diff options
Diffstat (limited to 'Zotlabs')
69 files changed, 1434 insertions, 867 deletions
diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index 2bcce4eb4..998b6d8d2 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -317,4 +317,4 @@ class PermissionRoles { return $roles; } -}
\ No newline at end of file +} diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php index 78e116d68..741078422 100644 --- a/Zotlabs/Daemon/Notifier.php +++ b/Zotlabs/Daemon/Notifier.php @@ -331,6 +331,12 @@ class Notifier { return; } + // follow/unfollow is for internal use only + if (in_array($target_item['verb'], [ACTIVITY_FOLLOW, ACTIVITY_UNFOLLOW])) { + logger('not fowarding follow/unfollow note activity'); + return; + } + if (strpos($target_item['postopts'], 'nodeliver') !== false) { logger('notifier: target item is undeliverable', LOGGER_DEBUG); return; @@ -347,7 +353,6 @@ class Notifier { return; } - if ($target_item['mid'] === $target_item['parent_mid']) { $parent_item = $target_item; $top_level_post = true; @@ -381,7 +386,7 @@ class Notifier { $encoded_item = encode_item($target_item); // Re-use existing signature unless the activity type changed to a Tombstone, which won't verify. - $m = ((intval($target_item['item_deleted'])) ? '' : get_iconfig($target_item, 'activitystreams', 'signed_data')); + $m = ((intval($target_item['item_deleted'])) ? '' : get_iconfig($target_item, 'activitypub', 'signed_data')); if ($m) { $activity = json_decode($m, true); diff --git a/Zotlabs/Daemon/Onepoll.php b/Zotlabs/Daemon/Onepoll.php index 568745608..d747e65f3 100644 --- a/Zotlabs/Daemon/Onepoll.php +++ b/Zotlabs/Daemon/Onepoll.php @@ -23,9 +23,15 @@ class Onepoll { return; } + $sql_extra = ''; + $allow_feeds = get_config('system', 'feed_contacts'); + if(!$allow_feeds) { + $sql_extra = ' and abook_feed = 0 '; + } + $contacts = q("SELECT abook.*, xchan.*, account.* - FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan - where abook_id = %d + FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan + where abook_id = %d $sql_extra and abook_pending = 0 and abook_archived = 0 and abook_blocked = 0 and abook_ignored = 0 AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1", intval($contact_id), @@ -52,7 +58,6 @@ class Onepoll { logger("onepoll: poll: ({$contact['id']}) IMPORTER: {$importer['xchan_name']}, CONTACT: {$contact['xchan_name']}"); - // TODO: unused $last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] <= NULL_DATE)) ? datetime_convert('UTC', 'UTC', 'now - 7 days') : datetime_convert('UTC', 'UTC', $contact['abook_updated'] . ' - 2 days') @@ -120,7 +125,7 @@ class Onepoll { if (!$can_send_stream) $fetch_feed = false; - if ($fetch_feed) { + if ($fetch_feed && $contact['xchan_network'] !== 'zot') { $max = intval(get_config('system', 'max_imported_posts', 30)); @@ -136,6 +141,7 @@ class Onepoll { if ($url) { logger('fetching outbox'); + $url = $url . '?date_begin=' . urlencode($last_update); $obj = new ASCollection($url, $importer, 0, $max); $messages = $obj->get(); if ($messages) { @@ -154,50 +160,6 @@ class Onepoll { } } - /* if ($fetch_feed) { - - if (strpos($contact['xchan_connurl'], z_root()) === 0) { - // local channel - save a network fetch - $c = channelx_by_hash($contact['xchan_hash']); - if ($c) { - $x = [ - 'success' => true, - 'body' => json_encode([ - 'success' => true, - 'messages' => zot_feed($c['channel_id'], $importer['xchan_hash'], ['mindate' => $last_update]) - ]) - ]; - } - } - else { - // remote fetch - - $feedurl = str_replace('/poco/', '/zotfeed/', $contact['xchan_connurl']); - $feedurl .= '?f=&mindate=' . urlencode($last_update) . '&zid=' . $importer['channel_address'] . '@' . App::get_hostname(); - $recurse = 0; - $x = z_fetch_url($feedurl, false, $recurse, ['session' => true]); - } - - logger('feed_update: ' . print_r($x, true), LOGGER_DATA); - } - - if (($x) && ($x['success'])) { - $total = 0; - logger('onepoll: feed update ' . $contact['xchan_name'] . ' ' . $feedurl); - - $j = json_decode($x['body'], true); - if ($j['success'] && $j['messages']) { - foreach ($j['messages'] as $message) { - $results = process_delivery(['hash' => $contact['xchan_hash']], get_item_elements($message), - [['hash' => $importer['xchan_hash']]], false); - logger('onepoll: feed_update: process_delivery: ' . print_r($results, true), LOGGER_DATA); - $total++; - } - logger("onepoll: $total messages processed"); - } - } - */ - // update the poco details for this connection $r = q("SELECT xlink_id from xlink where xlink_xchan = '%s' and xlink_updated > %s - INTERVAL %s and xlink_static = 0 limit 1", intval($contact['xchan_hash']), diff --git a/Zotlabs/Daemon/Queue.php b/Zotlabs/Daemon/Queue.php index 36bdcfe81..e1f4b73de 100644 --- a/Zotlabs/Daemon/Queue.php +++ b/Zotlabs/Daemon/Queue.php @@ -28,7 +28,7 @@ class Queue { if ($r) { foreach ($r as $rr) { $h = parse_url($rr['outq_posturl']); - $desturl = $h['scheme'] . '://' . $h['host'] . (($h['port']) ? ':' . $h['port'] : ''); + $desturl = $h['scheme'] . '://' . $h['host'] . (isset($h['port']) ? ':' . $h['port'] : ''); q("update site set site_dead = 1 where site_dead = 0 and site_url = '%s' and site_update < %s - INTERVAL %s", dbesc($desturl), db_utcnow(), db_quoteinterval('1 MONTH') diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index cedc9adc8..882bf4a1c 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -102,6 +102,20 @@ class Activity { } if ($x['success']) { + $m = parse_url($url); + if ($m) { + $y = [ 'scheme' => $m['scheme'], 'host' => $m['host'] ]; + if (array_key_exists('port', $m)) + $y['port'] = $m['port']; + $site_url = unparse_url($y); + q("UPDATE site SET site_update = '%s', site_dead = 0 WHERE site_url = '%s' AND site_update < %s - INTERVAL %s", + dbesc(datetime_convert()), + dbesc($site_url), + db_utcnow(), + db_quoteinterval('1 DAY') + ); + } + $y = json_decode($x['body'], true); logger('returned: ' . json_encode($y, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES), LOGGER_DEBUG); return json_decode($x['body'], true); @@ -275,17 +289,27 @@ class Activity { $numpages = $total / App::$pager['itemspage']; $lastpage = (($numpages > intval($numpages)) ? intval($numpages) + 1 : $numpages); + $url_parts = parse_url($id); + + $ret['partOf'] = z_root() . '/' . $url_parts['path']; - $stripped = preg_replace('/([&|\?]page=[0-9]*)/', '', $id); - $stripped = rtrim($stripped, '/'); + $extra_query_args = ''; + $query_args = null; + if(isset($url_parts['query'])) { + parse_str($url_parts['query'], $query_args); + } - $ret['partOf'] = z_root() . '/' . $stripped; + if(is_array($query_args)) { + unset($query_args['page']); + foreach($query_args as $k => $v) + $extra_query_args .= '&' . urlencode($k) . '=' . urlencode($v); + } if (App::$pager['page'] < $lastpage) { - $ret['next'] = z_root() . '/' . $stripped . '?page=' . (intval(App::$pager['page']) + 1); + $ret['next'] = z_root() . '/' . $url_parts['path'] . '?page=' . (intval(App::$pager['page']) + 1) . $extra_query_args; } if (App::$pager['page'] > 1) { - $ret['prev'] = z_root() . '/' . $stripped . '?page=' . (intval(App::$pager['page']) - 1); + $ret['prev'] = z_root() . '/' . $url_parts['path'] . '?page=' . (intval(App::$pager['page']) - 1) . $extra_query_args; } } else { @@ -355,6 +379,8 @@ class Activity { $ret = []; + + if ($i['verb'] === ACTIVITY_FRIEND) { // Hubzilla 'make-friend' activity, no direct mapping from AS1 to AS2 - make it a note $objtype = 'Note'; @@ -413,7 +439,7 @@ class Activity { $ret['published'] = datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME); if ($i['created'] !== $i['edited']) $ret['updated'] = datetime_convert('UTC', 'UTC', $i['edited'], ATOM_TIME); - if ($i['expires'] <= NULL_DATE) { + if ($i['expires'] > NULL_DATE) { $ret['expires'] = datetime_convert('UTC', 'UTC', $i['expires'], ATOM_TIME); } @@ -440,7 +466,7 @@ class Activity { $ret['directMessage'] = true; } - if (array_key_exists('comments_closed', $i) && $i['comments_closed'] !== EMPTY_STR && $i['comments_closed'] !== NULL_DATE) { + if (array_key_exists('comments_closed', $i) && $i['comments_closed'] !== EMPTY_STR && $i['comments_closed'] > NULL_DATE) { if ($ret['commentPolicy']) { $ret['commentPolicy'] .= ' '; } @@ -549,7 +575,7 @@ class Activity { $ret = []; - if ($item['tag'] && is_array($item['tag'])) { + if (array_key_exists('tag', $item) && is_array($item['tag'])) { $ptr = $item['tag']; if (!array_key_exists(0, $ptr)) { $ptr = [$ptr]; @@ -558,23 +584,25 @@ class Activity { if (!array_key_exists('type', $t)) $t['type'] = 'Hashtag'; - switch ($t['type']) { - case 'Hashtag': - $ret[] = ['ttype' => TERM_HASHTAG, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'], 0, 1) === '#') ? substr($t['name'], 1) : $t['name'])]; - break; + if (array_key_exists('href', $t) && array_key_exists('name', $t)) { + switch ($t['type']) { + case 'Hashtag': + $ret[] = ['ttype' => TERM_HASHTAG, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'], 0, 1) === '#') ? substr($t['name'], 1) : $t['name'])]; + break; - case 'Mention': - $mention_type = substr($t['name'], 0, 1); - if ($mention_type === '!') { - $ret[] = ['ttype' => TERM_FORUM, 'url' => $t['href'], 'term' => escape_tags(substr($t['name'], 1))]; - } - else { - $ret[] = ['ttype' => TERM_MENTION, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'], 0, 1) === '@') ? substr($t['name'], 1) : $t['name'])]; - } - break; + case 'Mention': + $mention_type = substr($t['name'], 0, 1); + if ($mention_type === '!') { + $ret[] = ['ttype' => TERM_FORUM, 'url' => $t['href'], 'term' => escape_tags(substr($t['name'], 1))]; + } + else { + $ret[] = ['ttype' => TERM_MENTION, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'], 0, 1) === '@') ? substr($t['name'], 1) : $t['name'])]; + } + break; - default: - break; + default: + break; + } } } } @@ -586,7 +614,7 @@ class Activity { $ret = []; - if ($item['term']) { + if (array_key_exists('term', $item) && is_array($item['term'])) { foreach ($item['term'] as $t) { switch ($t['ttype']) { case TERM_HASHTAG: @@ -617,7 +645,7 @@ class Activity { $ret = []; - if ($item['attach']) { + if (array_key_exists('attach', $item)) { $atts = ((is_array($item['attach'])) ? $item['attach'] : json_decode($item['attach'], true)); if ($atts) { foreach ($atts as $att) { @@ -630,7 +658,7 @@ class Activity { } } } - if ($item['iconfig']) { + if (array_key_exists('iconfig', $item) && is_array($item['iconfig'])) { foreach ($item['iconfig'] as $att) { if ($att['sharing']) { $value = ((is_string($att['v']) && preg_match('|^a:[0-9]+:{.*}$|s', $att['v'])) ? unserialize($att['v']) : $att['v']); @@ -674,16 +702,16 @@ class Activity { $ret = []; - if ($item['attachment']) { + if (array_key_exists('attachment', $item) && is_array($item['attachment'])) { foreach ($item['attachment'] as $att) { $entry = []; - if ($att['href']) + if (array_key_exists('href', $att)) $entry['href'] = $att['href']; - elseif ($att['url']) + elseif (array_key_exists('url', $att)) $entry['href'] = $att['url']; - if ($att['mediaType']) + if (array_key_exists('mediaType', $att)) $entry['type'] = $att['mediaType']; - elseif ($att['type'] === 'Image') + elseif (array_key_exists('type', $att) && $att['type'] === 'Image') $entry['type'] = 'image/jpeg'; if ($entry) $ret[] = $entry; @@ -698,7 +726,6 @@ class Activity { $ret = []; $reply = false; - if ($i['verb'] === ACTIVITY_FRIEND) { // Hubzilla 'make-friend' activity, no direct mapping from AS1 to AS2 - make it a note $ret['obj'] = []; @@ -956,19 +983,17 @@ class Activity { // Returns an array of URLS for any mention tags found in the item array $i. static function map_mentions($i) { - if (!$i['term']) { - return []; - } - $list = []; - foreach ($i['term'] as $t) { - if (!