), - '$italic' => t('Italic'), - '$underline' => t('Underline'), - '$quote' => t('Quote'), - '$code' => t('Code'), - '$upload' => t('Upload photo'), - '$attach' => t('Attach file'), - '$weblink' => t('Insert web link'), - '$youtube' => t('Insert YouTube video'), - '$video' => t('Insert Vorbis [.ogg] video'), - '$audio' => t('Insert Vorbis [.ogg] audio'), - '$setloc' => t('Set your location'), - '$noloc' => t('Clear browser location'), - '$wait' => t('Please wait'), - '$permset' => t('Permission settings'), - '$ptyp' => $itm[0]['type'], - '$content' => undo_post_tagging($itm[0]['body']), - '$post_id' => $post_id, - '$baseurl' => z_root(), - '$defloc' => $channel['channel_location'], - '$visitor' => false, - '$public' => t('Public post'), - '$jotnets' => $jotnets, - '$title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), - '$placeholdertitle' => t('Layout Description (Optional)'), - '$pagetitle' => $layout_title, - '$placeholdpagetitle' => t('Layout Name'), - '$category' => '', - '$placeholdercategory' => t('Categories (optional, comma-separated list)'), - '$emtitle' => t('Example: bob@example.com, mary@example.com'), - '$lockstate' => $lockstate, - '$acl' => '', - '$bang' => '', - '$profile_uid' => (intval($owner)), - '$jotplugins' => $jotplugins, - '$sourceapp' => t(\App::$sourcename), - '$defexpire' => '', - '$feature_expire' => false, - '$expires' => t('Set expiration date'), - )); - - + + $x = array( + 'webpage' => ITEM_TYPE_PDL, + 'nickname' => $channel['channel_address'], + 'editor_autocomplete'=> true, + 'bbco_autocomplete'=> 'comanche', + 'return_path' => $rp, + 'button' => t('Edit'), + 'hide_voting' => true, + 'hide_future' => true, + 'hide_expire' => true, + 'hide_location' => true, + 'hide_weblink' => true, + 'hide_attach' => true, + 'hide_preview' => true, + 'ptyp' => $itm[0]['obj_type'], + 'body' => undo_post_tagging($itm[0]['body']), + 'post_id' => $post_id, + 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'pagetitle' => $layout_title, + 'ptlabel' => t('Layout Name'), + 'placeholdertitle' => t('Layout Description (Optional)'), + 'showacl' => false, + 'profile_uid' => intval($owner), + ); + + $editor = status_editor($a, $x); + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( '$title' => t('Edit Layout'), '$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false), '$id' => $itm[0]['id'], '$editor' => $editor )); - + return $o; - + } - - - + } diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index 1c2c2a30b..25ba1a39a 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -10,44 +10,38 @@ require_once('include/conversation.php'); class Editpost extends \Zotlabs\Web\Controller { function get() { - + $o = ''; - + if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - + $post_id = ((argc() > 1) ? intval(argv(1)) : 0); - + if(! $post_id) { notice( t('Item not found') . EOL); return; } - + $itm = q("SELECT * FROM `item` WHERE `id` = %d AND ( owner_xchan = '%s' OR author_xchan = '%s' ) LIMIT 1", intval($post_id), dbesc(get_observer_hash()), dbesc(get_observer_hash()) ); - + if(! count($itm)) { notice( t('Item is not editable') . EOL); return; } - + if($itm[0]['resource_type'] === 'event' && $itm[0]['resource_id']) { goaway(z_root() . '/events/' . $itm[0]['resource_id'] . '?expandform=1'); } - - + $owner_uid = $itm[0]['uid']; - - - $plaintext = true; - // if(feature_enabled(local_channel(),'richtext')) - // $plaintext = false; - + $channel = \App::get_channel(); if(intval($itm[0]['item_obscured'])) { @@ -57,10 +51,10 @@ class Editpost extends \Zotlabs\Web\Controller { if($itm[0]['body']) $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']),$key); } - + $category = ''; $catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : ''); - + if ($catsenabled){ $itm = fetch_post_tags($itm); @@ -72,7 +66,7 @@ class Editpost extends \Zotlabs\Web\Controller { $category .