diff options
Diffstat (limited to 'Zotlabs/Module')
| -rw-r--r-- | Zotlabs/Module/Acl.php | 126 | ||||
| -rw-r--r-- | Zotlabs/Module/Attach.php | 164 | ||||
| -rw-r--r-- | Zotlabs/Module/Attach_edit.php | 203 | ||||
| -rw-r--r-- | Zotlabs/Module/Cdav.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Cloud.php | 20 | ||||
| -rw-r--r-- | Zotlabs/Module/Dav.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Directory.php | 194 | ||||
| -rw-r--r-- | Zotlabs/Module/File_upload.php | 22 | ||||
| -rw-r--r-- | Zotlabs/Module/Filestorage.php | 17 | ||||
| -rw-r--r-- | Zotlabs/Module/Getfile.php | 40 | ||||
| -rw-r--r-- | Zotlabs/Module/Import.php | 5 | ||||
| -rw-r--r-- | Zotlabs/Module/Item.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Like.php | 202 | ||||
| -rw-r--r-- | Zotlabs/Module/Lockview.php | 60 | ||||
| -rw-r--r-- | Zotlabs/Module/Owa.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Photo.php | 22 | ||||
| -rw-r--r-- | Zotlabs/Module/Photos.php | 609 | ||||
| -rw-r--r-- | Zotlabs/Module/Profiles.php | 250 | ||||
| -rw-r--r-- | Zotlabs/Module/Pubsites.php | 27 | ||||
| -rw-r--r-- | Zotlabs/Module/Rpost.php | 64 | ||||
| -rw-r--r-- | Zotlabs/Module/Sse_bs.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Zfinger.php | 8 |
22 files changed, 1193 insertions, 852 deletions
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 4b79211a6..fb95b0504 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -2,6 +2,8 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Libzotdir; + require_once 'include/acl_selectors.php'; require_once 'include/group.php'; @@ -46,20 +48,20 @@ class Acl extends \Zotlabs\Web\Controller { // 'a' => autocomplete connections (mod_connections, mod_poke, mod_sources, mod_photos) // 'x' => nav search bar autocomplete (match any xchan) // $_REQUEST['query'] contains autocomplete search text. - - // List of channels whose connections to also suggest, + + // List of channels whose connections to also suggest, // e.g. currently viewed channel or channels mentioned in a post $extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array()); - + // The different autocomplete libraries use different names for the search text // parameter. Internally we'll use $search to represent the search text no matter - // what request variable it was attached to. - + // what request variable it was attached to. + if(array_key_exists('query',$_REQUEST)) { $search = $_REQUEST['query']; } - + if( (! local_channel()) && (! in_array($type, [ 'x', 'c', 'f' ]))) killme(); @@ -68,7 +70,7 @@ class Acl extends \Zotlabs\Web\Controller { if(in_array($type, [ 'm', 'a', 'c', 'f' ])) { // These queries require permission checking. We'll create a simple array of xchan_hash for those with - // the requisite permissions which we can check against. + // the requisite permissions which we can check against. $x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = '1'", intval(local_channel()), @@ -85,34 +87,34 @@ class Acl extends \Zotlabs\Web\Controller { $sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; $sql_extra2_xchan = "AND ( xchan_name LIKE " . protect_sprintf( "'" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") "; - // This horrible mess is needed because position also returns 0 if nothing is found. + // This horrible mess is needed because position also returns 0 if nothing is found. // Would be MUCH easier if it instead returned a very large value - // Otherwise we could just + // Otherwise we could just // order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)). - $order_extra2 = "CASE WHEN xchan_name LIKE " - . protect_sprintf( "'%" . dbesc($search) . "%'" ) - . " then POSITION('" . protect_sprintf(dbesc($search)) + $order_extra2 = "CASE WHEN xchan_name LIKE " + . protect_sprintf( "'%" . dbesc($search) . "%'" ) + . " then POSITION('" . protect_sprintf(dbesc($search)) . "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, "; $sql_extra3 = "AND ( xchan_addr like " . protect_sprintf( "'%" . dbesc(punify($search)) . "%'" ) . " OR xchan_name like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ) "; - + } else { $sql_extra = $sql_extra2 = $sql_extra3 = ""; } - - + + $groups = array(); $contacts = array(); - + if($type == '' || $type == 'g') { // virtual groups based on private profile viewing ability $r = q("select id, profile_guid, profile_name from profile where is_default = 0 and uid = %d", intval(local_channel()) - ); + ); if($r) { foreach($r as $rv) { $groups[] = array( @@ -130,19 +132,19 @@ class Acl extends \Zotlabs\Web\Controller { // Normal privacy groups $r = q("SELECT pgrp.id, pgrp.hash, pgrp.gname - FROM pgrp, pgrp_member - WHERE pgrp.deleted = 0 AND pgrp.uid = %d + FROM pgrp, pgrp_member + WHERE pgrp.deleted = 0 AND pgrp.uid = %d AND pgrp_member.gid = pgrp.id $sql_extra GROUP BY pgrp.id - ORDER BY pgrp.gname + ORDER BY pgrp.gname LIMIT %d OFFSET %d", intval(local_channel()), intval($count), intval($start) ); - if($r) { + if($r) { foreach($r as $g){ // logger('acl: group: ' . $g['gname'] . ' members: ' . group_get_members_xchan($g['id'])); $groups[] = array( @@ -157,10 +159,10 @@ class Acl extends \Zotlabs\Web\Controller { } } } - + if($type == '' || $type == 'c' || $type === 'f') { - $extra_channels_sql = ''; + $extra_channels_sql = ''; // Only include channels who allow the observer to view their connections if($extra_channels) { @@ -172,7 +174,7 @@ class Acl extends \Zotlabs\Web\Controller { } } } - + // Getting info from the abook is better for local users because it contains info about permissions if(local_channel()) { if($extra_channels_sql != '') @@ -199,7 +201,7 @@ class Acl extends \Zotlabs\Web\Controller { $r2 = array(); foreach($r1 as $rr) { $x = atoken_xchan($rr); - $r2[] = [ + $r2[] = [ 'id' => 'a' . $rr['atoken_id'] , 'hash' => $x['xchan_hash'], 'name' => $x['xchan_name'], @@ -211,12 +213,12 @@ class Acl extends \Zotlabs\Web\Controller { 'abook_self' => 0 ]; } - } + } // add connections - - $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self - FROM abook left join xchan on abook_xchan = xchan_hash + + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self + FROM abook left join xchan on abook_xchan = xchan_hash WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) ); @@ -230,23 +232,23 @@ class Acl extends \Zotlabs\Web\Controller { WHERE xlink_xchan = '%s' AND xchan_deleted = 0 $sql_extra2_xchan order by $order_extra2 xchan_name asc" , dbesc(get_observer_hash()) ); - + // Find contacts of extra channels // This is probably more complicated than it needs to be if($extra_channels_sql) { // Build a list of hashes that we got previously so we don't get them again $known_hashes = array("'".get_observer_hash()."'"); if($r) - foreach($r as $rr) + foreach($r as $rr) $known_hashes[] = "'".$rr['hash']."'"; $known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')'; - - $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self - FROM abook left join xchan on abook_xchan = xchan_hash + + $r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self + FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc"); if($r2) $r = array_merge($r,$r2); - + // Sort accoring to match position, then alphabetically. This could be avoided if the above two SQL queries could be combined into one, and the sorting could be done on the SQl server (like in the case of a local user) $matchpos = function($x) use($search) { $namepos = strpos($x['name'],$search); @@ -269,22 +271,22 @@ class Acl extends \Zotlabs\Web\Controller { } } if((count($r) < 100) && $type == 'c') { - $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self - FROM xchan + $r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self + FROM xchan WHERE xchan_deleted = 0 and not xchan_network in ('rss','anon','unknown') $sql_extra2_xchan order by $order_extra2 xchan_name asc" ); if($r2) { $r = array_merge($r,$r2); $r = unique_multidim_array($r,'hash'); - } + } } } elseif($type == 'm') { $r = array(); - $z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + $z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_channel = %d + WHERE abook_channel = %d and xchan_deleted = 0 and xchan_network IN ('zot', 'diaspora', 'friendica-over-diaspora') $sql_extra3 @@ -298,10 +300,10 @@ class Acl extends \Zotlabs\Web\Controller { } } } - + } elseif($type == 'a') { - + $r = q("SELECT abook_id as id, xchan_name as name, xchan_network as net, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and xchan_deleted = 0 @@ -309,7 +311,7 @@ class Acl extends \Zotlabs\Web\Controller { ORDER BY xchan_name ASC ", intval(local_channel()) ); - + } elseif($type == 'x') { $r = $this->navbar_complete($a); @@ -323,7 +325,7 @@ class Acl extends \Zotlabs\Web\Controller { ); } } - + $o = array( 'start' => $start, 'count' => $count, @@ -334,17 +336,17 @@ class Acl extends \Zotlabs\Web\Controller { } else $r = array(); - + if($r) { $i = count($contacts); $x = []; foreach($r as $g) { - + if(in_array($g['net'],['rss','anon','unknown']) && ($type != 'a')) continue; $g['hash'] = urlencode($g['hash']); - + if(! $g['nick']) { $g['nick'] = $g['url']; } @@ -386,11 +388,11 @@ class Acl extends \Zotlabs\Web\Controller { } } $i++; - } + } } - + $items = array_merge($groups, $contacts); - + $o = array( 'start' => $start, 'count' => $count, @@ -404,50 +406,50 @@ class Acl extends \Zotlabs\Web\Controller { function navbar_complete(&$a) { - + // logger('navbar_complete'); - + if(observer_prohibited()) { return; } - + $dirmode = intval(get_config('system','directory_mode')); $search = ((x($_REQUEST,'search')) ? htmlentities($_REQUEST['search'],ENT_COMPAT,'UTF-8',false) : ''); if(! $search || mb_strlen($search) < 2) return array(); - + $star = false; $address = false; - + if(substr($search,0,1) === '@') $search = substr($search,1); - + if(substr($search,0,1) === '*') { $star = true; $search = substr($search,1); } - + if(strpos($search,'@') !== false) { $address = true; } - + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { $url = z_root() . '/dirsearch'; } - + if(! $url) { require_once("include/dir_fns.php"); - $directory = find_upstream_directory($dirmode); + $directory = Libzotdir::find_upstream_directory($dirmode); $url = $directory['url'] . '/dirsearch'; } $token = get_config('system','realm_token'); - + $count = (x($_REQUEST,'count') ? $_REQUEST['count'] : 100); if($url) { $query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : ''); $query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : ''); - + $x = z_fetch_url($query); if($x['success']) { $t = 0; diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index 490d5edd0..172f6a4bc 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -1,61 +1,187 @@ <?php namespace Zotlabs\Module; +use ZipArchive; +use Zotlabs\Web\Controller; +use Zotlabs\Lib\Verify; + require_once('include/security.php'); require_once('include/attach.php'); +class Attach extends Controller { + + function post() { + + $attach_ids = ((x($_REQUEST, 'attach_ids')) ? $_REQUEST['attach_ids'] : []); + $attach_path = ((x($_REQUEST, 'attach_path')) ? $_REQUEST['attach_path'] : ''); + $channel_id = ((x($_REQUEST, 'channel_id')) ? intval($_REQUEST['channel_id']) : 0); + $channel = channelx_by_n($channel_id); + + if (! $channel) { + notice(t('Channel not found.') . EOL); + return; + } + + $strip_str = '/cloud/' . $channel['channel_address'] . '/'; + $count = strlen($strip_str); + $attach_path = substr($attach_path, $count); + + if ($attach_ids) { + + $zip_dir = 'store/[data]/' . $channel['channel_address'] . '/tmp'; + if (! is_dir($zip_dir)) + mkdir($zip_dir, STORAGE_DEFAULT_PERMISSIONS, true); + + $token = random_string(32); + + $zip_file = 'download_' . $token . '.zip'; + $zip_path = $zip_dir . '/' . $zip_file; + + $zip = new ZipArchive(); + + if ($zip->open($zip_path, ZipArchive::CREATE) === true) { + + $zip_filename = self::zip_archive_handler($zip, $attach_ids, $attach_path); + + $zip->close(); + + $meta = [ + 'zip_filename' => $zip_filename, + 'zip_path' => $zip_path + ]; -class Attach extends \Zotlabs\Web\Controller { + Verify::create('zip_token', 0, $token, json_encode($meta)); + + json_return_and_die([ + 'success' => true, + 'token' => $token + ]); + + } + } + } + + function get() { - function init() { - if(argc() < 2) { notice( t('Item not available.') . EOL); return; } - + + $token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : ''); + + if(argv(1) === 'download') { + $meta = Verify::get_meta('zip_token', 0, $token); + + if(! $meta) + killme(); + + $meta = json_decode($meta, true); + + header('Content-Type: application/zip'); + header('Content-Disposition: attachment; filename="'. $meta['zip_filename'] . '"'); + header('Content-Length: ' . filesize($meta['zip_path'])); + + $istream = fopen($meta['zip_path'], 'rb'); + $ostream = fopen('php://output', 'wb'); + if($istream && $ostream) { + pipe_streams($istream, $ostream); + fclose($istream); + fclose($ostream); + } + + unlink($meta['zip_path']); + killme(); + } + $r = attach_by_hash(argv(1),get_observer_hash(),((argc() > 2) ? intval(argv(2)) : 0)); - + if(! $r['success']) { notice( $r['message'] . EOL); return; } - + $c = q("select channel_address from channel where channel_id = %d limit 1", intval($r['data']['uid']) ); - + if(! $c) return; - - + $unsafe_types = array('text/html','text/css','application/javascript'); - + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) { - header('Content-type: text/plain'); + header('Content-Type: text/plain'); } else { - header('Content-type: ' . $r['data']['filetype']); + header('Content-Type: ' . $r['data']['filetype']); } - - header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"'); + + header('Content-Disposition: attachment; filename="' . $r['data']['filename'] . '"'); if(intval($r['data']['os_storage'])) { - $fname = dbunescbin($r['data']['content']); + $fname = $r['data']['content']; if(strpos($fname,'store') !