aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Owa.php10
-rw-r--r--Zotlabs/Module/Photo.php78
-rw-r--r--Zotlabs/Module/Photos.php12
-rw-r--r--Zotlabs/Module/Search.php10
4 files changed, 66 insertions, 44 deletions
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 4a488086f..ad57f883c 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -31,15 +31,17 @@ class Owa extends \Zotlabs\Web\Controller {
if($keyId) {
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where hubloc_addr = '%s' ",
- dbesc(str_replace('acct:','',$keyId))
+ where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ",
+ dbesc(str_replace('acct:','',$keyId)),
+ dbesc($keyId)
);
if(! $r) {
$found = discover_by_webbie(str_replace('acct:','',$keyId));
if($found) {
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where hubloc_addr = '%s' ",
- dbesc(str_replace('acct:','',$keyId))
+ where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ",
+ dbesc(str_replace('acct:','',$keyId)),
+ dbesc($keyId)
);
}
}
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index 8efc00707..30e8340e2 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -4,13 +4,12 @@ namespace Zotlabs\Module;
require_once('include/security.php');
require_once('include/attach.php');
require_once('include/photo/photo_driver.php');
-require_once('include/photos.php');
class Photo extends \Zotlabs\Web\Controller {
function init() {
-
+
$prvcachecontrol = false;
$streaming = null;
$channel = null;
@@ -32,26 +31,26 @@ class Photo extends \Zotlabs\Web\Controller {
}
$observer_xchan = get_observer_hash();
+ $ismodified = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
- $default = z_root() . '/' . get_default_profile_photo();
-
if(isset($type)) {
/**
* Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites.
*
*/
-
+
+ $default = get_default_profile_photo();
+
if($type === 'profile') {
switch($res) {
-
case 'm':
$resolution = 5;
- $default = z_root() . '/' . get_default_profile_photo(80);
+ $default = get_default_profile_photo(80);
break;
case 's':
$resolution = 6;
- $default = z_root() . '/' . get_default_profile_photo(48);
+ $default = get_default_profile_photo(48);
break;
case 'l':
default:
@@ -60,6 +59,8 @@ class Photo extends \Zotlabs\Web\Controller {
}
}
+ $modified = filemtime($default);
+ $default = z_root() . '/' . $default;
$uid = $person;
$d = [ 'imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data' => '', 'mimetype' => '' ];
@@ -78,17 +79,18 @@ class Photo extends \Zotlabs\Web\Controller {
intval(PHOTO_PROFILE)
);
if($r) {
+ $modified = strtotime($r[0]['edited'] . "Z");
$data = dbunescbin($r[0]['content']);
$mimetype = $r[0]['mimetype'];
}
if(intval($r[0]['os_storage']))
$data = file_get_contents($data);
}
+
if(! $data) {
- $data = fetch_image_from_url($default,$mimetype);
- }
- if(! $mimetype) {
- $mimetype = 'image/png';
+ $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]);
+ $data = ($x['success'] ? $x['body'] : EMPTY_STR);
+ $mimetype = 'image/png';
}
}
else {
@@ -124,9 +126,7 @@ class Photo extends \Zotlabs\Web\Controller {
$photo = substr($photo,0,-2);
// If viewing on a high-res screen, attempt to serve a higher resolution image:
if ($resolution == 2 && ($cookie_value > 1))
- {
$resolution = 1;
- }
}
$r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
@@ -163,10 +163,13 @@ class Photo extends \Zotlabs\Web\Controller {
if($exists && $allowed) {
$data = dbunescbin($e[0]['content']);
+ $filesize = $e[0]['filesize'];
$mimetype = $e[0]['mimetype'];
- if(intval($e[0]['os_storage'])) {
+ $modified = strtotime($e[0]['edited'] . 'Z');
+ if(intval($e[0]['os_storage']))
$streaming = $data;
- }
+ if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '')
+ $prvcachecontrol = true;
}
else {
if(! $allowed) {
@@ -177,27 +180,40 @@ class Photo extends \Zotlabs\Web\Controller {
}
}
+ } else {
+ http_status_exit(404,'not found');
}
}
-
+
+ header_remove('Pragma');
+
+ if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") {
+ header_remove('Expires');
+ header_remove('Cache-Control');
+ header_remove('Set-Cookie');
+ http_status_exit(304,'not modified');
+ }
+
if(! isset($data)) {
if(isset($resolution)) {
switch($resolution) {
-
case 4:
- $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(),$mimetype);
+ $default = get_default_profile_photo();
break;
case 5:
- $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(80),$mimetype);