$t['url']) { - continue; - } - if ($t['ttype'] == TERM_MENTION) { - $url = self::lookup_term_url($t['url']); - $list[] = (($url) ? $url : $t['url']); + if (array_key_exists('term', $i) && is_array($i['term'])) { + foreach ($i['term'] as $t) { + if (!$t['url']) { + continue; + } + if ($t['ttype'] == TERM_MENTION) { + $url = self::lookup_term_url($t['url']); + $list[] = (($url) ? $url : $t['url']); + } } } @@ -1099,6 +1124,34 @@ class Activity { return $ret; } + static function encode_item_object($item, $elm = 'obj') { + $ret = []; + + if ($item[$elm]) { + if (! is_array($item[$elm])) { + $item[$elm] = json_decode($item[$elm],true); + } + if ($item[$elm]['type'] === ACTIVITY_OBJ_PHOTO) { + $item[$elm]['id'] = $item['mid']; + } + + $obj = self::encode_object($item[$elm]); + if ($obj) + return $obj; + else + return []; + } + else { + $obj = self::encode_item($item); + if ($obj) + return $obj; + else + return []; + } + + } + + static function activity_mapper($verb) { if (strpos($verb, '/') === false) { @@ -1115,6 +1168,7 @@ class Activity { 'http://activitystrea.ms/schema/1.0/tag' => 'Add', 'http://activitystrea.ms/schema/1.0/follow' => 'Follow', 'http://activitystrea.ms/schema/1.0/unfollow' => 'Unfollow', + 'http://activitystrea.ms/schema/1.0/stop-following' => 'Unfollow', 'http://purl.org/zot/activity/attendyes' => 'Accept', 'http://purl.org/zot/activity/attendno' => 'Reject', 'http://purl.org/zot/activity/attendmaybe' => 'TentativeAccept', @@ -1162,6 +1216,7 @@ class Activity { 'http://activitystrea.ms/schema/1.0/tag' => 'Add', 'http://activitystrea.ms/schema/1.0/follow' => 'Follow', 'http://activitystrea.ms/schema/1.0/unfollow' => 'Unfollow', + 'http://activitystrea.ms/schema/1.0/stop-following' => 'Unfollow', 'http://purl.org/zot/activity/attendyes' => 'Accept', 'http://purl.org/zot/activity/attendno' => 'Reject', 'http://purl.org/zot/activity/attendmaybe' => 'TentativeAccept', @@ -1340,7 +1395,7 @@ class Activity { $abook_instance .= ','; $abook_instance .= z_root(); - q("update abook set abook_instance = '%s', abook_not_here = 0 + q("update abook set abook_instance = '%s', abook_not_here = 0 where abook_id = %d and abook_channel = %d", dbesc($abook_instance), intval($contact['abook_id']), @@ -1552,13 +1607,13 @@ class Activity { if ($inbox) { $collections['inbox'] = $inbox; - if ($person_obj['outbox']) + if (array_key_exists('outbox', $person_obj)) $collections['outbox'] = $person_obj['outbox']; - if ($person_obj['followers']) + if (array_key_exists('followers', $person_obj)) $collections['followers'] = $person_obj['followers']; - if ($person_obj['following']) + if (array_key_exists('following', $person_obj)) $collections['following'] = $person_obj['following']; - if ($person_obj['endpoints'] && $person_obj['endpoints']['sharedInbox']) + if (array_key_exists('endpoints', $person_obj) && array_key_exists('sharedInbox', $person_obj['endpoints'])) $collections['sharedInbox'] = $person_obj['endpoints']['sharedInbox']; } @@ -1566,7 +1621,7 @@ class Activity { if ($person_obj['id'] === $person_obj['publicKey']['owner']) { $pubkey = $person_obj['publicKey']['publicKeyPem']; if (strstr($pubkey, 'RSA ')) { - $pubkey = rsatopem($pubkey); + $pubkey = Keyutils::rsaToPem($pubkey); } } } @@ -1620,7 +1675,7 @@ class Activity { $m = parse_url($url); if ($m) { $hostname = $m['host']; - $baseurl = $m['scheme'] . '://' . $m['host'] . (($m['port']) ? ':' . $m['port'] : ''); + $site_url = $m['scheme'] . '://' . $m['host'] . (($m['port']) ? ':' . $m['port'] : ''); } if (!$r) { @@ -1630,7 +1685,7 @@ class Activity { 'hubloc_hash' => $url, 'hubloc_addr' => '', 'hubloc_network' => 'activitypub', - 'hubloc_url' => $baseurl, + 'hubloc_url' => $site_url, 'hubloc_host' => $hostname, 'hubloc_callback' => $inbox, 'hubloc_updated' => datetime_convert(), @@ -1640,6 +1695,13 @@ class Activity { ); } + q("UPDATE site SET site_update = '%s', site_dead = 0 WHERE site_url = '%s' AND site_update < %s - INTERVAL %s", + dbesc(datetime_convert()), + dbesc($site_url), + db_utcnow(), + db_quoteinterval('1 DAY') + ); + if (!$icon) $icon = z_root() . '/' . get_default_profile_photo(300); @@ -2037,6 +2099,15 @@ class Activity { static function decode_note($act) { + // Within our family of projects, Follow/Unfollow of a thread is an internal activity which should not be transmitted, + // hence if we receive it - ignore or reject it. + // Unfollow is not defined by ActivityStreams, which prefers Undo->Follow. + // This may have to be revisited if AP projects start using Follow for objects other than actors. + + if (in_array($act->type, [ 'Follow', 'Unfollow' ])) { + return false; + } + $response_activity = false; $s = []; @@ -2055,22 +2126,22 @@ class Activity { $s['uuid'] = $act->obj['diaspora:guid']; $s['parent_mid'] = $act->parent_id; - if ($act->data['published']) { + if (array_key_exists('published', $act->data)) { $s['created'] = datetime_convert('UTC', 'UTC', $act->data['published']); } - elseif ($act->obj['published']) { + elseif (array_key_exists('published', $act->obj)) { $s['created'] = datetime_convert('UTC', 'UTC', $act->obj['published']); } - if ($act->data['updated']) { + if (array_key_exists('updated', $act->data)) { $s['edited'] = datetime_convert('UTC', 'UTC', $act->data['updated']); } - elseif ($act->obj['updated']) { + elseif (array_key_exists('updated', $act->obj)) { $s['edited'] = datetime_convert('UTC', 'UTC', $act->obj['updated']); } - if ($act->data['expires']) { + if (array_key_exists('expires', $act->data)) { $s['expires'] = datetime_convert('UTC', 'UTC', $act->data['expires']); } - elseif ($act->obj['expires']) { + elseif (array_key_exists('expires', $act->obj)) { $s['expires'] = datetime_convert('UTC', 'UTC', $act->obj['expires']); } @@ -2094,6 +2165,7 @@ class Activity { $obj_actor = ((isset($act->obj['actor'])) ? $act->obj['actor'] : $act->get_actor('attributedTo', $act->obj)); // ensure we store the original actor + self::actor_store($obj_actor['id'], $obj_actor); $mention = self::get_actor_bbmention($obj_actor['id']); @@ -2129,10 +2201,10 @@ class Activity { } } - if (!$s['created']) + if (! array_key_exists('created', $s)) $s['created'] = datetime_convert(); - if (!$s['edited']) + if (! array_key_exists('edited', $s)) $s['edited'] = $s['created']; $s['title'] = (($response_activity) ? EMPTY_STR : self::bb_content($content, 'name')); @@ -2233,17 +2305,20 @@ class Activity { $s['iconfig'] = $a; } - if ($act->obj['type'] === 'Note' && $s['attach']) { - $s['body'] .= self::bb_attach($s['attach'], $s['body']); - } + if (array_key_exists('type', $act->obj)) { - if ($act->obj['type'] === 'Question' && in_array($act->type, ['Create', 'Update'])) { - if ($act->obj['endTime']) { - $s['comments_closed'] = datetime_convert('UTC', 'UTC', $act->obj['endTime']); + if ($act->obj['type'] === 'Note' && $s['attach']) { + $s['body'] .= self::bb_attach($s['attach'], $s['body']); + } + + if ($act->obj['type'] === 'Question' && in_array($act->type, ['Create', 'Update'])) { + if (array_key_exists('endTime', $act->obj)) { + $s['comments_closed'] = datetime_convert('UTC', 'UTC', $act->obj['endTime']); + } } } - if ($act->obj['closed']) { + if (array_key_exists('closed', $act->obj)) { $s['comments_closed'] = datetime_convert('UTC', 'UTC', $act->obj['closed']); } @@ -2659,7 +2734,7 @@ class Activity { } } - if ($act->obj['conversation']) { + if (array_key_exists('conversation', $act->obj)) { set_iconfig($item, 'ostatus', 'conversation', $act->obj['conversation'], 1); } @@ -2817,9 +2892,6 @@ class Activity { logger('not a valid activity'); break; } - if (is_array($a->actor) && array_key_exists('id', $a->actor)) { - Activity::actor_store($a->actor['id'], $a->actor); - } $item = Activity::decode_note($a); @@ -3277,17 +3349,17 @@ class Activity { $ret = false; foreach ($attach as $a) { - if (strpos($a['type'], 'image') !== false) { + if (array_key_exists('type',$a) && stripos($a['type'], 'image') !== false) { if (self::media_not_in_body($a['href'], $body)) { $ret .= "\n\n" . '[img]' . $a['href'] . '[/img]'; } } - if (array_key_exists('type', $a) && strpos($a['type'], 'video') === 0) { + if (array_key_exists('type', $a) && stripos($a['type'], 'video') !== false) { if (self::media_not_in_body($a['href'], $body)) { $ret .= "\n\n" . '[video]' . $a['href'] . '[/video]'; } } - if (array_key_exists('type', $a) && strpos($a['type'], 'audio') === 0) { + if (array_key_exists('type', $a) && stripos($a['type'], 'audio') !== false) { if (self::media_not_in_body($a['href'], $body)) { $ret .= "\n\n" . '[audio]' . $a['href'] . '[/audio]'; } @@ -3315,22 +3387,25 @@ class Activity { require_once('include/event.php'); $ret = false; - if (is_array($content[$field])) { - foreach ($content[$field] as $k => $v) { - $ret .= html2bbcode($v); - // save this for auto-translate or dynamic filtering - // $ret .= '[language=' . $k . ']' . html2bbcode($v) . '[/language]'; - } - } - else { - if ($field === 'bbcode' && array_key_exists('bbcode', $content)) { - $ret = $content[$field]; + if (array_key_exists($field, $content)) { + if (is_array($content[$field])) { + foreach ($content[$field] as $k => $v) { + $ret .= html2bbcode($v); + // save this for auto-translate or dynamic filtering + // $ret .= '[language=' . $k . ']' . html2bbcode($v) . '[/language]'; + } } else { - $ret = html2bbcode($content[$field]); + if ($field === 'bbcode' && array_key_exists('bbcode', $content)) { + $ret = $content[$field]; + } + else { + $ret = html2bbcode($content[$field]); + } } } - if ($field === 'content' && $content['event'] && (!strpos($ret, '[event'))) { + + if ($field === 'content' && array_key_exists('event', $content) && (!strpos($ret, '[event'))) { $ret .= format_event_bbcode($content['event']); } diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php index d77a3fda2..5ef4ecc8d 100644 --- a/Zotlabs/Lib/Apps.php +++ b/Zotlabs/Lib/Apps.php @@ -551,7 +551,7 @@ class Apps { '$app' => $papp, '$icon' => $icon, '$hosturl' => $hosturl, - '$purchase' => (($papp['page'] && (! $installed)) ? t('Purchase') : ''), + '$purchase' => ((isset($papp['page']) && (! $installed)) ? t('Purchase') : ''), '$installed' => $installed, '$action_label' => (($hosturl && in_array($mode, ['view','install'])) ? $install_action : ''), '$edit' => ((local_channel() && $installed && $mode == 'edit') ? t('Edit') : ''), @@ -559,8 +559,8 @@ class Apps { '$undelete' => ((local_channel() && $mode == 'edit') ? t('Undelete') : ''), '$settings_url' => ((local_channel() && $installed && $mode == 'list') ? $papp['settings_url'] : ''), '$deleted' => $papp['deleted'], - '$feature' => (($papp['embed'] || $mode == 'edit') ? false : true), - '$pin' => (($papp['embed'] || $mode == 'edit') ? false : true), + '$feature' => ((isset($papp['embed']) || $mode == 'edit') ? false : true), + '$pin' => ((isset($papp['embed']) || $mode == 'edit') ? false : true), '$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true), '$pinned' => ((strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true), '$navapps' => (($mode == 'nav') ? true : false), @@ -1276,58 +1276,58 @@ class Apps { $ret['type'] = 