== false) $istream = fopen($fname,'rb'); else $istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb'); $ostream = fopen('php://output','wb'); if($istream && $ostream) { - pipe_streams($istream,$ostream); + pipe_streams($istream, $ostream); fclose($istream); fclose($ostream); } } else - echo dbunescbin($r['data']['content']); + echo $r['data']['content']; killme(); - + } - + + public function zip_archive_handler($zip, $attach_ids, $attach_path, $pass = 1) { + + $observer_hash = get_observer_hash(); + $single = ((count($attach_ids) == 1) ? true : false); + $download_name = 'download.zip'; + + foreach($attach_ids as $attach_id) { + + $r = attach_by_id($attach_id, $observer_hash); + + if (! $r['success']) { + continue; + } + + if ($r['data']['is_dir'] && $single && $pass === 1) + $download_name = $r['data']['filename'] . '.zip'; + + $zip_path = $r['data']['display_path']; + + if ($attach_path) { + $strip_str = $attach_path . '/'; + $count = strlen($strip_str); + $zip_path = substr($r['data']['display_path'], $count); + } + + if ($r['data']['is_dir']) { + $zip->addEmptyDir($zip_path); + + $d = q("SELECT id FROM attach WHERE folder = '%s'", + dbesc($r['data']['hash']) + ); + + $attach_ids = ids_to_array($d); + self::zip_archive_handler($zip, $attach_ids, $attach_path, $pass++); + } + else { + $file_path = $r['data']['content']; + $zip->addFile($file_path, $zip_path); + // compressing can be ressource intensive - just store the data + $zip->setCompressionName($zip_path, ZipArchive::CM_STORE); + } + + } + + return $download_name; + } + } diff --git a/Zotlabs/Module/Attach_edit.php b/Zotlabs/Module/Attach_edit.php new file mode 100644 index 000000000..5880d8f13 --- /dev/null +++ b/Zotlabs/Module/Attach_edit.php @@ -0,0 +1,203 @@ +<?php +namespace Zotlabs\Module; +/** + * @file Zotlabs/Module/Attach_edit.php + * + */ + +use App; +use Zotlabs\Web\Controller; +use Zotlabs\Lib\Libsync; +use Zotlabs\Access\AccessList; + +class Attach_edit extends Controller { + + function post() { + + if (!local_channel() && !remote_channel()) { + return; + } + + $attach_ids = ((x($_POST, 'attach_ids')) ? $_POST['attach_ids'] : []); + $attach_id = ((x($_POST, 'attach_id')) ? intval($_POST['attach_id']) : 0); + $channel_id = ((x($_POST, 'channel_id')) ? intval($_POST['channel_id']) : 0); + $dnd = ((x($_POST, 'dnd')) ? intval($_POST['dnd']) : 0); + $permissions = ((x($_POST, 'permissions')) ? intval($_POST['permissions']) : 0); + $return_path = ((x($_POST, 'return_path')) ? notags($_POST['return_path']) : 'cloud'); + $delete = ((x($_POST, 'delete')) ? intval($_POST['delete']) : 0); + $newfolder = ((x($_POST, 'newfolder_' . $attach_id)) ? notags($_POST['newfolder_' . $attach_id]) : ''); + if(! $newfolder) + $newfolder = ((x($_POST, 'newfolder')) ? notags($_POST['newfolder']) : ''); + $newfilename = ((x($_POST, 'newfilename_' . $attach_id)) ? notags($_POST['newfilename_' . $attach_id]) : ''); + $recurse = ((x($_POST, 'recurse_' . $attach_id)) ? intval($_POST['recurse_' . $attach_id]) : 0); + if(! $recurse) + $recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0); + $notify = ((x($_POST, 'notify_edit_' . $attach_id)) ? intval($_POST['notify_edit_' . $attach_id]) : 0); + $copy = ((x($_POST, 'copy_' . $attach_id)) ? intval($_POST['copy_' . $attach_id]) : 0); + if(! $copy) + $copy = ((x($_POST, 'copy')) ? intval($_POST['copy']) : 0); + + $categories = ((x($_POST, 'categories_' . $attach_id)) ? notags($_POST['categories_' . $attach_id]) : ''); + if(! $categories) + $categories = ((x($_POST, 'categories')) ? notags($_POST['categories']) : ''); + + if($attach_id) + $attach_ids[] = $attach_id; + + $single = ((count($attach_ids) === 1) ? true : false); + + $channel = channelx_by_n($channel_id); + + if (! $channel) { + notice(t('Channel not found.') . EOL); + return; + } + + $nick = $channel['channel_address']; + $observer = App::get_observer(); + $observer_hash = (($observer) ? $observer['xchan_hash'] : ''); + $is_owner = ((local_channel() == $channel_id) ? true : false); + + $ids_str = implode(',', $attach_ids); + + $r = q("SELECT id, uid, hash, creator, folder, filename, is_photo, is_dir FROM attach WHERE id IN ( %s ) AND uid = %d", + dbesc($ids_str), + intval($channel_id) + ); + + if (! $r) { + notice(t('File not found.') . EOL); + return; + } + + foreach ($r as $rr) { + $actions_done = ''; + $attach_id = $rr['id']; + $resource = $rr['hash']; + $creator = $rr['creator']; + $folder = $rr['folder']; + $filename = $rr['filename']; + $is_photo = intval($rr['is_photo']); + $is_dir = intval($rr['is_dir']); + $admin_delete = false; + + $is_creator = (($creator == $observer_hash) ? true : false); + $move = ((! $copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false); + + $perms = get_all_perms($channel_id, $observer_hash); + + if (! ($perms['view_storage'] || is_site_admin())) { + notice( t('Permission denied.') . EOL); + continue; + } + + if (! $perms['write_storage']) { + if (is_site_admin()) { + $admin_delete = true; + } + else { + notice( t('Permission denied.') . EOL); + continue; + } + } + + if (!$is_owner && !$admin_delete) { + if(! $is_creator) { + notice( t('Permission denied.') . EOL); + continue; + } + } + + if ($delete) { + attach_delete($channel_id, $resource, $is_photo); + $actions_done .= 'delete,'; + } + + if ($copy) { + if($is_dir && $resource == $newfolder) { + notice( t('Can not copy folder into itself.') . EOL); + continue; + } + $x = attach_copy($channel_id, $resource, $newfolder, (($single) ? $newfilename : '')); + if ($x['success']) + $resource = $x['resource_id']; + + $actions_done .= 'copy,'; + + } + + if ($move) { + if($is_dir && $resource == $newfolder) { + notice( sprintf(t('Can not move folder "%s" into itself.'), $filename) . EOL); + continue; + } + $x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : '')); + + $actions_done .= 'move,'; + + } + + if(! $delete && ! $dnd) { + if ($single || (! $single && $categories)) { + q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d", + intval($channel_id), + intval($attach_id), + intval(TERM_OBJ_FILE) + ); + $cat = explode(',', $categories); + if ($cat) { + foreach($cat as $term) { + $term = trim(escape_tags($term)); + if ($term) { + $term_link = z_root() . '/cloud/' . $nick . '/?cat=' . $term; + store_item_tag($channel_id, $attach_id, TERM_OBJ_FILE, TERM_CATEGORY, $term, $term_link); + } + } + $actions_done .= 'cat_add,'; + } + } + else { + q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d", + intval($channel_id), + intval($attach_id), + intval(TERM_OBJ_FILE) + ); + $actions_done .= 'cat_remove,'; + } + + if ($is_owner && ($single || (! $single && $permissions))) { + $acl = new AccessList($channel); + $acl->set_from_array($_REQUEST); + $x = $acl->get(); + + attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true); + $actions_done .= 'permissions,'; + + if ($notify) { + attach_store_item($channel, $observer, $resource); + $actions_done .= 'notify,'; + } + } + } + + if (! $admin_delete && $actions_done) { + $sync = attach_export_data($channel, $resource, (($delete) ? true : false)); + + if ($sync) { + Libsync::build_sync_packet($channel_id, ['file' => [$sync]]); + } + } + + logger('attach_edit: ' . $actions_done); + + } + + if($dnd || $delete) { + json_return_and_die([ 'success' => true ]); + } + + goaway($return_path); + + } + +} diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index f7e43e436..f5c5f4384 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -50,7 +50,7 @@ class Cdav extends Controller { if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { - $r = q("select * from hubloc where hubloc_addr = '%s'", + $r = q("select * from hubloc where hubloc_id_url = '%s'", dbesc($keyId) ); if($r) { diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index f595e0fac..39ae0f92f 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -8,7 +8,11 @@ namespace Zotlabs\Module; */ use Sabre\DAV as SDAV; -use \Zotlabs\Storage; +use \Zotlabs\Web\Controller; +use \Zotlabs\Storage\BasicAuth; +use \Zotlabs\Storage\Directory; +use \Zotlabs\Storage\Browser; + // composer autoloader for SabreDAV require_once('vendor/autoload.php'); @@ -20,7 +24,7 @@ require_once('include/attach.php'); * @brief Cloud Module. * */ -class Cloud extends \Zotlabs\Web\Controller { +class Cloud extends Controller { /** * @brief Fires up the SabreDAV server. @@ -42,7 +46,7 @@ class Cloud extends \Zotlabs\Web\Controller { - $auth = new \Zotlabs\Storage\BasicAuth(); + $auth = new BasicAuth(); $ob_hash = get_observer_hash(); @@ -72,7 +76,7 @@ class Cloud extends \Zotlabs\Web\Controller { if($x !== \App::$query_string) goaway(z_root() . '/' . $x); - $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth); + $rootDirectory = new Directory('/', [], $auth); // A SabreDAV server-object $server = new SDAV\Server($rootDirectory); @@ -85,7 +89,7 @@ class Cloud extends \Zotlabs\Web\Controller { $is_readable = false; // provide a directory view for the cloud in Hubzilla - $browser = new \Zotlabs\Storage\Browser($auth); + $browser = new Browser($auth); $auth->setBrowserPlugin($browser); $server->addPlugin($browser); @@ -105,13 +109,13 @@ class Cloud extends \Zotlabs\Web\Controller { if($browser->build_page) construct_page(); - + killme(); } function DAVException($err) { - + if($err instanceof \Sabre\DAV\Exception\NotFound) { notice( t('Not found') . EOL); } @@ -126,7 +130,7 @@ class Cloud extends \Zotlabs\Web\Controller { } construct_page(); - + killme(); } diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 11950dda0..82d773139 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -51,7 +51,7 @@ class Dav extends \Zotlabs\Web\Controller { if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { - $r = q("select * from hubloc where hubloc_addr = '%s'", + $r = q("select * from hubloc where hubloc_id_url = '%s'", dbesc($keyId) ); if($r) { @@ -100,7 +100,7 @@ class Dav extends \Zotlabs\Web\Controller { $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV'); - $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth); + $rootDirectory = new \Zotlabs\Storage\Directory('/', [], $auth); // A SabreDAV server-object $server = new SDAV\Server($rootDirectory); diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index e1bf0f6cf..7295f3099 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -4,6 +4,8 @@ namespace Zotlabs\Module; use App; use Zotlabs\Web\Controller; +use Zotlabs\Lib\Libzotdir; + require_once('include/socgraph.php'); require_once('include/dir_fns.php'); @@ -15,7 +17,7 @@ class Directory extends Controller { function init() { App::set_pager_itemspage(30); - + if(local_channel() && x($_GET,'ignore')) { q("insert into xign ( uid, xchan ) values ( %d, '%s' ) ", intval(local_channel()), @@ -26,12 +28,12 @@ class Directory extends Controller { if(local_channel()) App::$profile_uid = local_channel(); - + $observer = get_observer_hash(); $global_changed = false; $safe_changed = false; $pubforums_changed = false; - + if(array_key_exists('global',$_REQUEST)) { $globaldir = intval($_REQUEST['global']); $global_changed = true; @@ -41,7 +43,7 @@ class Directory extends Controller { if($observer) set_xconfig($observer,'directory','globaldir',$globaldir); } - + if(array_key_exists('safe',$_REQUEST)) { $safemode = intval($_REQUEST['safe']); $safe_changed = true; @@ -51,8 +53,8 @@ class Directory extends Controller { if($observer) set_xconfig($observer,'directory','safemode',$safemode); } - - + + if(array_key_exists('pubforums',$_REQUEST)) { $pubforums = intval($_REQUEST['pubforums']); $pubforums_changed = true; @@ -64,52 +66,52 @@ class Directory extends Controller { } } - + function get() { - + if(observer_prohibited()) { notice( t('Public access denied.') . EOL); return; } - + if(get_config('system','block_public_directory',false) && (! get_observer_hash())) { notice( t('Public access denied.') . EOL); return; } - + $observer = get_observer_hash(); - - $globaldir = get_directory_setting($observer, 'globaldir'); + + $globaldir = Libzotdir::get_directory_setting($observer, 'globaldir'); // override your personal global search pref if we're doing a navbar search of the directory if(intval($_REQUEST['navsearch'])) $globaldir = 1; - - $safe_mode = get_directory_setting($observer, 'safemode'); - - $pubforums = get_directory_setting($observer, 'pubforums'); - + + $safe_mode = Libzotdir::get_directory_setting($observer, 'safemode'); + + $pubforums = Libzotdir::get_directory_setting($observer, 'pubforums'); + $o = ''; nav_set_selected('Directory'); - + if(x($_POST,'search')) $search = notags(trim($_POST['search'])); else $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); - - + + if(strpos($search,'=') && local_channel() && feature_enabled(local_channel(), 'advanced_dirsearch')) $advanced = $search; - + $keywords = (($_GET['keywords']) ? $_GET['keywords'] : ''); - + // Suggest channels if no search terms or keywords are given $suggest = (local_channel() && x($_REQUEST,'suggest')) ? $_REQUEST['suggest'] : ''; - + if($suggest) { // the directory options have no effect in suggestion mode - + $globaldir = 1; $safe_mode = 1; $type = 0; @@ -120,7 +122,7 @@ class Directory extends Controller { notice( t('No default suggestions were found.') . EOL); return; } - + // Remember in which order the suggestions were $addresses = array(); $common = array(); @@ -129,7 +131,7 @@ class Directory extends Controller { $common[$rr['xchan_addr']] = ((intval($rr['total']) > 0) ? intval($rr['total']) - 1 : 0); $addresses[$rr['xchan_addr']] = $index++; } - + // Build query to get info about suggested people $advanced = ''; foreach(array_keys($addresses) as $address) { @@ -137,13 +139,13 @@ class Directory extends Controller { } // Remove last space in the advanced query $advanced = rtrim($advanced); - + } - + $tpl = get_markup_template('directory_header.tpl'); - + $dirmode = intval(get_config('system','directory_mode')); - + $directory_admin = false; if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { @@ -154,19 +156,19 @@ class Directory extends Controller { } if(! $url) { - $directory = find_upstream_directory($dirmode); + $directory = Libzotdir::find_upstream_directory($dirmode); if((! $directory) || (! array_key_exists('url',$directory)) || (! $directory['url'])) logger('CRITICAL: No directory server URL'); $url = $directory['url'] . '/dirsearch'; } - + $token = get_config('system','realm_token'); - - + + logger('mod_directory: URL = ' . $url, LOGGER_DEBUG); - + $contacts = array(); - + if(local_channel()) { $x = q("select abook_xchan from abook where abook_channel = %d", intval(local_channel()) @@ -176,24 +178,24 @@ class Directory extends Controller { $contacts[] = $xx['abook_xchan']; } } - + if($url) { - + $numtags = get_config('system','directorytags'); - + $kw = ((intval($numtags) > 0) ? intval($numtags) : 50); - + if(get_config('system','disable_directory_keywords')) $kw = 0; - + $query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : ''); - + if($token) $query .