diff options
Diffstat (limited to 'Zotlabs/Module')
| -rw-r--r-- | Zotlabs/Module/Channel.php | 37 | ||||
| -rw-r--r-- | Zotlabs/Module/Display.php | 39 | ||||
| -rw-r--r-- | Zotlabs/Module/Dreport.php | 18 | ||||
| -rw-r--r-- | Zotlabs/Module/Hq.php | 26 | ||||
| -rw-r--r-- | Zotlabs/Module/Item.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Linkinfo.php | 190 | ||||
| -rw-r--r-- | Zotlabs/Module/Oep.php | 7 | ||||
| -rw-r--r-- | Zotlabs/Module/Pin.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Pubstream.php | 20 | ||||
| -rw-r--r-- | Zotlabs/Module/Sse_bs.php | 2 |
10 files changed, 170 insertions, 175 deletions
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 6fac610aa..34e1ea666 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -107,13 +107,11 @@ class Channel extends Controller { // Somebody may attempt an ActivityStreams fetch on one of our message permalinks // Make it do the right thing. - $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : ''); - if ($mid && strpos($mid, 'b64.') === 0) { - $decoded = @base64url_decode(substr($mid, 4)); - if ($decoded) { - $mid = $decoded; - } + $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : ''); + if ($mid === false) { + http_status_exit(404, 'Not found'); } + if ($mid) { $obj = null; if (strpos($mid, z_root() . '/item/') === 0) { @@ -158,15 +156,19 @@ class Channel extends Controller { profile_load($which, $profile); // Add Opengraph markup - $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : ''); - if (strpos($mid, 'b64.') === 0) - $mid = @base64url_decode(substr($mid, 4)); + $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : ''); - if ($mid) + if ($mid === false) { + notice(t('Malformed message id.') . EOL); + return; + } + + if ($mid) { $r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d AND item_private = 0 LIMIT 1", dbesc($mid), intval($channel['channel_id']) ); + } opengraph_add_meta((isset($r) && count($r) ? $r[0] : []), $channel); } @@ -177,12 +179,11 @@ class Channel extends Controller { $category = $datequery = $datequery2 = ''; - $mid = ((x($_REQUEST, 'mid')) ? $_REQUEST['mid'] : ''); - - if (strpos($mid, 'b64.') === 0) - $decoded = @base64url_decode(substr($mid, 4)); - if (isset($decoded)) - $mid = $decoded; + $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : ''); + if ($mid === false) { + notice(t('Malformed message id.') . EOL); + return; + } $datequery = ((x($_GET, 'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); $datequery2 = ((x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); @@ -433,8 +434,8 @@ class Channel extends Controller { if ((!$update) && (!$load)) { - if (isset($decoded)) - $mid = 'b64.' . base64url_encode($mid); + //if we got a decoded hash we must encode it again before handing to javascript + $mid = gen_link_id($mid); // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, // because browser prefetching might change it on us. We have to deliver it with the page. diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index e6caa9906..5ffb1346c 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -1,6 +1,8 @@ <?php namespace Zotlabs\Module; +use App; + require_once("include/bbcode.php"); require_once('include/security.php'); require_once('include/conversation.php'); @@ -34,11 +36,12 @@ class Display extends \Zotlabs\Web\Controller { } } - if($_REQUEST['mid']) - $item_hash = $_REQUEST['mid']; + if($_REQUEST['mid']) { + $item_hash = unpack_link_id($_REQUEST['mid']); + } - if(! $item_hash) { - \App::$error = 404; + if(!