diff options
Diffstat (limited to 'Zotlabs/Module')
| -rw-r--r-- | Zotlabs/Module/Owa.php | 10 | ||||
| -rw-r--r-- | Zotlabs/Module/Photo.php | 78 | ||||
| -rw-r--r-- | Zotlabs/Module/Photos.php | 12 | ||||
| -rw-r--r-- | Zotlabs/Module/Search.php | 10 |
4 files changed, 66 insertions, 44 deletions
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 4a488086f..ad57f883c 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -31,15 +31,17 @@ class Owa extends \Zotlabs\Web\Controller { if($keyId) { $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where hubloc_addr = '%s' ", - dbesc(str_replace('acct:','',$keyId)) + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", + dbesc(str_replace('acct:','',$keyId)), + dbesc($keyId) ); if(! $r) { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if($found) { $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where hubloc_addr = '%s' ", - dbesc(str_replace('acct:','',$keyId)) + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", + dbesc(str_replace('acct:','',$keyId)), + dbesc($keyId) ); } } diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 8efc00707..30e8340e2 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -4,13 +4,12 @@ namespace Zotlabs\Module; require_once('include/security.php'); require_once('include/attach.php'); require_once('include/photo/photo_driver.php'); -require_once('include/photos.php'); class Photo extends \Zotlabs\Web\Controller { function init() { - + $prvcachecontrol = false; $streaming = null; $channel = null; @@ -32,26 +31,26 @@ class Photo extends \Zotlabs\Web\Controller { } $observer_xchan = get_observer_hash(); + $ismodified = $_SERVER['HTTP_IF_MODIFIED_SINCE']; - $default = z_root() . '/' . get_default_profile_photo(); - if(isset($type)) { /** * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites. * */ - + + $default = get_default_profile_photo(); + if($type === 'profile') { switch($res) { - case 'm': $resolution = 5; - $default = z_root() . '/' . get_default_profile_photo(80); + $default = get_default_profile_photo(80); break; case 's': $resolution = 6; - $default = z_root() . '/' . get_default_profile_photo(48); + $default = get_default_profile_photo(48); break; case 'l': default: @@ -60,6 +59,8 @@ class Photo extends \Zotlabs\Web\Controller { } } + $modified = filemtime($default); + $default = z_root() . '/' . $default; $uid = $person; $d = [ 'imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data' => '', 'mimetype' => '' ]; @@ -78,17 +79,18 @@ class Photo extends \Zotlabs\Web\Controller { intval(PHOTO_PROFILE) ); if($r) { + $modified = strtotime($r[0]['edited'] . "Z"); $data = dbunescbin($r[0]['content']); $mimetype = $r[0]['mimetype']; } if(intval($r[0]['os_storage'])) $data = file_get_contents($data); } + if(! $data) { - $data = fetch_image_from_url($default,$mimetype); - } - if(! $mimetype) { - $mimetype = 'image/png'; + $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]); + $data = ($x['success'] ? $x['body'] : EMPTY_STR); + $mimetype = 'image/png'; } } else { @@ -124,9 +126,7 @@ class Photo extends \Zotlabs\Web\Controller { $photo = substr($photo,0,-2); // If viewing on a high-res screen, attempt to serve a higher resolution image: if ($resolution == 2 && ($cookie_value > 1)) - { $resolution = 1; - } } $r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", @@ -163,10 +163,13 @@ class Photo extends \Zotlabs\Web\Controller { if($exists && $allowed) { $data = dbunescbin($e[0]['content']); + $filesize = $e[0]['filesize']; $mimetype = $e[0]['mimetype']; - if(intval($e[0]['os_storage'])) { + $modified = strtotime($e[0]['edited'] . 'Z'); + if(intval($e[0]['os_storage'])) $streaming = $data; - } + if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '') + $prvcachecontrol = true; } else { if(! $allowed) { @@ -177,27 +180,40 @@ class Photo extends \Zotlabs\Web\Controller { } } + } else { + http_status_exit(404,'not found'); } } - + + header_remove('Pragma'); + + if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") { + header_remove('Expires'); + header_remove('Cache-Control'); + header_remove('Set-Cookie'); + http_status_exit(304,'not modified'); + } + if(! isset($data)) { if(isset($resolution)) { switch($resolution) { - case 4: - $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(),$mimetype); + $default = get_default_profile_photo(); break; case 5: - $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(80),$mimetype); + $default = get_default_profile_photo(80); break; case 6: - $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(48),$mimetype); + $default = get_default_profile_photo(48); break; default: killme(); // NOTREACHED break; } + $x = z_fetch_url(z_root() . '/' . $default,true,0,[ 'novalidate' => true ]); + $data = ($x['success'] ? $x['body'] : EMPTY_STR); + $mimetype = 'image/png'; } } @@ -210,15 +226,14 @@ class Photo extends \Zotlabs\Web\Controller { } } + // @FIXME Seems never invoked // Writing in cachefile - if (isset($cachefile) && $cachefile != '') + if (isset($cachefile) && $cachefile != '') { file_put_contents($cachefile, $data); - - if(function_exists('header_remove')) { - header_remove('Pragma'); - header_remove('pragma'); + $modified = filemtime($cachefile); } - + + header("Content-type: " . $mimetype); if($prvcachecontrol) { @@ -240,15 +255,16 @@ class Photo extends \Zotlabs\Web\Controller { // This has performance considerations but we highly recommend you // leave it alone. - $cache = get_config('system','photo_cache_time'); - if(! $cache) - $cache = (3600 * 24); // 1 day - + $cache = get_config('system','photo_cache_time', 86400); // 1 day by default + header("Expires: " . gmdate("D, d M Y H:i:s", time() + $cache) . " GMT"); header("Cache-Control: max-age=" . $cache); } + header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); + header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); + // If it's a file resource, stream it. if($streaming && $channel) { diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 78bfb1f09..03fd8a53d 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -263,7 +263,8 @@ class Photos extends \Zotlabs\Web\Controller { $fsize = strlen($data); } - $x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0", + $x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0", + dbesc(datetime_convert()), dbescbin($data), intval($fsize), intval($height), @@ -278,7 +279,8 @@ class Photos extends \Zotlabs\Web\Controller { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1", + $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1", + dbesc(datetime_convert()), dbescbin($ph->imageString()), intval($height), intval($width), @@ -293,7 +295,8 @@ class Photos extends \Zotlabs\Web\Controller { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2", + $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2", + dbesc(datetime_convert()), dbescbin($ph->imageString()), intval($height), intval($width), @@ -308,7 +311,8 @@ class Photos extends \Zotlabs\Web\Controller { $width = $ph->getWidth(); $height = $ph->getHeight(); - $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3", + $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3", + dbesc(datetime_convert()), dbescbin($ph->imageString()), intval($height), intval($width), diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index e520c671d..838f9d6b9 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller { function init() { if(x($_REQUEST,'search')) - \App::$data['search'] = $_REQUEST['search']; + \App::$data['search'] = escape_tags($_REQUEST['search']); } @@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller { if(x(\App::$data,'search')) $search = trim(\App::$data['search']); else - $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : ''); + $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : ''); $tag = false; if(x($_GET,'tag')) { $tag = true; - $search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : ''); + $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : ''); } $static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0); @@ -227,9 +227,9 @@ class Search extends \Zotlabs\Web\Controller { } if($tag) - $o .= '<h2>' . sprintf( t('Items tagged with: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>'; + $o .= '<h2>' . sprintf( t('Items tagged with: %s'),$search) . '</h2>'; else - $o .= '<h2>' . sprintf( t('Search results for: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>'; + $o .= '<h2>' . sprintf( t('Search results for: %s'),$search) . '</h2>'; $o .= conversation($items,'search',$update,'client'); |