= '&t=' . $token; - + if(! $globaldir) $query .= '&hub=' . App::get_hostname(); - + if($search) $query .= '&name=' . urlencode($search) . '&keywords=' . urlencode($search); if(strpos($search,'@')) @@ -204,29 +206,29 @@ class Directory extends Controller { $query .= '&query=' . urlencode($advanced); if(! is_null($pubforums)) $query .= '&pubforums=' . intval($pubforums); - + $directory_sort_order = get_config('system','directory_sort_order'); if(! $directory_sort_order) $directory_sort_order = 'date'; - + $sort_order = ((x($_REQUEST,'order')) ? $_REQUEST['order'] : $directory_sort_order); - + if($sort_order) $query .= '&order=' . urlencode($sort_order); - + if(App::$pager['page'] != 1) $query .= '&p=' . App::$pager['page']; - + logger('mod_directory: query: ' . $query); - + $x = z_fetch_url($query); logger('directory: return from upstream: ' . print_r($x,true), LOGGER_DATA); - + if($x['success']) { $t = 0; $j = json_decode($x['body'],true); if($j) { - + if($j['results']) { $results = $j['results']; @@ -235,23 +237,23 @@ class Directory extends Controller { } $entries = array(); - + $photo = 'thumb'; - + foreach($results as $rr) { - + $profile_link = chanlink_url($rr['url']); - + $pdesc = (($rr['description']) ? $rr['description'] . '<br />' : ''); - $connect_link = ((local_channel()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); - + $connect_link = ((local_channel()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); + // Checking status is disabled ATM until someone checks the performance impact more carefully //$online = remote_online_status($rr['address']); $online = ''; - + if(in_array($rr['hash'],$contacts)) $connect_link = ''; - + $location = ''; if(strlen($rr['locale'])) $location .= $rr['locale']; @@ -265,53 +267,53 @@ class Directory extends Controller { $location .= ', '; $location .= $rr['country']; } - + $age = ''; if(strlen($rr['birthday'])) { if(($years = age($rr['birthday'],'UTC','')) > 0) $age = $years; } - + $page_type = ''; - + $rating_enabled = get_config('system','rating_enabled'); if($rr['total_ratings'] && $rating_enabled) $total_ratings = sprintf( tt("%d rating", "%d ratings", $rr['total_ratings']), $rr['total_ratings']); else $total_ratings = ''; - + $profile = $rr; - + if ((x($profile,'locale') == 1) || (x($profile,'region') == 1) || (x($profile,'postcode') == 1) || (x($profile,'country') == 1)) - + $gender = ((x($profile,'gender') == 1) ? t('Gender: ') . $profile['gender']: False); - + $marital = ((x($profile,'marital') == 1) ? t('Status: ') . $profile['marital']: False); - + $homepage = ((x($profile,'homepage') == 1) ? t('Homepage: ') : False); - $homepageurl = ((x($profile,'homepage') == 1) ? html2plain($profile['homepage']) : ''); - + $homepageurl = ((x($profile,'homepage') == 1) ? html2plain($profile['homepage']) : ''); + $hometown = ((x($profile,'hometown') == 1) ? html2plain($profile['hometown']) : False); - + $about = ((x($profile,'about') == 1) ? zidify_links(bbcode($profile['about'], ['tryoembed' => false])) : False); if ($about && $safe_mode) { $about = html2plain($about); } - + $keywords = ((x($profile,'keywords')) ? $profile['keywords'] : ''); - + $out = ''; - + if($keywords) { $keywords = str_replace(',',' ', $keywords); $keywords = str_replace(' ',' ', $keywords); $karr = explode(' ', $keywords); - + if($karr) { if(local_channel()) { $r = q("select keywords from profile where uid = %d and is_default = 1 limit 1", @@ -332,9 +334,9 @@ class Directory extends Controller { $out .= '<a href="' . z_root() . '/directory/f=&keywords=' . urlencode($k) .'">' . $k . '</a>'; } } - + } - + $entry = array( 'id' => ++$t, 'profile_link' => $profile_link, @@ -366,7 +368,7 @@ class Directory extends Controller { 'about' => $about, 'about_label' => t('About:'), 'conn_label' => t('Connect'), - 'forum_label' => t('Public Forum:'), + 'forum_label' => t('Public Forum:'), 'connect' => $connect_link, 'online' => $online, 'kw' => (($out) ? t('Keywords: ') : ''), @@ -378,36 +380,36 @@ class Directory extends Controller { 'common_count' => intval($common[$rr['address']]), 'safe' => $safe_mode ); - + $arr = array('contact' => $rr, 'entry' => $entry); - + call_hooks('directory_item', $arr); - + unset($profile); unset($location); - + if(! $arr['entry']) { continue; - } - + } + if($sort_order == '' && $suggest) { $entries[$addresses[$rr['address']]] = $arr['entry']; // Use the same indexes as originally to get the best suggestion first } - + else { $entries[] = $arr['entry']; } } - + ksort($entries); // Sort array by key so that foreach-constructs work as expected - + if($j['keywords']) { App::$data['directory_keywords'] = $j['keywords']; } - + logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA); - - + + if($_REQUEST['aj']) { if($entries) { $o = replace_macros(get_markup_template('directajax.tpl'),array( @@ -422,9 +424,9 @@ class Directory extends Controller { } else { $maxheight = 94; - + $dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory')); - + $o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . "; </script>"; $o .= replace_macros($tpl, array( '$search' => $search, @@ -442,10 +444,10 @@ class Directory extends Controller { '$reversedate' => t('Oldest to Newest'), '$suggest' => $suggest ? '&suggest=1' : '' )); - - + + } - + } else { if($_REQUEST['aj']) { @@ -463,7 +465,7 @@ class Directory extends Controller { } return $o; } - + static public function reorder_results($results,$suggests) { if(! $suggests) diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php index 1735e9487..e18067e20 100644 --- a/Zotlabs/Module/File_upload.php +++ b/Zotlabs/Module/File_upload.php @@ -11,17 +11,16 @@ require_once('include/photos.php'); class File_upload extends \Zotlabs\Web\Controller { function post() { - logger('file upload: ' . print_r($_REQUEST,true)); logger('file upload: ' . print_r($_FILES,true)); - + $channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null); - + if(! $channel) { logger('channel not found'); killme(); } - + $_REQUEST['source'] = 'file_upload'; if($channel['channel_id'] != local_channel()) { @@ -40,13 +39,11 @@ class File_upload extends \Zotlabs\Web\Controller { $r = attach_mkdir($channel, get_observer_hash(), $_REQUEST); if($r['success']) { $hash = $r['data']['hash']; - $sync = attach_export_data($channel,$hash); if($sync) { Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync))); } - goaway(z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']); - + goaway(z_root() . '/' . $_REQUEST['return_url']); } } else { @@ -54,8 +51,6 @@ class File_upload extends \Zotlabs\Web\Controller { $matches = []; $partial = false; - - if(array_key_exists('HTTP_CONTENT_RANGE',$_SERVER)) { $pm = preg_match('/bytes (\d*)\-(\d*)\/(\d*)/',$_SERVER['HTTP_CONTENT_RANGE'],$matches); if($pm) { @@ -69,7 +64,7 @@ class File_upload extends \Zotlabs\Web\Controller { if($x['partial']) { header('Range: bytes=0-' . (($x['length']) ? $x['length'] - 1 : 0)); - json_return_and_die($result); + json_return_and_die($x); } else { header('Range: bytes=0-' . (($x['size']) ? $x['size'] - 1 : 0)); @@ -83,7 +78,7 @@ class File_upload extends \Zotlabs\Web\Controller { ]; } } - else { + else { if(! array_key_exists('userfile',$_FILES)) { $_FILES['userfile'] = [ 'name' => $_FILES['files']['name'], @@ -103,8 +98,9 @@ class File_upload extends \Zotlabs\Web\Controller { } } + goaway(z_root() . '/' . $_REQUEST['return_url']); - + } - + } diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index 0c6233493..0d132e998 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -11,6 +11,9 @@ class Filestorage extends \Zotlabs\Web\Controller { function post() { + notice( t('Deprecated!') . EOL); + return; + $channel_id = ((x($_POST, 'uid')) ? intval($_POST['uid']) : 0); if((! $channel_id) || (! local_channel()) || ($channel_id != local_channel())) { @@ -47,6 +50,9 @@ class Filestorage extends \Zotlabs\Web\Controller { function get() { + notice( t('Deprecated!') . EOL); + return; + if(argc() > 1) $which = argv(1); else { @@ -88,7 +94,7 @@ class Filestorage extends \Zotlabs\Web\Controller { } else { notice( t('Permission denied.') . EOL); - if($json_return) + if($json_return) json_return_and_die([ 'success' => false ]); return; } @@ -102,24 +108,23 @@ class Filestorage extends \Zotlabs\Web\Controller { if(! $r) { notice( t('File not found.') . EOL); - if($json_return) + if($json_return) json_return_and_die([ 'success' => false ]); goaway(z_root() . '/cloud/' . $which); } - if(local_channel() !== $owner) { + if((local_channel() !== $owner) && !$admin_delete) { if($r[0]['creator'] && $r[0]['creator'] !== $ob_hash) { notice( t('Permission denied.') . EOL); - if($json_return) + if($json_return) json_return_and_die([ 'success' => false ]); goaway(z_root() . '/cloud/' . $which); } } - $f = $r[0]; $channel = channelx_by_n($owner); @@ -138,7 +143,7 @@ class Filestorage extends \Zotlabs\Web\Controller { if($json_return) json_return_and_die([ 'success' => true ]); - goaway(dirname($url)); + //goaway(dirname($url)); } diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 17d1c84b8..20cc23ac0 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -6,20 +6,20 @@ use Zotlabs\Lib\Libzot; /** * module: getfile - * + * * used for synchronising files and photos across clones - * + * * The site initiating the file operation will send a sync packet to known clones. * They will respond by building the DB structures they require, then will provide a * post request to this site to grab the file data. This is sent as a stream direct to * disk at the other end, avoiding memory issues. * * Since magic-auth cannot easily be used by the CURL process at the other end, - * we will require a signed request which includes a timestamp. This should not be - * used without SSL and is potentially vulnerable to replay if an attacker decrypts + * we will require a signed request which includes a timestamp. This should not be + * used without SSL and is potentially vulnerable to replay if an attacker decrypts * the SSL traffic fast enough. The amount of time slop is configurable but defaults * to 3 minutes. - * + * */ @@ -54,13 +54,13 @@ class Getfile extends \Zotlabs\Web\Controller { $keyId = $sigblock['keyId']; if($keyId) { - $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where hubloc_addr = '%s'", + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where hubloc_id_url = '%s'", dbesc(str_replace('acct:','',$keyId)) ); if($r) { $hubloc = Libzot::zot_record_preferred($r); - $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']); + $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid'] && $hash == $hubloc['hubloc_hash']) { $header_verified = true; } @@ -74,15 +74,15 @@ class Getfile extends \Zotlabs\Web\Controller { logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO); if($header_verified) { logger('HTTPSig verified'); - } - + } + $channel = channelx_by_hash($hash); if((! $channel) || (! $time) || (! $sig)) { logger('error: missing info'); killme(); } - + if(isset($_POST['resolution'])) $resolution = intval($_POST['resolution']); elseif(substr($resource,-2,1) == '-') { @@ -91,21 +91,21 @@ class Getfile extends \Zotlabs\Web\Controller { } else { $resolution = (-1); - } + } $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop')); if($slop < 1) $slop = 3; - + $d1 = datetime_convert('UTC','UTC',"now + $slop minutes"); - $d2 = datetime_convert('UTC','UTC',"now - $slop minutes"); - + $d2 = datetime_convert('UTC','UTC',"now - $slop minutes"); + if(! $header_verified) { if(($time > $d1) || ($time < $d2)) { logger('time outside allowable range'); killme(); } - + if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) { logger('verify failed.'); killme(); @@ -137,20 +137,20 @@ class Getfile extends \Zotlabs\Web\Controller { else { echo dbunescbin($r[0]['content']); } - } + } killme(); } $r = attach_by_hash($resource,$channel['channel_hash'],$revision); - + if(! $r['success']) { logger('attach_by_hash failed: ' . $r['message']); notice( $r['message'] . EOL); return; } - + $unsafe_types = array('text/html','text/css','application/javascript'); - + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) { header('Content-type: text/plain'); } diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index cd99fb3c0..f8fc366e0 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -585,11 +585,6 @@ class Import extends \Zotlabs\Web\Controller { if(array_key_exists('item_id',$data) && $data['item_id']) import_item_ids($channel,$data['item_id']); - // send out refresh requests - // notify old server that it may no longer be primary. - - \Zotlabs\Daemon\Master::Summon(array('Notifier','refresh_all',$channel['channel_id'])); - // This will indirectly perform a refresh_all *and* update the directory \Zotlabs\Daemon\Master::Summon(array('Directory', $channel['channel_id'])); diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index f74b1e321..83424a50d 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -976,7 +976,7 @@ class Item extends Controller { $item_unseen = ((local_channel() != $profile_uid) ? 1 : 0); - $item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0); + $item_wall = (($_REQUEST['type'] === 'wall' || $_REQUEST['type'] === 'wall-comment') ? 1 : 0); $item_origin = (($origin) ? 1 : 0); $item_consensus = (($consensus) ? 1 : 0); $item_nocomment = (($nocomment) ? 