'personal'; - if($app['app_id']) + if(!empty($app['app_id'])) $ret['guid'] = $app['app_id']; - if($app['app_sig']) + if(!empty($app['app_sig'])) $ret['sig'] = $app['app_sig']; - if($app['app_author']) + if(!empty($app['app_author'])) $ret['author'] = $app['app_author']; - if($app['app_name']) + if(!empty($app['app_name'])) $ret['name'] = $app['app_name']; - if($app['app_desc']) + if(!empty($app['app_desc'])) $ret['desc'] = $app['app_desc']; - if($app['app_url']) + if(!empty($app['app_url'])) $ret['url'] = $app['app_url']; - if($app['app_photo']) + if(!empty($app['app_photo'])) $ret['photo'] = $app['app_photo']; - if($app['app_icon']) + if(!empty($app['app_icon'])) $ret['icon'] = $app['app_icon']; - if($app['app_version']) + if(!empty($app['app_version'])) $ret['version'] = $app['app_version']; - if($app['app_addr']) + if(!empty($app['app_addr'])) $ret['addr'] = $app['app_addr']; - if($app['app_price']) + if(!empty($app['app_price'])) $ret['price'] = $app['app_price']; - if($app['app_page']) + if(!empty($app['app_page'])) $ret['page'] = $app['app_page']; - if($app['app_requires']) + if(!empty($app['app_requires'])) $ret['requires'] = $app['app_requires']; - if($app['app_system']) + if(!empty($app['app_system'])) $ret['system'] = $app['app_system']; - if($app['app_options']) + if(!empty($app['app_options'])) $ret['options'] = $app['app_options']; - if($app['app_plugin']) + if(!empty($app['app_plugin'])) $ret['plugin'] = trim($app['app_plugin']); - if($app['app_deleted']) + if(!empty($app['app_deleted'])) $ret['deleted'] = $app['app_deleted']; - if($app['term']) { + if(!empty($app['term']) && is_array($app['term'])) { $s = ''; foreach($app['term'] as $t) { if($s) diff --git a/Zotlabs/Lib/Connect.php b/Zotlabs/Lib/Connect.php index 481b02ce2..21bec171b 100644 --- a/Zotlabs/Lib/Connect.php +++ b/Zotlabs/Lib/Connect.php @@ -207,13 +207,13 @@ class Connect { } $my_perms = $p['perms']; - + $profile_assign = get_pconfig($uid,'system','profile_assign',''); // See if we are already connected by virtue of having an abook record - $r = q("select abook_id, abook_xchan, abook_pending, abook_instance from abook + $r = q("select abook_id, abook_xchan, abook_pending, abook_instance from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), intval($uid) @@ -282,7 +282,7 @@ class Connect { // fetch the entire record - $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash + $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), intval($uid) diff --git a/Zotlabs/Lib/Crypto.php b/Zotlabs/Lib/Crypto.php new file mode 100644 index 000000000..f1794ae64 --- /dev/null +++ b/Zotlabs/Lib/Crypto.php @@ -0,0 +1,206 @@ +<?php + +namespace Zotlabs\Lib; + +use Exception; + +class Crypto { + + public static $openssl_algorithms = [ + + // zot6 nickname, opensslname, keylength, ivlength + + ['aes256ctr', 'aes-256-ctr', 32, 16], + ['camellia256cfb', 'camellia-256-cfb', 32, 16], + ['cast5cfb', 'cast5-cfb', 16, 8], + ['aes256cbc', 'aes-256-cbc', 32, 16] // remove after legacy zot has been sunset + + ]; + + public static function methods() { + $ret = []; + + foreach (self::$openssl_algorithms as $ossl) { + $ret[] = $ossl[0] . '.oaep'; + } + + call_hooks('crypto_methods', $ret); + return $ret; + } + + public static function signing_methods() { + + $ret = ['sha256']; + call_hooks('signing_methods', $ret); + return $ret; + + } + + public static function new_keypair($bits) { + + $openssl_options = [ + 'digest_alg' => 'sha1', + 'private_key_bits' => $bits, + 'encrypt_key' => false + ]; + + $conf = get_config('system', 'openssl_conf_file'); + + if ($conf) { + $openssl_options['config'] = $conf; + } + + $result = openssl_pkey_new($openssl_options); + + if (empty($result)) { + return false; + } + + // Get private key + + $response = ['prvkey' => '', 'pubkey' => '']; + + openssl_pkey_export($result, $response['prvkey']); + + // Get public key + $pkey = openssl_pkey_get_details($result); + $response['pubkey'] = $pkey["key"]; + + return $response; + + } + + public static function sign($data, $key, $alg = 'sha256') { + + if (!$key) { + return false; + } + + $sig = ''; + openssl_sign($data, $sig, $key, $alg); + return $sig; + } + + public static function verify($data, $sig, $key, $alg = 'sha256') { + + if (!$key) { + return false; + } + + try { + $verify = openssl_verify($data, $sig, $key, $alg); + } catch (Exception $e) { + $verify = (-1); + } + + if ($verify === (-1)) { + while ($msg = openssl_error_string()) { + logger('openssl_verify: ' . $msg, LOGGER_NORMAL, LOG_ERR); + } + btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); + } + + return (($verify > 0) ? true : false); + } + + public static function encapsulate($data, $pubkey, $alg) { + + if (!($alg && $pubkey)) { + return $data; + } + + $alg_base = $alg; + $padding = OPENSSL_PKCS1_PADDING; + + $exts = explode('.', $alg); + if (count($exts) > 1) { + switch ($exts[1]) { + case 'oaep': + $padding = OPENSSL_PKCS1_OAEP_PADDING; + break; + default: + break; + } + $alg_base = $exts[0]; + } + + $method = null; + + foreach (self::$openssl_algorithms as $ossl) { + if ($ossl[0] === $alg_base) { + $method = $ossl; + break; + } + } + + if ($method) { + $result = ['encrypted' => true]; + + $key = openssl_random_pseudo_bytes(256); + $iv = openssl_random_pseudo_bytes(256); + + $key1 = substr($key, 0, $method[2]); + $iv1 = substr($iv, 0, $method[3]); + + $result['data'] = base64url_encode(openssl_encrypt($data, $method[1], $key1, OPENSSL_RAW_DATA, $iv1), true); + + openssl_public_encrypt($key, $k, $pubkey, $padding); + openssl_public_encrypt($iv, $i, $pubkey, $padding); + + $result['alg'] = $alg; + $result['key'] = base64url_encode($k, true); + $result['iv'] = base64url_encode($i, true); + return $result; + + } + else { + $x = ['data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data]; + call_hooks('crypto_encapsulate', $x); + return $x['result']; + } + } + + public static function unencapsulate($data, $prvkey) { + + if (!(is_array($data) && array_key_exists('encrypted', $data) && array_key_exists('alg', $data) && $data['alg'])) { + logger('not encrypted'); + + return $data; + } + + $alg_base = $data['alg']; + $padding = OPENSSL_PKCS1_PADDING; + + $exts = explode('.', $data['alg']); + if (count($exts) > 1) { + switch ($exts[1]) { + case 'oaep': + $padding = OPENSSL_PKCS1_OAEP_PADDING; + break; + default: + break; + } + $alg_base = $exts[0]; + } + + $method = null; + + foreach (self::$openssl_algorithms as $ossl) { + if ($ossl[0] === $alg_base) { + $method = $ossl; + break; + } + } + + if ($method) { + openssl_private_decrypt(base64url_decode($data['key']), $k, $prvkey, $padding); + openssl_private_decrypt(base64url_decode($data['iv']), $i, $prvkey, $padding); + return openssl_decrypt(base64url_decode($data['data']), $method[1], substr($k, 0, $method[2]), OPENSSL_RAW_DATA, substr($i, 0, $method[3])); + } + else { + $x = ['data' => $data, 'prvkey' => $prvkey, 'alg' => $data['alg'], 'result' => $data]; + call_hooks('crypto_unencapsulate', $x); + return $x['result']; + } + } +} diff --git a/Zotlabs/Lib/JSalmon.php b/Zotlabs/Lib/JSalmon.php index 7f63cf914..f9fe99706 100644 --- a/Zotlabs/Lib/JSalmon.php +++ b/Zotlabs/Lib/JSalmon.php @@ -18,7 +18,7 @@ class JSalmon { $precomputed = '.' . base64url_encode($data_type,true) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng'; - $signature = base64url_encode(rsa_sign($data . $precomputed, $key), true); + $signature = base64url_encode(Crypto::sign($data . $precomputed, $key), true); return ([ 'signed' => true, @@ -54,7 +54,7 @@ class JSalmon { $key = HTTPSig::get_key(EMPTY_STR,'zot6',base64url_decode($x['sigs']['key_id'])); logger('key: ' . print_r($key,true)); if($key['portable_id'] && $key['public_key']) { - if(rsa_verify($signed_data,base64url_decode($x['sigs']['value']),$key['public_key'])) { + if(Crypto::verify($signed_data,base64url_decode($x['sigs']['value']),$key['public_key'])) { logger('verified'); $ret = [ 'success' => true, 'signer' => $key['portable_id'], 'hubloc' => $key['hubloc'] ]; } diff --git a/Zotlabs/Lib/Keyutils.php b/Zotlabs/Lib/Keyutils.php new file mode 100644 index 000000000..616ecfcf6 --- /dev/null +++ b/Zotlabs/Lib/Keyutils.php @@ -0,0 +1,99 @@ +<?php + +namespace Zotlabs\Lib; + +use phpseclib\Crypt\RSA; +use phpseclib\Math\BigInteger; + +/** + * Keyutils + * Convert RSA keys between various formats + */ +class Keyutils { + + /** + * @param string $m modulo + * @param string $e exponent + * @return string + */ + public static function meToPem($m, $e) { + + $rsa = new RSA(); + $rsa->loadKey([ + 'e' => new BigInteger($e, 256), + 'n' => new BigInteger($m, 256) + ]); + return $rsa->getPublicKey(); + + } + + /** + * @param string key + * @return string + */ + public static function rsaToPem($key) { + + $rsa = new RSA(); + $rsa->setPublicKey($key); + + return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8); + + } + + /** + * @param string key + * @return string + */ + public static function pemToRsa($key) { + + $rsa = new RSA(); + $rsa->setPublicKey($key); + + return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS1); + + } + + /** + * @param string $key key + * @param string $m reference modulo + * @param string $e reference exponent + */ + public static function pemToMe($key, &$m, &$e) { + + $rsa = new RSA(); + $rsa->loadKey($key); + $rsa->setPublicKey(); + + $m = $rsa->modulus->toBytes(); + $e = $rsa->exponent->toBytes(); + + } + + /** + * @param string $pubkey + * @return string + */ + public static function salmonKey($pubkey) { + self::pemToMe($pubkey, $m, $e); + return 'RSA' . '.' . base64url_encode($m, true) . '.' . base64url_encode($e, true); + } + + /** + * @param string $key + * @return string + */ + public static function convertSalmonKey($key) { + if (strstr($key, ',')) + $rawkey = substr($key, strpos($key, ',') + 1); + else + $rawkey = substr($key, 5); + + $key_info = explode('.', $rawkey); + + $m = base64url_decode($key_info[1]); + $e = base64url_decode($key_info[2]); + + return self::meToPem($m, $e); + } + +}
\ No newline at end of file diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php index 2eba66ccf..1c2095f10 100644 --- a/Zotlabs/Lib/LDSignatures.php +++ b/Zotlabs/Lib/LDSignatures.php @@ -12,7 +12,7 @@ class LDSignatures { $ohash = self::hash(self::signable_options($data['signature'])); $dhash = self::hash(self::signable_data($data)); - $x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); + $x = Crypto::verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); logger('LD-verify: ' . intval($x)); return $x; @@ -35,11 +35,11 @@ class LDSignatures { $ohash = self::hash(self::signable_options($options)); $dhash = self::hash(self::signable_data($data)); - $options['signatureValue'] = base64_encode(rsa_sign($ohash . $dhash,$channel['channel_prvkey'])); + $options['signatureValue'] = base64_encode(Crypto::sign($ohash . $dhash,$channel['channel_prvkey'])); $signed = array_merge([ - '@context' => [ - ACTIVITYSTREAMS_JSONLD_REV, + '@context' => [ + ACTIVITYSTREAMS_JSONLD_REV, 'https://w3id.org/security/v1' ], ],$options); @@ -88,7 +88,7 @@ class LDSignatures { return ''; jsonld_set_document_loader('jsonld_document_loader'); - + try { $d = jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]); } @@ -117,7 +117,7 @@ class LDSignatures { $precomputed = '.' . base64url_encode($data_type,false) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng=='; - $signature = base64url_encode(rsa_sign($data . $precomputed,$channel['channel_prvkey'])); + $signature = base64url_encode(Crypto::sign($data . $precomputed,$channel['channel_prvkey'])); return ([ 'id' => $arr['id'], diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php index e16b68cf8..7e97e4c70 100644 --- a/Zotlabs/Lib/Libsync.php +++ b/Zotlabs/Lib/Libsync.php @@ -781,7 +781,7 @@ class Libsync { $t = datetime_convert('UTC', 'UTC', 'now - 15 minutes'); if (array_key_exists('site', $arr) && $location['url'] == $arr['site']['url']) { - q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d and hubloc_connected < '%s'", + q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d and hubloc_updated < '%s'", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($r[0]['hubloc_id']), diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 0ead8402e..db35dfb70 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -130,7 +130,7 @@ class Libzot { if ($remote_key) { $algorithm = self::best_algorithm($methods); if ($algorithm) { - $data = crypto_encapsulate(json_encode($data), $remote_key, $algorithm); + $data = Crypto::encapsulate(json_encode($data), $remote_key, $algorithm); } } @@ -143,7 +143,7 @@ class Libzot { * * @param string $methods * Comma separated list of encryption methods - * @return string first match from our site method preferences crypto_methods() array + * @return string first match from our site method preferences Crypto::methods() array * of a method which is common to both sites; or 'aes256cbc' if no matches are found. */ static function best_algorithm($methods) { @@ -167,7 +167,7 @@ class Libzot { if ($methods) { $x = explode(',', $methods); if ($x) { - $y = crypto_methods(); + $y = Crypto::methods(); if ($y) { foreach ($y as $yv) { $yv = trim($yv); @@ -299,7 +299,6 @@ class Libzot { } $record = Zotfinger::exec($url, $channel); - // Check the HTTP signature $hsig = $record['signature']; @@ -983,7 +982,7 @@ class Libzot { logger('Headers: ' . print_r($arr['header'], true), LOGGER_DATA, LOG_DEBUG); } - $x = crypto_unencapsulate($x, get_config('system', 'prvkey')); + $x = Crypto::unencapsulate($x, get_config('system', 'prvkey')); if (!is_array($x)) { $x = json_decode($x, true); @@ -1268,8 +1267,13 @@ class Libzot { } } } + if ($AS->data['signed_data']) { - IConfig::Set($arr, 'activitystreams', 'signed_data', $AS->data['signed_data'], false); + IConfig::Set($arr, 'activitypub', 'signed_data', $AS->data['signed_data'], false); + $j = json_decode($AS->data['signed_data'], true); + if ($j) { + IConfig::Set($arr, 'activitypub', 'rawmsg', json_encode(JSalmon::unpack($j['data'])), true); + } } logger('Activity received: ' . print_r($arr, true), LOGGER_DATA, LOG_DEBUG); @@ -1953,7 +1957,11 @@ class Libzot { } if ($AS->data['signed_data']) { - IConfig::Set($arr, 'activitystreams', 'signed_data', $AS->data['signed_data'], false); + IConfig::Set($arr, 'activitypub', 'signed_data', $AS->data['signed_data'], false); + $j = json_decode($AS->data['signed_data'], true); + if ($j) { + IConfig::Set($arr, 'activitypub', 'rawmsg', json_encode(JSalmon::unpack($j['data'])), true); + } } logger('FOF Activity received: ' . print_r($arr, true), LOGGER_DATA, LOG_DEBUG); @@ -3020,7 +3028,7 @@ class Libzot { $ret['site']['directory_url'] = z_root() . '/dirsearch'; - $ret['site']['encryption'] = crypto_methods(); + $ret['site']['encryption'] = Crypto::methods(); $ret['site']['zot'] = System::get_zot_revision(); // hide detailed site information if you're off the grid @@ -3140,6 +3148,11 @@ class Libzot { ); } + // this site obviously isn't dead because they are trying to communicate with us. + q("update site set site_dead = 0 where site_dead = 1 and site_url = '%s' ", + dbesc($hub['hubloc_url']) + ); + return $hub['hubloc_url']; } diff --git a/Zotlabs/Lib/PConfig.php b/Zotlabs/Lib/PConfig.php index c08c11e75..765131f0d 100644 --- a/Zotlabs/Lib/PConfig.php +++ b/Zotlabs/Lib/PConfig.php @@ -132,6 +132,7 @@ class PConfig { // manage array value $dbvalue = ((is_array($value)) ? serialize($value) : $value); $dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue) : $dbvalue); + $new = false; $now = datetime_convert(); if (! $updated) { diff --git a/Zotlabs/Lib/Queue.php b/Zotlabs/Lib/Queue.php index 779719d8b..373a7d304 100644 --- a/Zotlabs/Lib/Queue.php +++ b/Zotlabs/Lib/Queue.php @@ -116,7 +116,7 @@ class Queue { dbesc(($arr['driver']) ? $arr['driver'] : 'zot6'), dbesc($arr['posturl']), intval(1), - intval(($arr['priority']) ? $arr['priority'] : 0), + intval(isset($arr['priority']) ? $arr['priority'] : 0), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -134,7 +134,7 @@ class Queue { $base = null; $h = parse_url($outq['outq_posturl']); if($h !== false) - $base = $h['scheme'] . '://' . $h['host'] . (($h['port']) ? ':' . $h['port'] : ''); + $base = $h['scheme'] . '://' . $h['host'] . (isset($h['port']) ? ':' . $h['port'] : ''); if(($base) && ($base !== z_root()) && ($immediate)) { $y = q("select site_update, site_dead from site where site_url = '%s' ", diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index 2fb07c1cb..c0d5c001b 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -43,7 +43,7 @@ class ThreadItem { $observer = \App::get_observer(); // Prepare the children - if($data['children']) { + if(isset($data['children'])) { foreach($data['children'] as $item) { /* diff --git a/Zotlabs/Lib/Zotfinger.php b/Zotlabs/Lib/Zotfinger.php index faaf28f35..840d91403 100644 --- a/Zotlabs/Lib/Zotfinger.php +++ b/Zotlabs/Lib/Zotfinger.php @@ -18,8 +18,8 @@ class Zotfinger { if($channel && $m) { - $headers = [ - 'Accept' => 'application/x-zot+json', + $headers = [ + 'Accept' => 'application/x-zot+json', 'Content-Type' => 'application/x-zot+json', 'X-Zot-Token' => random_string(), 'Digest' => HTTPSig::generate_digest_header($data), @@ -29,9 +29,9 @@ class Zotfinger { $h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false); } else { - $h = [ 'Accept: application/x-zot+json' ]; + $h = [ 'Accept: application/x-zot+json' ]; } - + $result = []; $redirects = 0; @@ -43,11 +43,11 @@ class Zotfinger { if ($verify) { $result['signature'] = HTTPSig::verify($x, EMPTY_STR, 'zot6'); } - + $result['data'] = json_decode($x['body'],true); if($result['data'] && is_array($result['data']) && array_key_exists('encrypted',$result['data']) && $result['data']['encrypted']) { - $result['data'] = json_decode(crypto_unencapsulate($result['data'],get_config('system','prvkey')),true); + $result['data'] = json_decode(Crypto::unencapsulate($result['data'],get_config('system','prvkey')),true); } logger('decrypted: ' . print_r($result,true)); diff --git a/Zotlabs/Module/Activity.php b/Zotlabs/Module/Activity.php index 48f2663cf..2fbc35274 100644 --- a/Zotlabs/Module/Activity.php +++ b/Zotlabs/Module/Activity.php @@ -26,7 +26,12 @@ class Activity extends Controller { $portable_id = EMPTY_STR; - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + $item_normal_extra = sprintf(" and not verb in ('%s', '%s') ", + dbesc(ACTIVITY_FOLLOW), + dbesc(ACTIVITY_UNFOLLOW) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra "; $i = null; @@ -86,7 +91,7 @@ class Activity extends Controller { } $parents_str = ids_to_querystr($i,'item_id'); - + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal ", dbesc($parents_str) ); @@ -197,8 +202,12 @@ class Activity extends Controller { } } - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 - and item.item_delayed = 0 and item.item_blocked = 0 "; + $item_normal_extra = sprintf(" and not verb in ('%s', '%s') ", + dbesc(ACTIVITY_FOLLOW), + dbesc(ACTIVITY_UNFOLLOW) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra "; $sigdata = HTTPSig::verify(EMPTY_STR); if ($sigdata['portable_id'] && $sigdata['header_valid']) { diff --git a/Zotlabs/Module/Article_edit.php b/Zotlabs/Module/Article_edit.php index 635b3ce2a..efa02e1c1 100644 --- a/Zotlabs/Module/Article_edit.php +++ b/Zotlabs/Module/Article_edit.php @@ -63,9 +63,9 @@ class Article_edit extends \Zotlabs\Web\Controller { if ($catsenabled){ $itm = fetch_post_tags($itm); - + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - + foreach ($cats as $cat) { if (strlen($category)) $category .= ', '; @@ -113,6 +113,7 @@ class Article_edit extends \Zotlabs\Web\Controller { 'post_id' => $post_id, 'visitor' => true, 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'summary' => htmlspecialchars($itm[0]['summary'],ENT_COMPAT,'UTF-8'), 'placeholdertitle' => t('Title (optional)'), 'pagetitle' => $card_title, 'profile_uid' => (intval($channel['channel_id'])), diff --git a/Zotlabs/Module/Articles.php b/Zotlabs/Module/Articles.php index 3f726ebb9..9152f0e0e 100644 --- a/Zotlabs/Module/Articles.php +++ b/Zotlabs/Module/Articles.php @@ -15,7 +15,7 @@ require_once('include/opengraph.php'); class Articles extends Controller { function init() { - + if(argc() > 1) $which = argv(1); @@ -28,13 +28,13 @@ class Articles extends Controller { return; } } - + profile_load($which); - + } - + function get($update = 0, $load = false) { - + if(observer_prohibited(true)) { return login(); } @@ -56,7 +56,7 @@ class Articles extends Controller { nav_set_selected('Articles'); - head_add_link([ + head_add_link([ 'rel' => 'alternate', 'type' => 'application/json+oembed', 'href' => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string), @@ -65,7 +65,7 @@ class Articles extends Controller { $category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : ''); - + if($category) { $sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $category, TERM_CATEGORY)); } @@ -74,24 +74,24 @@ class Articles extends Controller { $datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : ''); $which = argv(1); - + $selected_card = ((argc() > 2) ? argv(2) : ''); $_SESSION['return_url'] = App::$query_string; - + $uid = local_channel(); $owner = App::$profile_uid; $observer = App::get_observer(); - + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + if(! perm_is_allowed($owner,$ob_hash,'view_pages')) { notice( t('Permission denied.') . EOL); return; } - + $is_owner = ($uid && $uid == $owner); - + $channel = channelx_by_n($owner); if($channel) { @@ -105,7 +105,7 @@ class Articles extends Controller { else { $channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ]; } - + if(perm_is_allowed($owner,$ob_hash,'write_pages')) { @@ -114,16 +114,15 @@ class Articles extends Controller { 'webpage' => ITEM_TYPE_ARTICLE, 'is_owner' => true, 'content_label' => t('Add Article'), - 'button' => t('Create'), + 'button' => t('Save'), 'nickname' => $channel['channel_address'], - 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), - 'acl' => (($is_owner) ? populate_acl($channel_acl, false, + 'acl' => (($is_owner) ? populate_acl($channel_acl, false, PermissionDescription::fromGlobalPermission('view_pages')) : ''), 'permissions' => $channel_acl, 'showacl' => (($is_owner) ? true : false), 'visitor' => true, - 'body' => '[summary][/summary]', 'hide_location' => false, 'hide_voting' => false, 'profile_uid' => intval($owner), @@ -147,12 +146,12 @@ class Articles extends Controller { else { $editor = ''; } - + $itemspage = get_pconfig(local_channel(),'system','itemspage'); App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start'])); - + $sql_extra = item_permissions_sql($owner); $sql_item = ''; @@ -176,8 +175,8 @@ class Articles extends Controller { $sql_extra2 .= " and item.item_thread_top != 0 "; } - $r = q("select * from item - where item.uid = %d and item_type = %d + $r = q("select * from item + where item.uid = %d and item_type = %d $sql_extra $sql_extra2 $sql_item order by item.created desc $pager_sql", intval($owner), intval(ITEM_TYPE_ARTICLE) @@ -214,7 +213,7 @@ class Articles extends Controller { opengraph_add_meta((! empty($items) ? $r[0] : []), $channel); $mode = 'articles'; - + if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card)) $page_mode = 'pager_list'; else diff --git a/Zotlabs/Module/Card_edit.php b/Zotlabs/Module/Card_edit.php index e01e70fdb..c57a0f043 100644 --- a/Zotlabs/Module/Card_edit.php +++ b/Zotlabs/Module/Card_edit.php @@ -63,9 +63,9 @@ class Card_edit extends \Zotlabs\Web\Controller { if ($catsenabled){ $itm = fetch_post_tags($itm); - + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - + foreach ($cats as $cat) { if (strlen($category)) $category .