$item_hash) { + App::$error = 404; notice( t('Item not found.') . EOL); return; } @@ -47,7 +50,7 @@ class Display extends \Zotlabs\Web\Controller { if(local_channel() && (! $update)) { - $channel = \App::get_channel(); + $channel = App::get_channel(); $channel_acl = array( 'allow_cid' => $channel['channel_allow_cid'], @@ -92,10 +95,10 @@ class Display extends \Zotlabs\Web\Controller { $target_item = null; - if(strpos($item_hash,'b64.') === 0) - $decoded = @base64url_decode(substr($item_hash,4)); - if($decoded) - $item_hash = $decoded; + if ($item_hash === false) { + notice(t('Malformed message id.') . EOL); + return; + } $r = q("select id, uid, mid, parent, parent_mid, thr_parent, verb, item_type, item_deleted, author_xchan, item_blocked from item where mid = '%s' limit 1", dbesc($item_hash) @@ -110,7 +113,7 @@ class Display extends \Zotlabs\Web\Controller { ); if($x) { // not yet ready for prime time -// \App::$poi = $x[0]; +// App::$poi = $x[0]; } //if the item is to be moderated redirect to /moderate @@ -189,17 +192,15 @@ class Display extends \Zotlabs\Web\Controller { // if the target item is not a post (eg a like) we want to address its thread parent //$mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']); - $mid = $target_item['mid']; // if we got a decoded hash we must encode it again before handing to javascript - if($decoded) - $mid = 'b64.' . base64url_encode($mid); + $mid = gen_link_id($target_item['mid']); $o .= '<div id="live-display"></div>' . "\r\n"; $o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1)) - . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n"; + . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; </script>\r\n"; - \App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( + App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( '$baseurl' => z_root(), '$pgtype' => 'display', '$uid' => '0', @@ -215,7 +216,7 @@ class Display extends \Zotlabs\Web\Controller { '$dm' => '0', '$nouveau' => '0', '$wall' => '0', - '$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1), + '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$search' => '', '$xchan' => '', @@ -233,7 +234,7 @@ class Display extends \Zotlabs\Web\Controller { head_add_link([ 'rel' => 'alternate', 'type' => 'application/json+oembed', - 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string), + 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string), 'title' => 'oembed' ]); @@ -355,7 +356,7 @@ class Display extends \Zotlabs\Web\Controller { } $o .= '</noscript>'; - \App::$page['title'] = (($items[0]['title']) ? $items[0]['title'] . " - " . \App::$page['title'] : \App::$page['title']); + App::$page['title'] = (($items[0]['title']) ? $items[0]['title'] . " - " . App::$page['title'] : App::$page['title']); $o .= conversation($items, 'display', $update, 'client'); } @@ -368,7 +369,7 @@ class Display extends \Zotlabs\Web\Controller { '$version' => xmlify(\Zotlabs\Lib\System::get_project_version()), '$generator' => xmlify(\Zotlabs\Lib\System::get_platform_name()), '$generator_uri' => 'https://hubzilla.org', - '$feed_id' => xmlify(\App::$cmd), + '$feed_id' => xmlify(App::$cmd), '$feed_title' => xmlify(t('Article')), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)), '$author' => '', diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index 8906a4f81..42f337b76 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -12,24 +12,12 @@ class Dreport extends \Zotlabs\Web\Controller { } $table = 'item'; - $channel = \App::get_channel(); + $mid = ((argc() > 1) ? unpack_link_id(argv(1)) : ''); - $mid = ((argc() > 1) ? argv(1) : ''); - $encoded_mid = ''; - - if(strpos($mid,'b64.') === 0) { - $encoded_mid = $mid; - $mid = @base64url_decode(substr($mid,4)); - } if($mid === 'push') { $table = 'push'; - $mid = ((argc() > 2) ? argv(2) : ''); - - if(strpos($mid,'b64.') === 