diff options
Diffstat (limited to 'Zotlabs/Module')
| -rw-r--r-- | Zotlabs/Module/Activity.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Channel.php | 8 | ||||
| -rw-r--r-- | Zotlabs/Module/Display.php | 5 | ||||
| -rw-r--r-- | Zotlabs/Module/Filestorage.php | 8 | ||||
| -rw-r--r-- | Zotlabs/Module/Item.php | 120 | ||||
| -rw-r--r-- | Zotlabs/Module/Photo.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Sharedwithme.php | 99 | ||||
| -rw-r--r-- | Zotlabs/Module/Sse_bs.php | 23 | ||||
| -rw-r--r-- | Zotlabs/Module/Viewconnections.php | 6 |
9 files changed, 137 insertions, 138 deletions
diff --git a/Zotlabs/Module/Activity.php b/Zotlabs/Module/Activity.php index 93b5a15fc..9971ee60f 100644 --- a/Zotlabs/Module/Activity.php +++ b/Zotlabs/Module/Activity.php @@ -170,6 +170,8 @@ class Activity extends Controller { } + goaway(z_root() . '/item/' . argv(1)); + } } diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 170b81787..08de059a8 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -239,8 +239,12 @@ class Channel extends Controller { /** * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups */ - - $item_normal = item_normal(); + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_pending_remove = 0 + and item.item_blocked = 0 "; + if (! $is_owner) + $item_normal .= "and item.item_delayed = 0 "; $item_normal_update = item_normal_update(); $sql_extra = item_permissions_sql(App::$profile['profile_uid']); diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 777d183e1..f45f37001 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -101,7 +101,7 @@ class Display extends \Zotlabs\Web\Controller { if($decoded) $item_hash = $decoded; - $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, author_xchan, item_blocked from item where mid like '%s' limit 1", + $r = q("select id, uid, mid, parent, parent_mid, thr_parent, verb, item_type, item_deleted, author_xchan, item_blocked from item where mid like '%s' limit 1", dbesc($item_hash . '%') ); @@ -159,14 +159,17 @@ class Display extends \Zotlabs\Web\Controller { } } if($target_item['item_type'] == ITEM_TYPE_CARD) { + $x = q("select * from channel where channel_id = %d limit 1", intval($target_item['uid']) ); + $y = q("select * from iconfig left join item on iconfig.iid = item.id where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'CARD' and item.id = %d limit 1", intval($target_item['uid']), intval($target_item['parent']) ); + if($x && $y) { goaway(z_root() . '/cards/' . $x[0]['channel_address'] . '/' . $y[0]['v']); } diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index c40de2823..0c6233493 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -35,12 +35,12 @@ class Filestorage extends \Zotlabs\Web\Controller { $url = get_cloud_url($channel_id, $channel['channel_address'], $resource); - //get the object before permissions change so we can catch eventual former allowed members - $object = get_file_activity_object($channel_id, $resource, $url); - attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true); - file_activity($channel_id, $object, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], 'post', $notify); + if($notify) { + $observer = \App::get_observer(); + attach_store_item($channel, $observer, $resource); + } goaway(dirname($url)); } diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index fcc040e01..95359ccad 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -2,6 +2,7 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Config; use Zotlabs\Lib\IConfig; use Zotlabs\Lib\Enotify; use Zotlabs\Web\Controller; @@ -43,9 +44,11 @@ class Item extends Controller { if (Libzot::is_zot_request()) { + $conversation = false; + $item_id = argv(1); - if (! $item_id) + if(! $item_id) http_status_exit(404, 'Not found'); $portable_id = EMPTY_STR; @@ -66,32 +69,24 @@ class Item extends Controller { // process an authenticated fetch - $sigdata = HTTPSig::verify(EMPTY_STR); - if($sigdata['portable_id'] && $sigdata['header_valid']) { + $sigdata = HTTPSig::verify(($_SERVER['REQUEST_METHOD'] === 'POST') ? file_get_contents('php://input') : EMPTY_STR); + if ($sigdata['portable_id'] && $sigdata['header_valid']) { $portable_id = $sigdata['portable_id']; + if (! check_channelallowed($portable_id)) { + http_status_exit(403, 'Permission denied'); + } + if (! check_siteallowed($sigdata['signer'])) { + http_status_exit(403, 'Permission denied'); + } observer_auth($portable_id); - // first see if we have a copy of this item's parent owned by the current signer - // include xchans for all zot-like networks - these will have the same guid and public key - - $x = q("select * from xchan where xchan_hash = '%s'", - dbesc($sigdata['portable_id']) + $i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1", + dbesc($r[0]['parent_mid']), + dbesc($portable_id) ); - - if ($x) { - $xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ", - dbesc($sigdata['portable_id']), - dbesc($x[0]['xchan_guid']), - dbesc($x[0]['xchan_pubkey']) - ); - - if ($xchans) { - $hashes = ids_to_querystr($xchans,'xchan_hash',true); - $i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) limit 1", - dbesc($r[0]['parent_mid']) - ); - } - } + } + elseif (Config::get('system','require_authenticated_fetch',false)) { + http_status_exit(403,'Permission denied'); } // if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access @@ -111,7 +106,7 @@ class Item extends Controller { $parents_str = ids_to_querystr($i,'item_id'); - $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal ", + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal order by item.id asc", dbesc($parents_str) ); @@ -122,43 +117,10 @@ class Item extends Controller { xchan_query($items,true); $items = fetch_post_tags($items,true); - $observer = App::get_observer(); - $parent = $items[0]; - $recips = (($parent['owner']['xchan_network'] === 'activitypub') ? get_iconfig($parent['id'],'activitypub','recips', []) : []); - $to = (($recips && array_key_exists('to',$recips) && is_array($recips['to'])) ? $recips['to'] : null); - $nitems = []; - foreach($items as $i) { - - $mids = []; - - if(intval($i['item_private'])) { - if(! $observer) { - continue; - } - // ignore private reshare, possibly from hubzilla - if($i['verb'] === 'Announce') { - if(! in_array($i['thr_parent'],$mids)) { - $mids[] = $i['thr_parent']; - } - continue; - } - // also ignore any children of the private reshares - if(in_array($i['thr_parent'],$mids)) { - continue; - } - - if((! $to) || (! in_array($observer['xchan_url'],$to))) { - continue; - } - - } - $nitems[] = $i; - } - - if(! $nitems) + if(! $items) http_status_exit(404, 'Not found'); - $chan = channelx_by_n($nitems[0]['uid']); + $chan = channelx_by_n($items[0]['uid']); if(! $chan) http_status_exit(404, 'Not found'); @@ -166,7 +128,8 @@ class Item extends Controller { if(! perm_is_allowed($chan['channel_id'],get_observer_hash(),'view_stream')) http_status_exit(403, 'Forbidden'); - $i = Activity::encode_item_collection($nitems,'conversation/' . $item_id,'OrderedCollection'); + + $i = Activity::encode_item_collection($items, 'conversation/' . $item_id, 'OrderedCollection'); if($portable_id) { ThreadListener::store(z_root() . '/item/' . $item_id,$portable_id); } @@ -194,8 +157,9 @@ class Item extends Controller { } if(argc() > 1 && argv(1) !