= ', '; @@ -114,6 +114,7 @@ class Card_edit extends \Zotlabs\Web\Controller { 'post_id' => $post_id, 'visitor' => true, 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'summary' => htmlspecialchars($itm[0]['summary'],ENT_COMPAT,'UTF-8'), 'placeholdertitle' => t('Title (optional)'), 'pagetitle' => $card_title, 'profile_uid' => (intval($channel['channel_id'])), diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php index c44f7942b..8f47208ce 100644 --- a/Zotlabs/Module/Cards.php +++ b/Zotlabs/Module/Cards.php @@ -110,7 +110,7 @@ class Cards extends Controller { 'webpage' => ITEM_TYPE_CARD, 'is_owner' => true, 'content_label' => t('Add Card'), - 'button' => t('Create'), + 'button' => t('Save'), 'nickname' => $channel['channel_address'], 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 915e0ea60..ab5000b9a 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -6,6 +6,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Lib\Activity; use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\PermissionDescription; use Zotlabs\Web\Controller; @@ -26,8 +27,8 @@ class Channel extends Controller { function init() { - if (in_array(substr($_GET['search'], 0, 1), ['@', '!', '?']) || strpos($_GET['search'], 'https://') === 0) - goaway('search' . '?f=&search=' . $_GET['search']); + if (array_key_exists('search', $_GET) && (in_array(substr($_GET['search'], 0, 1), ['@', '!', '?']) || strpos($_GET['search'], 'https://') === 0)) + goaway(z_root() . '/search?f=&search=' . $_GET['search']); $which = null; if (argc() > 1) @@ -70,7 +71,7 @@ class Channel extends Controller { ); if ($s) { - $data = json_encode(crypto_encapsulate($data, $s[0]['hubloc_sitekey'], Libzot::best_algorithm($s[0]['site_crypto']))); + $data = json_encode(Crypto::encapsulate($data, $s[0]['hubloc_sitekey'], Libzot::best_algorithm($s[0]['site_crypto']))); } } else { @@ -154,7 +155,7 @@ class Channel extends Controller { intval($channel['channel_id']) ); - opengraph_add_meta($r ? $r[0] : [], $channel); + opengraph_add_meta((isset($r) && count($r) ? $r[0] : []), $channel); } function get($update = 0, $load = false) { @@ -167,7 +168,7 @@ class Channel extends Controller { if (strpos($mid, 'b64.') === 0) $decoded = @base64url_decode(substr($mid, 4)); - if ($decoded) + if (isset($decoded)) $mid = $decoded; $datequery = ((x($_GET, 'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : ''); @@ -327,6 +328,7 @@ class Channel extends Controller { } else { + $sql_extra2 = ''; if (x($category)) { $sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'], 'item', $category, TERM_CATEGORY)); } @@ -418,7 +420,7 @@ class Channel extends Controller { if ((!$update) && (!$load)) { - if ($decoded) + if (isset($decoded)) $mid = 'b64.' . base64url_encode($mid); // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, @@ -484,7 +486,7 @@ class Channel extends Controller { $o .= conversation($items, $mode, $update, $page_mode); - if ($mid && $items[0]['title']) + if ($mid && count($items) > 0 && isset($items[0]['title'])) App::$page['title'] = $items[0]['title'] . " - " . App::$page['title']; } diff --git a/Zotlabs/Module/Channel_calendar.php b/Zotlabs/Module/Channel_calendar.php index ac1545644..26c6aaf40 100644 --- a/Zotlabs/Module/Channel_calendar.php +++ b/Zotlabs/Module/Channel_calendar.php @@ -116,7 +116,7 @@ class Channel_calendar extends Controller { if ($results) { // Set permissions based on tag replacements - set_linkified_perms($results, $str_contact_allow, $str_group_allow, $uid, false, $private); + set_linkified_perms($results, $str_contact_allow, $str_group_allow, $uid, $private); foreach ($results as $result) { $success = $result['success']; diff --git a/Zotlabs/Module/Connect.php b/Zotlabs/Module/Connect.php index 31da42035..b934cb963 100644 --- a/Zotlabs/Module/Connect.php +++ b/Zotlabs/Module/Connect.php @@ -18,11 +18,11 @@ class Connect extends Controller { App::$error = 404; return; } - + $r = q("select * from channel where channel_address = '%s' limit 1", dbesc($which) ); - + if($r) App::$data['channel'] = $r[0]; @@ -30,36 +30,36 @@ class Connect extends Controller { profile_load($which,''); } - + function post() { - + if(! array_key_exists('channel', App::$data)) return; $channel_id = App::$data['channel']['channel_id']; $edit = ((local_channel() && (local_channel() == $channel_id)) ? true : false); - + if($edit) { $has_premium = ((App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? 1 : 0); $premium = (($_POST['premium']) ? intval($_POST['premium']) : 0); $text = escape_tags($_POST['text']); - + if($has_premium != $premium) { $r = q("update channel set channel_pageflags = ( channel_pageflags %s %d ) where channel_id = %d", db_getfunc('^'), intval(PAGE_PREMIUM), - intval(local_channel()) + intval(local_channel()) ); - + \Zotlabs\Daemon\Master::Summon(array('Notifier','refresh_all',$channel_id)); } set_pconfig($channel_id,'system','selltext',$text); // reload the page completely to get fresh data goaway(z_root() . '/' . App::$query_string); - + } - + $url = ''; $observer = App::get_observer(); if(($observer) && ($_POST['submit'] === t('Continue'))) { @@ -70,18 +70,18 @@ class Connect extends Controller { dbesc($observer['xchan_hash']) ); if($r) - $url = $r[0]['hubloc_url'] . '/follow?f=&url=' . urlencode(channel_reddress(App::$data['channel'])); + $url = $r[0]['hubloc_url'] . '/follow?f=&interactive=1&url=' . urlencode(channel_reddress(App::$data['channel'])); } } if($url) goaway($url . '&confirm=1'); else notice('Unable to connect to your home hub location.'); - + } - - - + + + function get() { if(! array_key_exists('channel', App::$data)) @@ -90,11 +90,11 @@ class Connect extends Controller { $channel_id = App::$data['channel']['channel_id']; $edit = ((local_channel() && (local_channel() == $channel_id)) ? true : false); - + $text = get_pconfig($channel_id,'system','selltext'); - + if($edit) { - + $o = replace_macros(get_markup_template('sellpage_edit.tpl'),array( '$header' => t('Premium Channel Setup'), '$address' => App::$data['channel']['channel_address'], @@ -105,36 +105,36 @@ class Connect extends Controller { '$lbl2' => t('Potential connections will then see the following text before proceeding:'), '$desc2' => t('By continuing, I certify that I have complied with any instructions provided on this page.'), '$submit' => t('Submit'), - - + + )); return $o; } else { if(! $text) $text = t('(No specific instructions have been provided by the channel owner.)'); - + $submit = replace_macros(get_markup_template('sellpage_submit.tpl'), array( - '$continue' => t('Continue'), + '$continue' => t('Continue'), '$address' => App::$data['channel']['channel_address'] )); - + $o = replace_macros(get_markup_template('sellpage_view.tpl'),array( '$header' => t('Restricted or Premium Channel'), '$desc' => t('This channel may require additional steps or acknowledgement of the following conditions prior to connecting:'), - '$text' => prepare_text($text), - + '$text' => prepare_text($text), + '$desc2' => t('By continuing, I certify that I have complied with any instructions provided on this page.'), '$submit' => $submit, - + )); - + $arr = array('channel' => App::$data['channel'],'observer' => App::get_observer(), 'sellpage' => $o, 'submit' => $submit); call_hooks('connect_premium', $arr); $o = $arr['sellpage']; - + } - + return $o; } } diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 582563451..44211c8b9 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -9,6 +9,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Lib\Apps; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\Libsync; use Zotlabs\Daemon\Master; @@ -178,7 +179,7 @@ class Connedit extends Controller { if(! $is_self) { $signed = $orig_record[0]['abook_xchan'] . '.' . $rating . '.' . $rating_text; - $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); + $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey'])); $rated = ((intval($rating) || strlen($rating_text)) ? true : false); diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 7295f3099..e1555fc2d 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -245,7 +245,7 @@ class Directory extends Controller { $profile_link = chanlink_url($rr['url']); $pdesc = (($rr['description']) ? $rr['description'] . '<br />' : ''); - $connect_link = ((local_channel()) ? z_root() . '/follow?f=&url=' . urlencode($rr['address']) : ''); + $connect_link = ((local_channel()) ? z_root() . '/follow?f=&interactive=1&url=' . urlencode($rr['address']) : ''); // Checking status is disabled ATM until someone checks the performance impact more carefully //$online = remote_online_status($rr['address']); diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 04aeb6d5c..15dfb0dc9 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -243,7 +243,7 @@ class Display extends \Zotlabs\Web\Controller { $item_normal = item_normal(); $item_normal_update = item_normal_update(); - $sql_extra = public_permissions_sql($observer_hash); + $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash)); if($noscript_content || $load) { @@ -260,8 +260,7 @@ class Display extends \Zotlabs\Web\Controller { ); } - if(! $r) { - + if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner uid can't match @@ -269,16 +268,17 @@ class Display extends \Zotlabs\Web\Controller { $sysid = 0; $r = q("SELECT item.id as item_id from item - WHERE mid = '%s' + WHERE ((mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) - $sql_extra ) + OR uid = %d ))) OR + (mid = '%s' $sql_extra )) $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid) + intval($sysid), + dbesc($target_item['parent_mid']) ); } } @@ -303,20 +303,22 @@ class Display extends \Zotlabs\Web\Controller { if($r === null) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match + if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - $r = q("SELECT item.parent AS item_id from item - WHERE parent_mid = '%s' + + $r = q("SELECT item.id as item_id from item + WHERE ((parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " )) - OR uid = %d ) - $sql_extra ) - $item_normal_update - $simple_update + OR uid = %d ))) OR + (parent_mid = '%s' $sql_extra )) + $item_normal limit 1", dbesc($target_item['parent_mid']), - intval($sysid) + intval($sysid), + dbesc($target_item['parent_mid']) ); } } diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index 49b2892e8..c6cfc6dc4 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -58,9 +58,9 @@ class Editpost extends \Zotlabs\Web\Controller { if ($catsenabled){ $itm = fetch_post_tags($itm); - + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - + foreach ($cats as $cat) { if (strlen($category)) $category .= ', '; @@ -95,6 +95,7 @@ class Editpost extends \Zotlabs\Web\Controller { 'defloc' => $channel['channel_location'], 'visitor' => true, 'title' => htmlspecialchars_decode($itm[0]['title'],ENT_COMPAT), + 'summary' => htmlspecialchars_decode($itm[0]['summary'],ENT_COMPAT), 'category' => $category, 'showacl' => false, 'profile_uid' => $owner_uid, diff --git a/Zotlabs/Module/Fhublocs.php b/Zotlabs/Module/Fhublocs.php index dcd399a1f..42dac5b12 100644 --- a/Zotlabs/Module/Fhublocs.php +++ b/Zotlabs/Module/Fhublocs.php @@ -15,12 +15,12 @@ class Fhublocs extends \Zotlabs\Web\Controller { if(! is_site_admin()) return; - + $o = ''; - + $r = q("select * from channel where channel_removed = 0"); $sitekey = get_config('system','pubkey'); - + if($r) { foreach($r as $rr) { @@ -38,14 +38,14 @@ class Fhublocs extends \Zotlabs\Web\Controller { if($found) { $o .= 'Hubloc exists for ' . $rr['channel_name'] . EOL; continue; - } + } } $y = q("select xchan_addr from xchan where xchan_hash = '%s' limit 1", dbesc($rr['channel_hash']) ); if($y) $primary_address = $y[0]['xchan_addr']; - + $hub_address = channel_reddress($rr); $primary = (($hub_address === $primary_address) ? 