0) { - $encoded_mid = $mid; - $mid = @base64url_decode(substr($mid,4)); - } + $mid = ((argc() > 2) ? unpack_link_id(argv(2)) : ''); if($mid) { $i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ", @@ -43,7 +31,7 @@ class Dreport extends \Zotlabs\Web\Controller { } } sleep(3); - goaway(z_root() . '/dreport/' . (($encoded_mid) ? $encoded_mid : $mid)); + goaway(z_root() . '/dreport/' . gen_link_id($mid)); } if(! $mid) { diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 8c126d154..929f2b758 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -23,15 +23,21 @@ class Hq extends \Zotlabs\Web\Controller { function get($update = 0, $load = false) { - if(!local_channel()) + if(!local_channel()) { return; + } if(argc() > 1 && argv(1) !== 'load') { - $item_hash = argv(1); + $item_hash = unpack_link_id(argv(1)); } if(isset($_REQUEST['mid'])) { - $item_hash = $_REQUEST['mid']; + $item_hash = unpack_link_id($_REQUEST['mid']); + } + + if($item_hash === false) { + notice(t('Malformed message id.') . EOL); + return; } $item_normal = item_normal(); @@ -41,22 +47,17 @@ class Hq extends \Zotlabs\Web\Controller { $r = q("SELECT mid FROM item WHERE uid = %d $item_normal AND mid = parent_mid + AND item_private IN (0, 1) ORDER BY created DESC LIMIT 1", intval(local_channel()) ); if($r[0]['mid']) { - $item_hash = 'b64.' . base64url_encode($r[0]['mid']); + $item_hash = $r[0]['mid']; } } if($item_hash) { - if(strpos($item_hash,'b64.') === 0) - $decoded = @base64url_decode(substr($item_hash,4)); - - if($decoded) - $item_hash = $decoded; - $target_item = null; $r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid = '%s' limit 1", @@ -124,10 +125,9 @@ class Hq extends \Zotlabs\Web\Controller { if($target_item) { // if the target item is not a post (eg a like) we want to address its thread parent //$mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']); - $mid = $target_item['mid']; + // if we got a decoded hash we must encode it again before handing to javascript - if($decoded) - $mid = 'b64.' . base64url_encode($mid); + $mid = gen_link_id($target_item['mid']); } else { $mid = ''; diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 0e76755a8..7099a54e5 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -1377,6 +1377,10 @@ class Item extends Controller { return $post; if($return_path) { + if($return_path === 'hq') { + goaway(z_root() . '/hq/' . gen_link_id($datarray['mid'])); + } + goaway(z_root() . "/" . $return_path); } diff --git a/Zotlabs/Module/Linkinfo.php b/Zotlabs/Module/Linkinfo.php index 76c679cc5..a05575cb6 100644 --- a/Zotlabs/Module/Linkinfo.php +++ b/Zotlabs/Module/Linkinfo.php @@ -5,37 +5,37 @@ namespace Zotlabs\Module; class Linkinfo extends \Zotlabs\Web\Controller { function get() { - + logger('linkinfo: ' . print_r($_REQUEST,true)); - + $text = null; $str_tags = ''; - $process_oembed = true; - + $process_oembed = true; + $br = "\n"; - + if(x($_GET,'binurl')) $url = trim(hex2bin($_GET['binurl'])); else $url = trim($_GET['url']); - + if(substr($url,0,1) === '!') { $process_oembed = false; $url = substr($url,1); } $url = strip_zids($url); - + if((substr($url,0,1) != '/') && (substr($url,0,4) != 'http')) $url = 'http://' . $url; - - + + if($_GET['title']) $title = strip_tags(trim($_GET['title'])); - + if($_GET['description']) $text = strip_tags(trim($_GET['description'])); - + if($_GET['tags']) { $arr_tags = str_getcsv($_GET['tags']); if(count($arr_tags)) { @@ -43,23 +43,25 @@ class Linkinfo extends \Zotlabs\Web\Controller { $str_tags = $br . implode(' ',$arr_tags) . $br; } } - + logger('linkinfo: ' . $url); - - // Replace plink URL with 'share' tag if possible - preg_match("/(mid=b64\.|display\/|posts\/)([\w\-]+)(&.+)?