1 : 0); diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index bb5c6db7a..358611b1b 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -21,7 +21,7 @@ class Like extends \Zotlabs\Web\Controller { 'abstain' => ACTIVITY_ABSTAIN , 'attendyes' => ACTIVITY_ATTEND , 'attendno' => ACTIVITY_ATTENDNO , - 'attendmaybe' => ACTIVITY_ATTENDMAYBE + 'attendmaybe' => ACTIVITY_ATTENDMAYBE ]; // unlike (etc.) reactions are an undo of positive reactions, rather than a negative action. @@ -81,7 +81,7 @@ class Like extends \Zotlabs\Web\Controller { } public function get() { - + $o = EMPTY_STR; $sys_channel = get_sys_channel(); @@ -92,7 +92,7 @@ class Like extends \Zotlabs\Web\Controller { if((! $observer) || ($interactive)) { $o .= '<h1>' . t('Like/Dislike') . '</h1>'; $o .= EOL . EOL; - + if(! $observer) { $_SESSION['return_url'] = \App::$query_string; $o .= t('This action is restricted to members.') . EOL; @@ -100,17 +100,17 @@ class Like extends \Zotlabs\Web\Controller { return $o; } } - + $verb = notags(trim($_GET['verb'])); $mode = (($_GET['conv_mode'] === 'channel') ? 'channel' : 'network'); if(! $verb) $verb = 'like'; - + $activity = $this->reaction_to_activity($verb); if(! $activity) { - return EMPTY_STR; + return EMPTY_STR; } $is_rsvp = false; @@ -123,23 +123,23 @@ class Like extends \Zotlabs\Web\Controller { $object = $target = null; $post_type = EMPTY_STR; $objtype = EMPTY_STR; - + if(argc() == 3) { - + if(! $observer) killme(); - + $extended_like = true; $obj_type = argv(1); $obj_id = argv(2); $public = true; - + if($obj_type == 'profile') { $r = q("select * from profile where profile_guid = '%s' limit 1", dbesc(argv(2)) ); if(! $r) - killme(); + killme(); $owner_uid = $r[0]['uid']; if($r[0]['is_default']) $public = true; @@ -165,54 +165,54 @@ class Like extends \Zotlabs\Web\Controller { } $post_type = t('channel'); $objtype = ACTIVITY_OBJ_PROFILE; - + $profile = $r[0]; } elseif($obj_type == 'thing') { - + $r = q("select * from obj where obj_type = %d and obj_obj = '%s' limit 1", intval(TERM_OBJ_THING), dbesc(argv(2)) ); - + if(! $r) { if($interactive) { notice( t('Invalid request.') . EOL); return $o; } - killme(); + killme(); } - + $owner_uid = $r[0]['obj_channel']; - + $allow_cid = $r[0]['allow_cid']; $allow_gid = $r[0]['allow_gid']; $deny_cid = $r[0]['deny_cid']; $deny_gid = $r[0]['deny_gid']; - if($allow_cid || $allow_gid || $deny_cid || $deny_gid) + if($allow_cid || $allow_gid || $deny_cid || $deny_gid) $public = false; - + $post_type = t('thing'); $objtype = ACTIVITY_OBJ_PROFILE; $tgttype = ACTIVITY_OBJ_THING; - + $links = array(); $links[] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/thing/' . $r[0]['obj_obj']); - if($r[0]['imgurl']) + if($r[0]['imgurl']) $links[] = array('rel' => 'photo', 'href' => $r[0]['obj_imgurl']); - + $target = json_encode(array( 'type' => $tgttype, 'title' => $r[0]['obj_term'], 'id' => z_root() . '/thing/' . $r[0]['obj_obj'], 'link' => $links )); - + $plink = '[zrl=' . z_root() . '/thing/' . $r[0]['obj_obj'] . ']' . $r[0]['obj_term'] . '[/zrl]'; - + } - + if(! ($owner_uid && $r)) { if($interactive) { notice( t('Invalid request.') . EOL); @@ -220,11 +220,11 @@ class Like extends \Zotlabs\Web\Controller { } killme(); } - + // The resultant activity is going to be a wall-to-wall post, so make sure this is allowed - + $perms = get_all_perms($owner_uid,$observer['xchan_hash']); - + if(! ($perms['post_like'] && $perms['view_profile'])) { if($interactive) { notice( t('Permission denied.') . EOL); @@ -232,7 +232,7 @@ class Like extends \Zotlabs\Web\Controller { } killme(); } - + $ch = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d limit 1", intval($owner_uid) ); @@ -243,14 +243,14 @@ class Like extends \Zotlabs\Web\Controller { } killme(); } - + if(! $plink) $plink = '[zrl=' . z_root() . '/profile/' . $ch[0]['channel_address'] . ']' . $post_type . '[/zrl]'; - + $object = json_encode(Activity::fetch_profile([ 'id' => channel_url($ch[0]) ])); // second like of the same thing is "undo" for the first like - + $z = q("select * from likes where channel_id = %d and liker = '%s' and verb = '%s' and target_type = '%s' and target_id = '%s' limit 1", intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), @@ -258,11 +258,11 @@ class Like extends \Zotlabs\Web\Controller { dbesc(($tgttype)?$tgttype:$objtype), dbesc($obj_id) ); - + if($z) { $z[0]['deleted'] = 1; Libsync::build_sync_packet($ch[0]['channel_id'],array('likes' => $z)); - + q("delete from likes where id = %d", intval($z[0]['id']) ); @@ -285,17 +285,17 @@ class Like extends \Zotlabs\Web\Controller { if(! $observer) killme(); - + // this is used to like an item or comment - + $item_id = ((argc() == 2) ? notags(trim(argv(1))) : 0); - + logger('like: verb ' . $verb . ' item ' . $item_id, LOGGER_DEBUG); - + // get the item. Allow linked photos (which are normally hidden) to be liked - $r = q("SELECT * FROM item WHERE id = %d - and item_type in (0,6,7) and item_deleted = 0 and item_unpublished = 0 + $r = q("SELECT * FROM item WHERE id = %d + and item_type in (0,6,7) and item_deleted = 0 and item_unpublished = 0 and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1", intval($item_id) ); @@ -351,12 +351,12 @@ class Like extends \Zotlabs\Web\Controller { killme(); $verbs = " '".dbesc($activity)."' "; - - $multi_undo = false; - + + $multi_undo = false; + // event participation and consensus items are essentially radio toggles. If you make a subsequent choice, - // we need to eradicate your first choice. - + // we need to eradicate your first choice. + if($activity === ACTIVITY_ATTEND || $activity === ACTIVITY_ATTENDNO || $activity === ACTIVITY_ATTENDMAYBE) { $verbs = " '" . dbesc(ACTIVITY_ATTEND) . "','" . dbesc(ACTIVITY_ATTENDNO) . "','" . dbesc(ACTIVITY_ATTENDMAYBE) . "' "; $multi_undo = 1; @@ -365,16 +365,16 @@ class Like extends \Zotlabs\Web\Controller { $verbs = " '" . dbesc(ACTIVITY_AGREE) . "','" . dbesc(ACTIVITY_DISAGREE) . "','" . dbesc(ACTIVITY_ABSTAIN) . "' "; $multi_undo = true; } - + $item_normal = item_normal(); - + $r = q("SELECT id, parent, uid, verb FROM item WHERE verb in ( $verbs ) $item_normal AND author_xchan = '%s' AND thr_parent = '%s' and uid = %d ", dbesc($observer['xchan_hash']), dbesc($item['mid']), intval($owner_uid) ); - + if($r) { // already liked it. Drop that item. require_once('include/items.php'); @@ -386,27 +386,27 @@ class Like extends \Zotlabs\Web\Controller { intval($rr['parent']), intval($rr['uid']) ); - // Prior activity was a duplicate of the one we're submitting, just undo it; + // Prior activity was a duplicate of the one we're submitting, just undo it; // don't fall through and create another if(activity_match($rr['verb'],$activity)) $multi_undo = false; - + // drop_item was not done interactively, so we need to invoke the notifier // in order to push the changes to connections \Zotlabs\Daemon\Master::Summon(array('Notifier','drop',$rr['id'])); - + } - + if($interactive) return; - + if(! $multi_undo) { $ret = self::like_response([ 'item' => $item, - 'orig_item_id' => $item_id, + 'orig_item_id' => $item_id, 'owner_xchan' => $thread_owner, 'conv_mode' => $mode ]); @@ -416,11 +416,11 @@ class Like extends \Zotlabs\Web\Controller { } } - + $uuid = item_message_id(); - + $arr = array(); - + $arr['uuid'] = $uuid; $arr['mid'] = z_root() . (($is_rsvp) ? '/activity/' : '/item/') . $uuid; @@ -433,38 +433,38 @@ class Like extends \Zotlabs\Web\Controller { $post_type = (($item['resource_type'] === 'photo') ? t('photo') : t('status')); if($item['obj_type'] === ACTIVITY_OBJ_EVENT) $post_type = t('event'); - + $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink'])); - $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); if($objtype === ACTIVITY_OBJ_NOTE && (! intval($item['item_thread_top']))) $objtype = ACTIVITY_OBJ_COMMENT; - + $body = $item['body']; - + $object = json_encode(Activity::fetch_item( [ 'id' => $item['mid'] ])); if(! intval($item['item_thread_top'])) - $post_type = 'comment'; - + $post_type = 'comment'; + $arr['item_origin'] = 1; $arr['item_notshown'] = 1; $arr['item_type'] = $item['item_type']; - + if(intval($item['item_wall'])) $arr['item_wall'] = 1; - + // if this was a linked photo and was hidden, unhide it. - + if(intval($item['item_hidden'])) { $r = q("update item set item_hidden = 0 where id = %d", intval($item['id']) ); - } - + } + } - + if($verb === 'like') $bodyverb = t('%1$s likes %2$s\'s %3$s'); if($verb === 'dislike') @@ -481,12 +481,12 @@ class Like extends \Zotlabs\Web\Controller { $bodyverb = t('%1$s is not attending %2$s\'s %3$s'); if($verb === 'attendmaybe') $bodyverb = t('%1$s may attend %2$s\'s %3$s'); - + if(! isset($bodyverb)) - killme(); - - - + killme(); + + + if($extended_like) { $ulink = '[zrl=' . $ch[0]['xchan_url'] . '][bdi]' . $ch[0]['xchan_name'] . '[/bdi][/zrl]'; $alink = '[zrl=' . $observer['xchan_url'] . '][bdi]' . $observer['xchan_name'] . '[/bdi][/zrl]'; @@ -503,64 +503,64 @@ class Like extends \Zotlabs\Web\Controller { $deny_cid = $item['deny_cid']; $deny_gid = $item['deny_gid']; $private = $item['private']; - + } - - + + $arr['aid'] = (($extended_like) ? $ch[0]['channel_account_id'] : $owner_aid); $arr['uid'] = $owner_uid; - $arr['item_flags'] = $item_flags; - $arr['item_wall'] = $item_wall; + $arr['item_flags'] = $item['item_flags']; + $arr['item_wall'] = $item['item_wall']; $arr['parent_mid'] = (($extended_like) ? $arr['mid'] : $item['mid']); $arr['owner_xchan'] = (($extended_like) ? $ch[0]['xchan_hash'] : $thread_owner['xchan_hash']); $arr['author_xchan'] = $observer['xchan_hash']; - - + + $arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink ); if($obj_type === 'thing' && $r[0]['imgurl']) { $arr['body'] .= "\n\n[zmg=80x80]" . $r[0]['imgurl'] . '[/zmg]'; - } + } if($obj_type === 'profile') { if($public) { - $arr['body'] .= "\n\n" . '[embed]' . z_root() . '/profile/' . $ch[0]['channel_address'] . '[/embed]'; + $arr['body'] .= "\n\n" . '[embed]' . z_root() . '/profile/' . $ch[0]['channel_address'] . '[/embed]'; } else $arr['body'] .= "\n\n[zmg=80x80]" . $profile['thumb'] . '[/zmg]'; - } - - + } + + $arr['verb'] = $activity; $arr['obj_type'] = $objtype; $arr['obj'] = $object; - + if($target) { $arr['tgt_type'] = $tgttype; $arr['target'] = $target; } - + $arr['allow_cid'] = $allow_cid; $arr['allow_gid'] = $allow_gid; $arr['deny_cid'] = $deny_cid; $arr['deny_gid'] = $deny_gid; $arr['item_private'] = $private; - + call_hooks('post_local',$arr); - $post = item_store($arr); + $post = item_store($arr); $post_id = $post['item_id']; // save the conversation from expiration if(local_channel() && array_key_exists('item',$post) && (intval($post['item']['id']) != intval($post['item']['parent']))) - retain_item($post['item']['parent']); - + retain_item($post['item']['parent']); + $arr['id'] = $post_id; - + call_hooks('post_local_end', $arr); - - + + if($extended_like) { $r = q("insert into likes (channel_id,liker,likee,iid,i_mid,verb,target_type,target_id,target) values (%d,'%s','%s',%d,'%s','%s','%s','%s','%s')", intval($ch[0]['channel_id']), @@ -582,12 +582,12 @@ class Like extends \Zotlabs\Web\Controller { dbesc($obj_id) ); if($r) - Libsync::build_sync_packet($ch[0]['channel_id'],array('likes' => $r)); - + Libsync::build_sync_packet($ch[0]['channel_id'],array('likes' => $r)); + } - + \Zotlabs\Daemon\Master::Summon(array('Notifier','like',$post_id)); - + if($interactive) { notice( t('Action completed.') . EOL); $o .= t('Thank you.'); @@ -596,12 +596,12 @@ class Like extends \Zotlabs\Web\Controller { $ret = self::like_response([ 'item' => $item, - 'orig_item_id' => $item_id, + 'orig_item_id' => $item_id, 'owner_xchan' => $thread_owner, 'conv_mode' => $mode ]); json_return_and_die($ret); } - + } diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php index 8c8519c57..11c781df0 100644 --- a/Zotlabs/Module/Lockview.php +++ b/Zotlabs/Module/Lockview.php @@ -19,22 +19,22 @@ class Lockview extends \Zotlabs\Web\Controller { } } } - + $type = ((argc() > 1) ? argv(1) : 0); if (is_numeric($type)) { $item_id = intval($type); $type='item'; - } + } else { $item_id = ((argc() > 2) ? intval(argv(2)) : 0); } - + if(! $item_id) killme(); - + if (! in_array($type, array('item', 'photo', 'attach', 'event', 'menu_item', 'chatroom'))) killme(); - + // we have different naming in in menu_item table and chatroom table switch($type) { case 'menu_item': @@ -47,17 +47,17 @@ class Lockview extends \Zotlabs\Web\Controller { $id = 'id'; break; } - + $r = q("SELECT * FROM %s WHERE $id = %d LIMIT 1", dbesc($type), intval($item_id) ); - + if(! $r) killme(); - + $item = $r[0]; - + //we have different naming in in menu_item table and chatroom table switch($type) { case 'menu_item': @@ -70,37 +70,37 @@ class Lockview extends \Zotlabs\Web\Controller { $uid = $item['uid']; break; } - + if($uid != local_channel()) { echo '<div class="dropdown-item">' . t('Remote privacy information not available.') . '</div>'; killme(); } - - if(intval($item['item_private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) + + if(intval($item['item_private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) && (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) { - + // if the post is private, but public_policy is blank ("visible to the internet"), and there aren't any // specific recipients, we're the recipient of a post with "bcc" or targeted recipients; so we'll just show it // as unknown specific recipients. The sender will have the visibility list and will fall through to the // next section. - + echo '<div class="dropdown-item">' . translate_scope((! $item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>'; killme(); } - + $allowed_users = expand_acl($item['allow_cid']); $allowed_groups = expand_acl($item['allow_gid']); $deny_users = expand_acl($item['deny_cid']); $deny_groups = expand_acl($item['deny_gid']); - + $o = '<div class="dropdown-item">' . t('Visible to:') . '</div>'; $l = array(); - + stringify_array_elms($allowed_groups,true); stringify_array_elms($allowed_users,true); stringify_array_elms($deny_groups,true); stringify_array_elms($deny_users,true); - + $profile_groups = []; if($allowed_groups) { @@ -113,24 +113,24 @@ class Lockview extends \Zotlabs\Web\Controller { if(count($profile_groups)) { $r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><b>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</b></div>'; } if(count($allowed_groups)) { $r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $allowed_groups) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><b>' . $rr['gname'] . '</b></div>'; } if(count($allowed_users)) { $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item">' . $rr['xchan_name'] . '</div>'; if($atokens) { foreach($atokens