1 : 0); @@ -56,9 +56,9 @@ class Fhublocs extends \Zotlabs\Web\Controller { dbesc($rr['channel_hash']), dbesc(z_root()) ); - + // Create a verified hub location pointing to this site. - + /* $h = hubloc_store_lowlevel( [ @@ -69,7 +69,7 @@ class Fhublocs extends \Zotlabs\Web\Controller { 'hubloc_network' => 'zot', 'hubloc_primary' => $primary, 'hubloc_url' => z_root(), - 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$rr['channel_prvkey'])), + 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$rr['channel_prvkey'])), 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/post', 'hubloc_sitekey' => $sitekey @@ -99,11 +99,11 @@ class Fhublocs extends \Zotlabs\Web\Controller { $o . 'local hubloc created for ' . $rr['channel_name'] . EOL; else $o .= 'DB update failed for ' . $rr['channel_name'] . EOL; - + } - + return $o; - + } } } diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index 11febd8fc..4fe20f56b 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -14,7 +14,7 @@ use Zotlabs\Daemon\Master; class Follow extends Controller { function init() { - + if (ActivityStreams::is_as_request() && argc() == 2) { $abook_id = intval(argv(1)); @@ -73,11 +73,11 @@ class Follow extends Controller { $url = notags(trim(punify($_REQUEST['url']))); $return_url = $_SESSION['return_url']; $confirm = intval($_REQUEST['confirm']); - $interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1); + $interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1); $channel = App::get_channel(); $result = Connect::connect($channel,$url); - + if ($result['success'] == false) { if ($result['message']) { notice($result['message']); @@ -89,9 +89,9 @@ class Follow extends Controller { json_return_and_die($result); } } - + info( t('Connection added.') . EOL); - + $clone = array(); foreach ($result['abook'] as $k => $v) { if (strpos($k,'abook_') === 0) { @@ -101,30 +101,30 @@ class Follow extends Controller { unset($clone['abook_id']); unset($clone['abook_account']); unset($clone['abook_channel']); - + $abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']); if ($abconfig) { $clone['abconfig'] = $abconfig; } Libsync::build_sync_packet(0, [ 'abook' => [ $clone ] ], true); - + $can_view_stream = their_perms_contains($channel['channel_id'],$clone['abook_xchan'],'view_stream'); - + // If we can view their stream, pull in some posts - + if (($can_view_stream) || ($result['abook']['xchan_network'] === 'rss')) { Master::Summon([ 'Onepoll', $result['abook']['abook_id'] ]); } - + if ($interactive) { goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?follow=1'); } else { json_return_and_die([ 'success' => true ]); } - + } - + function get() { if (! local_channel()) { return login(); diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 20cc23ac0..28d7eabb5 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -1,6 +1,7 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Crypto; use Zotlabs\Web\HTTPSig; use Zotlabs\Lib\Libzot; @@ -106,7 +107,7 @@ class Getfile extends \Zotlabs\Web\Controller { killme(); } - if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) { + if(! Crypto::verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) { logger('verify failed.'); killme(); } diff --git a/Zotlabs/Module/Home.php b/Zotlabs/Module/Home.php index 7f2d6424d..2bfab986f 100644 --- a/Zotlabs/Module/Home.php +++ b/Zotlabs/Module/Home.php @@ -1,100 +1,114 @@ <?php + namespace Zotlabs\Module; +use App; +use Zotlabs\Lib\Libzot; +use Zotlabs\Web\Controller; +use Zotlabs\Web\HTTPSig; + require_once('include/items.php'); require_once('include/conversation.php'); - -class Home extends \Zotlabs\Web\Controller { +class Home extends Controller { function init() { - $ret = array(); - - call_hooks('home_init',$ret); + $ret = []; + + call_hooks('home_init', $ret); + + if (Libzot::is_zot_request()) { + $key = get_config('system', 'prvkey'); + $ret = json_encode(Libzot::site_info()); + + $headers = ['Content-Type' => 'application/x-zot+json', 'Digest' => HTTPSig::generate_digest_header($ret)]; + $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; + $h = HTTPSig::create_sig($headers, $key, z_root()); + HTTPSig::set_headers($h); + + echo $ret; + killme(); + } $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); - - $channel = \App::get_channel(); - if(local_channel() && $channel && $channel['xchan_url'] && ! $splash) { + + $channel = App::get_channel(); + if (local_channel() && $channel && $channel['xchan_url'] && !$splash) { $dest = (($ret['startpage']) ? $ret['startpage'] : ''); - if(! $dest) - $dest = get_config('system','startpage'); - if(! $dest) + if (!$dest) + $dest = get_config('system', 'startpage'); + if (!$dest) $dest = z_root() . '/network'; - + goaway($dest); } - if(remote_channel() && (! $splash) && $_SESSION['atoken']) { + if (remote_channel() && (!$splash) && $_SESSION['atoken']) { $r = q("select * from atoken where atoken_id = %d", intval($_SESSION['atoken']) ); - if($r) { + if ($r) { $x = channelx_by_n($r[0]['atoken_uid']); - if($x) { + if ($x) { goaway(z_root() . '/channel/' . $x['channel_address']); } } - } + } - - if(get_account_id() && ! $splash) { + if (get_account_id() && !$splash) { goaway(z_root() . '/new_channel'); } - + } - - + function get($update = 0, $load = false) { - + $o = ''; - - - if(x($_SESSION,'theme')) + + if (x($_SESSION, 'theme')) unset($_SESSION['theme']); - if(x($_SESSION,'mobile_theme')) + if (x($_SESSION, 'mobile_theme')) unset($_SESSION['mobile_theme']); - + $splash = ((argc() > 1 && argv(1) === 'splash') ? true : false); - - call_hooks('home_content',$o); - if($o) + + call_hooks('home_content', $o); + if ($o) return $o; - - $frontpage = get_config('system','frontpage'); - if($frontpage) { - if(strpos($frontpage,'include:') !== false) { - $file = trim(str_replace('include:' , '', $frontpage)); - if(file_exists($file)) { - \App::$page['template'] = 'full'; - \App::$page['title'] = t('$Projectname'); - $o .= file_get_contents($file); + + $frontpage = get_config('system', 'frontpage'); + if ($frontpage) { + if (strpos($frontpage, 'include:') !== false) { + $file = trim(str_replace('include:', '', $frontpage)); + if (file_exists($file)) { + App::$page['template'] = 'full'; + App::$page['title'] = t('$Projectname'); + $o .= file_get_contents($file); return $o; } } - if(strpos($frontpage,'http') !== 0) + if (strpos($frontpage, 'http') !== 0) $frontpage = z_root() . '/' . $frontpage; - if(intval(get_config('system','mirror_frontpage'))) { + if (intval(get_config('system', 'mirror_frontpage'))) { $o = '<html><head><title>' . t('$Projectname') . '</title></head><body style="margin: 0; padding: 0; border: none;" ><iframe src="' . $frontpage . '" width="100%" height="100%" style="margin: 0; padding: 0; border: none;" ></iframe></body></html>'; echo $o; killme(); } goaway($frontpage); } - - - $sitename = get_config('system','sitename'); - if($sitename) - $o .= '<h1 class="home-welcome">' . sprintf( t('Welcome to %s') ,$sitename) . '</h1>'; - - $loginbox = get_config('system','login_on_homepage'); - if(intval($loginbox) || $loginbox === false) + + $sitename = get_config('system', 'sitename'); + if ($sitename) + $o .= '<h1 class="home-welcome">' . sprintf(t('Welcome to %s'), $sitename) . '</h1>'; + + $loginbox = get_config('system', 'login_on_homepage'); + if (intval($loginbox) || $loginbox === false) $o .= login(true); - + return $o; - + } - + } diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index f8fc366e0..8ef24b232 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -8,6 +8,7 @@ require_once('include/import.php'); require_once('include/perm_upgrade.php'); require_once('library/urlify/URLify.php'); +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Libzot; @@ -227,7 +228,7 @@ class Import extends \Zotlabs\Web\Controller { 'hubloc_network' => 'zot', 'hubloc_primary' => (($seize) ? 1 : 0), 'hubloc_url' => z_root(), - 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])), 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/post', 'hubloc_sitekey' => get_config('system','pubkey'), @@ -256,7 +257,7 @@ class Import extends \Zotlabs\Web\Controller { 'hubloc_network' => 'zot6', 'hubloc_primary' => (($seize) ? 1 : 0), 'hubloc_url' => z_root(), - 'hubloc_url_sig' => 'sha256.' . base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'hubloc_url_sig' => 'sha256.' . base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])), 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/zot', 'hubloc_sitekey' => get_config('system','pubkey'), diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index b30adeb53..ff52babf5 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -55,7 +55,12 @@ class Item extends Controller { $portable_id = EMPTY_STR; - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + $item_normal_extra = sprintf(" and not verb in ('%s', '%s') ", + dbesc(ACTIVITY_FOLLOW), + dbesc(ACTIVITY_UNFOLLOW) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra "; $i = null; @@ -167,7 +172,12 @@ class Item extends Controller { $portable_id = EMPTY_STR; - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + $item_normal_extra = sprintf(" and not verb in ('%s', '%s') ", + dbesc(ACTIVITY_FOLLOW), + dbesc(ACTIVITY_UNFOLLOW) + ); + + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra "; $i = null; @@ -821,29 +831,16 @@ class Item extends Controller { // and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) // we may need virtual or template classes to implement the possible alternatives - if(strpos($body,'[/summary]') !== false) { - $match = ''; - $cnt = preg_match("/\[summary\](.*?)\[\/summary\]/ism",$body,$match); - if($cnt) { - $summary .= $match[1]; - } - $body_content = preg_replace("/\[summary\](.*?)\[\/summary\]/ism", '',$body); - $body = trim($body_content); - } - - $summary = cleanup_bbcode($summary); - $body = cleanup_bbcode($body); // Look for tags and linkify them - $results = linkify_tags($summary, ($uid) ? $uid : $profile_uid); $results = linkify_tags($body, ($uid) ? $uid : $profile_uid); if($results) { // Set permissions based on tag replacements - set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $parent_item, $private); + set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $private, $parent_item); foreach($results as $result) { $success = $result['success']; @@ -887,15 +884,10 @@ class Item extends Controller { if(! $preview) { fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($summary,'[/crypt]')) ? $_POST['media_str'] : $summary),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - - fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - } - $attachments = ''; $match = false; @@ -933,10 +925,9 @@ class Item extends Controller { } } + // BBCODE end alert } - // BBCODE end alert - if(strlen($categories)) { $cats = explode(',',$categories); diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 84c2463d6..a21095940 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -20,13 +20,15 @@ class Network extends \Zotlabs\Web\Controller { return; } - if(in_array(substr($_GET['search'],0,1),[ '@', '!', '?']) || strpos($_GET['search'], 'https://') === 0) - goaway('search' . '?f=&search=' . $_GET['search']); + $search = $_GET['search'] ?? ''; + + if(in_array(substr($search, 0, 1),[ '@', '!', '?']) || strpos($search, 'https://') === 0) + goaway(z_root() . '/search?f=&search=' . $search); if(count($_GET) < 2) { $network_options = get_pconfig(local_channel(),'system','network_page_default'); if($network_options) - goaway('network' . '?f=&' . $network_options); + goaway(z_root() . '/network?f=&' . $network_options); } $channel = App::get_channel(); @@ -80,7 +82,7 @@ class Network extends \Zotlabs\Web\Controller { break; } - $search = (($_GET['search']) ? $_GET['search'] : ''); + $search = $_GET['search'] ?? ''; if($search) { if(strpos($search,'#') === 0) { $hashtags = substr($search,1); @@ -128,17 +130,19 @@ class Network extends \Zotlabs\Web\Controller { $pf = ((x($_GET,'pf')) ? $_GET['pf'] : ''); $unseen = ((x($_GET,'unseen')) ? $_GET['unseen'] : ''); - if (Apps::system_app_installed(local_channel(),'Affinity Tool')) { + if (Apps::system_app_installed(local_channel(),'Affinity Tool')) { $affinity_locked = intval(get_pconfig(local_channel(),'affinity','lock',1)); if ($affinity_locked) { - set_pconfig(local_channel(),'affinity','cmin',$cmin); - set_pconfig(local_channel(),'affinity','cmax',$cmax); + set_pconfig(local_channel(),'affinity','cmin',$cmin); + set_pconfig(local_channel(),'affinity','cmax',$cmax); } - } + } if(x($_GET,'search') || $file || (!