= $cat['term']; } } - + if($itm[0]['attach']) { $j = json_decode($itm[0]['attach'],true); if($j) { @@ -106,16 +100,14 @@ class Editpost extends \Zotlabs\Web\Controller { ); $editor = status_editor($a, $x); - + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( '$title' => t('Edit post'), '$editor' => $editor )); - + return $o; - + } - - - + } diff --git a/Zotlabs/Module/Layouts.php b/Zotlabs/Module/Layouts.php index 50cb401bc..8a7207fc2 100644 --- a/Zotlabs/Module/Layouts.php +++ b/Zotlabs/Module/Layouts.php @@ -5,47 +5,45 @@ require_once('include/identity.php'); require_once('include/conversation.php'); require_once('include/acl_selectors.php'); - class Layouts extends \Zotlabs\Web\Controller { function init() { - + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { $sys = get_sys_channel(); if($sys && intval($sys['channel_id'])) { \App::$is_sys = true; } } - + if(argc() > 1) $which = argv(1); else return; - + profile_load($a,$which); - + } - - - function get() { - + + function get() { + if(! \App::$profile) { notice( t('Requested profile is not available.') . EOL ); \App::$error = 404; return; } - + $which = argv(1); - + $_SESSION['return_url'] = \App::$query_string; - + $uid = local_channel(); $owner = 0; $channel = null; $observer = \App::get_observer(); - + $channel = \App::get_channel(); - + if(\App::$is_sys && is_site_admin()) { $sys = get_sys_channel(); if($sys && intval($sys['channel_id'])) { @@ -54,7 +52,7 @@ class Layouts extends \Zotlabs\Web\Controller { $observer = $sys; } } - + if(! $owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", @@ -64,34 +62,34 @@ class Layouts extends \Zotlabs\Web\Controller { $owner = intval($r[0]['channel_id']); } } - + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + $perms = get_all_perms($owner,$ob_hash); - + if(! $perms['write_pages']) { notice( t('Permission denied.') . EOL); return; } - + // Block design features from visitors - + if((! $uid) || ($uid != $owner)) { notice( t('Permission denied.') . EOL); return; } - + // Get the observer, check their permissions - + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + $perms = get_all_perms($owner,$ob_hash); - + if(! $perms['write_pages']) { notice( t('Permission denied.') . EOL); return; } - + //This feature is not exposed in redbasic ui since it is not clear why one would want to //download a json encoded pdl file - we dont have a possibility to import it. //Use the buildin share/install feature instead. @@ -109,19 +107,23 @@ class Layouts extends \Zotlabs\Web\Controller { killme(); } } - + // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages // Nickname is set to the observers xchan, and profile_uid to the owners. // This lets you post pages at other people's channels. - + $x = array( 'webpage' => ITEM_TYPE_PDL, 'is_owner' => true, 'nickname' => \App::$profile['channel_address'], - 'bang' => '', 'showacl' => false, - 'visitor' => false, - 'nopreview' => 1, + 'hide_voting' => true, + 'hide_future' => true, + 'hide_expire' => true, + 'hide_location' => true, + 'hide_weblink' => true, + 'hide_attach' => true, + 'hide_preview' => true, 'ptlabel' => t('Layout Name'), 'profile_uid' => intval($owner), 'expanded' => true, @@ -129,24 +131,24 @@ class Layouts extends \Zotlabs\Web\Controller { 'novoting' => true, 'bbco_autocomplete' => 'comanche' ); - + if($_REQUEST['title']) $x['title'] = $_REQUEST['title']; if($_REQUEST['body']) $x['body'] = $_REQUEST['body']; if($_REQUEST['pagetitle']) $x['pagetitle'] = $_REQUEST['pagetitle']; - + $editor = status_editor($a,$x); - + $r = q("select iid, sid, mid, title, body, mimetype, created, edited, item_type from item_id left join item on item_id.iid = item.id where item_id.uid = %d and service = 'PDL' and item_type = %d order by item.created desc", intval($owner), intval(ITEM_TYPE_PDL) ); - + $pages = null; - + if($r) { $pages = array(); foreach($r as $rr) { @@ -171,10 +173,10 @@ class Layouts extends \Zotlabs\Web\Controller { ); } } - + //Build the base URL for edit links $url = z_root() . '/editlayout/' . $which; - + $o .