as $at) { - if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) { + if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) { $l[] = '<div class="dropdown-item">' . $at['xchan_name'] . '</div>'; } } @@ -149,7 +149,7 @@ class Lockview extends \Zotlabs\Web\Controller { if(count($profile_groups)) { $r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><b><strike>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</strike></b></div>'; } @@ -158,18 +158,18 @@ class Lockview extends \Zotlabs\Web\Controller { if(count($deny_groups)) { $r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $deny_groups) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><b><strike>' . $rr['gname'] . '</strike></b></div>'; } if(count($deny_users)) { $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><strike>' . $rr['xchan_name'] . '</strike></div>'; if($atokens) { foreach($atokens as $at) { - if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) { + if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) { $l[] = '<div class="dropdown-item"><strike>' . $at['xchan_name'] . '</strike></div>'; } } @@ -177,11 +177,11 @@ class Lockview extends \Zotlabs\Web\Controller { } - + echo $o . implode($l); killme(); - - + + } - + } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index d6aeb8af5..9a3513f34 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -39,7 +39,7 @@ class Owa extends Controller { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if ($found) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE OR hubloc_id_url = '%s'", + WHERE hubloc_id_url = '%s'", dbesc($keyId) ); } diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index c94d06884..814705a85 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -81,18 +81,18 @@ class Photo extends \Zotlabs\Web\Controller { else $data = dbunescbin($r[0]['content']); } - } - if(! $data) { - $d = [ 'imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data' => '', 'mimetype' => '' ]; - call_hooks('get_profile_photo',$d); - - $resolution = $d['imgscale']; - $uid = $d['channel_id']; - $default = $d['default']; - $data = $d['data']; - $mimetype = $d['mimetype']; - $modified = 0; + if(! $data) { + $d = [ 'imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data' => '', 'mimetype' => '' ]; + call_hooks('get_profile_photo',$d); + + $resolution = $d['imgscale']; + $uid = $d['channel_id']; + $default = $d['default']; + $data = $d['data']; + $mimetype = $d['mimetype']; + $modified = 0; + } } if(! $data) { diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index fa9216c97..099289c03 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -16,66 +16,66 @@ require_once('include/text.php'); class Photos extends \Zotlabs\Web\Controller { function init() { - + if(observer_prohibited()) { return; } - + if(argc() > 1) { $nick = argv(1); - + profile_load($nick); - + $channelx = channelx_by_nick($nick); - + if(! $channelx) return; - + \App::$data['channel'] = $channelx; - + $observer = \App::get_observer(); \App::$data['observer'] = $observer; - + $observer_xchan = (($observer) ? $observer['xchan_hash'] : ''); - + head_set_icon(\App::$data['channel']['xchan_photo_s']); - + \App::$page['htmlhead'] .= "<script> var profile_uid = " . ((\App::$data['channel']) ? \App::$data['channel']['channel_id'] : 0) . "; </script>" ; - + } - + return; } - - - + + + function post() { - + logger('mod-photos: photos_post: begin' , LOGGER_DEBUG); - + logger('mod_photos: REQUEST ' . print_r($_REQUEST,true), LOGGER_DATA); logger('mod_photos: FILES ' . print_r($_FILES,true), LOGGER_DATA); - + $ph = photo_factory(''); - + $phototypes = $ph->supportedTypes(); - + $can_post = false; - + $page_owner_uid = \App::$data['channel']['channel_id']; - + if(perm_is_allowed($page_owner_uid,get_observer_hash(),'write_storage')) $can_post = true; - + if(! $can_post) { notice( t('Permission denied.') . EOL ); if(is_ajax()) killme(); return; } - + $s = abook_self($page_owner_uid); - + if(! $s) { notice( t('Page owner information could not be retrieved.') . EOL); logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid); @@ -83,30 +83,30 @@ class Photos extends \Zotlabs\Web\Controller { killme(); return; } - - $owner_record = $s[0]; - + + $owner_record = $s[0]; + $acl = new \Zotlabs\Access\AccessList(\App::$data['channel']); - + if((argc() > 3) && (argv(2) === 'album')) { - + $album = argv(3); if(! photos_album_exists($page_owner_uid, get_observer_hash(), $album)) { notice( t('Album not found.') . EOL); goaway(z_root() . '/' . $_SESSION['photo_return']); } - - + + /* * DELETE photo album and all its photos */ - + if($_REQUEST['dropalbum'] == t('Delete Album')) { - - + + $folder_hash = ''; - + $r = q("select * from attach where is_dir = 1 and uid = %d and hash = '%s'", intval($page_owner_uid), dbesc($album) @@ -116,13 +116,13 @@ class Photos extends \Zotlabs\Web\Controller { return; } $folder_hash = $r[0]['hash']; - - + + $res = array(); $admin_delete = false; // get the list of photos we are about to delete - + if(remote_channel() && (! local_channel())) { $str = photos_album_get_db_idstr($page_owner_uid,$album,remote_channel()); } @@ -139,7 +139,7 @@ class Photos extends \Zotlabs\Web\Controller { if(! $str) { goaway(z_root() . '/' . $_SESSION['photo_return']); } - + $r = q("select id from item where resource_id in ( $str ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid) ); @@ -148,34 +148,34 @@ class Photos extends \Zotlabs\Web\Controller { attach_delete($page_owner_uid, $i['resource_id'], true ); } } - + // remove the associated photos in case they weren't attached to an item - + q("delete from photo where resource_id in ( $str ) and uid = %d", intval($page_owner_uid) ); - + // @FIXME do the same for the linked attach - + if($folder_hash) { attach_delete($page_owner_uid, $folder_hash, true ); - if(! $admin_delete) { + if(! $admin_delete) { $sync = attach_export_data(\App::$data['channel'],$folder_hash, true); - - if($sync) + + if($sync) Libsync::build_sync_packet($page_owner_uid,array('file' => array($sync))); } } - + } - + goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); } - + if((argc() > 2) && (x($_REQUEST,'delete')) && ($_REQUEST['delete'] === t('Delete Photo'))) { // same as above but remove single photo - + $ob_hash = get_observer_hash(); if(! $ob_hash) goaway(z_root() . '/' . $_SESSION['photo_return']); @@ -185,18 +185,18 @@ class Photos extends \Zotlabs\Web\Controller { intval(local_channel()), dbesc(argv(2)) ); - + if($r) { attach_delete($page_owner_uid, $r[0]['resource_id'], true ); $sync = attach_export_data(\App::$data['channel'],$r[0]['resource_id'], true); - - if($sync) + + if($sync) Libsync::build_sync_packet($page_owner_uid,array('file' => array($sync))); } elseif(is_site_admin()) { // If the admin deletes a photo, don't sync attach_delete($page_owner_uid, argv(2), true); - } + } goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']); @@ -208,10 +208,10 @@ class Photos extends \Zotlabs\Web\Controller { intval($page_owner_uid) ); if(($m) && ($m[0]['folder'] != $_POST['move_to_album'])) { - attach_move($page_owner_uid,argv(2),$_POST['move_to_album']); + attach_move($page_owner_uid,argv(2),$_POST['move_to_album']); $sync = attach_export_data(\App::$data['channel'], argv(2), false); - if($sync) + if($sync) Libsync::build_sync_packet($page_owner_uid,array('file' => array($sync))); if(! ($_POST['desc'] && $_POST['newtag'])) @@ -220,28 +220,28 @@ class Photos extends \Zotlabs\Web\Controller { } if((argc() > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false))) { - + $desc = ((x($_POST,'desc')) ? notags(trim($_POST['desc'])) : ''); $rawtags = ((x($_POST,'newtag')) ? notags(trim($_POST['newtag'])) : ''); $item_id = ((x($_POST,'item_id')) ? intval($_POST['item_id']) : 0); $is_nsfw = ((x($_POST,'adult')) ? intval($_POST['adult']) : 0); - + $acl->set_from_array($_POST); $perm = $acl->get(); - + $resource_id = argv(2); - - if((x($_POST,'rotate') !== false) && + + if((x($_POST,'rotate') !== false) && ( (intval($_POST['rotate']) == 1) || (intval($_POST['rotate']) == 2) )) { logger('rotate'); - + $r = q("select * from photo where resource_id = '%s' and uid = %d and imgscale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid) ); if(count($r)) { - + $ph = photo_factory(@file_get_contents(dbunescbin($r[0]['content'])), $r[0]['mimetype']); if($ph->is_valid()) { $rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 ); @@ -255,12 +255,12 @@ class Photos extends \Zotlabs\Web\Controller { dbesc($resource_id), intval($page_owner_uid) ); - + $ph->saveImage(dbunescbin($r[0]['content'])); - - $arr = [ + + $arr = [ 'aid' => get_account_id(), - 'uid' => intval($page_owner_uid), + 'uid' => intval($page_owner_uid), 'resource_id' => dbesc($resource_id), 'filename' => $r[0]['filename'], 'imgscale' => 0, @@ -277,28 +277,31 @@ class Photos extends \Zotlabs\Web\Controller { unset($arr['os_syspath']); - if($width > 1024 || $height > 1024) + $width = $r[0]['width']; + $height = $r[0]['height']; + + if($width > 1024 || $height > 1024) $ph->scaleImage(1024); $ph->storeThumbnail($arr, PHOTO_RES_1024); - if($width > 640 || $height > 640) + if($width > 640 || $height > 640) $ph->scaleImage(640); $ph->storeThumbnail($arr, PHOTO_RES_640); - if($width > 320 || $height > 320) + if($width > 320 || $height > 320) $ph->scaleImage(320); $ph->storeThumbnail($arr, PHOTO_RES_320); } } } - + $p = q("SELECT mimetype, is_nsfw, description, resource_id, imgscale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY imgscale DESC", dbesc($resource_id), intval($page_owner_uid) ); if($p) { $ext = $phototypes[$p[0]['mimetype']]; - + $r = q("UPDATE photo SET description = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' WHERE resource_id = '%s' AND uid = %d", dbesc($desc), dbesc($perm['allow_cid']), @@ -309,9 +312,7 @@ class Photos extends \Zotlabs\Web\Controller { intval($page_owner_uid) ); } - - $item_private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false); - + $old_is_nsfw = $p[0]['is_nsfw']; if($old_is_nsfw != $is_nsfw) { $r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", @@ -320,31 +321,31 @@ class Photos extends \Zotlabs\Web\Controller { intval($page_owner_uid) ); } - + /* Don't make the item visible if the only change was the album name */ - + $visibility = 0; if($p[0]['description'] !== $desc || strlen($rawtags)) $visibility = 1; - + if(! $item_id) { $item_id = photos_create_item(\App::$data['channel'],get_observer_hash(),$p[0],$visibility); - + } - + if($item_id) { $r = q("SELECT * FROM item WHERE id = %d AND uid = %d LIMIT 1", intval($item_id), intval($page_owner_uid) ); - + if($r) { $old_tag = $r[0]['tag']; $old_inform = $r[0]['inform']; } } - - + + // make sure the linked item has the same permissions as the photo regardless of any other changes $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d", @@ -355,7 +356,7 @@ class Photos extends \Zotlabs\Web\Controller { intval($acl->is_private()), intval($item_id) ); - + // make sure the attach has the same permissions as the photo regardless of any other changes $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), @@ -365,46 +366,46 @@ class Photos extends \Zotlabs\Web\Controller { dbesc($resource_id), intval($page_owner_uid) ); - - - + + + if(strlen($rawtags)) { - + $str_tags = ''; $inform = ''; - + // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention - + $x = substr($rawtags,0,1); if($x !== '@' && $x !== '#') $rawtags = '@' . $rawtags; - + require_once('include/text.php'); $profile_uid = \App::$profile['profile_uid']; - + $results = linkify_tags($rawtags, (local_channel()) ? local_channel() : $profile_uid); - + $success = $results['success']; $post_tags = array(); - + foreach($results as $result) { $success = $result['success']; if($success['replaced']) { $post_tags[] = array( - 'uid' => $profile_uid, + 'uid' => $profile_uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url'] - ); + ); } } - + $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid) ); - + if($r) { $r = fetch_post_tags($r,true); $datarray = $r[0]; @@ -412,42 +413,42 @@ class Photos extends \Zotlabs\Web\Controller { if((! array_key_exists('term',$datarray)) || (! is_array($datarray['term']))) $datarray['term'] = $post_tags; else - $datarray['term'] = array_merge($datarray['term'],$post_tags); + $datarray['term'] = array_merge($datarray['term'],$post_tags); } item_store_update($datarray,$execflag); } - + } $sync = attach_export_data(\App::$data['channel'],$resource_id); - - if($sync) + + if($sync) Libsync::build_sync_packet($page_owner_uid,array('file' => array($sync))); - + goaway(z_root() . '/' . $_SESSION['photo_return']); return; // NOTREACHED - - + + } - - + + /** * default post action - upload a photo */ - + $channel = \App::$data['channel']; $observer = \App::$data['observer']; - + $_REQUEST['source'] = 'photos'; require_once('include/attach.php'); - + if(! local_channel()) { $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } - + $matches = []; $partial = false; @@ -467,7 +468,7 @@ class Photos extends \Zotlabs\Web\Controller { if($x['partial']) { header('Range: bytes=0-' . (($x['length']) ? $x['length'] - 1 : 0)); - json_return_and_die($result); + json_return_and_die($x); } else { header('Range: bytes=0-' . (($x['size']) ? $x['size'] - 1 : 0)); @@ -481,7 +482,7 @@ class Photos extends \Zotlabs\Web\Controller { ]; } } - else { + else { if(! array_key_exists('userfile',$_FILES)) { $_FILES['userfile'] = [ 'name' => $_FILES['files']['name'], @@ -494,53 +495,53 @@ class Photos extends \Zotlabs\Web\Controller { } $r = attach_store($channel,get_observer_hash(), '', $_REQUEST); - + if(! $r['success']) { notice($r['message'] . EOL); goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); - } + } goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $r['data']['folder']); - + } - - - + + + function get() { - + // URLs: // photos/name // photos/name/album/xxxxx (xxxxx is album name) // photos/name/image/xxxxx - - + + if(observer_prohibited()) { notice( t('Public access denied.') . EOL); return; } - + $unsafe = ((array_key_exists('unsafe',$_REQUEST) && $_REQUEST['unsafe']) ? 