diff options
Diffstat (limited to 'Zotlabs/Module')
66 files changed, 2233 insertions, 649 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 738e8fbe2..82c156a9c 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -166,7 +166,7 @@ class Acl extends \Zotlabs\Web\Controller { if($extra_channels) { foreach($extra_channels as $channel) { if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts')) { - if($extra_channel_sql) + if($extra_channels_sql) $extra_channels_sql .= ','; $extra_channels_sql .= intval($channel); } diff --git a/Zotlabs/Module/Admin.php b/Zotlabs/Module/Admin.php index 8ccdaf4f5..88b84b9d2 100644 --- a/Zotlabs/Module/Admin.php +++ b/Zotlabs/Module/Admin.php @@ -86,7 +86,7 @@ class Admin extends \Zotlabs\Web\Controller { // list total user accounts, expirations etc. $accounts = array(); - $r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN account_expires > %s THEN 1 ELSE NULL END) AS expiring, COUNT(CASE WHEN account_expires < %s AND account_expires > '%s' THEN 1 ELSE NULL END) AS expired, COUNT(CASE WHEN (account_flags & %d)>0 THEN 1 ELSE NULL END) AS blocked FROM account", + $r = q("SELECT COUNT(CASE WHEN account_id > 0 THEN 1 ELSE NULL END) AS total, COUNT(CASE WHEN account_expires > %s THEN 1 ELSE NULL END) AS expiring, COUNT(CASE WHEN account_expires < %s AND account_expires > '%s' THEN 1 ELSE NULL END) AS expired, COUNT(CASE WHEN (account_flags & %d)>0 THEN 1 ELSE NULL END) AS blocked FROM account", db_utcnow(), db_utcnow(), dbesc(NULL_DATE), diff --git a/Zotlabs/Module/Admin/Addons.php b/Zotlabs/Module/Admin/Addons.php index b35922aef..b8e3e3a2e 100644 --- a/Zotlabs/Module/Admin/Addons.php +++ b/Zotlabs/Module/Admin/Addons.php @@ -375,6 +375,9 @@ class Addons { if($files) { foreach($files as $file) { if (is_dir($file)){ + if($file == 'addon/addon_common/') + continue; + list($tmp, $id) = array_map('trim', explode('/', $file)); $info = get_plugin_info($id); $enabled = in_array($id,\App::$plugins); @@ -476,4 +479,4 @@ class Addons { return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name']))); } -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Admin/Dbsync.php b/Zotlabs/Module/Admin/Dbsync.php index 469af2aa5..183834301 100644 --- a/Zotlabs/Module/Admin/Dbsync.php +++ b/Zotlabs/Module/Admin/Dbsync.php @@ -19,7 +19,47 @@ class Dbsync { info( t('Update has been marked successful') . EOL); goaway(z_root() . '/admin/dbsync'); } + + if(argc() > 3 && intval(argv(3)) && argv(2) === 'verify') { + + $s = '_' . intval(argv(3)); + $cls = '\\Zotlabs\Update\\' . $s ; + if(class_exists($cls)) { + $c = new $cls(); + if(method_exists($c,'verify')) { + $retval = $c->verify(); + if($retval === UPDATE_FAILED) { + $o .= sprintf( t('Verification of update %s failed. Check system logs.'), $s); + } + elseif($retval === UPDATE_SUCCESS) { + $o .= sprintf( t('Update %s was successfully applied.'), $s); + set_config('database',$s, 'success'); + } + else + $o .= sprintf( t('Verifying update %s did not return a status. Unknown if it succeeded.'), $s); + } + else { + $o .= sprintf( t('Update %s does not contain a verification function.'), $s ); + } + } + else + $o .= sprintf( t('Update function %s could not be found.'), $s); + return $o; + + + + + + // remove the old style config if it exists + del_config('database', 'update_r' . intval(argv(3))); + set_config('database', '_' . intval(argv(3)), 'success'); + if(intval(get_config('system','db_version')) < intval(argv(3))) + set_config('system','db_version',intval(argv(3))); + info( t('Update has been marked successful') . EOL); + goaway(z_root() . '/admin/dbsync'); + } + if(argc() > 2 && intval(argv(2))) { $x = intval(argv(2)); $s = '_' . $x; @@ -28,14 +68,14 @@ class Dbsync { $c = new $cls(); $retval = $c->run(); if($retval === UPDATE_FAILED) { - $o .= sprintf( t('Executing %s failed. Check system logs.'), $s); + $o .= sprintf( t('Executing update procedure %s failed. Check system logs.'), $s); } elseif($retval === UPDATE_SUCCESS) { $o .= sprintf( t('Update %s was successfully applied.'), $s); set_config('database',$s, 'success'); } else - $o .= sprintf( t('Update %s did not return a status. Unknown if it succeeded.'), $s); + $o .= sprintf( t('Update %s did not return a status. It cannot be determined if it was successful.'), $s); } else $o .= sprintf( t('Update function %s could not be found.'), $s); @@ -59,6 +99,7 @@ class Dbsync { '$banner' => t('Failed Updates'), '$desc' => '', '$mark' => t('Mark success (if update was manually applied)'), + '$verify' => t('Attempt to verify this update if a verification procedure exists'), '$apply' => t('Attempt to execute this update step automatically'), '$failed' => $failed )); diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 09b038729..55c8ca928 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -119,7 +119,7 @@ class Site { del_config('system', 'admininfo'); } else { require_once('include/text.php'); - linkify_tags($a, $admininfo, local_channel()); + linkify_tags($admininfo, local_channel()); set_config('system', 'admininfo', $admininfo); } set_config('system','siteinfo',$siteinfo); diff --git a/Zotlabs/Module/Affinity.php b/Zotlabs/Module/Affinity.php new file mode 100644 index 000000000..f0d99f1e7 --- /dev/null +++ b/Zotlabs/Module/Affinity.php @@ -0,0 +1,94 @@ +<?php + +namespace Zotlabs\Module; + +use App; +use Zotlabs\Lib\Apps; +use Zotlabs\Lib\Libsync; + +class Affinity extends \Zotlabs\Web\Controller { + + function post() { + + if(! local_channel()) + return; + + if(! Apps::system_app_installed(local_channel(),'Affinity Tool')) + return; + + check_form_security_token_redirectOnErr('affinity', 'affinity'); + + $cmax = intval($_POST['affinity_cmax']); + if($cmax < 0 || $cmax > 99) + $cmax = 99; + + $cmin = intval($_POST['affinity_cmin']); + if($cmin < 0 || $cmin > 99) + $cmin = 0; + + $lock = intval($_POST['affinity_lock']); + + set_pconfig(local_channel(),'affinity','cmin',$cmin); + set_pconfig(local_channel(),'affinity','cmax',$cmax); + set_pconfig(local_channel(),'affinity','lock',$lock); + + info( t('Affinity Tool settings updated.') . EOL); + + Libsync::build_sync_packet(); + + } + + + function get() { + + if(! local_channel()) + return; + + $desc = t('This app presents a slider control in your connection editor and also on your network page. The slider represents your degree of friendship (affinity) with each connection. It allows you to zoom in or out and display conversations from only your closest friends or everybody in your stream.'); + if(! Apps::system_app_installed(local_channel(),'Affinity Tool')) { + //Do not display any associated widgets at this point + App::$pdl = ''; + + $o = '<b>' . t('Affinity Tool App') . ' (' . t('Not Installed') . '):</b><br>'; + $o .= $desc; + return $o; + } + + $text = t('The numbers below represent the minimum and maximum slider default positions for your network/stream page as a percentage.'); + + $content = '<div class="section-content-info-wrapper">' . $text . '</div>'; + + $cmax = intval(get_pconfig(local_channel(),'affinity','cmax')); + $cmax = (($cmax) ? $cmax : 99); + $content .= replace_macros(get_markup_template('field_input.tpl'), array( + '$field' => array('affinity_cmax', t('Default maximum affinity level'), $cmax, t('0-99 default 99')) + )); + + $cmin = intval(get_pconfig(local_channel(),'affinity','cmin')); + $cmin = (($cmin) ? $cmin : 0); + $content .= replace_macros(get_markup_template('field_input.tpl'), array( + '$field' => array('affinity_cmin', t('Default minimum affinity level'), $cmin, t('0-99 - default 0')) + )); + + $lock = intval(get_pconfig(local_channel(),'affinity','lock',1)); + + $content .= replace_macros(get_markup_template('field_checkbox.tpl'), array( + '$field' => array('affinity_lock', t('Persistent affinity levels'), $lock, t('If disabled the max and min levels will be reset to default after page reload'), ['No','Yes']) + )); + + $tpl = get_markup_template("settings_addon.tpl"); + + $o = replace_macros($tpl, array( + '$action_url' => 'affinity', + '$form_security_token' => get_form_security_token("affinity"), + '$title' => t('Affinity Tool Settings'), + '$content' => $content, + '$baseurl' => z_root(), + '$submit' => t('Submit'), + )); + + return $o; + } + + +} diff --git a/Zotlabs/Module/Appman.php b/Zotlabs/Module/Appman.php index f50dcc2ab..39689665e 100644 --- a/Zotlabs/Module/Appman.php +++ b/Zotlabs/Module/Appman.php @@ -90,12 +90,12 @@ class Appman extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - if(argc() > 2) { + if(argc() > 3) { if(argv(2) === 'moveup') { - Zlib\Apps::moveup(local_channel(),argv(1)); + Zlib\Apps::moveup(local_channel(),argv(1),argv(3)); } if(argv(2) === 'movedown') { - Zlib\Apps::movedown(local_channel(),argv(1)); + Zlib\Apps::movedown(local_channel(),argv(1),argv(3)); } goaway(z_root() . '/apporder'); } diff --git a/Zotlabs/Module/Apporder.php b/Zotlabs/Module/Apporder.php index a9f66ba69..eac1abc2d 100644 --- a/Zotlabs/Module/Apporder.php +++ b/Zotlabs/Module/Apporder.php @@ -17,25 +17,28 @@ class Apporder extends \Zotlabs\Web\Controller { nav_set_selected('Order Apps'); - $syslist = array(); - $list = Zlib\Apps::app_list(local_channel(), false, ['nav_featured_app', 'nav_pinned_app']); - if($list) { - foreach($list as $li) { - $syslist[] = Zlib\Apps::app_encode($li); + foreach( [ 'nav_featured_app', 'nav_pinned_app' ] as $l ) { + $syslist = []; + $list = Zlib\Apps::app_list(local_channel(), false, [ $l ]); + if($list) { + foreach($list as $li) { + $syslist[] = Zlib\Apps::app_encode($li); + } } - } - Zlib\Apps::translate_system_apps($syslist); + + Zlib\Apps::translate_system_apps($syslist); - usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare'); + usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare'); - $syslist = Zlib\Apps::app_order(local_channel(),$syslist); + $syslist = Zlib\Apps::app_order(local_channel(),$syslist, $l); - foreach($syslist as $app) { - if(strpos($app['categories'],'nav_pinned_app') !== false) { - $navbar_apps[] = Zlib\Apps::app_render($app,'nav-order'); - } - else { - $nav_apps[] = Zlib\Apps::app_render($app,'nav-order'); + foreach($syslist as $app) { + if($l === 'nav_pinned_app') { + $navbar_apps[] = Zlib\Apps::app_render($app,'nav-order'); + } + elseif(strpos($app['categories'],'nav_pinned_app') === false) { + $nav_apps[] = Zlib\Apps::app_render($app,'nav-order'); + } } } diff --git a/Zotlabs/Module/Apschema.php b/Zotlabs/Module/Apschema.php new file mode 100644 index 000000000..5b249bfe8 --- /dev/null +++ b/Zotlabs/Module/Apschema.php @@ -0,0 +1,56 @@ +<?php + +namespace Zotlabs\Module; + + +class Apschema extends \Zotlabs\Web\Controller { + + function init() { + + $base = z_root(); + + $arr = [ + '@context' => [ + 'zot' => z_root() . '/apschema#', + 'id' => '@id', + 'type' => '@type', + 'commentPolicy' => 'as:commentPolicy', + 'meData' => 'zot:meData', + 'meDataType' => 'zot:meDataType', + 'meEncoding' => 'zot:meEncoding', + 'meAlgorithm' => 'zot:meAlgorithm', + 'meCreator' => 'zot:meCreator', + 'meSignatureValue' => 'zot:meSignatureValue', + 'locationAddress' => 'zot:locationAddress', + 'locationPrimary' => 'zot:locationPrimary', + 'locationDeleted' => 'zot:locationDeleted', + 'nomadicLocation' => 'zot:nomadicLocation', + 'nomadicHubs' => 'zot:nomadicHubs', + 'emojiReaction' => 'zot:emojiReaction', + + 'magicEnv' => [ + '@id' => 'zot:magicEnv', + '@type' => '@id' + ], + + 'nomadicLocations' => [ + '@id' => 'zot:nomadicLocations', + '@type' => '@id' + ], + + 'ostatus' => 'http://ostatus.org#', + 'conversation' => 'ostatus:conversation' + + ] + ]; + + header('Content-Type: application/ld+json'); + echo json_encode($arr,JSON_UNESCAPED_SLASHES); + killme(); + + } + + + + +}
\ No newline at end of file diff --git a/Zotlabs/Module/Articles.php b/Zotlabs/Module/Articles.php index 58c16be45..ca132c01e 100644 --- a/Zotlabs/Module/Articles.php +++ b/Zotlabs/Module/Articles.php @@ -17,8 +17,16 @@ class Articles extends Controller { if(argc() > 1) $which = argv(1); - else - return; + + if(! $which) { + if(local_channel()) { + $channel = App::get_channel(); + if($channel && $channel['channel_address']) + $which = $channel['channel_address']; + } else { + return; + } + } profile_load($which); diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index b66de158b..3f0e93de5 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -10,9 +10,13 @@ require_once('include/channel.php'); require_once('include/conversation.php'); require_once('include/acl_selectors.php'); +/** + * @brief Provides the Cards module. + * + */ class Cards extends Controller { - function init() { + public function init() { if(argc() > 1) $which = argv(1); @@ -20,14 +24,15 @@ class Cards extends Controller { return; profile_load($which); - } /** * {@inheritDoc} - * @see \Zotlabs\Web\Controller::get() + * @see \\Zotlabs\\Web\\Controller::get() + * + * @return string Parsed HTML from template 'cards.tpl' */ - function get($update = 0, $load = false) { + public function get($update = 0, $load = false) { if(observer_prohibited(true)) { return login(); @@ -99,7 +104,6 @@ class Cards extends Controller { } - if(perm_is_allowed($owner, $ob_hash, 'write_pages')) { $x = [ @@ -110,7 +114,7 @@ class Cards extends Controller { 'nickname' => $channel['channel_address'], 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel_acl, false, + 'acl' => (($is_owner) ? populate_acl($channel_acl, false, PermissionDescription::fromGlobalPermission('view_pages')) : ''), 'permissions' => $channel_acl, 'showacl' => (($is_owner) ? true : false), diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index d644e48b1..6b4f57ea5 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -133,10 +133,6 @@ class Cdav extends Controller { logger('loggedin'); - if((argv(1) == 'calendars') && (!Apps::system_app_installed(local_channel(), 'CalDAV'))) { - killme(); - } - if((argv(1) == 'addressbooks') && (!Apps::system_app_installed(local_channel(), 'CardDAV'))) { killme(); } @@ -221,10 +217,6 @@ class Cdav extends Controller { if(! local_channel()) return; - if((argv(1) === 'calendar') && (! Apps::system_app_installed(local_channel(), 'CalDAV'))) { - return; - } - if((argv(1) === 'addressbook') && (! Apps::system_app_installed(local_channel(), 'CardDAV'))) { return; } @@ -280,9 +272,12 @@ class Cdav extends Controller { return; $title = $_REQUEST['title']; - $dtstart = new \DateTime($_REQUEST['dtstart']); - if($_REQUEST['dtend']) - $dtend = new \DateTime($_REQUEST['dtend']); + $start = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtstart']); + $dtstart = new \DateTime($start); + if($_REQUEST['dtend']) { + $end = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtend']); + $dtend = new \DateTime($end); + } $description = $_REQUEST['description']; $location = $_REQUEST['location']; @@ -306,13 +301,17 @@ class Cdav extends Controller { 'DTSTART' => $dtstart ] ]); - if($dtend) + if($dtend) { $vcalendar->VEVENT->add('DTEND', $dtend); + $vcalendar->VEVENT->DTEND['TZID'] = App::$timezone; + } if($description) $vcalendar->VEVENT->add('DESCRIPTION', $description); if($location) $vcalendar->VEVENT->add('LOCATION', $location); + $vcalendar->VEVENT->DTSTART['TZID'] = App::$timezone; + $calendarData = $vcalendar->serialize(); $caldavBackend->createCalendarObject($id, $objectUri, $calendarData); @@ -351,8 +350,12 @@ class Cdav extends Controller { $uri = $_REQUEST['uri']; $title = $_REQUEST['title']; - $dtstart = new \DateTime($_REQUEST['dtstart']); - $dtend = $_REQUEST['dtend'] ? new \DateTime($_REQUEST['dtend']) : ''; + $start = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtstart']); + $dtstart = new \DateTime($start); + if($_REQUEST['dtend']) { + $end = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtend']); + $dtend = new \DateTime($end); + } $description = $_REQUEST['description']; $location = $_REQUEST['location']; @@ -404,8 +407,12 @@ class Cdav extends Controller { return; $uri = $_REQUEST['uri']; - $dtstart = new \DateTime($_REQUEST['dtstart']); - $dtend = $_REQUEST['dtend'] ? new \DateTime($_REQUEST['dtend']) : ''; + $start = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtstart']); + $dtstart = new \DateTime($start); + if($_REQUEST['dtend']) { + $end = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtend']); + $dtend = new \DateTime($end); + } $object = $caldavBackend->getCalendarObject($id, $uri); @@ -747,16 +754,27 @@ class Cdav extends Controller { //Import calendar or addressbook if(($_FILES) && array_key_exists('userfile',$_FILES) && intval($_FILES['userfile']['size']) && $_REQUEST['target']) { - $src = @file_get_contents($_FILES['userfile']['tmp_name']); + $src = $_FILES['userfile']['tmp_name']; if($src) { if($_REQUEST['c_upload']) { + if($_REQUEST['target'] == 'channel_calendar') { + $result = parse_ical_file($src,local_channel()); + if($result) + info( t('Calendar entries imported.') . EOL); + else + notice( t('No calendar entries found.') . EOL); + + @unlink($src); + return; + } + $id = explode(':', $_REQUEST['target']); $ext = 'ics'; $table = 'calendarobjects'; $column = 'calendarid'; - $objects = new \Sabre\VObject\Splitter\ICalendar($src); + $objects = new \Sabre\VObject\Splitter\ICalendar(@file_get_contents($src)); $profile = \Sabre\VObject\Node::PROFILE_CALDAV; $backend = new \Sabre\CalDAV\Backend\PDO($pdo); } @@ -766,7 +784,7 @@ class Cdav extends Controller { $ext = 'vcf'; $table = 'cards'; $column = 'addressbookid'; - $objects = new \Sabre\VObject\Splitter\VCard($src); + $objects = new \Sabre\VObject\Splitter\VCard(@file_get_contents($src)); $profile = \Sabre\VObject\Node::PROFILE_CARDDAV; $backend = new \Sabre\CardDAV\Backend\PDO($pdo); } @@ -832,15 +850,6 @@ class Cdav extends Controller { if(!local_channel()) return; - if((argv(1) === 'calendar') && (! Apps::system_app_installed(local_channel(), 'CalDAV'))) { - //Do not display any associated widgets at this point - App::$pdl = ''; - - $o = '<b>' . t('CalDAV App') . ' (' . t('Not Installed') . '):</b><br>'; - $o .= t('CalDAV capable calendar'); - return $o; - } - if((argv(1) === 'addressbook') && (! Apps::system_app_installed(local_channel(), 'CardDAV'))) { //Do not display any associated widgets at this point App::$pdl = ''; @@ -869,28 +878,93 @@ class Cdav extends Controller { } if(argv(1) === 'calendar') { - nav_set_selected('CalDAV'); + nav_set_selected('Calendar'); $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo); $calendars = $caldavBackend->getCalendarsForUser($principalUri); } //Display calendar(s) here - if(argc() == 2 && argv(1) === 'calendar') { + if(argc() <= 3 && argv(1) === 'calendar') { - head_add_css('/library/fullcalendar/fullcalendar.css'); + head_add_css('/library/fullcalendar/packages/core/main.min.css'); + head_add_css('/library/fullcalendar/packages/daygrid/main.min.css'); + head_add_css('/library/fullcalendar/packages/timegrid/main.min.css'); + head_add_css('/library/fullcalendar/packages/list/main.min.css'); head_add_css('cdav_calendar.css'); - head_add_js('/library/moment/moment.min.js', 1); - head_add_js('/library/fullcalendar/fullcalendar.min.js', 1); - head_add_js('/library/fullcalendar/locale-all.js', 1); + head_add_js('/library/fullcalendar/packages/core/main.min.js'); + head_add_js('/library/fullcalendar/packages/interaction/main.min.js'); + head_add_js('/library/fullcalendar/packages/daygrid/main.min.js'); + head_add_js('/library/fullcalendar/packages/timegrid/main.min.js'); + head_add_js('/library/fullcalendar/packages/list/main.min.js'); + + $sources = ''; + $resource_id = ''; + $resource = null; + + if(argc() == 3) + $resource_id = argv(2); + + if($resource_id) { + $r = q("SELECT event.