$/", $url, $mid); - - if (!empty($mid) && $mid[1] == 'mid=b64.') - $mid[2] = base64_decode($mid[2]); - - $r = q("SELECT id FROM item WHERE mid = '%s' AND uid = %d AND item_private = 0 LIMIT 1", - dbesc((empty($mid) ? $url : $mid[2])), - intval(local_channel()) - ); - if ($r) { - echo "[share=" . $r[0]['id'] . "][/share]"; - killme(); - } + + // Replace plink URL with 'share' tag if possible + preg_match("/(mid=b64\.|display\/|posts\/)([\w\-]+)(&.+)?$/", $url, $mid); + + if (!empty($mid)) { + $mid[2] = unpack_link_id($mid[2]); + } + + $r = q("SELECT id FROM item WHERE mid = '%s' AND uid = %d AND item_private = 0 LIMIT 1", + dbesc((empty($mid) ? $url : $mid[2])), + intval(local_channel()) + ); + + if ($r) { + echo "[share=" . $r[0]['id'] . "][/share]"; + killme(); + } $result = z_fetch_url($url,false,0,array('novalidate' => true, 'nobody' => true)); if($result['success']) { @@ -108,13 +110,13 @@ class Linkinfo extends \Zotlabs\Web\Controller { } } } - + $template = $br . '#^[url=%s]%s[/url]%s' . $br; - + $arr = array('url' => $url, 'text' => ''); - + call_hooks('parse_link', $arr); - + if(strlen($arr['text'])) { echo $arr['text']; killme(); @@ -127,28 +129,28 @@ class Linkinfo extends \Zotlabs\Web\Controller { killme(); } } - + if($url && $title && $text) { - + $text = $br . '[quote]' . trim($text) . '[/quote]' . $br; - + $title = str_replace(array("\r","\n"),array('',''),$title); - + $result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags; - + logger('linkinfo (unparsed): returns: ' . $result); - + echo $result; killme(); } - + $siteinfo = self::parseurl_getsiteinfo($url); - + // If the site uses this platform, use zrl rather than url so they get zids sent to them by default - + if(is_matrix_url($url)) $template = str_replace('url','zrl',$template); - + if($siteinfo["title"] == "") { echo sprintf($template,$url,$url,'') . $str_tags; killme(); @@ -156,19 +158,19 @@ class Linkinfo extends \Zotlabs\Web\Controller { $text = $siteinfo["text"]; $title = $siteinfo["title"]; } - + $image = ""; if(is_array($siteinfo["images"]) && count($siteinfo["images"])){ /* Execute below code only if image is present in siteinfo */ - + $total_images = 0; $max_images = get_config('system','max_bookmark_images'); if($max_images === false) $max_images = 2; else $max_images = intval($max_images); - + foreach ($siteinfo["images"] as $imagedata) { if ($url) { $image .= sprintf('[url=%s]', $url); @@ -183,57 +185,57 @@ class Linkinfo extends \Zotlabs\Web\Controller { break; } } - + if(strlen($text)) { $text = $br.'[quote]'.trim($text).'[/quote]'.$br ; } - + if($image) { $text = $br.$br.$image.$text; } $title = str_replace(array("\r","\n"),array('',''),$title); - + $result = sprintf($template,$url,($title) ? $title : $url,$text) . $str_tags; - + logger('linkinfo: returns: ' . $result, LOGGER_DEBUG); - + echo trim($result); killme(); - + } - - + + public static function deletexnode(&$doc, $node) { $xpath = new \DomXPath($doc); $list = $xpath->query("//".$node); foreach ($list as $child) $child->parentNode->removeChild($child); } - + public static function completeurl($url, $scheme) { $urlarr = parse_url($url); - + if (isset($urlarr["scheme"])) return($url); - + $schemearr = parse_url($scheme); - + $complete = $schemearr["scheme"]."://".$schemearr["host"]; - + if ($schemearr["port"] != "") $complete .= ":".$schemearr["port"]; - + if(strpos($urlarr['path'],'/') !== 0) $complete .= '/'; - + $complete .= $urlarr["path"]; - + if ($urlarr["query"] != "") $complete .= "?".$urlarr["query"]; - + if ($urlarr["fragment"] != "") $complete .= "#".