== 'drop') { - $x = q("select uid, item_wall, llink, mid from item where mid = '%s' ", - dbesc(z_root() . '/item/' . argv(1)) + $x = q("select uid, item_wall, llink, mid from item where mid = '%s' or mid = '%s' ", + dbesc(z_root() . '/item/' . argv(1)), + dbesc(z_root() . '/activity/' . argv(1)) ); if($x) { foreach($x as $xv) { @@ -712,6 +676,8 @@ class Item extends Controller { $str_group_allow = $gacl['allow_gid']; $str_contact_deny = $gacl['deny_cid']; $str_group_deny = $gacl['deny_gid']; + + $post_tags = []; if($mimetype === 'text/bbcode') { @@ -723,16 +689,16 @@ class Item extends Controller { // we may need virtual or template classes to implement the possible alternatives if(strpos($body,'[/summary]') !== false) { - $match = ''; - $cnt = preg_match("/\[summary\](.*?)\[\/summary\]/ism",$body,$match); - if($cnt) { - $summary .= $match[1]; - } - $body_content = preg_replace("/^(.*?)\[summary\](.*?)\[\/summary\](.*?)$/ism", '',$body); - $body = trim($body_content); - } - - $summary = cleanup_bbcode($summary); + $match = ''; + $cnt = preg_match("/\[summary\](.*?)\[\/summary\]/ism",$body,$match); + if($cnt) { + $summary .= $match[1]; + } + $body_content = preg_replace("/\[summary\](.*?)\[\/summary\]/ism", '',$body); + $body = trim($body_content); + } + + $summary = cleanup_bbcode($summary); $body = cleanup_bbcode($body); @@ -746,7 +712,6 @@ class Item extends Controller { // Set permissions based on tag replacements set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $parent_item, $private); - $post_tags = array(); foreach($results as $result) { $success = $result['success']; if($success['replaced']) { @@ -759,6 +724,7 @@ class Item extends Controller { ); } } + } if(($str_contact_allow) && (! $str_group_allow)) { @@ -990,8 +956,9 @@ class Item extends Controller { } if ((! $plink) && ($item_thread_top)) { - $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . gen_link_id($mid); - $plink = substr($plink,0,190); + // $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . gen_link_id($mid); + // $plink = substr($plink,0,190); + $plink = $mid; } if ($datarray['obj']) { @@ -1055,10 +1022,9 @@ class Item extends Controller { $datarray['layout_mid'] = $layout_mid; $datarray['public_policy'] = $public_policy; $datarray['comment_policy'] = map_scope($comment_policy); - $datarray['term'] = $post_tags; + $datarray['term'] = array_unique($post_tags, SORT_REGULAR); $datarray['plink'] = $plink; $datarray['route'] = $route; - // A specific ACL over-rides public_policy completely diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 48e2bf4a5..1cf082bdd 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -213,7 +213,7 @@ class Photo extends \Zotlabs\Web\Controller { if(! $data) killme(); - + $etag = '"' . md5($data . $modified) . '"'; if($modified == 0) @@ -269,7 +269,7 @@ class Photo extends \Zotlabs\Web\Controller { // in the event that infrastructure caching is present. $smaxage = intval($maxage/12); - header("Cache-Control: s-maxage=" . $smaxage . ", max-age=" . $maxage . $cachecontrol); + header("Cache-Control: no-cache, s-maxage=" . $smaxage . ", max-age=" . $maxage . $cachecontrol); } diff --git a/Zotlabs/Module/Sharedwithme.php b/Zotlabs/Module/Sharedwithme.php index c986f6695..4211a3af8 100644 --- a/Zotlabs/Module/Sharedwithme.php +++ b/Zotlabs/Module/Sharedwithme.php @@ -1,5 +1,8 @@ <?php namespace Zotlabs\Module; + +use