*, item.author_xchan, item.owner_xchan, item.plink, item.id as item_id FROM event LEFT JOIN item ON event.event_hash = item.resource_id + WHERE event.uid = %d AND event.event_hash = '%s' LIMIT 1", + intval(local_channel()), + dbesc($resource_id) + ); + if($r) { + xchan_query($r); + $r = fetch_post_tags($r,true); + + $r[0]['dtstart'] = (($r[0]['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$r[0]['dtstart'], 'c') : datetime_convert('UTC','UTC',$r[0]['dtstart'],'c')); + $r[0]['dtend'] = (($r[0]['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$r[0]['dtend'], 'c') : datetime_convert('UTC','UTC',$r[0]['dtend'],'c')); + + $r[0]['plink'] = [$r[0]['plink'], t('Link to source')]; + + $resource = $r[0]; + + $catsenabled = feature_enabled(local_channel(),'categories'); + $categories = ''; + if($catsenabled){ + if($r[0]['term']) { + $cats = get_terms_oftype($r[0]['term'], TERM_CATEGORY); + foreach ($cats as $cat) { + if(strlen($categories)) + $categories .= ', '; + $categories .= $cat['term']; + } + } + } + + if($r[0]['dismissed'] == 0) { + q("UPDATE event SET dismissed = 1 WHERE event.uid = %d AND event.event_hash = '%s'", + intval(local_channel()), + dbesc($resource_id) + ); + } + } + } + + if(get_pconfig(local_channel(), 'cdav_calendar', 'channel_calendar')) { + $sources .= '{ + id: \'channel_calendar\', + url: \'/channel_calendar/json/\', + color: \'#3a87ad\' + }, '; + } + + $channel_calendars[] = [ + 'displayname' => $channel['channel_name'], + 'id' => 'channel_calendar' + ]; foreach($calendars as $calendar) { $editable = (($calendar['share-access'] == 2) ? 'false' : 'true'); // false/true must be string since we're passing it to javascript - $color = (($calendar['{http://apple.com/ns/ical/}calendar-color']) ? $calendar['{http://apple.com/ns/ical/}calendar-color'] : '#3a87ad'); + $color = (($calendar['{http://apple.com/ns/ical/}calendar-color']) ? $calendar['{http://apple.com/ns/ical/}calendar-color'] : '#6cad39'); $sharer = (($calendar['share-access'] == 3) ? $calendar['{urn:ietf:params:xml:ns:caldav}calendar-description'] : ''); $switch = get_pconfig(local_channel(), 'cdav_calendar', $calendar['id'][0]); if($switch) { $sources .= '{ + id: ' . $calendar['id'][0] . ', url: \'/cdav/calendar/json/' . $calendar['id'][0] . '/' . $calendar['id'][1] . '\', color: \'' . $color . '\' }, '; @@ -911,15 +985,29 @@ class Cdav extends Controller { $first_day = (($first_day) ? $first_day : 0); $title = ['title', t('Event title')]; - $dtstart = ['dtstart', t('Start date and time'), '', t('Example: YYYY-MM-DD HH:mm')]; - $dtend = ['dtend', t('End date and time'), '', t('Example: YYYY-MM-DD HH:mm')]; + $dtstart = ['dtstart', t('Start date and time')]; + $dtend = ['dtend', t('End date and time')]; $description = ['description', t('Description')]; $location = ['location', t('Location')]; + $catsenabled = feature_enabled(local_channel(), 'categories'); + + require_once('include/acl_selectors.php'); + + $accesslist = new \Zotlabs\Access\AccessList($channel); + $perm_defaults = $accesslist->get(); + + //$acl = (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults), false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'))); + $acl = populate_acl($perm_defaults, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream')); + + //$permissions = ((x($orig_event)) ? $orig_event : $perm_defaults); + $permissions = $perm_defaults; + $o .= replace_macros(get_markup_template('cdav_calendar.tpl'), [ '$sources' => $sources, '$color' => $color, '$lang' => App::$language, + '$timezone' => App::$timezone, '$first_day' => $first_day, '$prev' => t('Previous'), '$next' => t('Next'), @@ -931,6 +1019,7 @@ class Cdav extends Controller { '$list_week' => t('List week'), '$list_day' => t('List day'), '$title' => $title, + '$channel_calendars' => $channel_calendars, '$writable_calendars' => $writable_calendars, '$dtstart' => $dtstart, '$dtend' => $dtend, @@ -938,11 +1027,27 @@ class Cdav extends Controller { '$location' => $location, '$more' => t('More'), '$less' => t('Less'), + '$update' => t('Update'), '$calendar_select_label' => t('Select calendar'), + '$calendar_optiopns_label' => [t('Channel Calendars'), t('CalDAV Calendars')], '$delete' => t('Delete'), '$delete_all' => t('Delete all'), '$cancel' => t('Cancel'), - '$recurrence_warning' => t('Sorry! Editing of recurrent events is not yet implemented.') + '$create' => t('Create'), + '$recurrence_warning' => t('Sorry! Editing of recurrent events is not yet implemented.'), + + '$channel_hash' => $channel['channel_hash'], + '$acl' => $acl, + '$lockstate' => (($accesslist->is_private()) ? 'lock' : 'unlock'), + '$allow_cid' => acl2json($permissions['allow_cid']), + '$allow_gid' => acl2json($permissions['allow_gid']), + '$deny_cid' => acl2json($permissions['deny_cid']), + '$deny_gid' => acl2json($permissions['deny_gid']), + '$catsenabled' => $catsenabled, + '$categories_label' => t('Categories'), + + '$resource' => json_encode($resource), + '$categories' => $categories ]); return $o; @@ -952,10 +1057,12 @@ class Cdav extends Controller { //Provide json data for calendar if(argc() == 5 && argv(1) === 'calendar' && argv(2) === 'json' && intval(argv(3)) && intval(argv(4))) { + $events = []; + $id = [argv(3), argv(4)]; if(! cdav_perms($id[0],$calendars)) - killme(); + json_return_and_die($events); if (x($_GET,'start')) $start = new \DateTime($_GET['start']); @@ -969,16 +1076,19 @@ class Cdav extends Controller { $filters['comp-filters'][0]['time-range']['end'] = $end; $uris = $caldavBackend->calendarQuery($id, $filters); - if($uris) { + if($uris) { $objects = $caldavBackend->getMultipleCalendarObjects($id, $uris); - foreach($objects as $object) { $vcalendar = \Sabre\VObject\Reader::read($object['calendardata']); - if(isset($vcalendar->VEVENT->RRULE)) + if(isset($vcalendar->VEVENT->RRULE)) { + // expanding recurrent events seems to loose timezone info + // save it here so we can add it later + $recurrent_timezone = (string)$vcalendar->VEVENT->DTSTART['TZID']; $vcalendar = $vcalendar->expand($start, $end); + } foreach($vcalendar->VEVENT as $vevent) { $title = (string)$vevent->SUMMARY; @@ -986,14 +1096,15 @@ class Cdav extends Controller { $dtend = (string)$vevent->DTEND; $description = (string)$vevent->DESCRIPTION; $location = (string)$vevent->LOCATION; - + $timezone = (string)$vevent->DTSTART['TZID']; $rw = ((cdav_perms($id[0],$calendars,true)) ? true : false); - $recurrent = ((isset($vevent->{'RECURRENCE-ID'})) ? true : false); - $editable = $rw ? true : false; + $recurrent = ((isset($vevent->{'RECURRENCE-ID'})) ? true : false); - if($recurrent) + if($recurrent) { $editable = false; + $timezone = $recurrent_timezone; + } $allDay = false; @@ -1007,8 +1118,8 @@ class Cdav extends Controller { 'calendar_id' => $id, 'uri' => $object['uri'], 'title' => $title, - 'start' => $dtstart, - 'end' => $dtend, + 'start' => datetime_convert($timezone, $timezone, $dtstart, 'c'), + 'end' => (($dtend) ? datetime_convert($timezone, $timezone, $dtend, 'c') : ''), 'description' => $description, 'location' => $location, 'allDay' => $allDay, @@ -1018,15 +1129,12 @@ class Cdav extends Controller { ]; } } - json_return_and_die($events); - } - else { - killme(); } + json_return_and_die($events); } //enable/disable calendars - if(argc() == 5 && argv(1) === 'calendar' && argv(2) === 'switch' && intval(argv(3)) && (argv(4) == 1 || argv(4) == 0)) { + if(argc() == 5 && argv(1) === 'calendar' && argv(2) === 'switch' && argv(3) && (argv(4) == 1 || argv(4) == 0)) { $id = argv(3); if(! cdav_perms($id,$calendars)) @@ -1285,12 +1393,13 @@ class Cdav extends Controller { $caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo); $properties = [ '{DAV:}displayname' => t('Default Calendar'), - '{http://apple.com/ns/ical/}calendar-color' => '#3a87ad', + '{http://apple.com/ns/ical/}calendar-color' => '#6cad39', '{urn:ietf:params:xml:ns:caldav}calendar-description' => $channel['channel_name'] ]; $id = $caldavBackend->createCalendar($uri, 'default', $properties); set_pconfig(local_channel(), 'cdav_calendar' , $id[0], 1); + set_pconfig(local_channel(), 'cdav_calendar' , 'channel_calendar', 1); //create default addressbook $carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo); diff --git a/Zotlabs/Module/Changeaddr.php b/Zotlabs/Module/Changeaddr.php index 5cd236394..ed139c9f9 100644 --- a/Zotlabs/Module/Changeaddr.php +++ b/Zotlabs/Module/Changeaddr.php @@ -31,7 +31,7 @@ class Changeaddr extends \Zotlabs\Web\Controller { if($account['account_password_changed'] > NULL_DATE) { $d1 = datetime_convert('UTC','UTC','now - 48 hours'); - if($account['account_password_changed'] > d1) { + if($account['account_password_changed'] > $d1) { notice( t('Channel name changes are not allowed within 48 hours of changing the account password.') . EOL); return; } @@ -49,7 +49,7 @@ class Changeaddr extends \Zotlabs\Web\Controller { if(check_webbie(array($new_address)) !== $new_address) { notice( t('Nickname has unsupported characters or is already being used on this site.') . EOL); - return $ret; + return; } channel_change_address($channel,$new_address); diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 12d87885f..144c2472a 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -46,14 +46,14 @@ class Channel extends Controller { $channel = App::get_channel(); if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { - $which = $channel['channel_address']; - $profile = argv(1); - } + $which = $channel['channel_address']; + $profile = argv(1); + } $channel = channelx_by_nick($which); - if(! $channel) { - http_status_exit(404, 'Not found'); - } + if(! $channel) { + http_status_exit(404, 'Not found'); + } // handle zot6 channel discovery @@ -124,6 +124,11 @@ class Channel extends Controller { $mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : ''); + if(strpos($mid,'b64.') === 0) + $decoded = @base64url_decode(substr($mid,4)); + if($decoded) + $mid = $decoded; + $datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); @@ -305,10 +310,6 @@ class Channel extends Controller { $sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2)))); } - if($datequery || $datequery2) { - $sql_extra2 .= " and item.item_thread_top != 0 "; - } - if($order === 'post') $ordering = "created"; else @@ -337,7 +338,7 @@ class Channel extends Controller { AND (abook.abook_blocked = 0 or abook.abook_flags is null) AND item.item_wall = 1 AND item.item_thread_top = 1 $sql_extra $sql_extra2 - ORDER BY $ordering DESC $pager_sql ", + ORDER BY $ordering DESC, item_id $pager_sql ", intval(App::$profile['profile_uid']) ); } @@ -375,6 +376,9 @@ class Channel extends Controller { if((! $update) && (! $load)) { + if($decoded) + $mid = 'b64.' . base64url_encode($mid); + // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, // because browser prefetching might change it on us. We have to deliver it with the page. @@ -406,12 +410,12 @@ class Channel extends Controller { '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), '$search' => $search, '$xchan' => '', - '$order' => $order, + '$order' => (($order) ? urlencode($order) : ''), '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$file' => '', '$cats' => (($category) ? urlencode($category) : ''), '$tags' => (($hashtags) ? urlencode($hashtags) : ''), - '$mid' => $mid, + '$mid' => (($mid) ? urlencode($mid) : ''), '$verb' => '', '$net' => '', '$dend' => $datequery, diff --git a/Zotlabs/Module/Channel_calendar.php b/Zotlabs/Module/Channel_calendar.php new file mode 100644 index 000000000..9229e6eb2 --- /dev/null +++ b/Zotlabs/Module/Channel_calendar.php @@ -0,0 +1,480 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/conversation.php'); +require_once('include/bbcode.php'); +require_once('include/datetime.php'); +require_once('include/event.php'); +require_once('include/items.php'); +require_once('include/html2plain.php'); + +class Channel_calendar extends \Zotlabs\Web\Controller { + + function post() { + + logger('post: ' . print_r($_REQUEST,true), LOGGER_DATA); + + if(! local_channel()) + return; + + $event_id = ((x($_POST,'event_id')) ? intval($_POST['event_id']) : 0); + $event_hash = ((x($_POST,'event_hash')) ? $_POST['event_hash'] : ''); + + $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : ''); + $uid = local_channel(); + + $start_text = escape_tags($_REQUEST['dtstart']); + $finish_text = escape_tags($_REQUEST['dtend']); + + $adjust = intval($_POST['adjust']); + $nofinish = intval($_POST['nofinish']); + + $timezone = ((x($_POST,'timezone_select')) ? notags(trim($_POST['timezone_select'])) : ''); + + $tz = (($timezone) ? $timezone : date_default_timezone_get()); + + $categories = escape_tags(trim($_POST['categories'])); + + // only allow editing your own events. + + if(($xchan) && ($xchan !== get_observer_hash())) + return; + + if($start_text) { + $start = $start_text; + } + else { + $start = sprintf('%d-%d-%d %d:%d:0',$startyear,$startmonth,$startday,$starthour,$startminute); + } + + if($finish_text) { + $finish = $finish_text; + } + else { + $finish = sprintf('%d-%d-%d %d:%d:0',$finishyear,$finishmonth,$finishday,$finishhour,$finishminute); + } + + if($nofinish) { + $finish = NULL_DATE; + } + + if($adjust) { + $start = datetime_convert($tz,'UTC',$start); + if(! $nofinish) + $finish = datetime_convert($tz,'UTC',$finish); + } + else { + $start = datetime_convert('UTC','UTC',$start); + if(! $nofinish) + $finish = datetime_convert('UTC','UTC',$finish); + } + + $summary = escape_tags(trim($_POST['summary'])); + $desc = escape_tags(trim($_POST['desc'])); + $location = escape_tags(trim($_POST['location'])); + $type = escape_tags(trim($_POST['type'])); + + // Don't allow the event to finish before it begins. + // It won't hurt anything, but somebody will file a bug report + // and we'll waste a bunch of time responding to it. Time that + // could've been spent doing something else. + + if(strcmp($finish,$start) < 0 && !$nofinish) { + notice( t('Event can not end before it has started.') . EOL); + if(intval($_REQUEST['preview'])) { + echo( t('Unable to generate preview.')); + } + killme(); + } + + if((! $summary) || (! $start)) { + notice( t('Event title and start time are required.') . EOL); + if(intval($_REQUEST['preview'])) { + echo( t('Unable to generate preview.')); + } + killme(); + } + + $channel = \App::get_channel(); + + $acl = new \Zotlabs\Access\AccessList(false); + + if($event_id) { + $x = q("select * from event where id = %d and uid = %d limit 1", + intval($event_id), + intval(local_channel()) + ); + if(! $x) { + notice( t('Event not found.') . EOL); + if(intval($_REQUEST['preview'])) { + echo( t('Unable to generate preview.')); + killme(); + } + return; + } + + $acl->set($x[0]); + + $created = $x[0]['created']; + $edited = datetime_convert(); + } + else { + $created = $edited = datetime_convert(); + $acl->set_from_array($_POST); + } + + $post_tags = array(); + $channel = \App::get_channel(); + $ac = $acl->get(); + + $str_contact_allow = $ac['allow_cid']; + $str_group_allow = $ac['allow_gid']; + $str_contact_deny = $ac['deny_cid']; + $str_group_deny = $ac['deny_gid']; + + $private = $acl->is_private(); + + require_once('include/text.php'); + $results = linkify_tags($desc, local_channel()); + + if($results) { + // Set permissions based on tag replacements + set_linkified_perms($results, $str_contact_allow, $str_group_allow, local_channel(), false, $private); + + foreach($results as $result) { + $success = $result['success']; + if($success['replaced']) { + $post_tags[] = array( + 'uid' => local_channel(), + 'ttype' => $success['termtype'], + 'otype' => TERM_OBJ_POST, + 'term' => $success['term'], + 'url' => $success['url'] + ); + } + } + } + + if(strlen($categories)) { + $cats = explode(',',$categories); + foreach($cats as $cat) { + $post_tags[] = array( + 'uid' => local_channel(), + 'ttype' => TERM_CATEGORY, + 'otype' => TERM_OBJ_POST, + 'term' => trim($cat), + 'url' => $channel['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)) + ); + } + } + + $datarray = array(); + $datarray['dtstart'] = $start; + $datarray['dtend'] = $finish; + $datarray['summary'] = $summary; + $datarray['description'] = $desc; + $datarray['location'] = $location; + $datarray['etype'] = $type; + $datarray['adjust'] = $adjust; + $datarray['nofinish'] = $nofinish; + $datarray['uid'] = local_channel(); + $datarray['account'] = get_account_id(); + $datarray['event_xchan'] = $channel['channel_hash']; + $datarray['allow_cid'] = $str_contact_allow; + $datarray['allow_gid'] = $str_group_allow; + $datarray['deny_cid'] = $str_contact_deny; + $datarray['deny_gid'] = $str_group_deny; + $datarray['private'] = intval($private); + $datarray['id'] = $event_id; + $datarray['created'] = $created; + $datarray['edited'] = $edited; + + if(intval($_REQUEST['preview'])) { + $html = format_event_html($datarray); + echo $html; + killme(); + } + + $event = event_store_event($datarray); + + if($post_tags) + $datarray['term'] = $post_tags; + + $item_id = event_store_item($datarray,$event); + + if($item_id) { + $r = q("select * from item where id = %d", + intval($item_id) + ); + if($r) { + xchan_query($r); + $sync_item = fetch_post_tags($r); + $z = q("select * from event where event_hash = '%s' and uid = %d limit 1", + dbesc($r[0]['resource_id']), + intval($channel['channel_id']) + ); + if($z) { + build_sync_packet($channel['channel_id'],array('event_item' => array(encode_item($sync_item[0],true)),'event' => $z)); + } + } + } + + \Zotlabs\Daemon\Master::Summon(array('Notifier','event',$item_id)); + + killme(); + + } + + + + function get() { + + if(argc() > 2 && argv(1) == 'ical') { + $event_id = argv(2); + + require_once('include/security.php'); + $sql_extra = permissions_sql(local_channel()); + + $r = q("select * from event where event_hash = '%s' $sql_extra limit 1", + dbesc($event_id) + ); + if($r) { + header('Content-type: text/calendar'); + header('content-disposition: attachment; filename="' . t('event') . '-' . $event_id . '.ics"' ); + echo ical_wrapper($r); + killme(); + } + else { + notice( t('Event not found.') . EOL ); + return; + } + } + + if(! local_channel()) { + notice( t('Permission denied.') . EOL); + return; + } + + if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) { + $r = q("update event set dismissed = 1 where id = %d and uid = %d", + intval(argv(2)), + intval(local_channel()) + ); + } + + if((argc() > 2) && (argv(1) === 'unignore') && intval(argv(2))) { + $r = q("update event set dismissed = 0 where id = %d and uid = %d", + intval(argv(2)), + intval(local_channel()) + ); + } + + $channel = \App::get_channel(); + + $mode = 'view'; + $export = false; + $ignored = ((x($_REQUEST,'ignored')) ? " and dismissed = " . intval($_REQUEST['ignored']) . " " : ''); + + if(argc() > 1) { + if(argc() > 2 && argv(1) === 'add') { + $mode = 'add'; + $item_id = intval(argv(2)); + } + if(argc() > 2 && argv(1) === 'drop') { + $mode = 'drop'; + $event_id = argv(2); + } + if(argc() <= 2 && argv(1) === 'export') { + $export = true; + } + if(argc() > 2 && intval(argv(1)) && intval(argv(2))) { + $mode = 'view'; + } + if(argc() <= 2) { + $mode = 'view'; + $event_id = argv(1); + } + } + + if($mode === 'add') { + event_addtocal($item_id,local_channel()); + killme(); + } + + if($mode == 'view') { + + /* edit/create form */ + if($event_id) { + $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", + dbesc($event_id), + intval(local_channel()) + ); + if(count($r)) + $orig_event = $r[0]; + } + + $channel = \App::get_channel(); + + if (argv(1) === 'json'){ + if (x($_GET,'start')) $start = $_GET['start']; + if (x($_GET,'end')) $finish = $_GET['end']; + } + + $start = datetime_convert('UTC','UTC',$start); + $finish = datetime_convert('UTC','UTC',$finish); + + $adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start); + $adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish); + + if (x($_GET,'id')){ + $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id + from event left join item on item.resource_id = event.event_hash + where item.resource_type = 'event' and event.uid = %d and event.id = %d limit 1", + intval(local_channel()), + intval($_GET['id']) + ); + } + elseif($export) { + $r = q("SELECT * from event where uid = %d and dtstart > '%s' and dtend > dtstart", + intval(local_channel()), + dbesc(NULL_DATE) + ); + } + else { + // fixed an issue with "nofinish" events not showing up in the calendar. + // There's still an issue if the finish date crosses the end of month. + // Noting this for now - it will need to be fixed here and in Friendica. + // Ultimately the finish date shouldn't be involved in the query. + + $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id + from event left join item on event.event_hash = item.resource_id + where item.resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored + AND (( event.adjust = 0 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' ) + OR ( event.adjust = 1 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' )) ", + intval(local_channel()), + dbesc($start), + dbesc($finish), + dbesc($adjust_start), + dbesc($adjust_finish) + ); + + } + + if($r && ! $export) { + xchan_query($r); + $r = fetch_post_tags($r,true); + + $r = sort_by_date($r); + } + + $events = []; + + if($r) { + + foreach($r as $rr) { + + $start = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], 'c') : datetime_convert('UTC','UTC',$rr['dtstart'],'c')); + if ($rr['nofinish']){ + $end = null; + } else { + $end = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtend'], 'c') : datetime_convert('UTC','UTC',$rr['dtend'],'c')); + + // give a fake end to birthdays so they get crammed into a + // single day on the calendar + + if($rr['etype'] === 'birthday') + $end = null; + } + + $catsenabled = feature_enabled(local_channel(),'categories'); + $categories = ''; + if($catsenabled){ + if($rr['term']) { + $cats = get_terms_oftype($rr['term'], TERM_CATEGORY); + foreach ($cats as $cat) { + if(strlen($categories)) + $categories .= ', '; + $categories .= $cat['term']; + } + } + } + + $allDay = false; + + // allDay event rules + if(!strpos($start, 'T') && !strpos($end, 'T')) + $allDay = true; + if(strpos($start, 'T00:00:00') && strpos($end, 'T00:00:00')) + $allDay = true; + + $edit = ((local_channel() && $rr['author_xchan'] == get_observer_hash()) ? array(z_root().'/events/'.$rr['event_hash'].'?expandform=1',t('Edit event'),'','') : false); + + $drop = array(z_root().'/events/drop/'.$rr['event_hash'],t('Delete event'),'',''); + + $events[] = array( + 'calendar_id' => 'channel_calendar', + 'rw' => true, + 'id'=>$rr['id'], + 'uri' => $rr['event_hash'], + 'start'=> $start, + 'end' => $end, + 'drop' => $drop, + 'allDay' => $allDay, + 'title' => htmlentities($rr['summary'], ENT_COMPAT, 'UTF-8', false), + 'editable' => $edit ? true : false, + 'item'=>$rr, + 'plink' => [$rr['plink'], t('Link to source')], + 'description' => htmlentities($rr['description'], ENT_COMPAT, 'UTF-8', false), + 'location' => htmlentities($rr['location'], ENT_COMPAT, 'UTF-8', false), + 'allow_cid' => expand_acl($rr['allow_cid']), + 'allow_gid' => expand_acl($rr['allow_gid']), + 'deny_cid' => expand_acl($rr['deny_cid']), + 'deny_gid' => expand_acl($rr['deny_gid']), + 'categories' => $categories + ); + } + } + + if($export) { + header('Content-type: text/calendar'); + header('content-disposition: attachment; filename="' . t('calendar') . '-' . $channel['channel_address'] . '.ics"' ); + echo ical_wrapper($r); + killme(); + } + + if (\App::$argv[1] === 'json'){ + json_return_and_die($events); + } + } + + + if($mode === 'drop' && $event_id) { + $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", + dbesc($event_id), + intval(local_channel()) + ); + + $sync_event = $r[0]; + + if($r) { + $r = q("delete from event where event_hash = '%s' and uid = %d", + dbesc($event_id), + intval(local_channel()) + ); + if($r) { + $r = q("update item set resource_type = '', resource_id = '' where resource_type = 'event' and resource_id = '%s' and uid = %d", + dbesc($event_id), + intval(local_channel()) + ); + $sync_event['event_deleted'] = 1; + build_sync_packet(0,array('event' => array($sync_event))); + killme(); + } + notice( t('Failed to remove event' ) . EOL); + killme(); + } + } + + } + +} diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index 779c7e646..2e653d030 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -106,7 +106,7 @@ class Chanview extends \Zotlabs\Web\Controller { if (\App::$poi) { $url = \App::$poi['xchan_url']; - if(\App::$poi['xchan_network'] === 'zot') { + if(in_array(\App::$poi['xchan_network'], ['zot', 'zot6'])) { $is_zot = true; } if(local_channel()) { diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 967e9521d..7c8d71210 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -127,6 +127,20 @@ class Connections extends \Zotlabs\Web\Controller { $unblocked = true; } + switch($_REQUEST['order']) { + case 'name_desc': + $sql_order = 'xchan_name DESC'; + break; + case 'connected': + $sql_order = 'abook_created'; + break; + case 'connected_desc': + $sql_order = 'abook_created DESC'; + break; + default: + $sql_order = 'xchan_name'; + } + $search = ((x($_REQUEST,'search')) ? notags(trim($_REQUEST['search'])) : ''); $tabs = array( @@ -233,7 +247,7 @@ class Connections extends \Zotlabs\Web\Controller { } $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash - WHERE abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d OFFSET %d ", + WHERE abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra $sql_extra2 ORDER BY $sql_order LIMIT %d OFFSET %d ", intval(local_channel()), intval(App::$pager['itemspage']), intval(App::$pager['start']) @@ -307,7 +321,7 @@ class Connections extends \Zotlabs\Web\Controller { 'ignore_hover' => t('Ignore connection'), 'ignore' => ((! $rr['abook_ignored']) ? t('Ignore') : false), 'recent_label' => t('Recent activity'), - 'recentlink' => z_root() . '/network/?f=&cid=' . intval($rr['abook_id']), + 'recentlink' => z_root() . '/network/?f=&cid=' . intval($rr['abook_id']) . '&name=' . $rr['xchan_name'], 'oneway' => $oneway ); } @@ -329,7 +343,7 @@ class Connections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; $o .= replace_macros(get_markup_template('connections.tpl'),array( '$header' => t('Connections') . (($head) ? ': ' . $head : ''), '$tabs' => $tabs, diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index a9f643306..acd7cb769 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -101,7 +101,8 @@ class Connedit extends \Zotlabs\Web\Controller { } - $profile_id = $_POST['profile_assign']; + $profile_id = ((array_key_exists('profile_assign',$_POST)) ? $_POST['profile_assign'] : $orig_record[0]['abook_profile']); + if($profile_id) { $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND uid = %d LIMIT 1", dbesc($profile_id), @@ -113,18 +114,23 @@ class Connedit extends \Zotlabs\Web\Controller { } } - $abook_incl = escape_tags($_POST['abook_incl']); - $abook_excl = escape_tags($_POST['abook_excl']); - + $abook_incl = ((array_key_exists('abook_incl',$_POST)) ? escape_tags($_POST['abook_incl']) : $orig_record[0]['abook_incl']); + $abook_excl = ((array_key_exists('abook_excl',$_POST)) ? escape_tags($_POST['abook_excl']) : $orig_record[0]['abook_excl']); + + $hidden = intval($_POST['hidden']); $priority = intval($_POST['poll']); if($priority > 5 || $priority < 0) $priority = 0; + if(! array_key_exists('closeness',$_POST)) { + $_POST['closeness'] = 80; + } $closeness = intval($_POST['closeness']); - if($closeness < 0) - $closeness = 99; + if($closeness < 0 || $closeness > 99) { + $closeness = 80; + } $rating = intval($_POST['rating']); if($rating < (-10)) @@ -231,6 +237,8 @@ class Connedit extends \Zotlabs\Web\Controller { } $abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']); + + $r = q("UPDATE abook SET abook_profile = '%s', abook_closeness = %d, abook_pending = %d, abook_incl = '%s', abook_excl = '%s' @@ -702,7 +710,7 @@ class Connedit extends \Zotlabs\Web\Controller { $tpl = get_markup_template("abook_edit.tpl"); - if(feature_enabled(local_channel(),'affinity')) { + if(Apps::system_app_installed(local_channel(),'Affinity Tool')) { $sections['affinity'] = [ 'label' => t('Affinity'), @@ -733,9 +741,12 @@ class Connedit extends \Zotlabs\Web\Controller { } $slider_tpl = get_markup_template('contact_slider.tpl'); + + $slideval = intval($contact['abook_closeness']); + $slide = replace_macros($slider_tpl,array( '$min' => 1, - '$val' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 99), + '$val' => $slideval, '$labels' => $label_str, )); } @@ -837,7 +848,7 @@ class Connedit extends \Zotlabs\Web\Controller { $locstr = unpunify($contact['xchan_url']); $clone_warn = ''; - $clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false); + $clonable = (in_array($contact['xchan_network'],['zot', 'zot6', 'rss']) ? true : false); if(! $clonable) { $clone_warn = '<strong>'; $clone_warn .= ((intval($contact['abook_not_here'])) @@ -892,7 +903,7 @@ class Connedit extends \Zotlabs\Web\Controller { '$inherited' => t('inherited'), '$submit' => t('Submit'), '$lbl_vis2' => sprintf( t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), - '$close' => $contact['abook_closeness'], + '$close' => (($contact['abook_closeness']) ? $contact['abook_closeness'] : 80), '$them' => t('Their Settings'), '$me' => t('My Settings'), '$perms' => $perms, diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index b911ac991..d97014f9c 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -48,6 +48,32 @@ class Cover_photo extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo'); + + // Remove cover photo + if(isset($_POST['remove'])) { + + $r = q("SELECT resource_id FROM photo WHERE photo_usage = %d AND uid = %d LIMIT 1", + intval(PHOTO_COVER), + intval(local_channel()) + ); + + if($r) { + q("update photo set photo_usage = %d where photo_usage = %d and uid = %d", + intval(PHOTO_NORMAL), + intval(PHOTO_COVER), + intval(local_channel()) + ); + + $sync = attach_export_data($channel,$r[0]['resource_id']); + if($sync) + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + } + + // Update directory in background + \Zotlabs\Daemon\Master::Summon(array('Directory',$channel['channel_id'])); + + goaway(z_root() . '/cover_photo'); + } if((array_key_exists('cropfinal',$_POST)) && ($_POST['cropfinal'] == 1)) { @@ -106,7 +132,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { if(file_exists($tmp_name)) { $base_image = $r[0]; $gis = getimagesize($tmp_name); -logger('gis: ' . print_r($gis,true)); + logger('gis: ' . print_r($gis,true), LOGGER_DEBUG); $base_image['width'] = $gis[0]; $base_image['height'] = $gis[1]; $base_image['content'] = @file_get_contents($tmp_name); @@ -167,25 +193,18 @@ logger('gis: ' . print_r($gis,true)); 'filename' => $base_image['filename'], 'album' => t('Cover Photos'), 'os_path' => $base_image['os_path'], - 'display_path' => $base_image['display_path'] + 'display_path' => $base_image['display_path'], + 'photo_usage' => PHOTO_COVER ]; - - $p['imgscale'] = 7; - $p['photo_usage'] = PHOTO_COVER; - - $r1 = $im->save($p); + + $r1 = $im->storeThumbnail($p, PHOTO_RES_COVER_1200); $im->doScaleImage(850,310); - $p['imgscale'] = 8; - - $r2 = $im->save($p); - + $r2 = $im->storeThumbnail($p, PHOTO_RES_COVER_850); $im->doScaleImage(425,160); - $p['imgscale'] = 9; - - $r3 = $im->save($p); - + $r3 = $im->storeThumbnail($p, PHOTO_RES_COVER_425); + if($r1 === false || $r2 === false || $r3 === false) { // if one failed, delete them all so we can start over. notice( t('Image resize failed.') . EOL ); @@ -193,13 +212,28 @@ logger('gis: ' . print_r($gis,true)); dbesc($base_image['resource_id']), local_channel() ); + + $x = q("SELECT content FROM photo WHERE resource_id = '%s' AND uid = %d AND os_storage = 1 AND imgscale >= 7", + dbesc($base_image['resource_id']), + local_channel() + ); + if($x) { + foreach($x as $xx) { + @unlink(dbunescbin($xx['content'])); + } + } + return; } - - $channel = \App::get_channel(); + $this->send_cover_photo_activity($channel,$base_image,$profile); - - + + $sync = attach_export_data($channel,$base_image['resource_id']); + if($sync) + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + + // Update directory in background + \Zotlabs\Daemon\Master::Summon(array('Directory',$channel['channel_id'])); } else notice( t('Unable to process image') . EOL); @@ -215,7 +249,7 @@ logger('gis: ' . print_r($gis,true)); require_once('include/attach.php'); - $res = attach_store(\App::get_channel(), get_observer_hash(), '', array('album' => t('Cover Photos'), 'hash' => $hash)); + $res = attach_store(\App::get_channel(), get_observer_hash(), '', array('album' => t('Cover Photos'), 'hash' => $hash, 'nosync' => true)); logger('attach_store: ' . print_r($res,true)); @@ -393,6 +427,7 @@ logger('gis: ' . print_r($gis,true)); '$lbl_profiles' => t('Select a profile:'), '$title' => t('Change Cover Photo'), '$submit' => t('Upload'), + '$remove' => t('Remove'), '$profiles' => $profiles, '$embedPhotos' => t('Use a photo from your albums'), '$embedPhotosModalTitle' => t('Use a photo from your albums'), diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index c29fa8326..8f5db6635 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -103,8 +103,14 @@ class Directory extends \Zotlabs\Web\Controller { $suggest = (local_channel() && x($_REQUEST,'suggest')) ? $_REQUEST['suggest'] : ''; if($suggest) { - - $r = suggestion_query(local_channel(),get_observer_hash()); + + // the directory options have no effect in suggestion mode + + $globaldir = 1; + $safe_mode = 1; + $type = 0; + + $r = suggestion_query(local_channel(),get_observer_hash(),0,60); if(! $r) { notice( t('No default suggestions were found.') . EOL); @@ -212,12 +218,17 @@ class Directory extends \Zotlabs\Web\Controller { if($j) { if($j['results']) { - + + $results = $j['results']; + if($suggest) { + $results = self::reorder_results($results,$addresses); + } + $entries = array(); $photo = 'thumb'; - foreach($j['results'] as $rr) { + foreach($results as $rr) { $profile_link = chanlink_url($rr['url']); @@ -399,7 +410,7 @@ class Directory extends \Zotlabs\Web\Controller { $dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory')); - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . "; </script>"; + $o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . "; </script>"; $o .= replace_macros($tpl, array( '$search' => $search, '$desc' => t('Find'), @@ -438,5 +449,22 @@ class Directory extends \Zotlabs\Web\Controller { return $o; } - + static public function reorder_results($results,$suggests) { + + if(! $suggests) + return $results; + + $out = []; + foreach($suggests as $k => $v) { + foreach($results as $rv) { + if($k == $rv['address']) { + $out[intval($v)] = $rv; + break; + } + } + } + + return $out; + } + } diff --git a/Zotlabs/Module/Dirsearch.php b/Zotlabs/Module/Dirsearch.php index 81942860f..26cb82044 100644 --- a/Zotlabs/Module/Dirsearch.php +++ b/Zotlabs/Module/Dirsearch.php @@ -116,12 +116,12 @@ class Dirsearch extends \Zotlabs\Web\Controller { $sql_extra .= $this->dir_query_build($joiner,'xchan_name',$name); if($address) $sql_extra .= $this->dir_query_build($joiner,'xchan_addr',$address); - if($city) - $sql_extra .= $this->dir_query_build($joiner,'xprof_locale',$city); + if($locale) + $sql_extra .= $this->dir_query_build($joiner,'xprof_locale',$locale); if($region) $sql_extra .= $this->dir_query_build($joiner,'xprof_region',$region); - if($post) - $sql_extra .= $this->dir_query_build($joiner,'xprof_postcode',$post); + if($postcode) + $sql_extra .= $this->dir_query_build($joiner,'xprof_postcode',$postcode); if($country) $sql_extra .= $this->dir_query_build($joiner,'xprof_country',$country); if($gender) diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index d1755c183..5983578b3 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -175,11 +175,15 @@ class Display extends \Zotlabs\Web\Controller { return ''; } } + if ($target_item['item_type'] == ITEM_TYPE_CUSTOM) { + call_hooks('item_custom_display',$target_item); + notice( t('Page not found.') . EOL); + return ''; + } $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); - - + $simple_update = (($update) ? " AND item_unseen = 1 " : ''); if($update && $_SESSION['loadtime']) @@ -234,7 +238,7 @@ class Display extends \Zotlabs\Web\Controller { '$dbegin' => '', '$verb' => '', '$net' => '', - '$mid' => $mid + '$mid' => (($mid) ? urlencode($mid) : '') )); head_add_link([ @@ -314,7 +318,7 @@ class Display extends \Zotlabs\Web\Controller { } } - if(! $r) { + if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) @@ -375,8 +379,7 @@ class Display extends \Zotlabs\Web\Controller { } $o .= '</noscript>'; - if ($items[0]['title']) - \App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title']; + \App::$page['title'] = (($items[0]['title']) ? $items[0]['title'] . " - " . \App::$page['title'] : \App::$page['title']); $o .