$urlarr["fragment"]; - + return($complete); } @@ -251,7 +253,7 @@ class Linkinfo extends \Zotlabs\Web\Controller { $p = substr($m,strpos($m,'/')+1); // get the channel to check permissions - + $u = channelx_by_nick($nick); if($u && $p) { @@ -272,18 +274,18 @@ class Linkinfo extends \Zotlabs\Web\Controller { return EMPTY_STR; } - + public static function parseurl_getsiteinfo($url) { $siteinfo = array(); - - + + $result = z_fetch_url($url,false,0,array('novalidate' => true)); if(! $result['success']) return $siteinfo; - + $header = $result['header']; $body = $result['body']; - + // Check codepage in HTTP headers or HTML if not exist $cp = (preg_match('/Content-Type: text\/html; charset=(.+)\r\n/i', $header, $o) ? $o[1] : ''); if(empty($cp)) @@ -291,10 +293,10 @@ class Linkinfo extends \Zotlabs\Web\Controller { $body = mb_convert_encoding($body, 'UTF-8', $cp); $body = mb_convert_encoding($body, 'HTML-ENTITIES', "UTF-8"); - + $doc = new \DOMDocument(); @$doc->loadHTML($body); - + self::deletexnode($doc, 'style'); self::deletexnode($doc, 'script'); self::deletexnode($doc, 'option'); @@ -306,14 +308,14 @@ class Linkinfo extends \Zotlabs\Web\Controller { self::deletexnode($doc, 'h6'); self::deletexnode($doc, 'ol'); self::deletexnode($doc, 'ul'); - + $xpath = new \DomXPath($doc); - + //$list = $xpath->query("head/title"); $list = $xpath->query("//title"); foreach ($list as $node) $siteinfo["title"] = html_entity_decode($node->nodeValue, ENT_QUOTES, "UTF-8"); - + //$list = $xpath->query("head/meta[@name]"); $list = $xpath->query("//meta[@name]"); foreach ($list as $node) { @@ -321,9 +323,9 @@ class Linkinfo extends \Zotlabs\Web\Controller { if ($node->attributes->length) foreach ($node->attributes as $attribute) $attr[$attribute->name] = $attribute->value; - + $attr["content"] = html_entity_decode($attr["content"], ENT_QUOTES, "UTF-8"); - + switch (strtolower($attr["name"])) { case "fulltitle": $siteinfo["title"] = trim($attr["content"]); @@ -365,7 +367,7 @@ class Linkinfo extends \Zotlabs\Web\Controller { break; } } - + //$list = $xpath->query("head/meta[@property]"); $list = $xpath->query("//meta[@property]"); foreach ($list as $node) { @@ -373,9 +375,9 @@ class Linkinfo extends \Zotlabs\Web\Controller { if ($node->attributes->length) foreach ($node->attributes as $attribute) $attr[$attribute->name] = $attribute->value; - + $attr["content"] = html_entity_decode($attr["content"], ENT_QUOTES, "UTF-8"); - + switch (strtolower($attr["property"])) { case "og:image": $siteinfo["image"] = $attr["content"]; @@ -388,7 +390,7 @@ class Linkinfo extends \Zotlabs\Web\Controller { break; } } - + if ($siteinfo["image"] == "") { $list = $xpath->query("//img[@src]"); foreach ($list as $node) { @@ -396,10 +398,10 @@ class Linkinfo extends \Zotlabs\Web\Controller { if ($node->attributes->length) foreach ($node->attributes as $attribute) $attr[$attribute->name] = $attribute->value; - + $src = self::completeurl($attr["src"], $url); $photodata = @getimagesize($src); - + if (($photodata) && ($photodata[0] > 150) and ($photodata[1] > 150)) { if ($photodata[0] > 300) { $photodata[1] = round($photodata[1] * (300 / $photodata[0])); @@ -413,36 +415,36 @@ class Linkinfo extends \Zotlabs\Web\Controller { "width"=>$photodata[0], "height"=>$photodata[1]); } - + } } else { $src = self::completeurl($siteinfo["image"], $url); - + unset($siteinfo["image"]); - + $photodata = @getimagesize($src); - + if (($photodata) && ($photodata[0] > 10) and ($photodata[1] > 10)) $siteinfo["images"][] = array("src"=>$src, "width"=>$photodata[0], "height"=>$photodata[1]); } - + if ($siteinfo["text"] == "") { $text = ""; - + $list = $xpath->query("//div[@class='article']"); foreach ($list as $node) if (strlen($node->nodeValue) > 40) $text .