Zotlabs\Web\Controller; + require_once('include/conversation.php'); require_once('include/text.php'); @@ -9,7 +12,7 @@ require_once('include/text.php'); * */ -class Sharedwithme extends \Zotlabs\Web\Controller { +class Sharedwithme extends Controller { function get() { if(! local_channel()) { @@ -20,81 +23,80 @@ class Sharedwithme extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $is_owner = (local_channel() && (local_channel() == $channel['channel_id'])); - - //check for updated items and remove them - require_once('include/sharedwithme.php'); - apply_updates(); + + $item_normal = item_normal(); //drop single file - localuser if((argc() > 2) && (argv(2) === 'drop')) { - + $id = intval(argv(1)); - - q("DELETE FROM item WHERE id = %d AND uid = %d", - intval($id), - intval(local_channel()) - ); - + + drop_item($id); + goaway(z_root() . '/sharedwithme'); + } //drop all files - localuser if((argc() > 1) && (argv(1) === 'dropall')) { - - q("DELETE FROM item WHERE verb = '%s' AND obj_type = '%s' AND uid = %d", + + $r = q("SELECT id FROM item WHERE verb = '%s' AND obj_type IN ('Document', 'Video', 'Audio', 'Image') AND uid = %d AND owner_xchan != '%s' $item_normal", dbesc(ACTIVITY_POST), - dbesc(ACTIVITY_OBJ_FILE), - intval(local_channel()) + intval(local_channel()), + dbesc($channel['channel_hash']) ); - + + $ids = ids_to_array($r); + + if($ids) + drop_items($ids); + goaway(z_root() . '/sharedwithme'); + } - + //list files - $r = q("SELECT id, uid, obj, item_unseen FROM item WHERE verb = '%s' AND obj_type = '%s' AND uid = %d AND owner_xchan != '%s'", + $r = q("SELECT id, uid, obj, item_unseen FROM item WHERE verb = '%s' AND obj_type IN ('Document', 'Video', 'Audio', 'Image') AND uid = %d AND owner_xchan != '%s' $item_normal", dbesc(ACTIVITY_POST), - dbesc(ACTIVITY_OBJ_FILE), intval(local_channel()), dbesc($channel['channel_hash']) ); - - $items =array(); - $ids = ''; - + + $items = []; + $ids = []; + if($r) { foreach($r as $rr) { $object = json_decode($rr['obj'],true); - - $item = array(); + $meta = self::get_meta($object); + + $item = []; $item['id'] = $rr['id']; - $item['objfiletype'] = $object['filetype']; - $item['objfiletypeclass'] = getIconFromType($object['filetype']); - $item['objurl'] = rawurldecode(get_rel_link($object['link'],'alternate')) . '?f=&zid=' . $channel['xchan_addr']; - $item['objfilename'] = $object['filename']; - $item['objfilesize'] = userReadableSize($object['filesize']); - $item['objedited'] = $object['edited']; + $item['objfiletype'] = $meta['type']; + $item['objfiletypeclass'] = getIconFromType($meta['type']); + $item['objurl'] = $meta['path'] . '?f=&zid=' . $channel['xchan_addr']; + $item['objfilename'] = $object['name']; + $item['objfilesize'] = userReadableSize($meta['size']); + $item['objedited'] = $meta['edited']; $item['unseen'] = $rr['item_unseen']; $items[] = $item; - if($item['unseen'] > 0) { - $ids .= " '" . $rr['id'] . "',"; + if($item['unseen']) { + $ids[] = $rr['id']; } } } - + + $ids = implode(',', $ids); + if($ids) { - - //remove trailing , - $ids = rtrim($ids, ","); - q("UPDATE item SET item_unseen = 0 WHERE id IN ( $ids ) AND uid = %d", intval(local_channel()) ); - } $o = ''; @@ -114,5 +116,22 @@ class Sharedwithme extends \Zotlabs\Web\Controller { } + function get_meta($object) { + + $ret = []; + + if(! is_array($object['attachment'])) + return; + + foreach($object['attachment'] as $a) { + if($a['name'] === 'zot.attach.meta') { + $ret = $a['value']; + break; + } + } + + return $ret; + + } } diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 