= conversation($items, 'display', $update, 'client'); } diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index 16ae7941f..0fc36dc29 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -16,17 +16,20 @@ class Dreport extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $mid = ((argc() > 1) ? argv(1) : ''); + $encoded_mid = ''; - if(strpos($mid,'b64.') === 0) + if(strpos($mid,'b64.') === 0) { + $encoded_mid = $mid; $mid = @base64url_decode(substr($mid,4)); - - + } if($mid === 'push') { $table = 'push'; $mid = ((argc() > 2) ? argv(2) : ''); - if(strpos($mid,'b64.') === 0) + if(strpos($mid,'b64.') === 0) { + $encoded_mid = $mid; $mid = @base64url_decode(substr($mid,4)); + } if($mid) { $i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ", @@ -40,7 +43,7 @@ class Dreport extends \Zotlabs\Web\Controller { } } sleep(3); - goaway(z_root() . '/dreport/' . urlencode($mid)); + goaway(z_root() . '/dreport/' . (($encoded_mid) ? $encoded_mid : $mid)); } if($mid === 'mail') { @@ -80,8 +83,9 @@ class Dreport extends \Zotlabs\Web\Controller { return; } - $r = q("select * from dreport where dreport_xchan = '%s' and dreport_mid = '%s'", + $r = q("select * from dreport where (dreport_xchan = '%s' or dreport_xchan = '%s') and dreport_mid = '%s'", dbesc($channel['channel_hash']), + dbesc($channel['channel_portable_id']), dbesc($mid) ); @@ -158,6 +162,7 @@ class Dreport extends \Zotlabs\Web\Controller { '$title' => sprintf( t('Delivery report for %1$s'),basename($mid)) . '...', '$table' => $table, '$mid' => urlencode($mid), + '$safe_mid' => urlencode(gen_link_id($mid)), '$options' => t('Options'), '$push' => t('Redeliver'), '$entries' => $entries diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index 1c9068e07..49b2892e8 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -45,7 +45,8 @@ class Editpost extends \Zotlabs\Web\Controller { } if($itm[0]['resource_type'] === 'event' && $itm[0]['resource_id']) { - goaway(z_root() . '/events/' . $itm[0]['resource_id'] . '?expandform=1'); + goaway(z_root() . '/cdav/calendar/' . $itm[0]['resource_id']); + //goaway(z_root() . '/events/' . $itm[0]['resource_id'] . '?expandform=1'); } $owner_uid = $itm[0]['uid']; diff --git a/Zotlabs/Module/Embed.php b/Zotlabs/Module/Embed.php new file mode 100644 index 000000000..77b9254dd --- /dev/null +++ b/Zotlabs/Module/Embed.php @@ -0,0 +1,22 @@ +<?php +namespace Zotlabs\Module; + +require_once('include/security.php'); +require_once('include/bbcode.php'); + + +class Embed extends \Zotlabs\Web\Controller { + + function init() { + + $post_id = ((argc() > 1) ? intval(argv(1)) : 0); + + if(! $post_id) + killme(); + + echo '[share=' . $post_id . '][/share]'; + killme(); + + } + +} diff --git a/Zotlabs/Module/Embedphotos.php b/Zotlabs/Module/Embedphotos.php index bcbb0e116..8b0421457 100644 --- a/Zotlabs/Module/Embedphotos.php +++ b/Zotlabs/Module/Embedphotos.php @@ -3,8 +3,10 @@ namespace Zotlabs\Module; /** - * @brief + * @brief Embedphoto endpoint. * + * Provide an AJAX endpoint to fill the embedPhotoModal with folders and photos + * selection. */ class Embedphotos extends \Zotlabs\Web\Controller { @@ -13,93 +15,116 @@ class Embedphotos extends \Zotlabs\Web\Controller { } /** + * @brief This is the POST destination for the embedphotos button. * - * This is the POST destination for the embedphotos button - * + * @return string A JSON string. */ - function post() { + public function post() { if (argc() > 1 && argv(1) === 'album') { // API: /embedphotos/album - $name = (x($_POST,'name') ? $_POST['name'] : null ); - if(!$name) { + $name = (x($_POST, 'name') ? $_POST['name'] : null ); + if (!$name) { json_return_and_die(array('errormsg' => 'Error retrieving album', 'status' => false)); } $album = $this->embedphotos_widget_album(array('channel' => \App::get_channel(), 'album' => $name)); json_return_and_die(array('status' => true, 'content' => $album)); } - if(argc() > 1 && argv(1) === 'albumlist') { + if (argc() > 1 && argv(1) === 'albumlist') { // API: /embedphotos/albumlist - $album_list = $this->embedphotos_album_list($a); + $album_list = $this->embedphotos_album_list(); json_return_and_die(array('status' => true, 'albumlist' => $album_list)); } - if(argc() > 1 && argv(1) === 'photolink') { + if (argc() > 1 && argv(1) === 'photolink') { // API: /embedphotos/photolink - $href = (x($_POST,'href') ? $_POST['href'] : null ); - if(!$href) { + $href = (x($_POST, 'href') ? $_POST['href'] : null ); + if (!$href) { json_return_and_die(array('errormsg' => 'Error retrieving link ' . $href, 'status' => false)); } - $resource_id = array_pop(explode("/", $href)); - $r = q("SELECT obj from item where resource_type = 'photo' and resource_id = '%s' limit 1", - dbesc($resource_id) + $resource_id = array_pop(explode('/', $href)); + $x = self::photolink($resource_id); + if($x) + json_return_and_die(array('status' => true, 'photolink' => $x, 'resource_id' => $resource_id)); + json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false)); + } + } + + + protected static function photolink($resource) { + $channel = \App::get_channel(); + $output = EMPTY_STR; + if($channel) { + $resolution = ((feature_enabled($channel['channel_id'],'large_photos')) ? 2 : 3); + $r = q("select mimetype, height, width from photo where resource_id = '%s' and $resolution = %d and uid = %d limit 1", + dbesc($resource), + intval($resolution), + intval($channel['channel_id']) ); - if(!$r) { - json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false)); - } - $obj = json_decode($r[0]['obj'], true); - if(x($obj,'body')) { - $photolink = $obj['body']; - } elseif (x($obj,'bbcode')) { - $photolink = $obj['bbcode']; - } else { - json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false)); - } - json_return_and_die(array('status' => true, 'photolink' => $photolink, 'resource_id' => $resource_id)); + if(! $r) + return $output; + + if($r[0]['mimetype'] === 'image/jpeg') + $ext = '.jpg'; + elseif($r[0]['mimetype'] === 'image/png') + $ext = '.png'; + elseif($r[0]['mimetype'] === 'image/gif') + $ext = '.gif'; + else + $ext = EMPTY_STR; + + $output = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $resource . ']' . + '[zmg=' . $r[0]['width'] . 'x' . $r[0]['height'] . ']' . z_root() . '/photo/' . $resource . '-' . $resolution . $ext . '[/zmg][/zrl]'; + + return $output; } } + /** - * Copied from include/widgets.php::widget_album() with a modification to get the profile_uid from - * the input array as in widget_item() + * @brief Get photos from an album. * - * @param array $args - * @return string with HTML + * @see \\Zotlabs\\Widget\\Album::widget() + * + * @param array $args associative array with + * * \e array \b channel + * * \e string \b album + * @return string with HTML code from 'photo_album.tpl' */ - function embedphotos_widget_album($args) { - + protected function embedphotos_widget_album($args) { $channel_id = 0; - if(array_key_exists('channel', $args)) + + if (array_key_exists('channel', $args)) { $channel = $args['channel']; - $channel_id = intval($channel['channel_id']); - if(! $channel_id) + $channel_id = intval($channel['channel_id']); + } + if (! $channel_id) $channel_id = \App::$profile_uid; - if(! $channel_id) + if (! $channel_id) return ''; - $owner_uid = $channel_id; require_once('include/security.php'); $sql_extra = permissions_sql($channel_id); - if(! perm_is_allowed($channel_id,get_observer_hash(),'view_storage')) + if (! perm_is_allowed($channel_id, get_observer_hash(), 'view_storage')) return ''; - if($args['album']) + if (isset($args['album'])) $album = (($args['album'] === '/') ? '' : $args['album']); - if($args['title']) + if (isset($args['title'])) $title = $args['title']; /** - * This may return incorrect permissions if you have multiple directories of the same name. + * @note This may return incorrect permissions if you have multiple directories of the same name. * It is a limitation of the photo table using a name for a photo album instead of a folder hash */ - if($album) { + if ($album) { require_once('include/attach.php'); $x = q("select hash from attach where filename = '%s' and uid = %d limit 1", dbesc($album), - intval($owner_uid) + intval($channel_id) ); - if($x) { - $y = attach_can_view_folder($owner_uid,get_observer_hash(),$x[0]['hash']); - if(! $y) + if ($x) { + $y = attach_can_view_folder($channel_id, get_observer_hash(), $x[0]['hash']); + if (! $y) return ''; } } @@ -110,30 +135,33 @@ class Embedphotos extends \Zotlabs\Web\Controller { (SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) $sql_extra GROUP BY resource_id) ph ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale) ORDER BY created $order", - intval($owner_uid), + intval($channel_id), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE) ); - $photos = array(); - if(count($r)) { + $photos = []; + if (count($r)) { $twist = 'rotright'; - foreach($r as $rr) { - if($twist == 'rotright') + foreach ($r as $rr) { + if ($twist == 'rotright') $twist = 'rotleft'; else $twist = 'rotright'; + $ph = photo_factory(''); + $phototypes = $ph->supportedTypes(); + $ext = $phototypes[$rr['mimetype']]; $imgalt_e = $rr['filename']; $desc_e = $rr['description']; - $imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id'] + $imagelink = (z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $rr['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '')); - $photos[] = array( + $photos[] = [ 'id' => $rr['id'], 'twist' => ' ' . $twist . rand(2,4), 'link' => $imagelink, @@ -143,35 +171,43 @@ class Embedphotos extends \Zotlabs\Web\Controller { 'desc'=> $desc_e, 'ext' => $ext, 'hash'=> $rr['resource_id'], - 'unknown' => t('Unknown') - ); + 'unknown' => t('Unknown'), + ]; } } $tpl = get_markup_template('photo_album.tpl'); - $o .= replace_macros($tpl, array( + $o = replace_macros($tpl, [ '$photos' => $photos, '$album' => (($title) ? $title : $album), '$album_id' => rand(), - '$album_edit' => array(t('Edit Album'), $album_edit), + '$album_edit' => array(t('Edit Album'), false), '$can_post' => false, '$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$profile['channel_address'] . '/upload/' . bin2hex($album)), '$order' => false, - '$upload_form' => $upload_form, - '$no_fullscreen_btn' => true - )); + '$upload_form' => '', + '$no_fullscreen_btn' => true, + ]); return $o; } - function embedphotos_album_list($a) { + /** + * @brief Get albums observer is allowed to see. + * + * @see photos_albums_list() + * + * @return NULL|array + */ + protected function embedphotos_album_list() { require_once('include/photos.php'); $p = photos_albums_list(\App::get_channel(), \App::get_observer()); - if($p['success']) { + + if ($p['success']) { return $p['albums']; - } else { - return null; } + + return null; } } diff --git a/Zotlabs/Module/Events.php b/Zotlabs/Module/Events.php index 7e5204e62..e883db49f 100644 --- a/Zotlabs/Module/Events.php +++ b/Zotlabs/Module/Events.php @@ -97,8 +97,8 @@ class Events extends \Zotlabs\Web\Controller { $type = escape_tags(trim($_POST['type'])); require_once('include/text.php'); - linkify_tags($a, $desc, local_channel()); - linkify_tags($a, $location, local_channel()); + linkify_tags($desc, local_channel()); + linkify_tags($location, local_channel()); //$action = ($event_hash == '') ? 'new' : "event/" . $event_hash; diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index 23bd63f95..2c247cd65 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -5,6 +5,8 @@ namespace Zotlabs\Module; * */ + + class Filestorage extends \Zotlabs\Web\Controller { function post() { @@ -71,14 +73,6 @@ class Filestorage extends \Zotlabs\Web\Controller { return; } - // Since we have ACL'd files in the wild, but don't have ACL here yet, we - // need to return for anyone other than the owner, despite the perms check for now. - - $is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false); - if(! ($is_owner || is_site_admin())){ - info( t('Permission Denied.') . EOL ); - return; - } if(argc() > 3 && argv(3) === 'delete') { @@ -101,18 +95,31 @@ class Filestorage extends \Zotlabs\Web\Controller { } $file = intval(argv(2)); - $r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1", + $r = q("SELECT hash, creator FROM attach WHERE id = %d AND uid = %d LIMIT 1", dbesc($file), intval($owner) ); if(! $r) { + notice( t('File not found.') . EOL); + if($json_return) json_return_and_die([ 'success' => false ]); - notice( t('File not found.') . EOL); goaway(z_root() . '/cloud/' . $which); } + if(local_channel() !== $owner) { + if($r[0]['creator'] && $r[0]['creator'] !== $ob_hash) { + notice( t('Permission denied.') . EOL); + + if($json_return) + json_return_and_die([ 'success' => false ]); + + goaway(z_root() . '/cloud/' . $which); + } + } + + $f = $r[0]; $channel = channelx_by_n($owner); @@ -134,6 +141,19 @@ class Filestorage extends \Zotlabs\Web\Controller { goaway(dirname($url)); } + + + + // Since we have ACL'd files in the wild, but don't have ACL here yet, we + // need to return for anyone other than the owner, despite the perms check for now. + + $is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false); + if(! ($is_owner || is_site_admin())){ + info( t('Permission Denied.') . EOL ); + return; + } + + if(argc() > 3 && argv(3) === 'edit') { require_once('include/acl_selectors.php'); if(! $perms['write_storage']) { diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index abc9f50d9..583cf38f0 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -35,7 +35,6 @@ class Getfile extends \Zotlabs\Web\Controller { $sig = $_POST['signature']; $resource = $_POST['resource']; $revision = intval($_POST['revision']); - $resolution = (-1); if(! $hash) killme(); @@ -81,9 +80,14 @@ class Getfile extends \Zotlabs\Web\Controller { killme(); } - if(substr($resource,-2,1) == '-') { + if(isset($_POST['resolution'])) + $resolution = intval($_POST['resolution']); + elseif(substr($resource,-2,1) == '-') { $resolution = intval(substr($resource,-1,1)); $resource = substr($resource,0,-2); + } + else { + $resolution = (-1); } $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop')); @@ -106,9 +110,10 @@ class Getfile extends \Zotlabs\Web\Controller { } if($resolution > 0) { - $r = q("select * from photo where resource_id = '%s' and uid = %d limit 1", + $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND imgscale = %d LIMIT 1", dbesc($resource), - intval($channel['channel_id']) + intval($channel['channel_id']), + $resolution ); if($r) { header('Content-type: ' . $r[0]['mimetype']); diff --git a/Zotlabs/Module/Group.php b/Zotlabs/Module/Group.php index c8ccaa2cb..12edf8428 100644 --- a/Zotlabs/Module/Group.php +++ b/Zotlabs/Module/Group.php @@ -66,6 +66,9 @@ class Group extends Controller { $groupname = notags(trim($_POST['groupname'])); $public = intval($_POST['public']); + $hookinfo = [ 'pgrp_extras' => '', 'group'=>$group['id'] ]; + call_hooks ('privacygroup_extras_post',$hookinfo); + if((strlen($groupname)) && (($groupname != $group['gname']) || ($public != $group['visible']))) { $r = q("UPDATE pgrp SET gname = '%s', visible = %d WHERE uid = %d AND id = %d", dbesc($groupname), @@ -75,6 +78,8 @@ class Group extends Controller { ); if($r) info( t('Privacy group updated.') . EOL ); + + build_sync_packet(local_channel(),null,true); } @@ -127,6 +132,10 @@ class Group extends Controller { $i++; } + $hookinfo = [ 'pgrp_extras' => '', 'group'=>argv(1) ]; + call_hooks ('privacygroup_extras',$hookinfo); + $pgrp_extras = $hookinfo['pgrp_extras']; + $tpl = get_markup_template('privacy_groups.tpl'); $o = replace_macros($tpl, [ '$title' => t('Privacy Groups'), @@ -136,6 +145,7 @@ class Group extends Controller { // new group form '$gname' => array('groupname',t('Privacy group name')), '$public' => array('public',t('Members are visible to other channels'), false), + '$pgrp_extras' => $pgrp_extras, '$form_security_token' => get_form_security_token("group_edit"), '$submit' => t('Submit'), @@ -166,8 +176,11 @@ class Group extends Controller { ); if($r) $result = group_rmv(local_channel(),$r[0]['gname']); - if($result) + if($result) { + $hookinfo = [ 'pgrp_extras' => '', 'group'=>$argv(2) ]; + call_hooks ('privacygroup_extras_drop',$hookinfo); info( t('Privacy group removed.') . EOL); + } else notice( t('Unable to remove privacy group.') . EOL); } @@ -230,6 +243,10 @@ class Group extends Controller { } } + $hookinfo = [ 'pgrp_extras' => '', 'group'=>$group['id'] ]; + call_hooks ('privacygroup_extras',$hookinfo); + $pgrp_extras = $hookinfo['pgrp_extras']; + $context = $context + array( '$title' => sprintf(t('Privacy Group: %s'), $group['gname']), '$details_label' => t('Edit'), @@ -240,6 +257,7 @@ class Group extends Controller { '$form_security_token_edit' => get_form_security_token('group_edit'), '$delete' => t('Delete Group'), '$form_security_token_drop' => get_form_security_token("group_drop"), + '$pgrp_extras' => $pgrp_extras, ); } @@ -283,6 +301,7 @@ class Group extends Controller { $context['$groupeditor'] = $groupeditor; $context['$desc'] = t('Click a channel to toggle membership'); + $context['$pgrp_extras'] = $pgrp_extras; if($change) { $tpl = get_markup_template('groupeditor.tpl'); diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 3535ac71a..848fe3e25 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -194,7 +194,7 @@ class Hq extends \Zotlabs\Web\Controller { '$dbegin' => '', '$verb' => '', '$net' => '', - '$mid' => $mid + '$mid' => (($mid) ? urlencode($mid) : '') ]); } diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php new file mode 100644 index 000000000..15abfa2a3 --- /dev/null +++ b/Zotlabs/Module/Id.php @@ -0,0 +1,119 @@ +<?php + +namespace Zotlabs\Module; + +/** + * + * Controller for responding to x-zot: protocol requests + * x-zot:_jkfRG85nJ-714zn-LW_VbTFW8jSjGAhAydOcJzHxqHkvEHWG2E0RbA_pbch-h4R63RG1YJZifaNzgccoLa3MQ/453c1678-1a79-4af7-ab65-6b012f6cab77 + * + */ + +use Zotlabs\Lib\Activity; +use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\LDSignatures; +use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\Controller; +use Zotlabs\Lib\Libzot; +use Zotlabs\Lib\ThreadListener; +use Zotlabs\Lib\IConfig; +use Zotlabs\Lib\Enotify; +use App; + +require_once('include/attach.php'); +require_once('include/bbcode.php'); +require_once('include/security.php'); + + +class Id extends Controller { + + function init() { + + if(Libzot::is_zot_request()) { + + $conversation = false; + + $request_portable_id = argv(1); + if(argc() > 2) { + $item_id = argv(2); + } + + $portable_id = EMPTY_STR; + + $sigdata = HTTPSig::verify(EMPTY_STR); + if($sigdata['portable_id'] && $sigdata['header_valid']) { + $portable_id = $sigdata['portable_id']; + } + + + $chan = channelx_by_hash($request_portable_id); + + if($chan) { + $channel_id = $chan['channel_id']; + if(! $item_id) { + $handler = new Channel(); + App::$argc = 2; + App::$argv[0] = 'channel'; + App::$argv[1] = $chan['channel_address']; + $handler->init(); + } + } + else { + http_status_exit(404, 'Not found'); + } + + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + + $sql_extra = item_permissions_sql(0); + + $r = q("select * from item where uuid = '%s' $item_normal $sql_extra and uid = %d limit 1", + dbesc($item_id), + intval($channel_id) + ); + if(! $r) { + + $r = q("select * from item where uuid = '%s' $item_normal and uid = %d limit 1", + dbesc($item_id), + intval($channel_id) + ); + if($r) { + http_status_exit(403, 'Forbidden'); + } + http_status_exit(404, 'Not found'); + } + + if(! perm_is_allowed($chan['channel_id'],get_observer_hash(),'view_stream')) + http_status_exit(403, 'Forbidden'); + + xchan_query($r,true); + $items = fetch_post_tags($r,true); + + $i = Activity::encode_item($items[0]); + + if(! $i) + http_status_exit(404, 'Not found'); + + $x = array_merge(['@context' => [ + ACTIVITYSTREAMS_JSONLD_REV, + 'https://w3id.org/security/v1', + z_root() . ZOT_APSCHEMA_REV + ]], $i); + + $headers = []; + $headers['Content-Type'] = 'application/x-zot+json' ; + $ret = json_encode($x, JSON_UNESCAPED_SLASHES); + $headers['Digest'] = HTTPSig::generate_digest_header($ret); + $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; + $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],channel_url($chan)); + HTTPSig::set_headers($h); + echo $ret; + killme(); + + } + + } + +} + + diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 6016328a5..18cb5560e 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -8,6 +8,8 @@ require_once('include/import.php'); require_once('include/perm_upgrade.php'); require_once('library/urlify/URLify.php'); +use Zotlabs\Lib\Libzot; + /** * @brief Module for channel import. @@ -127,6 +129,15 @@ class Import extends \Zotlabs\Web\Controller { // // } + + // prevent incompatible osada or zap data from horking your database + + if(array_path_exists('compatibility/codebase',$data)) { + notice('Data export format is not compatible with this software'); + return; + } + + if($moving) $seize = 1; @@ -219,13 +230,45 @@ class Import extends \Zotlabs\Web\Controller { ); // reset the original primary hubloc if it is being seized - if($seize) { $r = q("update hubloc set hubloc_primary = 0 where hubloc_primary = 1 and hubloc_hash = '%s' and hubloc_url != '%s' ", dbesc($channel['channel_hash']), dbesc(z_root()) ); } + + // create a new zot6 hubloc if we have got a channel_portable_id + if($channel['channel_portable_id']) { + $r = hubloc_store_lowlevel( + [ + 'hubloc_guid' => $channel['channel_guid'], + 'hubloc_guid_sig' => 'sha256.' . $channel['channel_guid_sig'], + 'hubloc_hash' => $channel['channel_portable_id'], + 'hubloc_addr' => channel_reddress($channel), + 'hubloc_network' => 'zot6', + 'hubloc_primary' => (($seize) ? 