= " ".trim($node->nodeValue); - + if ($text == "") { $list = $xpath->query("//div[@class='content']"); foreach ($list as $node) if (strlen($node->nodeValue) > 40) $text .= " ".trim($node->nodeValue); } - + // If none text was found then take the paragraph content if ($text == "") { $list = $xpath->query("//p"); @@ -450,21 +452,21 @@ class Linkinfo extends \Zotlabs\Web\Controller { if (strlen($node->nodeValue) > 40) $text .= " ".trim($node->nodeValue); } - + if ($text != "") { $text = trim(str_replace(array("\n", "\r"), array(" ", " "), $text)); - + while (strpos($text, " ")) $text = trim(str_replace(" ", " ", $text)); - + $text = substr(html_entity_decode($text, ENT_QUOTES, "UTF-8"), 0, 350); $siteinfo["text"] = rtrim(substr($text, 0, strrpos($text, " ")), "?.,:;!-") . '...'; } } - + return($siteinfo); } - + private static function arr_add_hashes(&$item,$k) { $item = '#' . $item; diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index 346bef519..8e048a487 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -77,8 +77,11 @@ class Oep extends \Zotlabs\Web\Controller { $res = $matches[2]; } - if(strpos($res,'b64.') === 0) { - $res = base64url_decode(substr($res,4)); + $res = unpack_link_id($res); + + if ($res === false) { + notice(t('Malformed message id.') . EOL); + return; } $item_normal = item_normal(); diff --git a/Zotlabs/Module/Pin.php b/Zotlabs/Module/Pin.php index e02fb017b..f82327ce6 100644 --- a/Zotlabs/Module/Pin.php +++ b/Zotlabs/Module/Pin.php @@ -37,7 +37,7 @@ class Pin extends \Zotlabs\Web\Controller { http_status_exit(404, 'Not found'); } - $midb64 = 'b64.' . base64url_encode($r[0]['mid']); + $midb64 = gen_link_id($r[0]['mid']); $pinned = (in_array($midb64, get_pconfig($r[0]['uid'], 'pinned', $r[0]['item_type'], [])) ? true : false); switch(argv(1)) { diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index 32023d6cc..e1a95be67 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -42,19 +42,16 @@ class Pubstream extends \Zotlabs\Web\Controller { $site_firehose = false; } - $mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : ''); - $hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : ''); - - - if(strpos($mid,'b64.') === 0) - $decoded = @base64url_decode(substr($mid,4)); - if($decoded) - $mid = $decoded; + $mid = ((x($_REQUEST, 'mid')) ? unpack_link_id($_REQUEST['mid']) : ''); + if ($mid === false) { + notice(t('Malformed message id.') . EOL); + return; + } + $hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : ''); $item_normal = item_normal(); $item_normal_update = item_normal_update(); - - $net = ((array_key_exists('net',$_REQUEST)) ? escape_tags($_REQUEST['net']) : ''); + $net = ((array_key_exists('net',$_REQUEST)) ? escape_tags($_REQUEST['net']) : ''); $title = replace_macros(get_markup_template("section_title.tpl"),array( '$title' => (($hashtags) ? '#' . htmlspecialchars($hashtags, ENT_COMPAT,'UTF-8') : '') @@ -115,8 +112,7 @@ class Pubstream extends \Zotlabs\Web\Controller { . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; //if we got a decoded hash we must encode it again before handing to javascript - if($decoded) - $mid = 'b64.' . base64url_encode($mid); + $mid = gen_link_id($mid); \App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array( '$baseurl' => z_root(), diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 388a9ba4d..b445b235d 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -560,7 +560,7 @@ class Sse_bs extends Controller { $b64mids = []; foreach($mids as $mid) - $b64mids[] = 'b64.' . base64url_encode($mid); + $b64mids[] = gen_link_id($mid); $forums[$x]['notify_link'] = z_root() . '/network/?f=&pf=1&unseen=1&cid=' . $forums[$x]['abook_id']; $forums[$x]['name'] = $forums[$x]['xchan_name']; |