$pf && $cid) || $hashtags || $verb || $category || $conv || $unseen) $nouveau = true; + $cid_r = []; + if($cid) { $cid_r = q("SELECT abook.abook_xchan, xchan.xchan_addr, xchan.xchan_name, xchan.xchan_url, xchan.xchan_photo_s, xchan.xchan_pubforum from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and abook_blocked = 0 limit 1", intval($cid), @@ -453,6 +457,8 @@ class Network extends \Zotlabs\Web\Controller { if($update && $_SESSION['loadtime']) $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; + $items = []; + if($nouveau && $load) { // "New Item View" - show all items unthreaded in reverse created date order $items = q("SELECT item.*, item.id AS item_id, created FROM item diff --git a/Zotlabs/Module/Pconfig.php b/Zotlabs/Module/Pconfig.php index b2b5d4386..8a71ab974 100644 --- a/Zotlabs/Module/Pconfig.php +++ b/Zotlabs/Module/Pconfig.php @@ -8,16 +8,16 @@ use Zotlabs\Lib\Libsync; class Pconfig extends \Zotlabs\Web\Controller { function post() { - + if(! local_channel()) return; - - + + if($_SESSION['delegate']) return; - + check_form_security_token_redirectOnErr('/pconfig', 'pconfig'); - + $cat = trim(escape_tags($_POST['cat'])); $k = trim(escape_tags($_POST['k'])); $v = trim($_POST['v']); @@ -27,16 +27,16 @@ class Pconfig extends \Zotlabs\Web\Controller { if (preg_match('|^a:[0-9]+:{.*}$|s',$v) || preg_match('|O:8:"stdClass":[0-9]+:{.*}$|s',$v)) { return; } - + if(in_array(argv(2),$this->disallowed_pconfig())) { notice( t('This setting requires special processing and editing has been blocked.') . EOL); return; } - + if(strpos($k,'password') !== false) { - $v = z_obscure($v); + $v = obscurify($v); } - + set_pconfig(local_channel(),$cat,$k,$v); Libsync::build_sync_packet(); @@ -46,24 +46,24 @@ class Pconfig extends \Zotlabs\Web\Controller { goaway(z_root() . '/pconfig/' . $cat . '/' . $k); } - - + + function get() { - + if(! local_channel()) { return login(); } - + $content = '<h3>' . t('Configuration Editor') . '</h3>'; $content .= '<div class="descriptive-paragraph">' . t('Warning: Changing some settings could render your channel inoperable. Please leave this page unless you are comfortable with and knowledgeable about how to correctly use this feature.') . '</div>' . EOL . EOL; - - - + + + if(argc() == 3) { $content .= '<a href="pconfig">pconfig[' . local_channel() . ']</a>' . EOL; $content .= '<a href="pconfig/' . escape_tags(argv(1)) . '">pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . ']</a>' . EOL . EOL; $content .= '<a href="pconfig/' . escape_tags(argv(1)) . '/' . escape_tags(argv(2)) . '" >pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . escape_tags(argv(2)) . ']</a> = ' . get_pconfig(local_channel(),escape_tags(argv(1)),escape_tags(argv(2))) . EOL; - + if(in_array(argv(2),$this->disallowed_pconfig())) { notice( t('This setting requires special processing and editing has been blocked.') . EOL); return $content; @@ -71,8 +71,8 @@ class Pconfig extends \Zotlabs\Web\Controller { else $content .= $this->pconfig_form(escape_tags(argv(1)),escape_tags(argv(2))); } - - + + if(argc() == 2) { $content .= '<a href="pconfig">pconfig[' . local_channel() . ']</a>' . EOL; load_pconfig(local_channel(),escape_tags(argv(1))); @@ -80,9 +80,9 @@ class Pconfig extends \Zotlabs\Web\Controller { $content .= '<a href="pconfig/' . escape_tags(argv(1)) . '/' . $k . '" >pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . $k . ']</a> = ' . escape_tags($x) . EOL; } } - + if(argc() == 1) { - + $r = q("select * from pconfig where uid = " . local_channel()); if($r) { foreach($r as $rr) { @@ -91,33 +91,33 @@ class Pconfig extends \Zotlabs\Web\Controller { } } return $content; - + } - - + + function pconfig_form($cat,$k) { - + $o = '<form action="pconfig" method="post" >'; $o .= '<input type="hidden" name="form_security_token" value="' . get_form_security_token('pconfig') . '" />'; - + $v = get_pconfig(local_channel(),$cat,$k); - if(strpos($k,'password') !== false) - $v = z_unobscure($v); - + if(strpos($k,'password') !== false) + $v = unobscurify($v); + $o .= '<input type="hidden" name="cat" value="' . $cat . '" />'; $o .= '<input type="hidden" name="k" value="' . $k . '" />'; - + if(strpos($v,"\n")) $o .= '<textarea name="v" >' . escape_tags($v) . '</textarea>'; else $o .= '<input type="text" name="v" value="' . escape_tags($v) . '" />'; - - $o .= EOL . EOL; + + $o .= EOL . EOL; $o .= '<input type="submit" name="submit" value="' . t('Submit') . '" />'; $o .= '</form>'; - + return $o; - + } @@ -127,5 +127,5 @@ class Pconfig extends \Zotlabs\Web\Controller { 'permissions_role' ); } - + } diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index ee360dac5..87697f5a7 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -180,7 +180,7 @@ class Photo extends \Zotlabs\Web\Controller { $channel = channelx_by_n($r[0]['uid']); // Now we'll see if we can access the photo - $e = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1", + $e = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution) ); diff --git a/Zotlabs/Module/Prate.php b/Zotlabs/Module/Prate.php index 2a8539ed0..8b71657b8 100644 --- a/Zotlabs/Module/Prate.php +++ b/Zotlabs/Module/Prate.php @@ -2,21 +2,23 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Crypto; + class Prate extends \Zotlabs\Web\Controller { function init() { if($_SERVER['REQUEST_METHOD'] === 'post') return; - + if(! local_channel()) return; - + $channel = \App::get_channel(); - + $target = argv(1); if(! $target) return; - + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc($target) @@ -25,34 +27,34 @@ class Prate extends \Zotlabs\Web\Controller { json_return_and_die(array('rating' => $r[0]['xlink_rating'],'rating_text' => $r[0]['xlink_rating_text'])); killme(); } - + function post() { - + if(! local_channel()) return; - + $channel = \App::get_channel(); - + $target = trim($_REQUEST['target']); if(! $target) return; - + if($target === $channel['channel_hash']) return; - + $rating = intval($_POST['rating']); if($rating < (-10)) $rating = (-10); if($rating > 10) $rating = 10; - + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); - + $signed = $target . '.' . $rating . '.' . $rating_text; - - $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); - - + + $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey'])); + + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($target) @@ -87,19 +89,19 @@ class Prate extends \Zotlabs\Web\Controller { if($record) { \Zotlabs\Daemon\Master::Summon(array('Ratenotif','rating',$record)); } - + json_return_and_die(array('result' => true));; } - - - - - - - - - - - - + + + + + + + + + + + + } diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php index d338b08ea..3bc4dac72 100644 --- a/Zotlabs/Module/Probe.php +++ b/Zotlabs/Module/Probe.php @@ -3,6 +3,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Lib\Apps; +use Zotlabs\Lib\Crypto; require_once('include/zot.php'); @@ -24,18 +25,18 @@ class Probe extends \Zotlabs\Web\Controller { nav_set_selected('Remote Diagnostics'); $o .= '<h3>Remote Diagnostics</h3>'; - + $o .= '<form action="probe" method="get">'; $o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" />'; - $o .= '<input type="submit" name="submit" value="Submit" /></form>'; - + $o .= '<input type="submit" name="submit" value="Submit" /></form>'; + $o .= '<br /><br />'; - + if(x($_GET,'addr')) { $channel = App::get_channel(); $addr = trim($_GET['addr']); $do_import = ((intval($_GET['import']) && is_site_admin()) ? true : false); - + $j = \Zotlabs\Zot\Finger::run($addr,$channel,false); $o .= '<pre>'; @@ -43,17 +44,17 @@ class Probe extends \Zotlabs\Web\Controller { $o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n"; $j = \Zotlabs\Zot\Finger::run($addr,$channel,true); if(! $j['success']) { - return $o; + return $o; } } if($do_import && $j) $x = import_xchan($j); if($j && $j['permissions'] && $j['permissions']['iv']) - $j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'],$channel['channel_prvkey']),true); + $j['permissions'] = json_decode(Crypto::unencapsulate($j['permissions'],$channel['channel_prvkey']),true); $o .= str_replace("\n",'<br />',print_r($j,true)); $o .= '</pre>'; } return $o; } - + } diff --git a/Zotlabs/Module/Profile.php b/Zotlabs/Module/Profile.php index 118f11f64..bcc7ad930 100644 --- a/Zotlabs/Module/Profile.php +++ b/Zotlabs/Module/Profile.php @@ -29,26 +29,28 @@ class Profile extends Controller { return; } - $profile = ''; - $channel = App::get_channel(); - - if (!$channel) - http_status_exit(404, 'Not found'); - if (ActivityStreams::is_as_request()) { + $channel = channelx_by_nick($which); + if (!$channel) { + http_status_exit(404, 'Not found'); + } + $p = Activity::encode_person($channel, true); as_return_and_die(['type' => 'Profile', 'describes' => $p], $channel); } - nav_set_selected('Profile'); + $profile = ''; if ((local_channel()) && (argc() > 2) && (argv(2) === 'view')) { + $channel = App::get_channel(); $which = $channel['channel_address']; $profile = argv(1); - $r = q("select profile_guid from profile where id = %d and uid = %d limit 1", + + $r = q("select profile_guid from profile where id = %d and uid = %d limit 1", intval($profile), intval(local_channel()) ); + if (!$r) $profile = ''; $profile = $r[0]['profile_guid']; @@ -80,7 +82,6 @@ class Profile extends Controller { profile_load($which, $profile); - } function get() { @@ -89,11 +90,10 @@ class Profile extends Controller { return login(); } - $groups = []; - + nav_set_selected('Profile'); - $tab = 'profile'; - $o = ''; + $groups = []; + $o = ''; if (!