= replace_macros(get_markup_template('layoutlist.tpl'), array( '$title' => t('Layouts'), '$create' => t('Create'), @@ -192,8 +194,9 @@ class Layouts extends \Zotlabs\Web\Controller { '$channel' => $which, '$view' => t('View'), )); - + return $o; + } - + } diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index f36a452e8..638ea7e2d 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -220,7 +220,7 @@ class Oep extends \Zotlabs\Web\Controller { $ret['width'] = intval($width); $ret['height'] = intval($height); - $ret['html'] = get_zcard($c,get_observer_hash(),array('width' => $width, 'height' => $height)); + $ret['html'] = get_zcard_embed($c,get_observer_hash(),array('width' => $width, 'height' => $height)); return $ret; diff --git a/Zotlabs/Module/Sources.php b/Zotlabs/Module/Sources.php index cca9e5ebf..a180d9b6e 100644 --- a/Zotlabs/Module/Sources.php +++ b/Zotlabs/Module/Sources.php @@ -7,7 +7,7 @@ class Sources extends \Zotlabs\Web\Controller { function post() { if(! local_channel()) return; - + if(! feature_enabled(local_channel(),'channel_sources')) return ''; @@ -17,6 +17,7 @@ class Sources extends \Zotlabs\Web\Controller { $words = $_REQUEST['words']; $frequency = $_REQUEST['frequency']; $name = $_REQUEST['name']; + $tags = $_REQUEST['tags']; $channel = \App::get_channel(); @@ -36,14 +37,15 @@ class Sources extends \Zotlabs\Web\Controller { notice ( t('Failed to create source. No channel selected.') . EOL); return; } - + if(! $source) { - $r = q("insert into source ( src_channel_id, src_channel_xchan, src_xchan, src_patt ) - values ( %d, '%s', '%s', '%s' ) ", + $r = q("insert into source ( src_channel_id, src_channel_xchan, src_xchan, src_patt, src_tag ) + values ( %d, '%s', '%s', '%s', '%s' ) ", intval(local_channel()), dbesc($channel['channel_hash']), dbesc($xchan), - dbesc($words) + dbesc($words), + dbesc($tags) ); if($r) { info( t('Source created.') . EOL); @@ -51,9 +53,10 @@ class Sources extends \Zotlabs\Web\Controller { goaway(z_root() . '/sources'); } else { - $r = q("update source set src_xchan = '%s', src_patt = '%s' where src_channel_id = %d and src_id = %d", + $r = q("update source set src_xchan = '%s', src_patt = '%s', src_tag = '%s' where src_channel_id = %d and src_id = %d", dbesc($xchan), dbesc($words), + dbesc($tags), intval(local_channel()), intval($source) ); @@ -62,6 +65,7 @@ class Sources extends \Zotlabs\Web\Controller { } } + } @@ -105,6 +109,8 @@ class Sources extends \Zotlabs\Web\Controller { '$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'), '$words' => array( 'words', t('Only import content with these words (one per line)'),'',t('Leave blank to import all public content')), '$name' => array( 'name', t('Channel Name'), '', ''), + '$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),'',t('Optional')), + '$submit' => t('Submit') )); return $o; @@ -138,6 +144,7 @@ class Sources extends \Zotlabs\Web\Controller { '$words' => array( 'words', t('Only import content with these words (one per line)'),$r[0]['src_patt'],t('Leave blank to import all public content')), '$xchan' => $r[0]['src_xchan'], '$abook' => $x[0]['abook_id'], + '$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),$r[0]['src_tag'],t('Optional')), '$name' => array( 'name', t('Channel Name'), $r[0]['xchan_name'], ''), '$submit' => t('Submit') )); |