1 : 0), + 'hubloc_url' => z_root(), + 'hubloc_url_sig' => 'sha256.' . base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'hubloc_host' => \App::get_hostname(), + 'hubloc_callback' => z_root() . '/zot', + 'hubloc_sitekey' => get_config('system','pubkey'), + 'hubloc_updated' => datetime_convert(), + 'hubloc_id_url' => channel_url($channel), + 'hubloc_site_id' => Libzot::make_xchan_hash(z_root(),get_config('system','pubkey')) + + ] + ); + + // reset the original primary hubloc if it is being seized + if($seize) { + $r = q("update hubloc set hubloc_primary = 0 where hubloc_primary = 1 and hubloc_hash = '%s' and hubloc_url != '%s' ", + dbesc($channel['channel_portable_id']), + dbesc(z_root()) + ); + } + + } + } logger('import step 5'); @@ -237,8 +280,9 @@ class Import extends \Zotlabs\Web\Controller { // replace any existing xchan we may have on this site if we're seizing control - $r = q("delete from xchan where xchan_hash = '%s'", - dbesc($channel['channel_hash']) + $r = q("delete from xchan where ( xchan_hash = '%s' or xchan_hash = '%s' ) ", + dbesc($channel['channel_hash']), + dbesc($channel['channel_portable_id']) ); $r = xchan_store_lowlevel( @@ -260,6 +304,30 @@ class Import extends \Zotlabs\Web\Controller { 'xchan_name_date' => datetime_convert() ] ); + + if($channel['channel_portable_id']) { + $r = xchan_store_lowlevel( + [ + 'xchan_hash' => \Zotlabs\Lib\Libzot::make_xchan_hash($channel['channel_guid'],$channel['channel_pubkey']), + 'xchan_guid' => $channel['channel_guid'], + 'xchan_guid_sig' => 'sha256.' . $channel['channel_guid_sig'], + 'xchan_pubkey' => $channel['channel_pubkey'], + 'xchan_photo_l' => z_root() . "/photo/profile/l/" . $channel['channel_id'], + 'xchan_photo_m' => z_root() . "/photo/profile/m/" . $channel['channel_id'], + 'xchan_photo_s' => z_root() . "/photo/profile/s/" . $channel['channel_id'], + 'xchan_addr' => channel_reddress($channel), + 'xchan_url' => z_root() . '/channel/' . $channel['channel_address'], + 'xchan_connurl' => z_root() . '/poco/' . $channel['channel_address'], + 'xchan_follow' => z_root() . '/follow?f=&url=%s', + 'xchan_name' => $channel['channel_name'], + 'xchan_network' => 'zot6', + 'xchan_photo_date' => datetime_convert(), + 'xchan_name_date' => datetime_convert() + ] + ); + } + + } logger('import step 6'); @@ -269,10 +337,20 @@ class Import extends \Zotlabs\Web\Controller { if($xchans) { foreach($xchans as $xchan) { - $hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']); - if($xchan['xchan_network'] === 'zot' && $hash !== $xchan['xchan_hash']) { - logger('forged xchan: ' . print_r($xchan,true)); - continue; + if($xchan['xchan_network'] === 'zot') { + $hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']); + if($hash !== $xchan['xchan_hash']) { + logger('forged xchan: ' . print_r($xchan,true)); + continue; + } + } + + if($xchan['xchan_network'] === 'zot6') { + $zhash = \Zotlabs\Lib\Libzot::make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_pubkey']); + if($zhash !== $xchan['xchan_hash']) { + logger('forged xchan: ' . print_r($xchan,true)); + continue; + } } if(! array_key_exists('xchan_hidden',$xchan)) { @@ -463,6 +541,9 @@ class Import extends \Zotlabs\Web\Controller { if(is_array($data['app'])) import_apps($channel,$data['app']); + if(is_array($data['sysapp'])) + import_sysapps($channel,$data['sysapp']); + if(is_array($data['chatroom'])) import_chatrooms($channel,$data['chatroom']); diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 1d64ef60c..6bc8c645f 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -6,6 +6,13 @@ use Zotlabs\Lib\IConfig; use Zotlabs\Lib\Enotify; use Zotlabs\Web\Controller; use Zotlabs\Daemon\Master; +use Zotlabs\Lib\Activity; +use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\LDSignatures; +use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Lib\Libzot; +use Zotlabs\Lib\ThreadListener; +use App; require_once('include/crypto.php'); require_once('include/items.php'); @@ -30,6 +37,165 @@ require_once('include/security.php'); class Item extends Controller { + + function init() { + + if (Libzot::is_zot_request()) { + + $conversation = false; + + $item_id = argv(1); + + if (! $item_id) + http_status_exit(404, 'Not found'); + + $portable_id = EMPTY_STR; + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + + $i = null; + + // do we have the item (at all)? + + $r = q("select * from item where mid = '%s' $item_normal limit 1", + dbesc(z_root() . '/item/' . $item_id) + ); + + if (! $r) { + http_status_exit(404,'Not found'); + } + + // process an authenticated fetch + + $sigdata = HTTPSig::verify(EMPTY_STR); + if($sigdata['portable_id'] && $sigdata['header_valid']) { + $portable_id = $sigdata['portable_id']; + observer_auth($portable_id); + + // first see if we have a copy of this item's parent owned by the current signer + // include xchans for all zot-like networks - these will have the same guid and public key + + $x = q("select * from xchan where xchan_hash = '%s'", + dbesc($sigdata['portable_id']) + ); + + if ($x) { + $xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ", + dbesc($sigdata['portable_id']), + dbesc($x[0]['xchan_guid']), + dbesc($x[0]['xchan_pubkey']) + ); + + if ($xchans) { + $hashes = ids_to_querystr($xchans,'xchan_hash',true); + $i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) limit 1", + dbesc($r[0]['parent_mid']) + ); + } + } + } + + // if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access + + $sql_extra = item_permissions_sql(0); + + if (! $i) { + $i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra limit 1", + dbesc($r[0]['parent_mid']) + ); + } + + if(! $i) { + http_status_exit(403,'Forbidden'); + } + + $parents_str = ids_to_querystr($i,'item_id'); + + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal ", + dbesc($parents_str) + ); + + if(! $items) { + http_status_exit(404, 'Not found'); + } + + xchan_query($items,true); + $items = fetch_post_tags($items,true); + + $observer = App::get_observer(); + $parent = $items[0]; + $recips = (($parent['owner']['xchan_network'] === 'activitypub') ? get_iconfig($parent['id'],'activitypub','recips', []) : []); + $to = (($recips && array_key_exists('to',$recips) && is_array($recips['to'])) ? $recips['to'] : null); + $nitems = []; + foreach($items as $i) { + + $mids = []; + + if(intval($i['item_private'])) { + if(! $observer) { + continue; + } + // ignore private reshare, possibly from hubzilla + if($i['verb'] === 'Announce') { + if(! in_array($i['thr_parent'],$mids)) { + $mids[] = $i['thr_parent']; + } + continue; + } + // also ignore any children of the private reshares + if(in_array($i['thr_parent'],$mids)) { + continue; + } + + if((! $to) || (! in_array($observer['xchan_url'],$to))) { + continue; + } + + } + $nitems[] = $i; + } + + if(! $nitems) + http_status_exit(404, 'Not found'); + + $chan = channelx_by_n($nitems[0]['uid']); + + if(! $chan) + http_status_exit(404, 'Not found'); + + if(! perm_is_allowed($chan['channel_id'],get_observer_hash(),'view_stream')) + http_status_exit(403, 'Forbidden'); + + $i = Activity::encode_item_collection($nitems,'conversation/' . $item_id,'OrderedCollection'); + if($portable_id) { + ThreadListener::store(z_root() . '/item/' . $item_id,$portable_id); + } + + if(! $i) + http_status_exit(404, 'Not found'); + + $x = array_merge(['@context' => [ + ACTIVITYSTREAMS_JSONLD_REV, + 'https://w3id.org/security/v1', + z_root() . ZOT_APSCHEMA_REV + ]], $i); + + $headers = []; + $headers['Content-Type'] = 'application/x-zot+json' ; + $x['signature'] = LDSignatures::sign($x,$chan); + $ret = json_encode($x, JSON_UNESCAPED_SLASHES); + $headers['Digest'] = HTTPSig::generate_digest_header($ret); + $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; + $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],channel_url($chan)); + HTTPSig::set_headers($h); + echo $ret; + killme(); + + } + } + + + function post() { // This will change. Figure out who the observer is and whether or not @@ -553,8 +719,8 @@ class Item extends Controller { // Look for tags and linkify them - $results = linkify_tags($a, $summary, ($uid) ? $uid : $profile_uid); - $results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid); + $results = linkify_tags($summary, ($uid) ? $uid : $profile_uid); + $results = linkify_tags($body, ($uid) ? $uid : $profile_uid); if($results) { @@ -639,9 +805,9 @@ class Item extends Controller { if(preg_match_all('/(\[share=(.*?)\](.*?)\[\/share\])/',$body,$match)) { + // process share by id - $verb = ACTIVITY_SHARE; $i = 0; foreach($match[2] as $mtch) { $reshare = new \Zotlabs\Lib\Share($mtch); @@ -760,7 +926,7 @@ class Item extends Controller { // fix permalinks for cards if($webpage == ITEM_TYPE_CARD) { - $plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : substr($mid,0,16)); + $plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : $uuid); } if(($parent_item) && ($parent_item['item_type'] == ITEM_TYPE_CARD)) { $r = q("select v from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.iid = %d limit 1", @@ -772,7 +938,7 @@ class Item extends Controller { } if($webpage == ITEM_TYPE_ARTICLE) { - $plink = z_root() . '/articles/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : substr($mid,0,16)); + $plink = z_root() . '/articles/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : $uuid); } if(($parent_item) && ($parent_item['item_type'] == ITEM_TYPE_ARTICLE)) { $r = q("select v from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.iid = %d limit 1", @@ -784,7 +950,7 @@ class Item extends Controller { } if ((! $plink) && ($item_thread_top)) { - $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid; + $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . gen_link_id($mid); $plink = substr($plink,0,190); } diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index c39726b88..052d51d43 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -1,6 +1,8 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Activity; + require_once('include/security.php'); require_once('include/bbcode.php'); require_once('include/items.php'); @@ -50,7 +52,7 @@ class Like extends \Zotlabs\Web\Controller { $observer = \App::get_observer(); $interactive = $_REQUEST['interactive']; - if($interactive) { + if((! $observer) || ($interactive)) { $o .= '<h1>' . t('Like/Dislike') . '</h1>'; $o .= EOL . EOL; @@ -249,6 +251,9 @@ class Like extends \Zotlabs\Web\Controller { } } else { + + if(! $observer) + killme(); // this is used to like an item or comment @@ -400,6 +405,7 @@ class Like extends \Zotlabs\Web\Controller { $object = json_encode(array( 'type' => $objtype, 'id' => $item['mid'], + 'asld' => Activity::fetch_item( [ 'id' => $item['mid'] ] ), 'parent' => (($item['thr_parent']) ? $item['thr_parent'] : $item['parent_mid']), 'link' => $links, 'title' => $item['title'], @@ -485,7 +491,7 @@ class Like extends \Zotlabs\Web\Controller { $arr['item_flags'] = $item_flags; $arr['item_wall'] = $item_wall; - $arr['parent_mid'] = (($extended_like) ? $mid : $item['mid']); + $arr['parent_mid'] = (($extended_like) ? $arr['mid'] : $item['mid']); $arr['owner_xchan'] = (($extended_like) ? $ch[0]['xchan_hash'] : $thread_owner['xchan_hash']); $arr['author_xchan'] = $observer['xchan_hash']; @@ -540,7 +546,7 @@ class Like extends \Zotlabs\Web\Controller { dbesc($observer['xchan_hash']), dbesc($ch[0]['channel_hash']), intval($post_id), - dbesc($mid), + dbesc($arr['mid']), dbesc($activity), dbesc(($tgttype)? $tgttype : $objtype), dbesc($obj_id), @@ -549,7 +555,7 @@ class Like extends \Zotlabs\Web\Controller { $r = q("select * from likes where liker = '%s' and likee = '%s' and i_mid = '%s' and verb = '%s' and target_type = '%s' and target_id = '%s' ", dbesc($observer['xchan_hash']), dbesc($ch[0]['channel_hash']), - dbesc($mid), + dbesc($arr['mid']), dbesc($activity), dbesc(($tgttype)? $tgttype : $objtype), dbesc($obj_id) diff --git a/Zotlabs/Module/Linkinfo.php b/Zotlabs/Module/Linkinfo.php index 7c7dc0e88..b9f90deec 100644 --- a/Zotlabs/Module/Linkinfo.php +++ b/Zotlabs/Module/Linkinfo.php @@ -69,6 +69,14 @@ class Linkinfo extends \Zotlabs\Web\Controller { killme(); } if(stripos($type,'video/') !== false) { + $thumb = self::get_video_poster($url); + if($thumb) { + if ($zrl) + echo $br . '[zvideo poster=\'' . $thumb . '\']' . $url . '[/zvideo]' . $br; + else + echo $br . '[video poster=\'' . $thumb . '\']' . $url . '[/video]' . $br; + killme(); + } if($zrl) echo $br . '[zvideo]' . $url . '[/zvideo]' . $br; else @@ -138,8 +146,8 @@ class Linkinfo extends \Zotlabs\Web\Controller { } $image = ""; - - if(sizeof($siteinfo["images"]) > 0){ + + if(is_array($siteinfo["images"]) && count($siteinfo["images"])){ /* Execute below code only if image is present in siteinfo */ $total_images = 0; @@ -161,7 +169,7 @@ class Linkinfo extends \Zotlabs\Web\Controller { $total_images ++; if($max_images && $max_images >= $total_images) break; - } + } } if(strlen($text)) { @@ -216,7 +224,42 @@ class Linkinfo extends \Zotlabs\Web\Controller { return($complete); } - + + public static function get_video_poster($url) { + + if(strpos($url,z_root() . '/cloud/') === false) { + return EMPTY_STR; + } + $m = parse_url($url,PHP_URL_PATH); + if($m) { + // strip leading '/cloud/' + $m = substr($m,7); + } + $nick = substr($m,0,strpos($m,'/')); + $p = substr($m,strpos($m,'/')+1); + + // get the channel to check permissions + + $u = channelx_by_nick($nick); + + if($u && $p) { + + $sql_extra = permissions_sql(intval($u['channel_id'])); + + $r = q("select hash, content from attach where display_path = '%s' and uid = %d and os_storage = 1 $sql_extra limit 1", + dbesc($p), + intval($u['channel_id']) + ); + if($r) { + $path = dbunescbin($r[0]['content']); + if($path && @file_exists($path . '.thumb')) { + return z_root() . '/poster/' . $nick . '/' . $r[0]['hash']; + } + } + } + return EMPTY_STR; + } + public static function parseurl_getsiteinfo($url) { $siteinfo = array(); diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 71737eef8..e8e960574 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -169,8 +169,8 @@ class Magic extends \Zotlabs\Web\Controller { $token = $j['token']; } - $x = strpbrk($dest,'?&'); - $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); + $strp = strpbrk($dest,'?&'); + $args = (($strp) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); goaway($dest . $args); } } diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index d38c1d88c..3202d38a5 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -34,7 +34,7 @@ class Mail extends \Zotlabs\Web\Controller { } else { $body = cleanup_bbcode($body); - $results = linkify_tags($a, $body, local_channel()); + $results = linkify_tags($body, local_channel()); if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { $attachments = array(); @@ -111,7 +111,7 @@ class Mail extends \Zotlabs\Web\Controller { } require_once('include/text.php'); - linkify_tags($a, $body, local_channel()); + linkify_tags($body, local_channel()); if(! $recipient) { diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index b93faa612..1c16e34ef 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -1,6 +1,8 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Group; +use Zotlabs\Lib\Apps; use App; require_once('include/items.php'); @@ -114,8 +116,8 @@ class Network extends \Zotlabs\Web\Controller { $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); } - $default_cmin = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmin',0) : (-1)); - $default_cmax = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmax',99) : (-1)); + $default_cmin = ((Apps::system_app_installed(local_channel(),'Affinity Tool')) ? get_pconfig(local_channel(),'affinity','cmin',0) : (-1)); + $default_cmax = ((Apps::system_app_installed(local_channel(),'Affinity Tool')) ? get_pconfig(local_channel(),'affinity','cmax',99) : (-1)); $cid = ((x($_GET,'cid')) ? intval($_GET['cid']) : 0); $star = ((x($_GET,'star')) ? intval($_GET['star']) : 0); @@ -132,6 +134,13 @@ class Network extends \Zotlabs\Web\Controller { $deftag = ''; + if (Apps::system_app_installed(local_channel(),'Affinity Tool')) { + $affinity_locked = intval(get_pconfig(local_channel(),'affinity','lock',1)); + if ($affinity_locked) { + set_pconfig(local_channel(),'affinity','cmin',$cmin); + set_pconfig(local_channel(),'affinity','cmax',$cmax); + } + } if(x($_GET,'search') || $file || (!$pf && $cid) || $hashtags || $verb || $category || $conv || $unseen) $nouveau = true; @@ -359,19 +368,19 @@ class Network extends \Zotlabs\Web\Controller { '$static' => $static, '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), - '$search' => (($search) ? $search : ''), - '$xchan' => $xchan, + '$search' => (($search) ? urlencode($search) : ''), + '$xchan' => (($xchan) ? urlencode($xchan) : ''), '$order' => $order, - '$file' => $file, - '$cats' => urlencode($category), - '$tags' => urlencode($hashtags), + '$file' => (($file) ? urlencode($file) : ''), + '$cats' => (($category) ? urlencode($category) : ''), + '$tags' => (($hashtags) ? urlencode($hashtags) : ''), '$dend' => $datequery, '$mid' => '', - '$verb' => $verb, - '$net' => $net, + '$verb' => (($verb) ? urlencode($verb) : ''), + '$net' => (($net) ? urlencode($net) : ''), '$dbegin' => $datequery2, - '$pf' => (($pf) ? $pf : '0'), - '$unseen' => $unseen + '$pf' => (($pf) ? intval($pf) : 0), + '$unseen' => (($unseen) ? urlencode($unseen) : '') )); } diff --git a/Zotlabs/Module/New_channel.php b/Zotlabs/Module/New_channel.php index a9022a03a..98aa480fe 100644 --- a/Zotlabs/Module/New_channel.php +++ b/Zotlabs/Module/New_channel.php @@ -134,7 +134,7 @@ class New_channel extends \Zotlabs\Web\Controller { $default_role = ''; $aid = get_account_id(); if($aid) { - $r = q("select count(channel_id) as total from channel where channel_account_id = %d", + $r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0", intval($aid) ); if($r && (! intval($r[0]['total']))) { @@ -145,7 +145,7 @@ class New_channel extends \Zotlabs\Web\Controller { $canadd = true; if($r && ($limit !