1 : 0); - + require_once('include/bbcode.php'); require_once('include/security.php'); require_once('include/conversation.php'); - + if(! x(\App::$data,'channel')) { notice( t('No photos selected') . EOL ); return; } - + $ph = photo_factory(''); $phototypes = $ph->supportedTypes(); - + $_SESSION['photo_return'] = \App::$cmd; - + // - // Parse arguments + // Parse arguments // - + $can_comment = perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'post_comments'); - + if(argc() > 3) { $datatype = argv(2); $datum = argv(3); @@ -552,70 +553,70 @@ class Photos extends \Zotlabs\Web\Controller { else $datatype = 'summary'; } - + if(argc() > 4) $cmd = argv(4); else $cmd = 'view'; - + // // Setup permissions structures // - + $can_post = false; $visitor = 0; - - + + $owner_uid = \App::$data['channel']['channel_id']; $owner_aid = \App::$data['channel']['channel_account_id']; - + $observer = \App::get_observer(); - + $can_post = perm_is_allowed($owner_uid,$observer['xchan_hash'],'write_storage'); $can_view = perm_is_allowed($owner_uid,$observer['xchan_hash'],'view_storage'); - + if(! $can_view) { notice( t('Access to this item is restricted.') . EOL); return; } - + $sql_item = item_permissions_sql($owner_uid,get_observer_hash()); $sql_extra = permissions_sql($owner_uid,get_observer_hash(),'photo'); $sql_attach = permissions_sql($owner_uid,get_observer_hash(),'attach'); nav_set_selected('Photos'); - + $o = '<script src="vendor/blueimp/jquery-file-upload/js/vendor/jquery.ui.widget.js"></script> <script src="vendor/blueimp/jquery-file-upload/js/jquery.iframe-transport.js"></script> <script src="vendor/blueimp/jquery-file-upload/js/jquery.fileupload.js"></script>'; - $o .= "<script> var profile_uid = " . \App::$profile['profile_uid'] + $o .= "<script> var profile_uid = " . \App::$profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n"; - + $_is_owner = (local_channel() && (local_channel() == $owner_uid)); - + /** * Display upload form */ - + if( $can_post) { - + $uploader = ''; - + $ret = array('post_url' => z_root() . '/photos/' . \App::$data['channel']['channel_address'], 'addon_text' => $uploader, 'default_upload' => true); - + call_hooks('photo_upload_form',$ret); - + /* Show space usage */ - + $r = q("select sum(filesize) as total from photo where aid = %d and imgscale = 0 ", intval(\App::$data['channel']['channel_account_id']) ); - - + + $limit = engr_units_to_bytes(service_class_fetch(\App::$data['channel']['channel_id'],'photo_upload_limit')); if($limit !== false) { $usage_message = sprintf( t("%1$.2f MB of %2$.2f MB photo storage used."), $r[0]['total'] / 1024000, $limit / 1024000 ); @@ -623,22 +624,22 @@ class Photos extends \Zotlabs\Web\Controller { else { $usage_message = sprintf( t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000 ); } - + if($_is_owner) { $channel = \App::get_channel(); - + $acl = new \Zotlabs\Access\AccessList($channel); $channel_acl = $acl->get(); - + $lockstate = (($acl->is_private()) ? 'lock' : 'unlock'); } - + $aclselect = (($_is_owner) ? populate_acl($channel_acl,false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : ''); - + // this is wrong but is to work around an issue with js_upload wherein it chokes if these variables - // don't exist. They really should be set to a parseable representation of the channel's default permissions - // which can be processed by getSelected() - + // don't exist. They really should be set to a parseable representation of the channel's default permissions + // which can be processed by getSelected() + if(! $aclselect) { $aclselect = '<input id="group_allow" type="hidden" name="allow_gid[]" value="" /><input id="contact_allow" type="hidden" name="allow_cid[]" value="" /><input id="group_deny" type="hidden" name="deny_gid[]" value="" /><input id="contact_deny" type="hidden" name="deny_cid[]" value="" />'; } @@ -648,11 +649,11 @@ class Photos extends \Zotlabs\Web\Controller { if($datum) { $h = attach_by_hash_nodata($datum,get_observer_hash()); $selname = $h['data']['display_path']; - } + } + - $albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer'])); - + if(! $selname) { $def_album = get_pconfig(\App::$data['channel']['channel_id'],'system','photo_path'); if($def_album) { @@ -660,7 +661,7 @@ class Photos extends \Zotlabs\Web\Controller { $albums['album'][] = array('text' => $selname); } } - + $tpl = get_markup_template('photos_upload.tpl'); $upload_form = replace_macros($tpl,array( '$pagename' => t('Upload Photos'), @@ -685,22 +686,22 @@ class Photos extends \Zotlabs\Web\Controller { '$default' => (($ret['default_upload']) ? true : false), '$uploadurl' => $ret['post_url'], '$submit' => t('Upload') - + )); - + } - + // // dispatch request // - + /* * Display a single photo album */ - + if($datatype === 'album') { - head_add_link([ + head_add_link([ 'rel' => 'alternate', 'type' => 'application/json+oembed', 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), @@ -710,7 +711,7 @@ class Photos extends \Zotlabs\Web\Controller { if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) { \App::set_pager_itemspage(30); $album = $x['display_path']; - } + } else { goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); } @@ -721,7 +722,7 @@ class Photos extends \Zotlabs\Web\Controller { $order = 'DESC'; $r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.imgscale, p.description, p.created FROM photo p INNER JOIN - (SELECT resource_id, max(imgscale) imgscale FROM photo left join attach on folder = '%s' and photo.resource_id = attach.hash WHERE attach.uid = %d AND imgscale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph + (SELECT resource_id, max(imgscale) imgscale FROM photo left join attach on folder = '%s' and photo.resource_id = attach.hash WHERE attach.uid = %d AND imgscale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale) ORDER BY created $order LIMIT %d OFFSET %d", dbesc($x['hash']), @@ -739,9 +740,9 @@ class Photos extends \Zotlabs\Web\Controller { if($can_post) { $album_e = $album; $albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer'])); - + // @fixme - syncronise actions with DAV - + // $edit_tpl = get_markup_template('album_edit.tpl'); // $album_edit = replace_macros($edit_tpl,array( // '$nametext' => t('Enter a new album name'), @@ -753,32 +754,32 @@ class Photos extends \Zotlabs\Web\Controller { // '$submit' => t('Submit'), // '$dropsubmit' => t('Delete Album') // )); - + } - + if($_GET['order'] === 'posted') $order = array(t('Show Newest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum); else $order = array(t('Show Oldest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum . '?f=&order=posted'); - + $photos = array(); if(count($r)) { $twist = 'rotright'; foreach($r as $rr) { - + if($twist == 'rotright') $twist = 'rotleft'; else $twist = 'rotright'; - + $ext = $phototypes[$rr['mimetype']]; - + $imgalt_e = $rr['filename']; $desc_e = $rr['description']; - + $imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '')); - + $photos[] = array( 'id' => $rr['id'], 'twist' => ' ' . $twist . rand(2,4), @@ -793,7 +794,7 @@ class Photos extends \Zotlabs\Web\Controller { ); } } - + if($_REQUEST['aj']) { if($photos) { $o = replace_macros(get_markup_template('photosajax.tpl'),array( @@ -821,71 +822,71 @@ class Photos extends \Zotlabs\Web\Controller { '$upload_form' => $upload_form, '$usage' => $usage_message )); - + } - + if((! $photos) && ($_REQUEST['aj'])) { $o .= '<div id="content-complete"></div>'; echo $o; killme(); } - + return $o; - - } - - /** + + } + + /** * Display one photo */ - + if($datatype === 'image') { - + \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n"; - + $x = q("select folder from attach where hash = '%s' and uid = %d $sql_attach limit 1", dbesc($datum), intval($owner_uid) ); // fetch image, item containing image, then comments - - $ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,description,album,filename,mimetype,height,width,filesize,imgscale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM photo WHERE uid = %d AND resource_id = '%s' + + $ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,description,album,filename,mimetype,height,width,filesize,imgscale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM photo WHERE uid = %d AND resource_id = '%s' $sql_extra ORDER BY imgscale ASC ", intval($owner_uid), dbesc($datum) ); - + if(! ($ph && $x)) { - + /* Check again - this time without specifying permissions */ - + $ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' LIMIT 1", intval($owner_uid), dbesc($datum) ); - if($ph) + if($ph) notice( t('Permission denied. Access to this item may be restricted.') . EOL); else notice( t('Photo not available') . EOL ); return; } - - - + + + $prevlink = ''; $nextlink = ''; - + if($_GET['order'] === 'posted') $order = 'ASC'; else $order = 'DESC'; - + $prvnxt = q("SELECT hash FROM attach WHERE folder = '%s' AND uid = %d AND is_photo = 1 $sql_attach ORDER BY created $order ", dbesc($x[0]['folder']), intval($owner_uid) - ); + ); if(count($prvnxt)) { for($z = 0; $z < count($prvnxt); $z++) { @@ -899,12 +900,12 @@ class Photos extends \Zotlabs\Web\Controller { break; } } - + $prevlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['hash'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''); $nextlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['hash'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''); } - - + + if(count($ph) == 1) $hires = $lores = $ph[0]; if(count($ph) > 1) { @@ -917,74 +918,74 @@ class Photos extends \Zotlabs\Web\Controller { $lores = $ph[1]; } } - + $album_link = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $x[0]['folder']; $tools = Null; $lock = Null; - + if($can_post && ($ph[0]['uid'] == $owner_uid)) { $tools = array( 'profile'=>array(z_root() . '/profile_photo/use/'.$ph[0]['resource_id'], t('Use as profile photo')), 'cover'=>array(z_root() . '/cover_photo/use/'.$ph[0]['resource_id'], t('Use as cover photo')), ); } - + // lockstate $lockstate = ( ( (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ) ? array('lock', t('Private Photo')) : array('unlock', Null)); - + \App::$page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n"; if($prevlink) \App::$page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n"; if($nextlink) \App::$page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n"; \App::$page['htmlhead'] .= '});</script>'; - + if($prevlink) $prevlink = array($prevlink, t('Previous')); - + $photo = array( 'href' => z_root() . '/photo/' . $hires['resource_id'] . '-' . $hires['imgscale'] . '.' . $phototypes[$hires['mimetype']], 'title'=> t('View Full Size'), 'src' => z_root() . '/photo/' . $lores['resource_id'] . '-' . $lores['imgscale'] . '.' . $phototypes[$lores['mimetype']] ); - + if($nextlink) $nextlink = array($nextlink, t('Next')); - - + + // Do we have an item for this photo? - - $linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' + + $linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' $sql_item LIMIT 1", dbesc($datum) ); - + $map = null; - + if($linked_items) { - + xchan_query($linked_items); $linked_items = fetch_post_tags($linked_items,true); - + $link_item = $linked_items[0]; $item_normal = item_normal(); - - $r = q("select * from item where parent_mid = '%s' + + $r = q("select * from item where parent_mid = '%s' $item_normal and uid = %d $sql_item ", dbesc($link_item['mid']), intval($link_item['uid']) - + ); - + if($r) { xchan_query($r); $r = fetch_post_tags($r,true); $r = conv_sort($r,'commented'); } - + $tags = array(); if($link_item['term']) { $cnt = 0; @@ -997,23 +998,23 @@ class Photos extends \Zotlabs\Web\Controller { $cnt ++; } } - + if((local_channel()) && (local_channel() == $link_item['uid'])) { q("UPDATE item SET item_unseen = 0 WHERE parent = %d and uid = %d and item_unseen = 1", intval($link_item['parent']), intval(local_channel()) ); } - + if($link_item['coord']) { $map = generate_map($link_item['coord']); } } - + // logger('mod_photo: link_item' . print_r($link_item,true)); - - // FIXME - remove this when we move to conversation module - + + // FIXME - remove this when we move to conversation module + $r = $r[0]['children']; $edit = null; @@ -1023,11 +1024,11 @@ class Photos extends \Zotlabs\Web\Controller { $caption_e = $ph[0]['description']; $aclselect_e = (($_is_owner) ? populate_acl($ph[0], true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : ''); $albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer'])); - + $_SESSION['album_return'] = bin2hex($ph[0]['album']); $folder_list = attach_folder_select_list($ph[0]['uid']); - + $edit = [ 'edit' => t('Edit photo'), 'id' => $link_item['id'], @@ -1058,17 +1059,17 @@ class Photos extends \Zotlabs\Web\Controller { 'delete' => t('Delete Photo') ]; } - + if(count($linked_items)) { - + $cmnt_tpl = get_markup_template('comment_item.tpl'); $tpl = get_markup_template('photo_item.tpl'); $return_url = \App::$cmd; - + $like_tpl = get_markup_template('like_noshare.tpl'); - + $likebuttons = ''; - + if($observer && ($can_post || $can_comment)) { $likebuttons = [ 'id' => $link_item['id'], @@ -1078,12 +1079,12 @@ class Photos extends \Zotlabs\Web\Controller { 'wait' => t('Please wait') ]; } - + $comments = ''; if(! $r) { if($observer && ($can_post || $can_comment)) { $commentbox = replace_macros($cmnt_tpl,array( - '$return_path' => '', + '$return_path' => '', '$mode' => 'photos', '$jsreload' => $return_url, '$type' => 'wall-comment', @@ -1101,28 +1102,28 @@ class Photos extends \Zotlabs\Web\Controller { )); } } - + $alike = array(); $dlike = array(); - + $like = ''; $dislike = ''; - + $conv_responses = array( 'like' => array('title' => t('Likes','title')),'dislike' => array('title' => t('Dislikes','title')), - 'agree' => array('title' => t('Agree','title')),'disagree' => array('title' => t('Disagree','title')), 'abstain' => array('title' => t('Abstain','title')), + 'agree' => array('title' => t('Agree','title')),'disagree' => array('title' => t('Disagree','title')), 'abstain' => array('title' => t('Abstain','title')), 'attendyes' => array('title' => t('Attending','title')), 'attendno' => array('title' => t('Not attending','title')), 'attendmaybe' => array('title' => t('Might attend','title')) ); - - - - + + + + if($r) { - + foreach($r as $item) { builtin_activity_puller($item, $conv_responses); } - + $like_count = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid']] : ''); $like_list = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid'] . '-l'] : ''); @@ -1133,7 +1134,7 @@ class Photos extends \Zotlabs\Web\Controller { $like_list_part = ''; } $like_button_label = tt('Like','Likes',$like_count,'noun'); - + //if (feature_enabled($conv->get_profile_owner(),'dislike')) { $dislike_count = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid']] : ''); $dislike_list = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid'] . '-l'] : ''); @@ -1145,44 +1146,44 @@ class Photos extends \Zotlabs\Web\Controller { $dislike_list_part = ''; } //} - - + + $like = ((isset($alike[$link_item['mid']])) ? format_like($alike[$link_item['mid']],$alike[$link_item['mid'] . '-l'],'like',$link_item['mid']) : ''); $dislike = ((isset($dlike[$link_item['mid']])) ? format_like($dlike[$link_item['mid']],$dlike[$link_item['mid'] . '-l'],'dislike',$link_item['mid']) : ''); - + // display comments - + foreach($r as $item) { $comment = ''; $template = $tpl; $sparkle = ''; - + if(((activity_match($item['verb'],ACTIVITY_LIKE)) || (activity_match($item['verb'],ACTIVITY_DISLIKE))) && ($item['id'] != $item['parent'])) continue; - + $redirect_url = z_root() . '/redir/' . $item['cid'] ; - - + + $profile_url = zid($item['author']['xchan_url']); $sparkle = ''; - - + + $profile_name = $item['author']['xchan_name']; $profile_avatar = $item['author']['xchan_photo_m']; - + $profile_link = $profile_url; - + $drop = ''; - + if($observer['xchan_hash'] === $item['author_xchan'] || $observer['xchan_hash'] === $item['owner_xchan']) $drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete'))); - - + + $name_e = $profile_name; $title_e = $item['title']; unobscure($item); $body_e = prepare_text($item['body'],$item['mimetype']); - + $comments .