89e852120..23bc3c96b 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -119,7 +119,7 @@ class Sse_bs extends Controller { $sql_extra2 = ''; if(self::$xchans) - $sql_extra2 = " AND (author_xchan IN (" . self::$xchans . ") OR owner_xchan IN (" . self::$xchans . ")) "; + $sql_extra2 = " AND CASE WHEN verb = '" . ACTIVITY_SHARE . "' THEN owner_xchan ELSE author_xchan END IN (" . self::$xchans . ") "; $item_normal = item_normal(); @@ -128,6 +128,7 @@ class Sse_bs extends Controller { WHERE uid = %d AND created <= '%s' AND item_unseen = 1 AND item_wall = 0 + AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image') AND author_xchan != '%s' $item_normal $sql_extra @@ -183,7 +184,7 @@ class Sse_bs extends Controller { $sql_extra2 = ''; if(self::$xchans) - $sql_extra2 = " AND (author_xchan IN (" . self::$xchans . ") OR owner_xchan IN (" . self::$xchans . ")) "; + $sql_extra2 = " AND CASE WHEN verb = '" . ACTIVITY_SHARE . "' THEN owner_xchan ELSE author_xchan END IN (" . self::$xchans . ") "; $item_normal = item_normal(); @@ -193,6 +194,7 @@ class Sse_bs extends Controller { WHERE uid = %d AND created <= '%s' AND item_unseen = 1 AND item_wall = 1 + AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image') AND author_xchan != '%s' $item_normal $sql_extra @@ -259,7 +261,7 @@ class Sse_bs extends Controller { $sql_extra2 = ''; if(self::$xchans) - $sql_extra2 = " AND (author_xchan IN (" . self::$xchans . ") OR owner_xchan IN (" . self::$xchans . ")) "; + $sql_extra2 = " AND CASE WHEN verb = '" . ACTIVITY_SHARE . "' THEN owner_xchan ELSE author_xchan END IN (" . self::$xchans . ") "; $item_normal = item_normal(); @@ -268,6 +270,7 @@ class Sse_bs extends Controller { WHERE uid = %d AND created <= '%s' AND item_unseen = 1 + AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image') AND author_xchan != '%s' AND created > '%s' $item_normal @@ -324,6 +327,7 @@ class Sse_bs extends Controller { $r = q("SELECT * FROM notify WHERE uid = %d AND seen = 0 ORDER BY created DESC", intval(self::$uid) ); + if($r) { foreach($r as $rr) { $result['notify']['notifications'][] = Enotify::format_notify($rr); @@ -446,21 +450,24 @@ class Sse_bs extends Controller { if(! self::$uid) return $result; + $item_normal = item_normal(); + $r = q("SELECT * FROM item WHERE verb = '%s' - AND obj_type = '%s' + AND obj_type IN ('Document', 'Video', 'Audio', 'Image') AND uid = %d - AND owner_xchan != '%s' - AND item_unseen = 1", + AND author_xchan != '%s' + AND item_unseen = 1 + $item_normal + ORDER BY created DESC", dbesc(ACTIVITY_POST), - dbesc(ACTIVITY_OBJ_FILE), intval(self::$uid), dbesc(self::$ob_hash) ); if($r) { xchan_query($r); foreach($r as $rr) { - $result['files']['notifications'][] = Enotify::format_files($rr); + $result['files']['notifications'][] = Enotify::format($rr); } $result['files']['count'] = count($r); } diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index 320a331d1..a0c293ddf 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -97,7 +97,6 @@ class Viewconnections extends \Zotlabs\Web\Controller { $perminfo['connperms'] .= t('Nothing'); } - $url = chanlink_hash($rr['xchan_hash']); if($url) { $contacts[] = array( @@ -111,13 +110,12 @@ class Viewconnections extends \Zotlabs\Web\Controller { 'sparkle' => '', 'itemurl' => $rr['url'], 'network' => '', - 'perminfo' => $perminfo, + 'perminfo' => (($is_owner) ? $perminfo : (($perminfo['connpermcount'] === 0) ? $perminfo : [])), 'oneway' => $oneway ); } } - - + if($_REQUEST['aj']) { if($contacts) { $o = replace_macros(get_markup_template('viewcontactsajax.tpl'),array( |