== false)) { $channel_usage_message = sprintf( t("You have created %1$.0f of %2$.0f allowed channels."), $r[0]['total'], $limit); - if ($r[0]['total'] >= $limit) { + if ($r[0]['total'] > $limit) { $canadd = false; } } diff --git a/Zotlabs/Module/Notes.php b/Zotlabs/Module/Notes.php index 178a6bce0..7572f7420 100644 --- a/Zotlabs/Module/Notes.php +++ b/Zotlabs/Module/Notes.php @@ -1,28 +1,31 @@ <?php -namespace Zotlabs\Module; /** @file */ +namespace Zotlabs\Module; use App; use Zotlabs\Web\Controller; use Zotlabs\Lib\Apps; +/** + * @brief Notes Module controller. + */ class Notes extends Controller { function post() { - + if(! local_channel()) return EMPTY_STR; if(! Apps::system_app_installed(local_channel(), 'Notes')) return EMPTY_STR; - + $ret = array('success' => true); if(array_key_exists('note_text',$_REQUEST)) { $body = escape_tags($_REQUEST['note_text']); - + // I've had my notes vanish into thin air twice in four years. - // Provide a backup copy if there were contents previously + // Provide a backup copy if there were contents previously // and there are none being saved now. - + if(! $body) { $old_text = get_pconfig(local_channel(),'notes','text'); if($old_text) @@ -40,11 +43,9 @@ class Notes extends Controller { logger('notes saved.', LOGGER_DEBUG); json_return_and_die($ret); - } function get() { - if(! local_channel()) return EMPTY_STR; @@ -61,7 +62,6 @@ class Notes extends Controller { $arr = ['app' => true]; return $w->widget($arr); - } - + } diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index 0f20a5f9a..3977ac8dd 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -181,7 +181,7 @@ class Oep extends \Zotlabs\Web\Controller { dbesc($res) ); if($r) { - $sql_extra = "and item.id = " . intval($r[0]['iid']) . " "; + $sql_extra .= " and item.id = " . intval($r[0]['iid']) . " "; } else { return $ret; @@ -194,6 +194,9 @@ class Oep extends \Zotlabs\Web\Controller { intval(ITEM_TYPE_CARD) ); + if(! $r) + return; + $item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 and item.item_blocked = 0 "; @@ -255,7 +258,6 @@ class Oep extends \Zotlabs\Web\Controller { if(! $channel) return $ret; - if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages')) return $ret; @@ -265,7 +267,7 @@ class Oep extends \Zotlabs\Web\Controller { dbesc($res) ); if($r) { - $sql_extra = "and item.id = " . intval($r[0]['iid']) . " "; + $sql_extra .= " and item.id = " . intval($r[0]['iid']) . " "; } else { return $ret; @@ -278,6 +280,9 @@ class Oep extends \Zotlabs\Web\Controller { intval(ITEM_TYPE_ARTICLE) ); + if(! $r) + return; + $item_normal = " and item.item_hidden = 0 and item.item_type in (0,7) and item.item_deleted = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 and item.item_blocked = 0 "; @@ -451,7 +456,7 @@ class Oep extends \Zotlabs\Web\Controller { if(preg_match('|//(.*?)/(.*?)/(.*?)/album/|',$url,$matches)) { $chn = $matches[3]; - $res = hex2bin(basename($url)); + $res = basename($url); } if(! ($chn && $res)) diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index ad57f883c..cf116a96c 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -30,12 +30,29 @@ class Owa extends \Zotlabs\Web\Controller { $keyId = $sigblock['keyId']; if($keyId) { + + // Hubzilla connections can have both zot and zot6 hublocs + // The connections will usually be zot so match those first + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot' ", dbesc(str_replace('acct:','',$keyId)), dbesc($keyId) ); - if(! $r) { + + // If nothing was found, try searching on any network + + if (! $r) { + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )", + dbesc(str_replace('acct:','',$keyId)), + dbesc($keyId) + ); + } + + // If nothing was found on any network, use network discovery and create a new record + + if (! $r) { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if($found) { $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash @@ -45,7 +62,8 @@ class Owa extends \Zotlabs\Web\Controller { ); } } - if($r) { + + if ($r) { foreach($r as $hubloc) { $verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid']) { @@ -53,7 +71,7 @@ class Owa extends \Zotlabs\Web\Controller { logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); $ret['success'] = true; $token = random_string(32); - \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_addr']); + \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']); $result = ''; openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); $ret['encrypted_token'] = base64url_encode($result); diff --git a/Zotlabs/Module/Pconfig.php b/Zotlabs/Module/Pconfig.php index 44fe5d9a9..06b94b34f 100644 --- a/Zotlabs/Module/Pconfig.php +++ b/Zotlabs/Module/Pconfig.php @@ -22,6 +22,11 @@ class Pconfig extends \Zotlabs\Web\Controller { $k = trim(escape_tags($_POST['k'])); $v = trim($_POST['v']); $aj = intval($_POST['aj']); + + // Do not store "serialized" data received in the $_POST + if (preg_match('|^a:[0-9]+:{.*}$|s',$v) || preg_match('|O:8:"stdClass":[0-9]+:{.*}$|s',$v)) { + return; + } if(in_array(argv(2),$this->disallowed_pconfig())) { notice( t('This setting requires special processing and editing has been blocked.') . EOL); diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 30e8340e2..0dc6d0194 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -1,19 +1,20 @@ <?php + + namespace Zotlabs\Module; require_once('include/security.php'); require_once('include/attach.php'); require_once('include/photo/photo_driver.php'); - class Photo extends \Zotlabs\Web\Controller { function init() { - $prvcachecontrol = false; $streaming = null; $channel = null; $person = 0; + $renew = false; switch(argc()) { case 4: @@ -29,9 +30,17 @@ class Photo extends \Zotlabs\Web\Controller { killme(); // NOTREACHED } - + + $cache_mode = array( + 'on' => false, + 'age' => 86400, + 'exp' => true, + 'leak' => false + ); + call_hooks('cache_mode_hook', $cache_mode); + $observer_xchan = get_observer_hash(); - $ismodified = $_SERVER['HTTP_IF_MODIFIED_SINCE']; + $cachecontrol = ''; if(isset($type)) { @@ -59,39 +68,44 @@ class Photo extends \Zotlabs\Web\Controller { } } - $modified = filemtime($default); - $default = z_root() . '/' . $default; $uid = $person; + + $data = ''; - $d = [ 'imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data' => '', 'mimetype' => '' ]; - call_hooks('get_profile_photo',$d); - - $resolution = $d['imgscale']; - $uid = $d['channel_id']; - $default = $d['default']; - $data = $d['data']; - $mimetype = $d['mimetype']; - + $r = q("SELECT * FROM photo WHERE imgscale = %d AND uid = %d AND photo_usage = %d LIMIT 1", + intval($resolution), + intval($uid), + intval(PHOTO_PROFILE) + ); + if($r) { + $modified = strtotime($r[0]['edited'] . "Z"); + $mimetype = $r[0]['mimetype']; + if(intval($r[0]['os_storage'])) + $data = file_get_contents(dbunescbin($r[0]['content'])); + else + $data = dbunescbin($r[0]['content']); + } + if(! $data) { - $r = q("SELECT * FROM photo WHERE imgscale = %d AND uid = %d AND photo_usage = %d LIMIT 1", - intval($resolution), - intval($uid), - intval(PHOTO_PROFILE) - ); - if($r) { - $modified = strtotime($r[0]['edited'] . "Z"); - $data = dbunescbin($r[0]['content']); - $mimetype = $r[0]['mimetype']; - } - if(intval($r[0]['os_storage'])) - $data = file_get_contents($data); + $d = [ 'imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data' => '', 'mimetype' => '' ]; + call_hooks('get_profile_photo',$d); + + $resolution = $d['imgscale']; + $uid = $d['channel_id']; + $default = $d['default']; + $data = $d['data']; + $mimetype = $d['mimetype']; + $modified = 0; } if(! $data) { - $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]); + $x = z_fetch_url(z_root() . '/' . $default, true, 0, [ 'novalidate' => true ]); $data = ($x['success'] ? $x['body'] : EMPTY_STR); $mimetype = 'image/png'; + $modified = filemtime($default); } + + $cachecontrol = ', must-revalidate'; } else { @@ -106,13 +120,14 @@ class Photo extends \Zotlabs\Web\Controller { License link: http://creativecommons.org/licenses/by/3.0/ */ + // @FIXME It seems this part doesn't work because we are not setting such cookie $cookie_value = false; if (isset($_COOKIE['devicePixelRatio'])) { $cookie_value = intval($_COOKIE['devicePixelRatio']); } else { // Force revalidation of cache on next request - $cache_directive = 'no-cache'; + // $prvcachecontrol = 'no-cache'; $status = 'no cookie'; } @@ -129,27 +144,43 @@ class Photo extends \Zotlabs\Web\Controller { $resolution = 1; } - $r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", + $r = q("SELECT uid, photo_usage, display_path FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution) ); if($r) { - $allowed = (-1); - if(intval($r[0]['photo_usage'])) { + $u = intval($r[0]['photo_usage']); + if($u) { $allowed = 1; - if(intval($r[0]['photo_usage']) === PHOTO_COVER) + if($u === PHOTO_COVER) if($resolution < PHOTO_RES_COVER_1200) $allowed = (-1); - if(intval($r[0]['photo_usage']) === PHOTO_PROFILE) + if($u === PHOTO_PROFILE) if(! in_array($resolution,[4,5,6])) $allowed = (-1); + if($u === PHOTO_CACHE) { + // Validate cache + if($cache_mode['on']) { + $cache = array( + 'resid' => $photo, + 'status' => false + ); + call_hooks('cache_url_hook', $cache); + if(! $cache['status']) { + $url = htmlspecialchars_decode($r[0]['display_path']); + // SSLify if needed + if(strpos(z_root(),'https:') !== false && strpos($url,'https:') === false) + $url = z_root() . '/sslify/' . $filename . '?f=&url=' . urlencode($url); + goaway($url); + } + } + } } - if($allowed === (-1)) { + if($allowed === (-1)) $allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo); - } $channel = channelx_by_n($r[0]['uid']); @@ -158,18 +189,21 @@ class Photo extends \Zotlabs\Web\Controller { dbesc($photo), intval($resolution) ); - + $exists = (($e) ? true : false); - + if($exists && $allowed) { + $expires = strtotime($e[0]['expires'] . 'Z'); $data = dbunescbin($e[0]['content']); $filesize = $e[0]['filesize']; $mimetype = $e[0]['mimetype']; $modified = strtotime($e[0]['edited'] . 'Z'); - if(intval($e[0]['os_storage'])) + + if(intval($e[0]['os_storage'])) { $streaming = $data; + } if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '') - $prvcachecontrol = true; + $prvcachecontrol = 'no-store, no-cache, must-revalidate'; } else { if(! $allowed) { @@ -180,43 +214,28 @@ class Photo extends \Zotlabs\Web\Controller { } } - } else { + } + else http_status_exit(404,'not found'); - } } + if(! $data) + killme(); + + $etag = md5($data . $modified); + + if($modified == 0) + $modified = time(); + header_remove('Pragma'); - if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") { + if($_SERVER['HTTP_IF_NONE_MATCH'] === $etag || $_SERVER['HTTP_IF_MODIFIED_SINCE'] === gmdate("D, d M Y H:i:s", $modified) . " GMT") { header_remove('Expires'); header_remove('Cache-Control'); header_remove('Set-Cookie'); http_status_exit(304,'not modified'); - } - - if(! isset($data)) { - if(isset($resolution)) { - switch($resolution) { - case 4: - $default = get_default_profile_photo(); - break; - case 5: - $default = get_default_profile_photo(80); - break; - case 6: - $default = get_default_profile_photo(48); - break; - default: - killme(); - // NOTREACHED - break; - } - $x = z_fetch_url(z_root() . '/' . $default,true,0,[ 'novalidate' => true ]); - $data = ($x['success'] ? $x['body'] : EMPTY_STR); - $mimetype = 'image/png'; - } } - + if(isset($res) && intval($res) && $res < 500) { $ph = photo_factory($data, $mimetype); if($ph->is_valid()) { @@ -225,24 +244,14 @@ class Photo extends \Zotlabs\Web\Controller { $mimetype = $ph->getType(); } } - - // @FIXME Seems never invoked - // Writing in cachefile - if (isset($cachefile) && $cachefile != '') { - file_put_contents($cachefile, $data); - $modified = filemtime($cachefile); - } - - header("Content-type: " . $mimetype); - - if($prvcachecontrol) { + if(isset($prvcachecontrol)) { // it is a private photo that they have no permission to view. // tell the browser not to cache it, in case they authenticate // and subsequently have permission to see it - header("Cache-Control: no-store, no-cache, must-revalidate"); + header("Cache-Control: " . $prvcachecontrol); } else { @@ -255,18 +264,24 @@ class Photo extends \Zotlabs\Web\Controller { // This has performance considerations but we highly recommend you // leave it alone. - $cache = get_config('system','photo_cache_time', 86400); // 1 day by default + $maxage = $cache_mode['age']; - header("Expires: " . gmdate("D, d M Y H:i:s", time() + $cache) . " GMT"); - header("Cache-Control: max-age=" . $cache); + if($cache_mode['exp'] || (! isset($expires)) || (isset($expires) && $expires - 60 < time())) + $expires = time() + $maxage; + else + $maxage = $expires - time(); + + header("Expires: " . gmdate("D, d M Y H:i:s", $expires) . " GMT"); + header("Cache-Control: max-age=" . $maxage . $cachecontrol); } + header("Content-type: " . $mimetype); header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); + header("ETag: " . $etag); header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); // If it's a file resource, stream it. - if($streaming && $channel) { if(strpos($streaming,'store') !== false) $istream = fopen($streaming,'rb'); diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 21f6293ef..13ec64ab9 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -239,95 +239,53 @@ class Photos extends \Zotlabs\Web\Controller { intval($page_owner_uid) ); if(count($r)) { - $d = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($r[0]['content'])) : dbunescbin($r[0]['content'])); - $ph = photo_factory($d, $r[0]['mimetype']); + + $ph = photo_factory(@file_get_contents(dbunescbin($r[0]['content'])), $r[0]['mimetype']); if($ph->is_valid()) { $rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 ); $ph->rotate($rotate_deg); - - $width = $ph->getWidth(); - $height = $ph->getHeight(); - - if(intval($r[0]['os_storage'])) { - @file_put_contents($r[0]['content'],$ph->imageString()); - $data = $r[0]['content']; - $fsize = @filesize($r[0]['content']); - q("update attach set filesize = %d where hash = '%s' and uid = %d", - intval($fsize), - dbesc($resource_id), - intval($page_owner_uid) - ); - } - else { - $data = $ph->imageString(); - $fsize = strlen($data); - } - - $x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0", - dbesc(datetime_convert()), - dbescbin($data), - intval($fsize), - intval($height), - intval($width), + + $edited = datetime_convert(); + + q("update attach set filesize = %d, edited = '%s' where hash = '%s' and uid = %d", + strlen($ph->imageString()), + dbescdate($edited), dbesc($resource_id), intval($page_owner_uid) ); - + + $ph->saveImage(dbunescbin($r[0]['content'])); + + $arr = [ + 'aid' => get_account_id(), + 'uid' => intval($page_owner_uid), + 'resource_id' => dbesc($resource_id), + 'filename' => $r[0]['filename'], + 'imgscale' => 0, + 'album' => $r[0]['album'], + 'os_path' => $r[0]['os_path'], + 'os_storage' => 1, + 'os_syspath' => dbunescbin($r[0]['content']), + 'display_path' => $r[0]['display_path'], + 'photo_usage' => PHOTO_NORMAL, + 'edited' => dbescdate($edited) + ]; + + $ph->save($arr); + + unset($arr['os_syspath']); + if($width > 1024 || $height > 1024) $ph->scaleImage(1024); - - $width = $ph->getWidth(); - $height = $ph->getHeight(); - $data = $ph->imageString(); - $fsize = strlen($data); - - $x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1", - dbesc(datetime_convert()), - dbescbin($data), - intval($fsize), - intval($height), - intval($width), - dbesc($resource_id), - intval($page_owner_uid) - ); - - + $ph->storeThumbnail($arr, PHOTO_RES_1024); + if($width > 640 || $height > 640) $ph->scaleImage(640); - - $width = $ph->getWidth(); - $height = $ph->getHeight(); - $data = $ph->imageString(); - $fsize = strlen($data); - - $x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2", - dbesc(datetime_convert()), - dbescbin($data), - intval($fsize), - intval($height), - intval($width), - dbesc($resource_id), - intval($page_owner_uid) - ); - - + $ph->storeThumbnail($arr, PHOTO_RES_640); + if($width > 320 || $height > 320) $ph->scaleImage(320); - - $width = $ph->getWidth(); - $height = $ph->getHeight(); - $data = $ph->imageString(); - $fsize = strlen($data); - - $x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3", - dbesc(datetime_convert()), - dbescbin($data), - intval($fsize), - intval($height), - intval($width), - dbesc($resource_id), - intval($page_owner_uid) - ); + $ph->storeThumbnail($arr, PHOTO_RES_320); } } } @@ -422,7 +380,7 @@ class Photos extends \Zotlabs\Web\Controller { require_once('include/text.php'); $profile_uid = \App::$profile['profile_uid']; - $results = linkify_tags($a, $rawtags, (local_channel()) ? local_channel() : $profile_uid); + $results = linkify_tags($rawtags, (local_channel()) ? local_channel() : $profile_uid); $success = $results['success']; $post_tags = array(); @@ -848,7 +806,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; $tpl = get_markup_template('photo_album.tpl'); $o .= replace_macros($tpl, array( '$photos' => $photos, @@ -988,7 +946,7 @@ class Photos extends \Zotlabs\Web\Controller { $photo = array( 'href' => z_root() . '/photo/' . $hires['resource_id'] . '-' . $hires['imgscale'] . '.' . $phototypes[$hires['mimetype']], 'title'=> t('View Full Size'), - 'src' => z_root() . '/photo/' . $lores['resource_id'] . '-' . $lores['imgscale'] . '.' . $phototypes[$lores['mimetype']] . '?f=&_u=' . datetime_convert('','','','ymdhis') + 'src' => z_root() . '/photo/' . $lores['resource_id'] . '-' . $lores['imgscale'] . '.' . $phototypes[$lores['mimetype']] ); if($nextlink) @@ -1122,6 +1080,7 @@ class Photos extends \Zotlabs\Web\Controller { $comments = ''; if(! $r) { if($observer && ($can_post || $can_comment)) { + $feature_auto_save_draft = ((feature_enabled($owner_uid, 'auto_save_draft')) ? "true" : "false"); $commentbox = replace_macros($cmnt_tpl,array( '$return_path' => '', '$mode' => 'photos', @@ -1137,7 +1096,8 @@ class Photos extends \Zotlabs\Web\Controller { '$submit' => t('Submit'), '$preview' => t('Preview'), '$ww' => '', - '$feature_encrypt' => false + '$feature_encrypt' => false, + '$auto_save_draft' => $feature_auto_save_draft )); } } @@ -1270,8 +1230,14 @@ class Photos extends \Zotlabs\Web\Controller { if(feature_enabled($owner_uid,'dislike')) $response_verbs[] = 'dislike'; - $responses = get_responses($conv_responses,$response_verbs,'',$link_item); + + $hookdata = [ + 'onclick' => '$.colorbox({href: \'' . $photo['href'] . '\'}); return false;', + 'raw_photo' => $ph[0], + 'nickname' => \App::$data['channel']['channel_address'] + ]; + call_hooks('photo_view_filter', $hookdata); $photo_tpl = get_markup_template('photo_view.tpl'); $o .