= replace_macros($template,array( '$id' => $item['id'], '$mode' => 'photos', @@ -1197,9 +1198,9 @@ class Photos extends \Zotlabs\Web\Controller { '$drop' => $drop, '$comment' => $comment )); - + } - + if($observer && ($can_post || $can_comment)) { $commentbox = replace_macros($cmnt_tpl,array( '$return_path' => '', @@ -1216,20 +1217,20 @@ class Photos extends \Zotlabs\Web\Controller { '$ww' => '' )); } - + } $paginate = paginate($a); } - + $album_e = array($album_link,$ph[0]['album']); $like_e = $like; $dislike_e = $dislike; - - + + $response_verbs = array('like'); if(feature_enabled($owner_uid,'dislike')) $response_verbs[] = 'dislike'; - + $responses = get_responses($conv_responses,$response_verbs,'',$link_item); $hookdata = [ @@ -1238,7 +1239,7 @@ class Photos extends \Zotlabs\Web\Controller { 'nickname' => \App::$data['channel']['channel_address'] ]; call_hooks('photo_view_filter', $hookdata); - + $photo_tpl = get_markup_template('photo_view.tpl'); $o .= replace_macros($photo_tpl, array( '$id' => $ph[0]['id'], @@ -1255,7 +1256,7 @@ class Photos extends \Zotlabs\Web\Controller { '$tag_hdr' => t('In This Photo:'), '$tags' => $tags, 'responses' => $responses, - '$edit' => $edit, + '$edit' => $edit, '$map' => $map, '$map_text' => t('Map'), '$likebuttons' => $likebuttons, @@ -1277,26 +1278,26 @@ class Photos extends \Zotlabs\Web\Controller { '$paginate' => $paginate, '$onclick' => $hookdata['onclick'] )); - + \App::$data['photo_html'] = $o; - + return $o; } - + // Default - show recent photos with upload link (if applicable) //$o = ''; - + \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n"; - + \App::set_pager_itemspage(30); - - $r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.album, p.imgscale, p.created, p.display_path - FROM photo p - INNER JOIN ( SELECT resource_id, max(imgscale) imgscale FROM photo - WHERE photo.uid = %d AND photo_usage IN ( %d, %d ) - AND is_nsfw = %d $sql_extra group by resource_id ) ph - ON (p.resource_id = ph.resource_id and p.imgscale = ph.imgscale) + + $r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.album, p.imgscale, p.created, p.display_path + FROM photo p + INNER JOIN ( SELECT resource_id, max(imgscale) imgscale FROM photo + WHERE photo.uid = %d AND photo_usage IN ( %d, %d ) + AND is_nsfw = %d $sql_extra group by resource_id ) ph + ON (p.resource_id = ph.resource_id and p.imgscale = ph.imgscale) ORDER by p.created DESC LIMIT %d OFFSET %d", intval(\App::$data['channel']['channel_id']), intval(PHOTO_NORMAL), @@ -1305,9 +1306,9 @@ class Photos extends \Zotlabs\Web\Controller { intval(\App::$pager['itemspage']), intval(\App::$pager['start']) ); - - - + + + $photos = array(); if($r) { $twist = 'rotright'; @@ -1321,7 +1322,7 @@ class Photos extends \Zotlabs\Web\Controller { else $twist = 'rotright'; $ext = $phototypes[$rr['mimetype']]; - + $alt_e = $rr['filename']; $name_e = dirname($rr['display_path']); @@ -1335,11 +1336,11 @@ class Photos extends \Zotlabs\Web\Controller { 'album' => array( 'name' => $name_e, ), - + ); } } - + if($_REQUEST['aj']) { if($photos) { $o = replace_macros(get_markup_template('photosajax.tpl'),array( @@ -1355,7 +1356,7 @@ class Photos extends \Zotlabs\Web\Controller { } else { $o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; </script>"; - $tpl = get_markup_template('photos_recent.tpl'); + $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array( '$title' => t('Recent Photos'), '$album_id' => bin2hex(t('Recent Photos')), @@ -1365,18 +1366,18 @@ class Photos extends \Zotlabs\Web\Controller { '$upload_form' => $upload_form, '$usage' => $usage_message )); - + } - + if((! $photos) && ($_REQUEST['aj'])) { $o .= '<div id="content-complete"></div>'; echo $o; killme(); } - + // paginate($a); return $o; } - - + + } diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index 9ac0e725e..ca6ab435f 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -12,11 +12,11 @@ class Profiles extends \Zotlabs\Web\Controller { function init() { nav_set_selected('Profiles', 'settings/profiles'); - + if(! local_channel()) { return; } - + if((argc() > 2) && (argv(1) === "drop") && intval(argv(2))) { $r = q("SELECT * FROM profile WHERE id = %d AND uid = %d AND is_default = 0 LIMIT 1", intval(argv(2)), @@ -28,11 +28,11 @@ class Profiles extends \Zotlabs\Web\Controller { return; // NOTREACHED } $profile_guid = $r['profile_guid']; - + check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't'); - + // move every contact using this profile as their default to the user default - + $r = q("UPDATE abook SET abook_profile = (SELECT profile_guid FROM profile WHERE is_default = 1 AND uid = %d LIMIT 1) WHERE abook_profile = '%s' AND abook_channel = %d ", intval(local_channel()), dbesc($profile_guid), @@ -44,34 +44,34 @@ class Profiles extends \Zotlabs\Web\Controller { ); if($r) info( t('Profile deleted.') . EOL); - - // @fixme this is a much more complicated sync - add any changed abook entries and + + // @fixme this is a much more complicated sync - add any changed abook entries and // also add deleted flag to profile structure // profiles_build_sync is just here as a placeholder - it doesn't work at all here - + // profiles_build_sync(local_channel()); - + goaway(z_root() . '/profiles'); return; // NOTREACHED } - - - - - + + + + + if((argc() > 1) && (argv(1) === 'new')) { - + // check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't'); - + $r0 = q("SELECT id FROM profile WHERE uid = %d", intval(local_channel())); $num_profiles = count($r0); - + $name = t('Profile-') . ($num_profiles + 1); - + $r1 = q("SELECT fullname, photo, thumb FROM profile WHERE uid = %d AND is_default = 1 LIMIT 1", intval(local_channel())); - + $r2 = profile_store_lowlevel( [ 'aid' => intval(get_account_id()), @@ -83,27 +83,27 @@ class Profiles extends \Zotlabs\Web\Controller { 'thumb' => $r1[0]['thumb'] ] ); - + $r3 = q("SELECT id FROM profile WHERE uid = %d AND profile_name = '%s' LIMIT 1", intval(local_channel()), dbesc($name) ); - + info( t('New profile created.') . EOL); if(count($r3) == 1) goaway(z_root() . '/profiles/' . $r3[0]['id']); - + goaway(z_root() . '/profiles'); - } - + } + if((argc() > 2) && (argv(1) === 'clone')) { - + check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't'); - + $r0 = q("SELECT id FROM profile WHERE uid = %d", intval(local_channel())); $num_profiles = count($r0); - + $name = t('Profile-') . ($num_profiles + 1); $r1 = q("SELECT * FROM profile WHERE uid = %d AND id = %d LIMIT 1", intval(local_channel()), @@ -116,30 +116,30 @@ class Profiles extends \Zotlabs\Web\Controller { } unset($r1[0]['id']); $r1[0]['is_default'] = 0; - $r1[0]['publish'] = 0; + $r1[0]['publish'] = 0; $r1[0]['profile_name'] = dbesc($name); $r1[0]['profile_guid'] = dbesc(random_string()); - + create_table_from_array('profile', $r1[0]); - + $r3 = q("SELECT id FROM profile WHERE uid = %d AND profile_name = '%s' LIMIT 1", intval(local_channel()), dbesc($name) ); info( t('New profile created.') . EOL); - + profiles_build_sync(local_channel()); - + if(($r3) && (count($r3) == 1)) goaway(z_root() . '/profiles/' . $r3[0]['id']); - + goaway(z_root() . '/profiles'); - + return; // NOTREACHED } - + if((argc() > 2) && (argv(1) === 'export')) { - + $r1 = q("SELECT * FROM profile WHERE uid = %d AND id = %d LIMIT 1", intval(local_channel()), intval(argv(2)) @@ -151,7 +151,7 @@ class Profiles extends \Zotlabs\Web\Controller { } header('content-type: application/octet_stream'); header('content-disposition: attachment; filename="' . $r1[0]['profile_name'] . '.json"' ); - + unset($r1[0]['id']); unset($r1[0]['aid']); unset($r1[0]['uid']); @@ -162,10 +162,10 @@ class Profiles extends \Zotlabs\Web\Controller { echo json_encode($r1[0]); killme(); } - - - - + + + + // Run profile_load() here to make sure the theme is set before // we start loading content if(((argc() > 1) && (intval(argv(1)))) || !feature_enabled(local_channel(),'multi_profiles')) { @@ -187,28 +187,28 @@ class Profiles extends \Zotlabs\Web\Controller { \App::$error = 404; return; } - + $chan = \App::get_channel(); - + profile_load($chan['channel_address'],$r[0]['id']); } } - + function post() { - + if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - + require_once('include/activities.php'); - + $namechanged = false; - - + + // import from json export file. // Only import fields that are allowed on this hub - + if(x($_FILES,'userfile')) { $src = $_FILES['userfile']['tmp_name']; $filesize = intval($_FILES['userfile']['size']); @@ -230,10 +230,10 @@ class Profiles extends \Zotlabs\Web\Controller { } } } - + call_hooks('profile_post', $_POST); - - + + if((argc() > 1) && (argv(1) !== "new") && intval(argv(1))) { $orig = q("SELECT * FROM profile WHERE id = %d AND uid = %d LIMIT 1", intval(\App::$argv[1]), @@ -243,26 +243,26 @@ class Profiles extends \Zotlabs\Web\Controller { notice( t('Profile not found.') . EOL); return; } - + check_form_security_token_redirectOnErr('/profiles', 'profile_edit'); - + $is_default = (($orig[0]['is_default']) ? 1 : 0); - + $profile_name = notags(trim($_POST['profile_name'])); if(! strlen($profile_name)) { notice( t('Profile Name is required.') . EOL); return; } - + $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; // FIXME: Needs to be validated? - + $y = substr($dob,0,4); if((! ctype_digit($y)) || ($y < 1900)) $ignore_year = true; else $ignore_year = false; - + if($dob != '0000-00-00') { if(strpos($dob,'0000-') === 0) { $ignore_year = true; @@ -272,12 +272,12 @@ class Profiles extends \Zotlabs\Web\Controller { if($ignore_year) $dob = '0000-' . $dob; } - + $name = escape_tags(trim($_POST['name'])); - + if($orig[0]['fullname'] != $name) { $namechanged = true; - + $v = validate_channelname($name); if($v) { notice($v); @@ -285,7 +285,7 @@ class Profiles extends \Zotlabs\Web\Controller { $name = $orig[0]['fullname']; } } - + $pdesc = escape_tags(trim($_POST['pdesc'])); $gender = escape_tags(trim($_POST['gender'])); $address = escape_tags(trim($_POST['address'])); @@ -301,10 +301,10 @@ class Profiles extends \Zotlabs\Web\Controller { $hometown = escape_tags(trim($_POST['hometown'])); $politic = escape_tags(trim($_POST['politic'])); $religion = escape_tags(trim($_POST['religion'])); - + $likes = fix_mce_lf(escape_tags(trim($_POST['likes']))); $dislikes = fix_mce_lf(escape_tags(trim($_POST['dislikes']))); - + $about = fix_mce_lf(escape_tags(trim($_POST['about']))); $interest = fix_mce_lf(escape_tags(trim($_POST['interest']))); $contact = fix_mce_lf(escape_tags(trim($_POST['contact']))); @@ -316,11 +316,11 @@ class Profiles extends \Zotlabs\Web\Controller { $romance = fix_mce_lf(escape_tags(trim($_POST['romance']))); $work = fix_mce_lf(escape_tags(trim($_POST['work']))); $education = fix_mce_lf(escape_tags(trim($_POST['education']))); - + $hide_friends = ((intval($_POST['hide_friends'])) ? 