diff options
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Module/Magic.php | 9 | ||||
| -rw-r--r-- | Zotlabs/Module/Sources.php | 17 | ||||
| -rw-r--r-- | Zotlabs/Storage/Directory.php | 5 |
3 files changed, 21 insertions, 10 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 4b3a223ba..25c318f30 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -19,7 +19,11 @@ class Magic extends \Zotlabs\Web\Controller { $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); - + + // Apache(?) appears to perform an htmlentities() operation on this variable + + $dest = html_entity_decode($dest); + $parsed = parse_url($dest); if(! $parsed) { if($test) { @@ -139,6 +143,9 @@ class Magic extends \Zotlabs\Web\Controller { if($owa) { + $dest = strip_zids($dest); + $dest = strip_query_param($dest,'f'); + $headers = []; $headers['Accept'] = 'application/x-zot+json' ; $headers['X-Open-Web-Auth'] = random_string(); diff --git a/Zotlabs/Module/Sources.php b/Zotlabs/Module/Sources.php index a180d9b6e..91e2efa60 100644 --- a/Zotlabs/Module/Sources.php +++ b/Zotlabs/Module/Sources.php @@ -12,12 +12,13 @@ class Sources extends \Zotlabs\Web\Controller { return ''; $source = intval($_REQUEST['source']); - $xchan = $_REQUEST['xchan']; + $xchan = escape_tags($_REQUEST['xchan']); $abook = intval($_REQUEST['abook']); - $words = $_REQUEST['words']; + $words = escape_tags($_REQUEST['words']); + $resend = intval($_REQUEST['resend']); $frequency = $_REQUEST['frequency']; - $name = $_REQUEST['name']; - $tags = $_REQUEST['tags']; + $name = escape_tags($_REQUEST['name']); + $tags = escape_tags($_REQUEST['tags']); $channel = \App::get_channel(); @@ -38,6 +39,8 @@ class Sources extends \Zotlabs\Web\Controller { return; } + set_abconfig(local_channel(),$xchan, 'system','rself',$resend); + if(! $source) { $r = q("insert into source ( src_channel_id, src_channel_xchan, src_xchan, src_patt, src_tag ) values ( %d, '%s', '%s', '%s', '%s' ) ", @@ -69,7 +72,7 @@ class Sources extends \Zotlabs\Web\Controller { } - function get() { + function get() { if(! local_channel()) { notice( t('Permission denied.') . EOL); return ''; @@ -110,7 +113,7 @@ class Sources extends \Zotlabs\Web\Controller { '$words' => array( 'words', t('Only import content with these words (one per line)'),'',t('Leave blank to import all public content')), '$name' => array( 'name', t('Channel Name'), '', ''), '$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),'',t('Optional')), - + '$resend' => [ 'resend', t('Resend posts with this channel as author'), 0, t('Copyrights may apply'), [ t('No'), t('Yes') ]], '$submit' => t('Submit') )); return $o; @@ -145,6 +148,8 @@ class Sources extends \Zotlabs\Web\Controller { '$xchan' => $r[0]['src_xchan'], '$abook' => $x[0]['abook_id'], '$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),$r[0]['src_tag'],t('Optional')), + '$resend' => [ 'resend', t('Resend posts with this channel as author'), get_abconfig(local_channel(), $r[0]['xchan_hash'],'system','rself'), t('Copyrights may apply'), [ t('No'), t('Yes') ]], + '$name' => array( 'name', t('Channel Name'), $r[0]['xchan_name'], ''), '$submit' => t('Submit') )); diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php index 73548fda0..642af6300 100644 --- a/Zotlabs/Storage/Directory.php +++ b/Zotlabs/Storage/Directory.php @@ -722,14 +722,13 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo function ChannelList(&$auth) { $ret = array(); - $r = q("SELECT channel_id, channel_address FROM channel WHERE channel_removed = 0 - AND channel_system = 0 AND (channel_pageflags & %d) = 0", + $r = q("SELECT channel_id, channel_address, profile.publish FROM channel left join profile on profile.uid = channel.channel_id WHERE channel_removed = 0 AND channel_system = 0 AND (channel_pageflags & %d) = 0", intval(PAGE_HIDDEN) ); if ($r) { foreach ($r as $rr) { - if (perm_is_allowed($rr['channel_id'], $auth->observer, 'view_storage')) { + if (perm_is_allowed($rr['channel_id'], $auth->observer, 'view_storage') && $rr['publish']) { logger('found channel: /cloud/' . $rr['channel_address'], LOGGER_DATA); // @todo can't we drop '/cloud'? It gets stripped off anyway in RedDirectory $ret[] = new Directory('/cloud/' . $rr['channel_address'], $auth); |