+ $default = get_default_profile_photo(80);
break;
case 6:
- $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(48),$mimetype);
+ $default = get_default_profile_photo(48);
break;
default:
killme();
// NOTREACHED
break;
}
+ $x = z_fetch_url(z_root() . '/' . $default,true,0,[ 'novalidate' => true ]);
+ $data = ($x['success'] ? $x['body'] : EMPTY_STR);
+ $mimetype = 'image/png';
}
}
@@ -210,15 +226,14 @@ class Photo extends \Zotlabs\Web\Controller {
}
}
+ // @FIXME Seems never invoked
// Writing in cachefile
- if (isset($cachefile) && $cachefile != '')
+ if (isset($cachefile) && $cachefile != '') {
file_put_contents($cachefile, $data);
-
- if(function_exists('header_remove')) {
- header_remove('Pragma');
- header_remove('pragma');
+ $modified = filemtime($cachefile);
}
-
+
+
header("Content-type: " . $mimetype);
if($prvcachecontrol) {
@@ -240,15 +255,16 @@ class Photo extends \Zotlabs\Web\Controller {
// This has performance considerations but we highly recommend you
// leave it alone.
- $cache = get_config('system','photo_cache_time');
- if(! $cache)
- $cache = (3600 * 24); // 1 day
-
+ $cache = get_config('system','photo_cache_time', 86400); // 1 day by default
+
header("Expires: " . gmdate("D, d M Y H:i:s", time() + $cache) . " GMT");
header("Cache-Control: max-age=" . $cache);
}
+ header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT");
+ header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data)));
+
// If it's a file resource, stream it.
if($streaming && $channel) {
diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php
index 78bfb1f09..03fd8a53d 100644
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -263,7 +263,8 @@ class Photos extends \Zotlabs\Web\Controller {
$fsize = strlen($data);
}
- $x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0",
+ $x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0",
+ dbesc(datetime_convert()),
dbescbin($data),
intval($fsize),
intval($height),
@@ -278,7 +279,8 @@ class Photos extends \Zotlabs\Web\Controller {
$width = $ph->getWidth();
$height = $ph->getHeight();
- $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1",
+ $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1",
+ dbesc(datetime_convert()),
dbescbin($ph->imageString()),
intval($height),
intval($width),
@@ -293,7 +295,8 @@ class Photos extends \Zotlabs\Web\Controller {
$width = $ph->getWidth();
$height = $ph->getHeight();
- $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2",
+ $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2",
+ dbesc(datetime_convert()),
dbescbin($ph->imageString()),
intval($height),
intval($width),
@@ -308,7 +311,8 @@ class Photos extends \Zotlabs\Web\Controller {
$width = $ph->getWidth();
$height = $ph->getHeight();
- $x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3",
+ $x = q("update photo set edited = '%s', content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3",
+ dbesc(datetime_convert()),
dbescbin($ph->imageString()),
intval($height),
intval($width),
diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php
index e520c671d..838f9d6b9 100644
--- a/Zotlabs/Module/Search.php
+++ b/Zotlabs/Module/Search.php
@@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller {
function init() {
if(x($_REQUEST,'search'))
- \App::$data['search'] = $_REQUEST['search'];
+ \App::$data['search'] = escape_tags($_REQUEST['search']);
}
@@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller {
if(x(\App::$data,'search'))
$search = trim(\App::$data['search']);
else
- $search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : '');
+ $search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : '');
$tag = false;
if(x($_GET,'tag')) {
$tag = true;
- $search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : '');
+ $search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : '');
}
$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
@@ -227,9 +227,9 @@ class Search extends \Zotlabs\Web\Controller {
}
if($tag)
- $o .= '<h2>' . sprintf( t('Items tagged with: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>';
+ $o .= '<h2>' . sprintf( t('Items tagged with: %s'),$search) . '</h2>';
else
- $o .= '<h2>' . sprintf( t('Search results for: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>';
+ $o .= '<h2>' . sprintf( t('Search results for: %s'),$search) . '</h2>';
$o .= conversation($items,'search',$update,'client');