1: 0); - + // start fresh and create a new vcard. TODO: preserve the original guid or whatever else needs saving -// $orig_vcard = (($orig[0]['profile_vcard']) ? \Sabre\VObject\Reader::read($orig[0]['profile_vcard']) : null); +// $orig_vcard = (($orig[0]['profile_vcard']) ? \Sabre\VObject\Reader::read($orig[0]['profile_vcard']) : null); $orig_vcard = null; @@ -347,7 +347,7 @@ class Profiles extends \Zotlabs\Web\Controller { 5 => $postal_code, 6 => $country_name ]; - + $profile_vcard = update_vcard($defcard,$orig_vcard); $orig_vcard = \Sabre\VObject\Reader::read($profile_vcard); @@ -370,19 +370,19 @@ class Profiles extends \Zotlabs\Web\Controller { linkify_tags($romance, local_channel()); linkify_tags($work, local_channel()); linkify_tags($education, local_channel()); - - + + $with = ((x($_POST,'with')) ? escape_tags(trim($_POST['with'])) : ''); - + if(! strlen($howlong)) $howlong = NULL_DATE; else $howlong = datetime_convert(date_default_timezone_get(),'UTC',$howlong); - + // linkify the relationship target if applicable - + $withchanged = false; - + if(strlen($with)) { if($with != strip_tags($orig[0]['partner'])) { $withchanged = true; @@ -392,7 +392,7 @@ class Profiles extends \Zotlabs\Web\Controller { $lookup = substr($lookup,1); $lookup = str_replace('_',' ', $lookup); $newname = $lookup; - + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname), intval(local_channel()) @@ -407,8 +407,8 @@ class Profiles extends \Zotlabs\Web\Controller { $prf = $r[0]['xchan_url']; $newname = $r[0]['xchan_name']; } - - + + if($prf) { $with = str_replace($lookup,'<a href="' . $prf . '">' . $newname . '</a>', $with); if(strpos($with,'@') === 0) @@ -418,7 +418,7 @@ class Profiles extends \Zotlabs\Web\Controller { else $with = $orig[0]['partner']; } - + $profile_fields_basic = get_profile_fields_basic(); $profile_fields_advanced = get_profile_fields_advanced(); $advanced = ((feature_enabled(local_channel(),'advanced_profiles')) ? true : false); @@ -426,7 +426,7 @@ class Profiles extends \Zotlabs\Web\Controller { $fields = $profile_fields_advanced; else $fields = $profile_fields_basic; - + $z = q("select * from profdef where true"); if($z) { foreach($z as $zz) { @@ -453,7 +453,7 @@ class Profiles extends \Zotlabs\Web\Controller { } } } - + $changes = array(); $value = ''; if($is_default) { @@ -513,12 +513,12 @@ class Profiles extends \Zotlabs\Web\Controller { $comma2 = (($region && $country_name) ? ', ' : ''); $value = $locality . $comma1 . $region . $comma2 . $country_name; } - + profile_activity($changes,$value); - - } - - $r = q("UPDATE profile + + } + + $r = q("UPDATE profile SET profile_name = '%s', fullname = '%s', pdesc = '%s', @@ -591,10 +591,10 @@ class Profiles extends \Zotlabs\Web\Controller { intval(argv(1)), intval(local_channel()) ); - + if($r) info( t('Profile updated.') . EOL); - + $r = q("select * from profile where id = %d and uid = %d limit 1", intval(argv(1)), intval(local_channel()) @@ -603,9 +603,9 @@ class Profiles extends \Zotlabs\Web\Controller { require_once('include/zot.php'); Libsync::build_sync_packet(local_channel(),array('profile' => $r)); } - + $channel = \App::get_channel(); - + if($namechanged && $is_default) { $r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_url = '%s'", dbesc($name), @@ -617,7 +617,7 @@ class Profiles extends \Zotlabs\Web\Controller { dbesc($channel['xchan_hash']) ); } - + if($is_default) { // reload the info for the sidebar widget - why does this not work? profile_load($channel['channel_address']); @@ -625,24 +625,24 @@ class Profiles extends \Zotlabs\Web\Controller { } } } - - + + function get() { - + $o = ''; - + $channel = \App::get_channel(); - + if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - + require_once('include/channel.php'); - + $profile_fields_basic = get_profile_fields_basic(); $profile_fields_advanced = get_profile_fields_advanced(); - + if(((argc() > 1) && (intval(argv(1)))) || !feature_enabled(local_channel(),'multi_profiles')) { if(feature_enabled(local_channel(),'multi_profiles')) $id = \App::$argv[1]; @@ -652,7 +652,7 @@ class Profiles extends \Zotlabs\Web\Controller { ); if($x) $id = $x[0]['id']; - } + } $r = q("SELECT * FROM profile WHERE id = %d AND uid = %d LIMIT 1", intval($id), intval(local_channel()) @@ -661,20 +661,20 @@ class Profiles extends \Zotlabs\Web\Controller { notice( t('Profile not found.') . EOL); return; } - + $editselect = 'none'; - + \App::$page['htmlhead'] .= replace_macros(get_markup_template('profed_head.tpl'), array( '$baseurl' => z_root(), '$editselect' => $editselect, )); - + $advanced = ((feature_enabled(local_channel(),'advanced_profiles')) ? true : false); if($advanced) $fields = $profile_fields_advanced; else $fields = $profile_fields_basic; - + $hide_friends = array( 'hide_friends', t('Hide your connections list from viewers of this profile'), @@ -682,36 +682,36 @@ class Profiles extends \Zotlabs\Web\Controller { '', array(t('No'),t('Yes')) ); - + $q = q("select * from profdef where true"); if($q) { $extra_fields = array(); - + foreach($q as $qq) { $mine = q("select v from profext where k = '%s' and hash = '%s' and channel_id = %d limit 1", - dbesc($qq['field_name']), + dbesc($qq['field_name']), dbesc($r[0]['profile_guid']), intval(local_channel()) ); - + if(array_key_exists($qq['field_name'],$fields)) { $extra_fields[] = array($qq['field_name'],$qq['field_desc'],(($mine) ? $mine[0]['v'] : ''), $qq['field_help']); } } } - + //logger('extra_fields: ' . print_r($extra_fields,true)); $vc = $r[0]['profile_vcard']; - $vctmp = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); + $vctmp = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); $vcard = (($vctmp) ? get_vcard_array($vctmp,$r[0]['id']) : [] ); - + $f = get_config('system','birthday_input_format'); if(! $f) $f = 'ymd'; - + $is_default = (($r[0]['is_default']) ? 1 : 0); - + $tpl = get_markup_template("profile_edit.tpl"); $o .= replace_macros($tpl,array( '$multi_profiles' => ((feature_enabled(local_channel(),'multi_profiles')) ? true : false), @@ -749,7 +749,7 @@ class Profiles extends \Zotlabs\Web\Controller { '$default' => t('This is your default profile.') . EOL . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))), '$advanced' => $advanced, '$name' => array('name', t('Your full name'), $r[0]['fullname'], t('Required'), '*'), - '$pdesc' => array('pdesc', t('Title/Description'), $r[0]['pdesc']), + '$pdesc' => array('pdesc', t('Short title/tescription'), $r[0]['pdesc'], t('Maximal 190 characters'), '', 'maxlength="190"'), '$dob' => dob($r[0]['dob']), '$hide_friends' => $hide_friends, '$address' => array('address', t('Street address'), $r[0]['address']), @@ -802,18 +802,18 @@ class Profiles extends \Zotlabs\Web\Controller { '$delete' => t('Delete'), '$cancel' => t('Cancel'), )); - + $arr = array('profile' => $r[0], 'entry' => $o); call_hooks('profile_edit', $arr); - + return $o; } else { - + $r = q("SELECT * FROM profile WHERE uid = %d", local_channel()); if($r) { - + $tpl = get_markup_template('profile_entry.tpl'); foreach($r as $rr) { $profiles .= replace_macros($tpl, array( @@ -821,24 +821,24 @@ class Profiles extends \Zotlabs\Web\Controller { '$id' => $rr['id'], '$alt' => t('Profile Image'), '$profile_name' => $rr['profile_name'], - '$visible' => (($rr['is_default']) - ? '<strong>' . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))) . '</strong>' + '$visible' => (($rr['is_default']) + ? '<strong>' . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))) . '</strong>' : '<a href="' . z_root() . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>') )); } - + $tpl_header = get_markup_template('profile_listing_header.tpl'); $o .= replace_macros($tpl_header,array( '$header' => t('Edit Profiles'), '$cr_new' => t('Create New'), '$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new"), '$profiles' => $profiles - )); - + )); + } return $o; } - + } - + } diff --git a/Zotlabs/Module/Pubsites.php b/Zotlabs/Module/Pubsites.php index daec5dde3..4b64d9af6 100644 --- a/Zotlabs/Module/Pubsites.php +++ b/Zotlabs/Module/Pubsites.php @@ -1,18 +1,19 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Libzotdir; class Pubsites extends \Zotlabs\Web\Controller { function get() { - require_once('include/dir_fns.php'); + require_once('include/dir_fns.php'); $dirmode = intval(get_config('system','directory_mode')); - + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { $url = z_root() . '/dirsearch'; } if(! $url) { - $directory = find_upstream_directory($dirmode); + $directory = Libzotdir::find_upstream_directory($dirmode); $url = $directory['url'] . '/dirsearch'; } $url .= '/sites'; @@ -20,12 +21,12 @@ class Pubsites extends \Zotlabs\Web\Controller { $rating_enabled = get_config('system','rating_enabled'); $o .= '<div class="generic-content-wrapper">'; - + $o .= '<div class="section-title-wrapper"><h2>' . t('Public Hubs') . '</h2></div>'; - - $o .= '<div class="section-content-tools-wrapper"><div class="descriptive-text">' . + + $o .= '<div class="section-content-tools-wrapper"><div class="descriptive-text">' . t('The listed hubs allow public registration for the $Projectname network. All hubs in the network are interlinked so membership on any of them conveys membership in the network as a whole. Some hubs may require subscription or provide tiered service plans. The hub itself <strong>may</strong> provide additional details.') . '</div>' . EOL; - + $ret = z_fetch_url($url); if($ret['success']) { $j = json_decode($ret['body'],true); @@ -48,8 +49,8 @@ class Pubsites extends \Zotlabs\Web\Controller { $host = strtolower(substr($jj['url'],strpos($jj['url'],'://')+3)); $rate_links = ((local_channel()) ? '<td><a href="rate?f=&target=' . $host . '" class="btn-btn-default"><i class="fa fa-check-square-o"></i> ' . t('Rate') . '</a></td>' : ''); $location = ''; - if(!empty($jj['location'])) { - $location = '<p title="' . t('Location') . '" style="margin: 5px 5px 0 0; text-align: right"><i class="fa fa-globe"></i> ' . $jj['location'] . '</p>'; + if(!empty($jj['location'])) { + $location = '<p title="' . t('Location') . '" style="margin: 5px 5px 0 0; text-align: right"><i class="fa fa-globe"></i> ' . $jj['location'] . '</p>'; } else { $location = '<br /> '; @@ -61,14 +62,14 @@ class Pubsites extends \Zotlabs\Web\Controller { $o .= '</tr>'; } } - + $o .= '</table>'; - + $o .= '</div></div>'; - + } } return $o; } - + } diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php index f03dae2bf..031270845 100644 --- a/Zotlabs/Module/Rpost.php +++ b/Zotlabs/Module/Rpost.php @@ -10,7 +10,7 @@ require_once('include/zot.php'); /** * remote post - * + * * https://yoursite/rpost?f=&title=&body=&remote_return= * * This can be called via either GET or POST, use POST for long body content as suhosin often limits GET parameter length @@ -20,7 +20,7 @@ require_once('include/zot.php'); * body= Body of post * url= URL which will be parsed and the results appended to the body * source= Source application - * post_id= post_id of post to 'share' (local use only) + * post_id= post_id of post to 'share' (local use only) * remote_return= absolute URL to return after posting is finished * type= choices are 'html' or 'bbcode', default is 'bbcode' * @@ -32,16 +32,16 @@ require_once('include/zot.php'); class Rpost extends \Zotlabs\Web\Controller { function get() { - + $o = ''; - + if(! local_channel()) { if(remote_channel()) { // redirect to your own site. // We can only do this with a GET request so you'll need to keep the text short or risk getting truncated // by the wretched beast called 'suhosin'. All the browsers now allow long GET requests, but suhosin // blocks them. - + $url = get_rpost_path(\App::get_observer()); // make sure we're not looping to our own hub if(($url) && (! stristr($url, \App::get_hostname()))) { @@ -53,10 +53,10 @@ class Rpost extends \Zotlabs\Web\Controller { goaway($url); } } - + // The login procedure is going to bugger our $_REQUEST variables // so save them in the session. - + if(array_key_exists('body',$_REQUEST)) { $_SESSION['rpost'] = $_REQUEST; } @@ -64,14 +64,14 @@ class Rpost extends \Zotlabs\Web\Controller { } nav_set_selected('Post'); - + // If we have saved rpost session variables, but nothing in the current $_REQUEST, recover the saved variables - + if((! array_key_exists('body',$_REQUEST)) && (array_key_exists('rpost',$_SESSION))) { $_REQUEST = $_SESSION['rpost']; unset($_SESSION['rpost']); } - + if(array_key_exists('channel',$_REQUEST)) { $r = q("select channel_id from channel where channel_account_id = %d and channel_address = '%s' limit 1", intval(get_account_id()), @@ -82,7 +82,7 @@ class Rpost extends \Zotlabs\Web\Controller { $change = change_channel($r[0]['channel_id']); } } - + if($_REQUEST['remote_return']) { $_SESSION['remote_return'] = $_REQUEST['remote_return']; } @@ -91,21 +91,27 @@ class Rpost extends \Zotlabs\Web\Controller { goaway($_SESSION['remote_return']); goaway(z_root() . '/network'); } - + $plaintext = true; - + if(array_key_exists('type', $_REQUEST) && $_REQUEST['type'] === 'html') { require_once('include/html2bbcode.php'); - $_REQUEST['body'] = html2bbcode($_REQUEST['body']); + $_REQUEST['body'] = html2bbcode($_REQUEST['body']); } - + $channel = \App::get_channel(); - - - $acl = new \Zotlabs\Access\AccessList($channel); - - $channel_acl = $acl->get(); - + + if($_REQUEST['acl']) { + $acl = new \Zotlabs\Access\AccessList([]); + $acl->set($_REQUEST['acl']); + $channel_acl = $acl->get(); + } + else { + $acl = new \Zotlabs\Access\AccessList($channel); + $channel_acl = $acl->get(); + } + + if($_REQUEST['url']) { $x = z_fetch_url(z_root() . '/linkinfo?f=&url=' . urlencode($_REQUEST['url'])); if($x['success']) @@ -115,7 +121,7 @@ class Rpost extends \Zotlabs\Web\Controller { if($_REQUEST['post_id']) { $_REQUEST['body'] .= '[share=' . intval($_REQUEST['post_id']) . '][/share]'; } - + $x = array( 'is_owner' => true, 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), @@ -137,19 +143,19 @@ class Rpost extends \Zotlabs\Web\Controller { 'bbcode' => true, 'jotnets' => true ); - + $editor = status_editor($a,$x,false,'Rpost'); - + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( '$title' => t('Edit post'), '$cancel' => '', '$editor' => $editor )); - + return $o; - + } - - - + + + } diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 534c63d46..396e07001 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -123,7 +123,7 @@ class Sse_bs extends Controller { $mids[] = '\'' . dbesc(@base64url_decode(substr($a,4))) . '\''; } - $str = implode($mids, ','); + $str = implode(',', $mids); $x = [ 'channel_id' => self::$uid, 'update' => 'unset' ]; call_hooks('update_unseen',$x); diff --git a/Zotlabs/Module/Zfinger.php b/Zotlabs/Module/Zfinger.php index 533f0a5db..ce7117ad8 100644 --- a/Zotlabs/Module/Zfinger.php +++ b/Zotlabs/Module/Zfinger.php @@ -7,7 +7,7 @@ use Zotlabs\Lib\Libzot; class Zfinger extends \Zotlabs\Web\Controller { function init() { - + require_once('include/zot.php'); require_once('include/crypto.php'); @@ -26,7 +26,7 @@ class Zfinger extends \Zotlabs\Web\Controller { if($chan) { $headers['Digest'] = HTTPSig::generate_digest_header($ret); - $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],'acct:' . channel_reddress($chan)); + $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'], channel_url($chan)); HTTPSig::set_headers($h); } else { @@ -37,7 +37,7 @@ class Zfinger extends \Zotlabs\Web\Controller { echo $ret; killme(); - + } - + } |