= replace_macros($photo_tpl, array( @@ -1309,6 +1275,7 @@ class Photos extends \Zotlabs\Web\Controller { '$comments' => $comments, '$commentbox' => $commentbox, '$paginate' => $paginate, + '$onclick' => $hookdata['onclick'] )); \App::$data['photo_html'] = $o; @@ -1387,7 +1354,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array( '$title' => t('Recent Photos'), diff --git a/Zotlabs/Module/Ping.php b/Zotlabs/Module/Ping.php index f660c3b55..3dabe0f7b 100644 --- a/Zotlabs/Module/Ping.php +++ b/Zotlabs/Module/Ping.php @@ -330,6 +330,7 @@ class Ping extends \Zotlabs\Web\Controller { $notifs[] = array( 'notify_link' => z_root() . '/mail/' . $zz['id'], 'name' => $zz['xchan_name'], + 'addr' => $zz['xchan_addr'], 'url' => $zz['xchan_url'], 'photo' => $zz['xchan_photo_s'], 'when' => relative_date($zz['created']), @@ -346,6 +347,10 @@ class Ping extends \Zotlabs\Web\Controller { if(argc() > 1 && (argv(1) === 'network' || argv(1) === 'home')) { $result = array(); + if(argv(1) === 'home') { + $sql_extra .= ' and item_wall = 1 '; + } + $r = q("SELECT * FROM item WHERE uid = %d AND item_unseen = 1 @@ -361,8 +366,6 @@ class Ping extends \Zotlabs\Web\Controller { if($r) { xchan_query($r); foreach($r as $item) { - if((argv(1) === 'home') && (! intval($item['item_wall']))) - continue; $result[] = \Zotlabs\Lib\Enotify::format($item); } } @@ -383,6 +386,7 @@ class Ping extends \Zotlabs\Web\Controller { $result[] = array( 'notify_link' => z_root() . '/connections/ifpending', 'name' => $rr['xchan_name'], + 'addr' => $rr['xchan_addr'], 'url' => $rr['xchan_url'], 'photo' => $rr['xchan_photo_s'], 'when' => relative_date($rr['abook_created']), @@ -407,6 +411,7 @@ class Ping extends \Zotlabs\Web\Controller { $result[] = array( 'notify_link' => z_root() . '/admin/accounts', 'name' => $rr['account_email'], + 'addr' => $rr['account_email'], 'url' => '', 'photo' => z_root() . '/' . get_default_profile_photo(48), 'when' => relative_date($rr['account_created']), @@ -442,8 +447,9 @@ class Ping extends \Zotlabs\Web\Controller { $when = day_translate(datetime_convert('UTC', (($rr['adjust']) ? date_default_timezone_get() : 'UTC'), $rr['dtstart'], $bd_format)) . (($today) ? ' ' . t('[today]') : ''); $result[] = array( - 'notify_link' => z_root() . '/events', /// @FIXME this takes you to an edit page and it may not be yours, we really want to just view the single event --> '/events/event/' . $rr['event_hash'], + 'notify_link' => z_root() . '/cdav/calendar/' . $rr['event_hash'], 'name' => $rr['xchan_name'], + 'addr' => $rr['xchan_addr'], 'url' => $rr['xchan_url'], 'photo' => $rr['xchan_photo_s'], 'when' => $when, @@ -460,7 +466,7 @@ class Ping extends \Zotlabs\Web\Controller { if(argc() > 1 && (argv(1) === 'files')) { $result = array(); - $r = q("SELECT item.created, xchan.xchan_name, xchan.xchan_url, xchan.xchan_photo_s FROM item + $r = q("SELECT item.created, xchan.xchan_name, xchan.xchan_addr, xchan.xchan_url, xchan.xchan_photo_s FROM item LEFT JOIN xchan on author_xchan = xchan_hash WHERE item.verb = '%s' AND item.obj_type = '%s' @@ -477,6 +483,7 @@ class Ping extends \Zotlabs\Web\Controller { $result[] = array( 'notify_link' => z_root() . '/sharedwithme', 'name' => $rr['xchan_name'], + 'addr' => $rr['xchan_addr'], 'url' => $rr['xchan_url'], 'photo' => $rr['xchan_photo_s'], 'when' => relative_date($rr['created']), @@ -658,6 +665,7 @@ class Ping extends \Zotlabs\Web\Controller { if($r[0]['unseen']) { $forums[$x]['notify_link'] = (($forums[$x]['private_forum']) ? $forums[$x]['xchan_url'] : z_root() . '/network/?f=&pf=1&unseen=1&cid=' . $forums[$x]['abook_id']); $forums[$x]['name'] = $forums[$x]['xchan_name']; + $forums[$x]['addr'] = $forums[$x]['xchan_addr']; $forums[$x]['url'] = $forums[$x]['xchan_url']; $forums[$x]['photo'] = $forums[$x]['xchan_photo_s']; $forums[$x]['unseen'] = $r[0]['unseen']; diff --git a/Zotlabs/Module/Poster.php b/Zotlabs/Module/Poster.php new file mode 100644 index 000000000..10317ee61 --- /dev/null +++ b/Zotlabs/Module/Poster.php @@ -0,0 +1,37 @@ +<?php + +namespace Zotlabs\Module; + +use Zotlabs\Web\Controller; + +require_once('include/security.php'); + +class Poster extends Controller { + + function init() { + + $nick = argv(1); + $hash = argv(2); + + if(! ($nick && $hash)) { + return; + } + + $u = channelx_by_nick($nick); + + $sql_extra = permissions_sql(intval($u['channel_id'])); + + $r = q("select content from attach where hash = '%s' and uid = %d and os_storage = 1 $sql_extra limit 1", + dbesc($hash), + intval($u['channel_id']) + ); + if($r) { + $path = dbunescbin($r[0]['content']); + if($path && @file_exists($path . '.thumb')) { + header('Content-Type: image/jpeg'); + echo file_get_contents($path . '.thumb'); + killme(); + } + } + } +} diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index 751c4338f..a812ca210 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -52,14 +52,39 @@ class Profile_photo extends \Zotlabs\Web\Controller { return; } + $channel = \App::get_channel(); + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + + // Remove cover photo + if(isset($_POST['remove'])) { + + $r = q("SELECT resource_id FROM photo WHERE photo_usage = %d AND uid = %d LIMIT 1", + intval(PHOTO_PROFILE), + intval(local_channel()) + ); + + if($r) { + q("update photo set photo_usage = %d where photo_usage = %d and uid = %d", + intval(PHOTO_NORMAL), + intval(PHOTO_PROFILE), + intval(local_channel()) + ); + + $sync = attach_export_data($channel,$r[0]['resource_id']); + if($sync) + build_sync_packet($channel['channel_id'],array('file' => array($sync))); + } + + $_SESSION['reload_avatar'] = true; + + goaway(z_root() . '/profiles'); + } if((array_key_exists('cropfinal',$_POST)) && (intval($_POST['cropfinal']) == 1)) { // logger('crop: ' . print_r($_POST,true)); - - // phase 2 - we have finished cropping if(argc() != 2) { @@ -119,39 +144,48 @@ class Profile_photo extends \Zotlabs\Web\Controller { 'filename' => $base_image['filename'], 'album' => t('Profile Photos'), 'os_path' => $base_image['os_path'], - 'display_path' => $base_image['display_path'] + 'display_path' => $base_image['display_path'], + 'photo_usage' => PHOTO_PROFILE, + 'edited' => dbescdate($base_image['edited']) ]; - $p['imgscale'] = PHOTO_RES_PROFILE_300; $p['photo_usage'] = (($is_default_profile) ? PHOTO_PROFILE : PHOTO_NORMAL); - $r1 = $im->save($p); + $r1 = $im->storeThumbnail($p, PHOTO_RES_PROFILE_300); $im->scaleImage(80); - $p['imgscale'] = PHOTO_RES_PROFILE_80; - - $r2 = $im->save($p); + $r2 = $im->storeThumbnail($p, PHOTO_RES_PROFILE_80); $im->scaleImage(48); - $p['imgscale'] = PHOTO_RES_PROFILE_48; - - $r3 = $im->save($p); - + $r3 = $im->storeThumbnail($p, PHOTO_RES_PROFILE_48); + if($r1 === false || $r2 === false || $r3 === false) { // if one failed, delete them all so we can start over. notice( t('Image resize failed.') . EOL ); - $x = q("delete from photo where resource_id = '%s' and uid = %d and imgscale in ( %d, %d, %d ) ", + $x = q("delete from photo where resource_id = '%s' and uid = %d and imgscale in ( %d, %d, %d )", + dbesc($base_image['resource_id']), + local_channel(), + intval(PHOTO_RES_PROFILE_300), + intval(PHOTO_RES_PROFILE_80), + intval(PHOTO_RES_PROFILE_48) + ); + + $x = q("SELECT content FROM photo WHERE resource_id = '%s' AND uid = %d AND os_storage = 1 AND imgscale IN ( %d, %d, %d )", dbesc($base_image['resource_id']), local_channel(), intval(PHOTO_RES_PROFILE_300), intval(PHOTO_RES_PROFILE_80), intval(PHOTO_RES_PROFILE_48) ); + if($x) { + foreach($x as $xx) { + @unlink(dbunescbin($xx['content'])); + } + } + return; } - $channel = \App::get_channel(); - // If setting for the default profile, unset the profile photo flag from any other photos I own if($is_default_profile) { @@ -198,7 +232,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { $r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s' where xchan_hash = '%s'", dbesc($im->getType()), - dbesc(datetime_convert()), + dbescdate($base_image['edited']), dbesc(z_root() . '/photo/profile/l/' . $channel['channel_id']), dbesc(z_root() . '/photo/profile/m/' . $channel['channel_id']), dbesc(z_root() . '/photo/profile/s/' . $channel['channel_id']), @@ -245,7 +279,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { else { require_once('include/attach.php'); - $res = attach_store(\App::get_channel(), get_observer_hash(), '', array('album' => t('Profile Photos'), 'hash' => $hash)); + $res = attach_store(\App::get_channel(), get_observer_hash(), '', array('album' => t('Profile Photos'), 'hash' => $hash, 'nosync' => true)); logger('attach_store: ' . print_r($res,true)); } @@ -353,20 +387,23 @@ class Profile_photo extends \Zotlabs\Web\Controller { if($havescale) { // unset any existing profile photos - $r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d AND uid = %d", + $x = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d AND uid = %d", intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), - intval(local_channel())); - - $r = q("UPDATE photo SET photo_usage = %d WHERE uid = %d AND resource_id = '%s'", + intval(local_channel()) + ); + + $edited = datetime_convert(); + + $x = q("UPDATE photo SET photo_usage = %d, edited = '%s' WHERE uid = %d AND resource_id = '%s' AND imgscale > 0", intval(PHOTO_PROFILE), + dbescdate($edited), intval(local_channel()), dbesc($resource_id) - ); + ); - $r = q("UPDATE xchan set xchan_photo_date = '%s' - where xchan_hash = '%s'", - dbesc(datetime_convert()), + $x = q("UPDATE xchan SET xchan_photo_date = '%s' WHERE xchan_hash = '%s'", + dbescdate($edited), dbesc($channel['xchan_hash']) ); @@ -376,8 +413,10 @@ class Profile_photo extends \Zotlabs\Web\Controller { if($sync) build_sync_packet($channel['channel_id'],array('file' => array($sync))); + $_SESSION['reload_avatar'] = true; \Zotlabs\Daemon\Master::Summon(array('Directory',local_channel())); + goaway(z_root() . '/profiles'); } @@ -457,6 +496,7 @@ class Profile_photo extends \Zotlabs\Web\Controller { '$lbl_profiles' => t('Select a profile:'), '$title' => (($importing) ? t('Use Photo for Profile') : t('Change Profile Photo')), '$submit' => (($importing) ? t('Use') : t('Upload')), + '$remove' => t('Remove'), '$profiles' => $profiles, '$single' => ((count($profiles) == 1) ? true : false), '$profile0' => $profiles[0], diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index de4075ba9..33e7d8a9d 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -354,20 +354,20 @@ class Profiles extends \Zotlabs\Web\Controller { require_once('include/text.php'); - linkify_tags($a, $likes, local_channel()); - linkify_tags($a, $dislikes, local_channel()); - linkify_tags($a, $about, local_channel()); - linkify_tags($a, $interest, local_channel()); - linkify_tags($a, $interest, local_channel()); - linkify_tags($a, $contact, local_channel()); - linkify_tags($a, $channels, local_channel()); - linkify_tags($a, $music, local_channel()); - linkify_tags($a, $book, local_channel()); - linkify_tags($a, $tv, local_channel()); - linkify_tags($a, $film, local_channel()); - linkify_tags($a, $romance, local_channel()); - linkify_tags($a, $work, local_channel()); - linkify_tags($a, $education, local_channel()); + linkify_tags($likes, local_channel()); + linkify_tags($dislikes, local_channel()); + linkify_tags($about, local_channel()); + linkify_tags($interest, local_channel()); + linkify_tags($interest, local_channel()); + linkify_tags($contact, local_channel()); + linkify_tags($channels, local_channel()); + linkify_tags($music, local_channel()); + linkify_tags($book, local_channel()); + linkify_tags($tv, local_channel()); + linkify_tags($film, local_channel()); + linkify_tags($romance, local_channel()); + linkify_tags($work, local_channel()); + linkify_tags($education, local_channel()); $with = ((x($_POST,'with')) ? escape_tags(trim($_POST['with'])) : ''); diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index 94df29984..84ac42f72 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -149,11 +149,11 @@ class Pubstream extends \Zotlabs\Web\Controller { '$order' => 'comment', '$file' => '', '$cats' => '', - '$tags' => $hashtags, + '$tags' => (($hashtags) ? urlencode($hashtags) : ''), '$dend' => '', - '$mid' => $mid, + '$mid' => (($mid) ? urlencode($mid) : ''), '$verb' => '', - '$net' => $net, + '$net' => (($net) ? urlencode($net) : ''), '$dbegin' => '' )); } diff --git a/Zotlabs/Module/React.php b/Zotlabs/Module/React.php index 3920301f5..f80b04a3f 100644 --- a/Zotlabs/Module/React.php +++ b/Zotlabs/Module/React.php @@ -59,6 +59,14 @@ class React extends \Zotlabs\Web\Controller { $n['body'] = "\n\n[zmg=32x32]" . z_root() . '/images/emoji/' . $emoji . '.png[/zmg]' . "\n\n"; $n['author_xchan'] = $channel['channel_hash']; + $n['tgt_type'] = 'Image'; + $n['target'] = [ + 'type' => 'Image', + 'name' => $emoji, + 'url' => z_root() . '/images/emoji/' . $emoji . '.png' + ]; + + $x = item_store($n); retain_item($postid); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index f9d81be0c..bc813f8e1 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -1,10 +1,11 @@ <?php namespace Zotlabs\Module; -require_once('include/channel.php'); +use Zotlabs\Web\Controller; +require_once('include/security.php'); -class Register extends \Zotlabs\Web\Controller { +class Register extends Controller { function init() { @@ -39,7 +40,9 @@ class Register extends \Zotlabs\Web\Controller { function post() { - + + check_form_security_token_redirectOnErr('/register', 'register'); + $max_dailies = intval(get_config('system','max_daily_registrations')); if($max_dailies) { $r = q("select count(account_id) as total from account where account_created > %s - INTERVAL %s", @@ -269,7 +272,8 @@ class Register extends \Zotlabs\Web\Controller { require_once('include/bbcode.php'); $o = replace_macros(get_markup_template('register.tpl'), array( - + + '$form_security_token' => get_form_security_token("register"), '$title' => t('Registration'), '$reg_is' => $registration_is, '$registertext' => bbcode(get_config('system','register_text')), diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 33a6689ca..8c1e5cdab 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -14,6 +14,15 @@ class Rmagic extends \Zotlabs\Web\Controller { $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", dbesc($me) ); + if(! $r) { + $w = discover_by_webbie($me); + if($w) { + $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", + dbesc($me) + ); + } + } + if($r) { if($r[0]['hubloc_url'] === z_root()) goaway(z_root() . '/login'); @@ -49,7 +58,16 @@ class Rmagic extends \Zotlabs\Web\Controller { $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", dbesc($address) ); + if(! $r) { + $w = discover_by_webbie($address); + if($w) { + $r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", + dbesc($address) + ); + } + } } + if($r) { $url = $r[0]['hubloc_url']; } diff --git a/Zotlabs/Module/Settings/Calendar.php b/Zotlabs/Module/Settings/Calendar.php index a27bf0fa5..0298b412e 100644 --- a/Zotlabs/Module/Settings/Calendar.php +++ b/Zotlabs/Module/Settings/Calendar.php @@ -36,7 +36,7 @@ class Calendar { '$rpath' => $rpath, '$action_url' => 'settings/' . $module, '$form_security_token' => get_form_security_token('settings_' . $module), - '$title' => t('CalDAV Settings'), + '$title' => t('Calendar Settings'), '$features' => process_module_features_get(local_channel(), $features), '$submit' => t('Submit') )); diff --git a/Zotlabs/Module/Settings/Featured.php b/Zotlabs/Module/Settings/Featured.php index 542a05363..d5d740aff 100644 --- a/Zotlabs/Module/Settings/Featured.php +++ b/Zotlabs/Module/Settings/Featured.php @@ -10,20 +10,6 @@ class Featured { call_hooks('feature_settings_post', $_POST); - if($_POST['affinity_slider-submit']) { - $cmax = intval($_POST['affinity_cmax']); - if($cmax < 0 || $cmax > 99) - $cmax = 99; - $cmin = intval($_POST['affinity_cmin']); - if($cmin < 0 || $cmin > 99) - $cmin = 0; - set_pconfig(local_channel(),'affinity','cmin',$cmin); - set_pconfig(local_channel(),'affinity','cmax',$cmax); - - info( t('Affinity Slider settings updated.') . EOL); - - } - build_sync_packet(); return; } @@ -37,30 +23,10 @@ class Featured { if(! $r) $settings_addons = t('No feature settings configured'); - if(feature_enabled(local_channel(),'affinity')) { - - $cmax = intval(get_pconfig(local_channel(),'affinity','cmax')); - $cmax = (($cmax) ? $cmax : 99); - $setting_fields .= replace_macros(get_markup_template('field_input.tpl'), array( - '$field' => array('affinity_cmax', t('Default maximum affinity level'), $cmax, t('0-99 default 99')) - )); - $cmin = intval(get_pconfig(local_channel(),'affinity','cmin')); - $cmin = (($cmin) ? $cmin : 0); - $setting_fields .= replace_macros(get_markup_template('field_input.tpl'), array( - '$field' => array('affinity_cmin', t('Default minimum affinity level'), $cmin, t('0-99 - default 0')) - )); - - $settings_addons .= replace_macros(get_markup_template('generic_addon_settings.tpl'), array( - '$addon' => array('affinity_slider', '' . t('Affinity Slider Settings'), '', t('Submit')), - '$content' => $setting_fields - )); - } - call_hooks('feature_settings', $settings_addons); $this->sortpanels($settings_addons); - $tpl = get_markup_template("settings_addons.tpl"); $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_featured"), diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index c0716ca7c..541e4fa21 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -39,12 +39,12 @@ class Setup extends \Zotlabs\Web\Controller { ini_set('display_errors', '1'); // $baseurl/setup/testrewrite to test if rewrite in .htaccess is working - if (argc() == 2 && argv(1) == "testrewrite") { + if(argc() == 2 && argv(1) == 'testrewrite') { echo 'ok'; killme(); } - if (x($_POST, 'pass')) { + if(x($_POST, 'pass')) { $this->install_wizard_pass = intval($_POST['pass']); } else { $this->install_wizard_pass = 1; @@ -63,7 +63,6 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 3: - $urlpath = \App::get_path(); $dbhost = trim($_POST['dbhost']); $dbport = intval(trim($_POST['dbport'])); $dbuser = trim($_POST['dbuser']); @@ -89,7 +88,6 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 4: - $urlpath = \App::get_path(); $dbhost = trim($_POST['dbhost']); $dbport = intval(trim($_POST['dbport'])); $dbuser = trim($_POST['dbuser']); @@ -162,7 +160,6 @@ class Setup extends \Zotlabs\Web\Controller { * * @return string parsed HTML output */ - function get() { $o = ''; @@ -213,10 +210,10 @@ class Setup extends \Zotlabs\Web\Controller { } if(x(\App::$data, 'txt') && strlen(\App::$data['txt'])) { - $db_return_text .= $this->manual_config($a); + $db_return_text .= $this->manual_config(); } - if ($db_return_text != "") { + if($db_return_text != '') { $tpl = get_markup_template('install.tpl'); return replace_macros($tpl, array( '$title' => $install_title, @@ -242,7 +239,7 @@ class Setup extends \Zotlabs\Web\Controller { $this->check_keys($checks); - if (x($_POST, 'phpath')) + if(x($_POST, 'phpath')) $phpath = notags(trim($_POST['phpath'])); $this->check_php($phpath, $checks); @@ -278,7 +275,6 @@ class Setup extends \Zotlabs\Web\Controller { $dbtype = intval(trim($_POST['dbtype'])); $phpath = trim($_POST['phpath']); $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); $tpl = get_markup_template('install_db.tpl'); $o .= replace_macros($tpl, array( @@ -320,7 +316,6 @@ class Setup extends \Zotlabs\Web\Controller { $phpath = trim($_POST['phpath']); $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); $timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles'); @@ -363,12 +358,12 @@ class Setup extends \Zotlabs\Web\Controller { * @param string $help optional help string */ function check_add(&$checks, $title, $status, $required, $help = '') { - $checks[] = array( + $checks[] = [ 'title' => $title, 'status' => $status, 'required' => $required, 'help' => $help - ); + ]; } /** @@ -380,12 +375,12 @@ class Setup extends \Zotlabs\Web\Controller { function check_php(&$phpath, &$checks) { $help = ''; - if(version_compare(PHP_VERSION, '5.5') < 0) { - $help .= t('PHP version 5.5 or greater is required.'); - $this->check_add($checks, t('PHP version'), false, false, $help); + if(version_compare(PHP_VERSION, '7.1') < 0) { + $help .= t('PHP version 7.1 or greater is required.'); + $this->check_add($checks, t('PHP version'), false, true, $help); } - if (strlen($phpath)) { + if(strlen($phpath)) { $passed = file_exists($phpath); } elseif(function_exists('shell_exec')) { @@ -419,6 +414,7 @@ class Setup extends \Zotlabs\Web\Controller { $result = trim(shell_exec($cmd)); else $help .= t('Unable to check command line PHP, as shell_exec() is disabled. This is required.') . EOL; + $passed2 = (($result == $str) ? true : false); if(!$passed2) { $help .= t('The command line version of PHP on your system does not have "register_argc_argv" enabled.'). EOL; @@ -441,13 +437,18 @@ class Setup extends \Zotlabs\Web\Controller { require_once 'include/environment.php'; $help = ''; + $mem_warning = ''; $result = getPhpiniUploadLimits(); + if($result['post_max_size'] < 4194304 || $result['max_upload_filesize'] < 4194304) { + $mem_warning = '<strong>' .t('This is not sufficient to upload larger images or files. You should be able to upload at least 4 MB at once.') . '</strong>'; + } $help = sprintf(t('Your max allowed total upload size is set to %s. Maximum size of one file to upload is set to %s. You are allowed to upload up to %d files at once.'), userReadableSize($result['post_max_size']), userReadableSize($result['max_upload_filesize']), $result['max_file_uploads'] ); + $help .= $mem_warning; $help .= '<br><br>' . t('You can adjust these settings in the server php.ini file.'); $this->check_add($checks, t('PHP upload limits'), true, false, $help); @@ -462,7 +463,7 @@ class Setup extends \Zotlabs\Web\Controller { $help = ''; $res = false; - if (function_exists('openssl_pkey_new')) { + if(function_exists('openssl_pkey_new')) { $res = openssl_pkey_new(array( 'digest_alg' => 'sha1', 'private_key_bits' => 4096, @@ -472,7 +473,7 @@ class Setup extends \Zotlabs\Web\Controller { // Get private key - if (! $res) { + if(! $res) { $help .= t('Error: the "openssl_pkey_new" function on this system is not able to generate encryption keys'). EOL; $help .= t('If running under Windows, please see "http://www.php.net/manual/en/openssl.installation.php".'); } @@ -503,7 +504,7 @@ class Setup extends \Zotlabs\Web\Controller { $this->check_add($ck_funcs, t('zip PHP module'), true, true); if(function_exists('apache_get_modules')){ - if (! in_array('mod_rewrite', apache_get_modules())) { + if(! in_array('mod_rewrite', apache_get_modules())) { $this->check_add($ck_funcs, t('Apache mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.')); } else { $this->check_add($ck_funcs, t('Apache mod_rewrite module'), true, true); @@ -572,7 +573,7 @@ class Setup extends \Zotlabs\Web\Controller { $fname = '.htconfig.php'; - if((file_exists($fname) && is_writable($fname)) || + if((file_exists($fname) && is_writable($fname)) || (! (file_exists($fname) && is_writable('.')))) { $this->check_add($checks, t('.htconfig.php is writable'), $status, true, $help); return; @@ -638,7 +639,7 @@ class Setup extends \Zotlabs\Web\Controller { $url = z_root() . '/setup/testrewrite'; - if (function_exists('curl_init')){ + if(function_exists('curl_init')){ $test = z_fetch_url($url); if(! $test['success']) { if(strstr($url,'https://')) { @@ -661,14 +662,13 @@ class Setup extends \Zotlabs\Web\Controller { $help .= t('If your certificate is not recognized, members of other sites (who may themselves have valid certificates) will get a warning message on their own site complaining about security issues.') . EOL; $help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL; $help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL; - $help .= t('If you are confident that the certificate is valid and signed by a trusted authority, check to see if you have failed to install an intermediate cert. These are not normally required by browsers, but are required for server-to-server communications.') . EOL; $this->check_add($checks, t('SSL certificate validation'), false, true, $help); } } - if ((! $test['success']) || ($test['body'] != "ok")) { + if((! $test['success']) || ($test['body'] != "ok")) { $status = false; $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true)); } @@ -682,10 +682,9 @@ class Setup extends \Zotlabs\Web\Controller { /** * @brief * - * @param App &$a * @return string with paresed HTML */ - function manual_config(&$a) { + function manual_config() { $data = htmlspecialchars(\App::$data['txt'], ENT_COMPAT, 'UTF-8'); $o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.'); $o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>"; @@ -695,14 +694,19 @@ class Setup extends \Zotlabs\Web\Controller { function load_database_rem($v, $i){ $l = trim($i); - if (strlen($l)>1 && ($l[0]=="-" || ($l[0]=="/" && $l[1]=="*"))){ + if(strlen($l)>1 && ($l[0]=="-" || ($l[0]=="/" && $l[1]=="*"))){ return $v; } else { return $v."\n".$i; } } - + /** + * @brief Executes the SQL install script and create database tables. + * + * @param dba_driver $db (unused) + * @return boolean|string false on success or error message as string + */ function load_database($db) { $str = file_get_contents(\DBA::$dba->get_install_script()); $arr = explode(';', $str); @@ -728,6 +732,12 @@ class Setup extends \Zotlabs\Web\Controller { // install the standard theme set_config('system', 'allowed_themes', 'redbasic'); + // if imagick converter is installed, use it + if(@is_executable('/usr/bin/convert')) { + set_config('system','imagick_convert_path','/usr/bin/convert'); + } + + // Set a lenient list of ciphers if using openssl. Other ssl engines // (e.g. NSS used in RedHat) require different syntax, so hopefully // the default curl cipher list will work for most sites. If not, @@ -762,12 +772,12 @@ class Setup extends \Zotlabs\Web\Controller { /** * @brief * - * @param unknown $v + * @param array $v * @param array $c * @return array */ static private function check_passed($v, $c) { - if ($c['required']) + if($c['required']) $v = $v && $c['status']; return $v; diff --git a/Zotlabs/Module/Share.php b/Zotlabs/Module/Share.php index c6d0be051..53a06b072 100644 --- a/Zotlabs/Module/Share.php +++ b/Zotlabs/Module/Share.php @@ -1,6 +1,11 @@ <?php namespace Zotlabs\Module; +use App; +use Zotlabs\Daemon\Master; +use Zotlabs\Lib\Activity; + + require_once('include/security.php'); require_once('include/bbcode.php'); @@ -14,23 +19,23 @@ class Share extends \Zotlabs\Web\Controller { if(! $post_id) killme(); - echo '[share=' . $post_id . '][/share]'; - killme(); + if(! local_channel()) { + killme(); + } + $observer = App::get_observer(); - /** - * The remaining code is deprecated and handled in Zotlabs/Lib/Share.php at post - * submission time. - */ + $channel = App::get_channel(); - if(! (local_channel() || remote_channel())) - killme(); - $r = q("SELECT * from item left join xchan on author_xchan = xchan_hash WHERE id = %d LIMIT 1", intval($post_id) ); if(! $r) killme(); + + + + if(($r[0]['item_private']) && ($r[0]['xchan_network'] !== 'rss')) killme(); @@ -46,59 +51,86 @@ class Share extends \Zotlabs\Web\Controller { if($r[0]['mimetype'] !== 'text/bbcode') killme(); - - /** @FIXME eventually we want to post remotely via rpost on your home site */ - // When that works remove this next bit: - - if(! local_channel()) - killme(); - + xchan_query($r); - $is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false); - if($is_photo) { - $object = json_decode($r[0]['obj'],true); - $photo_bb = $object['body']; - } - - if (strpos($r[0]['body'], "[/share]") !== false) { - $pos = strpos($r[0]['body'], "[share"); - $o = substr($r[0]['body'], $pos); - } else { - $o = "[share author='" . urlencode($r[0]['author']['xchan_name']) . - "' profile='" . $r[0]['author']['xchan_url'] . - "' avatar='" . $r[0]['author']['xchan_photo_s'] . - "' link='" . $r[0]['plink'] . - "' auth='" . (($r[0]['author']['network'] === 'zot') ? 'true' : 'false') . - "' posted='" . $r[0]['created'] . - "' message_id='" . $r[0]['mid'] . - "']"; - if($r[0]['title']) - $o .= '[b]'.$r[0]['title'].'[/b]'."\r\n"; - $o .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']); - $o .= "[/share]"; - } - - if(local_channel()) { - echo $o; + $arr = []; + + $item = $r[0]; + + $owner_uid = $r[0]['uid']; + $owner_aid = $r[0]['aid']; + + $can_comment = false; + if((array_key_exists('owner',$item)) && intval($item['owner']['abook_self'])) + $can_comment = perm_is_allowed($item['uid'],$observer['xchan_hash'],'post_comments'); + else + $can_comment = can_comment_on_post($observer['xchan_hash'],$item); + + if(! $can_comment) { + notice( t('Permission denied') . EOL); killme(); } + + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['owner_xchan']) + ); + + if($r) + $thread_owner = $r[0]; + else + killme(); - $observer = \App::get_observer(); - $parsed = $observer['xchan_url']; - if($parsed) { - $post_url = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '') - . '/rpost'; + $r = q("select * from xchan where xchan_hash = '%s' limit 1", + dbesc($item['author_xchan']) + ); + if($r) + $item_author = $r[0]; + else + killme(); - /** - * @FIXME we were probably called from JS so we don't know the return page. - * In fact we won't be able to load the remote page. - * we might need an iframe - */ + + $arr['aid'] = $owner_aid; + $arr['uid'] = $owner_uid; + + $arr['item_origin'] = 1; + $arr['item_wall'] = $item['item_wall']; + $arr['uuid'] = item_message_id(); + $arr['mid'] = z_root() . '/activity/' . $arr['uuid']; + $arr['parent_mid'] = $item['mid']; + + $mention = '@[zrl=' . $item['author']['xchan_url'] . ']' . $item['author']['xchan_name'] . '[/zrl]'; + $arr['body'] = sprintf( t('🔁 Repeated %1$s\'s %2$s'), $mention, Activity::activity_obj_mapper($item['obj_type'])); + + $arr['author_xchan'] = $channel['channel_hash']; + $arr['owner_xchan'] = $item['author_xchan']; + $arr['obj'] = Activity::encode_item($item); + $arr['obj_type'] = $item['obj_type']; + $arr['verb'] = 'Announce'; + + $post = item_store($arr); + + $post_id = $post['item_id']; + + $arr['id'] = $post_id; - $x = z_post_url($post_url, array('f' => '', 'body' => $o )); - killme(); + call_hooks('post_local_end', $arr); + + info( t('Post repeated') . EOL); + + $r = q("select * from item where id = %d", + intval($post_id) + ); + if($r) { + xchan_query($r); + $sync_item = fetch_post_tags($r); + build_sync_packet($channel['channel_id'], [ 'item' => [ encode_item($sync_item[0],true) ] ]); } + + Master::Summon([ 'Notifier','like',$post_id ]); + + killme(); + } } diff --git a/Zotlabs/Module/Sslify.php b/Zotlabs/Module/Sslify.php index 2891f3691..37be4423b 100644 --- a/Zotlabs/Module/Sslify.php +++ b/Zotlabs/Module/Sslify.php @@ -12,10 +12,16 @@ class Sslify extends \Zotlabs\Web\Controller { list($k,$v) = array_map("trim", explode(":", trim($l), 2)); $hdrs[strtolower($k)] = $v; } - if (array_key_exists('content-type', $hdrs)) { - $type = $hdrs['content-type']; - header('Content-Type: ' . $type); - } + + if (array_key_exists('content-type', $hdrs)) + header('Content-Type: ' . $hdrs['content-type']); + if (array_key_exists('last-modified', $hdrs)) + header('Last-Modified: ' . $hdrs['last-modified']); + if (array_key_exists('cache-control', $hdrs)) + header('Cache-Control: ' . $hdrs['cache-control']); + if (array_key_exists('expires', $hdrs)) + header('Expires: ' . $hdrs['expires']); + echo $x['body']; killme(); diff --git a/Zotlabs/Module/Subthread.php b/Zotlabs/Module/Subthread.php index 54343fdfa..30e57197d 100644 --- a/Zotlabs/Module/Subthread.php +++ b/Zotlabs/Module/Subthread.php @@ -33,7 +33,7 @@ class Subthread extends \Zotlabs\Web\Controller { if(! $i) { $i = q("select * from item where id = %d and uid = %d", - intval($postid), + intval($item_id), intval($sys['channel_id']) ); diff --git a/Zotlabs/Module/Tagger.php b/Zotlabs/Module/Tagger.php index 24adf1bde..e6e80dce3 100644 --- a/Zotlabs/Module/Tagger.php +++ b/Zotlabs/Module/Tagger.php @@ -69,7 +69,7 @@ class Tagger extends \Zotlabs\Web\Controller { $post_type = t('photo'); break; case 'event': - $targgettype = ACTIVITY_OBJ_EVENT; + $targettype = ACTIVITY_OBJ_EVENT; $post_type = t('event'); break; default: diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index 0a5e86907..30df0b9e4 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; + $o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; $tpl = get_markup_template("viewcontact_template.tpl"); $o .= replace_macros($tpl, array( '$title' => t('View Connections'), diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php index 119990b57..3e49b9db4 100644 --- a/Zotlabs/Module/Viewsrc.php +++ b/Zotlabs/Module/Viewsrc.php @@ -25,10 +25,10 @@ class Viewsrc extends \Zotlabs\Web\Controller { notice( t('Item not found.') . EOL); } - $item_normal = item_normal(); + $item_normal = item_normal_search(); if(local_channel() && $item_id) { - $r = q("select id, item_flags, mimetype, item_obscured, body, llink, plink from item where uid in (%d , %d) and id = %d $item_normal limit 1", + $r = q("select id, mid, item_flags, mimetype, item_obscured, body, llink, plink from item where uid in (%d , %d) and id = %d $item_normal limit 1", intval(local_channel()), intval($sys['channel_id']), intval($item_id) @@ -53,7 +53,7 @@ class Viewsrc extends \Zotlabs\Web\Controller { if(is_ajax()) { echo '<div class="p-1">'; - echo '<div>id: ' . $r[0]['id'] . ' | <a href="' . $r[0]['plink'] . '" target="_blank">plink</a> | <a href="' . $r[0]['llink'] . '" target="_blank">llink</a></div>'; + echo '<div>id: ' . $r[0]['id'] . ' | <a href="' . $r[0]['plink'] . '" target="_blank">plink</a> | <a href="' . $r[0]['llink'] . '" target="_blank">llink</a><br>mid: ' . $r[0]['mid'] . '</div>'; echo '<hr>'; echo '<pre class="p-1">' . $o . '</pre>'; echo '</div>'; diff --git a/Zotlabs/Module/Wall_attach.php b/Zotlabs/Module/Wall_attach.php index 2250e6e44..0ede3ad90 100644 --- a/Zotlabs/Module/Wall_attach.php +++ b/Zotlabs/Module/Wall_attach.php @@ -96,9 +96,26 @@ class Wall_attach extends \Zotlabs\Web\Controller { $s = "\n\n" . $r['body'] . "\n\n"; } else { - $s = "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n"; + if(strpos($r['data']['filetype'],'video') === 0) { + // give a wee bit of time for the background thumbnail processor to do its thing + // or else we'll never see a video poster + sleep(3); + $url = z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']; + $thumb = Linkinfo::get_video_poster($url); + if($thumb) { + $s = "\n\n" . '[zvideo poster=\'' . $thumb . '\']' . $url . '[/zvideo]' . "\n\n"; + } + else { + $s = "\n\n" . '[zvideo]' . $url . '[/zvideo]' . "\n\n"; + } + } + if(strpos($r['data']['filetype'],'audio') === 0) { + $url = z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']; + echo "\n\n" . '[zaudio]' . $url . '[/zaudio]' . "\n\n"; + } + + $s .= "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n"; } - $sync = attach_export_data($channel,$r['data']['hash']); if($sync) { diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index e4591df12..a19bdbedc 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -43,6 +43,9 @@ class Wfinger extends \Zotlabs\Web\Controller { if(strpos($resource,'acct:') === 0) { $channel = str_replace('acct:','',$resource); + if(substr($channel,0,1) === '@' && strpos(substr($channel,1),'@')) { + $channel = substr($channel,1); + } if(strpos($channel,'@') !== false) { $host = substr($channel,strpos($channel,'@')+1); @@ -125,7 +128,7 @@ class Wfinger extends \Zotlabs\Web\Controller { 'http://webfinger.net/ns/name' => $r[0]['channel_name'], 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'], - 'http://purl.org/zot/federation' => 'zot' + 'http://purl.org/zot/federation' => 'zot,zot6' ]; foreach($aliases as $alias) diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 892810241..169dc6de1 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -293,9 +293,9 @@ class Wiki extends Controller { } //$wikiheaderName = urldecode($wikiUrlName); - $wikiheaderName = NativeWiki::name_decode($wikiUrlName); + $wikiheaderName = escape_tags(NativeWiki::name_decode($wikiUrlName)); //$wikiheaderPage = urldecode($pageUrlName); - $wikiheaderPage = NativeWiki::name_decode($pageUrlName); + $wikiheaderPage = escape_tags(NativeWiki::name_decode($pageUrlName)); $renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page')); $sharePage = t('Share'); @@ -373,13 +373,13 @@ class Wiki extends Controller { $placeholder = t('Short description of your changes (optional)'); - $zrl = urlencode( z_root() . '/wiki/' . argv(1) . '/' . NativeWiki::name_encode($wikiUrlName) . '/' . NativeWiki::name_encode($pageUrlName) ); + $zrl = z_root() . '/wiki/' . argv(1) . '/' . NativeWiki::name_encode($wikiUrlName) . '/' . NativeWiki::name_encode($pageUrlName); $o .= replace_macros(get_markup_template('wiki.tpl'),array( '$wikiheaderName' => $wikiheaderName, '$wikiheaderPage' => $wikiheaderPage, '$renamePage' => $renamePage, '$sharePage' => $sharePage, - '$shareLink' => '#^[zrl=' . $zrl . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]', + '$shareLink' => urlencode('#^[zrl=' . $zrl . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'), '$showPageControls' => $showPageControls, '$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')), '$tools_label' => 'Page Tools', @@ -442,8 +442,8 @@ class Wiki extends Controller { $mimeType = $_POST['mimetype']; if($mimeType === 'text/bbcode') { - $linkconverted = NativeWikiPage::convert_links($content,$wikiURL); - $html = zidify_links(smilies(bbcode($linkconverted))); + $html = zidify_links(smilies(bbcode($content))); + $html = NativeWikiPage::convert_links($html,$wikiURL); } elseif($mimeType === 'text/markdown') { $linkconverted = NativeWikiPage::convert_links($content,$wikiURL); |