(perm_is_allowed(App::$profile['profile_uid'], get_observer_hash(), 'view_profile'))) { notice(t('Permission denied.') . EOL); diff --git a/Zotlabs/Module/Profiles.php b/Zotlabs/Module/Profiles.php index ca6ab435f..9aa342223 100644 --- a/Zotlabs/Module/Profiles.php +++ b/Zotlabs/Module/Profiles.php @@ -749,7 +749,7 @@ class Profiles extends \Zotlabs\Web\Controller { '$default' => t('This is your default profile.') . EOL . translate_scope(map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_profile'))), '$advanced' => $advanced, '$name' => array('name', t('Your full name'), $r[0]['fullname'], t('Required'), '*'), - '$pdesc' => array('pdesc', t('Short title/tescription'), $r[0]['pdesc'], t('Maximal 190 characters'), '', 'maxlength="190"'), + '$pdesc' => array('pdesc', t('Short title/description'), $r[0]['pdesc'], t('Maximal 190 characters'), '', 'maxlength="190"'), '$dob' => dob($r[0]['dob']), '$hide_friends' => $hide_friends, '$address' => array('address', t('Street address'), $r[0]['address']), diff --git a/Zotlabs/Module/Rate.php b/Zotlabs/Module/Rate.php index c03aaa54f..d29c370fc 100644 --- a/Zotlabs/Module/Rate.php +++ b/Zotlabs/Module/Rate.php @@ -3,21 +3,23 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Crypto; + class Rate extends \Zotlabs\Web\Controller { function init() { - + if(! local_channel()) return; - + $channel = \App::get_channel(); - + $target = $_REQUEST['target']; if(! $target) return; - + \App::$data['target'] = $target; - + if($target) { $r = q("SELECT * FROM xchan where xchan_hash like '%s' LIMIT 1", dbesc($target) @@ -36,43 +38,43 @@ class Rate extends \Zotlabs\Web\Controller { } } } - - + + return; - + } - - + + function post() { - + if(! local_channel()) return; - + if(! \App::$data['target']) return; - + if(! $_REQUEST['execute']) return; - + $channel = \App::get_channel(); - + $rating = intval($_POST['rating']); if($rating < (-10)) $rating = (-10); if($rating > 10) $rating = 10; - + $rating_text = trim(escape_tags($_REQUEST['rating_text'])); - + $signed = \App::$data['target'] . '.' . $rating . '.' . $rating_text; - - $sig = base64url_encode(rsa_sign($signed,$channel['channel_prvkey'])); - + + $sig = base64url_encode(Crypto::sign($signed,$channel['channel_prvkey'])); + $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc(\App::$data['target']) ); - + if($z) { $record = $z[0]['xlink_id']; $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' @@ -100,39 +102,39 @@ class Rate extends \Zotlabs\Web\Controller { if($z) $record = $z[0]['xlink_id']; } - + if($record) { \Zotlabs\Daemon\Master::Summon(array('Ratenotif','rating',$record)); } - + } - + function get() { - + if(! local_channel()) { notice( t('Permission denied.') . EOL); return; } - + // if(! \App::$data['target']) { // notice( t('No recipients.') . EOL); // return; // } - + $rating_enabled = get_config('system','rating_enabled'); if(! $rating_enabled) { notice('Ratings are disabled on this site.'); return; } - + $channel = \App::get_channel(); - + $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc(\App::$data['target']) ); if($r) { - \App::$data['xlink'] = $r[0]; + \App::$data['xlink'] = $r[0]; $rating_val = $r[0]['xlink_rating']; $rating_text = $r[0]['xlink_rating_text']; } @@ -140,7 +142,7 @@ class Rate extends \Zotlabs\Web\Controller { $rating_val = 0; $rating_text = ''; } - + if($rating_enabled) { $rating = replace_macros(get_markup_template('rating_slider.tpl'),array( '$min' => -10, @@ -150,7 +152,7 @@ class Rate extends \Zotlabs\Web\Controller { else { $rating = false; } - + $o = replace_macros(get_markup_template('rating_form.tpl'),array( '$header' => t('Rating'), '$website' => t('Website:'), @@ -165,8 +167,8 @@ class Rate extends \Zotlabs\Web\Controller { '$slide' => $slide, '$submit' => t('Submit') )); - + return $o; - + } } diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index eeeff9613..73dfa0816 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -14,7 +14,6 @@ class Search extends Controller { App::$data['search'] = escape_tags($_REQUEST['search']); } - function get($update = 0, $load = false) { if ((get_config('system', 'block_public')) || (get_config('system', 'block_public_search'))) { @@ -102,7 +101,7 @@ class Search extends Controller { } // look for a naked webbie - if (strpos($search, '@') !== false) { + if (strpos($search,'@') !== false && strpos($search,'http') !== 0) { goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search); } @@ -194,7 +193,7 @@ class Search extends Controller { if (local_channel()) { $r = q("SELECT mid, MAX(id) as item_id from item - WHERE ((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) + WHERE ((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 ) OR ( item.uid = %d )) OR item.owner_xchan = '%s' ) $item_normal $sql_extra @@ -210,7 +209,7 @@ class Search extends Controller { and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK | PERMS_PUBLIC) : PERMS_PUBLIC) . " )) $pub_sql ) OR owner_xchan = '%s') $item_normal - $sql_extra + $sql_extra group by mid, created order by created desc $pager_sql", dbesc($sys['xchan_hash']) ); diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index 541e4fa21..ca8c19600 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -63,15 +63,15 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 3: - $dbhost = trim($_POST['dbhost']); - $dbport = intval(trim($_POST['dbport'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : ''); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); // $siteurl should not have a trailing slash @@ -88,16 +88,16 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 4: - $dbhost = trim($_POST['dbhost']); - $dbport = intval(trim($_POST['dbport'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $timezone = trim($_POST['timezone']); - $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : ''); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); if($siteurl != z_root()) { $test = z_fetch_url($siteurl."/setup/testrewrite"); @@ -108,12 +108,14 @@ class Setup extends \Zotlabs\Web\Controller { } } - if(! \DBA::$dba->connected) { + $db = null; + + if(! isset(\DBA::$dba->connected)) { // connect to db $db = \DBA::dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); } - if(! \DBA::$dba->connected) { + if(! isset(\DBA::$dba->connected)) { echo 'CRITICAL: DB not connected.'; killme(); } @@ -126,7 +128,7 @@ class Setup extends \Zotlabs\Web\Controller { '$dbpass' => $dbpass, '$dbdata' => $dbdata, '$dbtype' => $dbtype, - '$server_role' => 'pro', + '$server_role' => '', '$timezone' => $timezone, '$siteurl' => $siteurl, '$site_id' => random_string(), @@ -267,14 +269,14 @@ class Setup extends \Zotlabs\Web\Controller { case 2: { // Database config - $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1'); - $dbuser = trim($_POST['dbuser']); - $dbport = intval(trim($_POST['dbport'])); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $adminmail = trim($_POST['adminmail']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1'); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); $tpl = get_markup_template('install_db.tpl'); $o .= replace_macros($tpl, array( @@ -307,17 +309,17 @@ class Setup extends \Zotlabs\Web\Controller { }; break; case 3: { // Site settings require_once('include/datetime.php'); - $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1'); - $dbport = intval(trim($_POST['dbuser'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - - $adminmail = trim($_POST['adminmail']); - $timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles'); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1'); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : 'America/Los_Angeles'); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); $tpl = get_markup_template('install_settings.tpl'); $o .= replace_macros($tpl, array( diff --git a/Zotlabs/Module/Sse.php b/Zotlabs/Module/Sse.php index 46b4a8d87..8bea65207 100644 --- a/Zotlabs/Module/Sse.php +++ b/Zotlabs/Module/Sse.php @@ -47,7 +47,6 @@ class Sse extends Controller { self::$vnotify = get_pconfig(self::$uid, 'system', 'vnotify'); - $sys = get_sys_channel(); $sleep_seconds = 3; self::$sse_enabled = get_config('system', 'sse_enabled', 0); diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 396e07001..c7580971e 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -6,6 +6,7 @@ use App; use Zotlabs\Lib\Apps; use Zotlabs\Web\Controller; use Zotlabs\Lib\Enotify; +use Zotlabs\Lib\XConfig; class Sse_bs extends Controller { @@ -101,12 +102,13 @@ class Sse_bs extends Controller { self::bs_files(), self::bs_mail(), self::bs_all_events(), - self::bs_register() + self::bs_register(), + self::bs_info_notice() ); - set_xconfig(self::$ob_hash, 'sse', 'timestamp', datetime_convert()); - set_xconfig(self::$ob_hash, 'sse', 'notifications', []); // reset the cache - set_xconfig(self::$ob_hash, 'sse', 'language', App::$language); + XConfig::Set(self::$ob_hash, 'sse', 'notifications', []); + XConfig::Set(self::$ob_hash, 'sse', 'timestamp', datetime_convert()); + XConfig::Set(self::$ob_hash, 'sse', 'language', App::$language); json_return_and_die($result); } @@ -181,7 +183,10 @@ class Sse_bs extends Controller { $result['network']['offset'] = ((count($items) == $limit) ? intval($offset + $limit) : -1); xchan_query($items); foreach($items as $item) { - $result['network']['notifications'][] = Enotify::format($item); + $parsed = Enotify::format($item); + if($parsed) { + $result['network']['notifications'][] = $parsed; + } } } else { @@ -250,7 +255,10 @@ class Sse_bs extends Controller { $result['dm']['offset'] = ((count($items) == $limit) ? intval($offset + $limit) : -1); xchan_query($items); foreach($items as $item) { - $result['dm']['notifications'][] = Enotify::format($item); + $parsed = Enotify::format($item); + if($parsed) { + $result['dm']['notifications'][] = $parsed; + } } } else { @@ -319,7 +327,10 @@ class Sse_bs extends Controller { $result['home']['offset'] = ((count($items) == $limit) ? intval($offset + $limit) : -1); xchan_query($items); foreach($items as $item) { - $result['home']['notifications'][] = Enotify::format($item); + $parsed = Enotify::format($item); + if($parsed) { + $result['home']['notifications'][] = $parsed; + } } } else { @@ -400,7 +411,10 @@ class Sse_bs extends Controller { $result['pubs']['offset'] = ((count($items) == $limit) ? intval($offset + $limit) : -1); xchan_query($items); foreach($items as $item) { - $result['pubs']['notifications'][] = Enotify::format($item); + $parsed = Enotify::format($item); + if($parsed) { + $result['pubs']['notifications'][] = $parsed; + } } } else { @@ -592,7 +606,10 @@ class Sse_bs extends Controller { if($r) { xchan_query($r); foreach($r as $rr) { - $result['files']['notifications'][] = Enotify::format($rr); + $parsed = Enotify::format($rr); + if($parsed) { + $result['files']['notifications'][] = $parsed; + } } $result['files']['count'] = count($r); } @@ -688,4 +705,22 @@ class Sse_bs extends Controller { } + function bs_info_notice() { + + $result['notice']['notifications'] = []; + $result['info']['notifications'] = []; + + $r = XConfig::Get(self::$ob_hash, 'sse', 'notifications', []); + + if(isset($r['notice'])) + $result['notice']['notifications'] = $r['notice']['notifications']; + + if(isset($r['info'])) + $result['info']['notifications'] = $r['info']['notifications']; + + return $result; + + } + + } diff --git a/Zotlabs/Module/Subthread.php b/Zotlabs/Module/Subthread.php index 30e57197d..a796d85cb 100644 --- a/Zotlabs/Module/Subthread.php +++ b/Zotlabs/Module/Subthread.php @@ -1,6 +1,9 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Activity; + + require_once('include/security.php'); require_once('include/bbcode.php'); require_once('include/items.php'); @@ -10,22 +13,22 @@ require_once('include/items.php'); class Subthread extends \Zotlabs\Web\Controller { function get() { - + if(! local_channel()) { return; } - + $sys = get_sys_channel(); $channel = \App::get_channel(); $item_id = ((argc() > 2) ? notags(trim(argv(2))) : 0); - + if(argv(1) === 'sub') $activity = ACTIVITY_FOLLOW; elseif(argv(1) === 'unsub') $activity = ACTIVITY_UNFOLLOW; - - + + $i = q("select * from item where id = %d and uid = %d", intval($item_id), intval(local_channel()) @@ -42,7 +45,7 @@ class Subthread extends \Zotlabs\Web\Controller { $item_id = (($i) ? $i[0]['id'] : 0); } } - + if(! $i) { return; } @@ -56,37 +59,37 @@ class Subthread extends \Zotlabs\Web\Controller { dbesc($r[0]['parent']) ); } - + if((! $item_id) || (! $r)) { logger('subthread: no item ' . $item_id); return; } - + $item = $r[0]; - + $owner_uid = $item['uid']; $observer = \App::get_observer(); $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + if(! perm_is_allowed($owner_uid,$ob_hash,'post_comments')) return; - + $sys = get_sys_channel(); - + $owner_uid = $item['uid']; $owner_aid = $item['aid']; - + // if this is a "discover" item, (item['uid'] is the sys channel), // fallback to the item comment policy, which should've been // respected when generating the conversation thread. // Even if the activity is rejected by the item owner, it should still get attached - // to the local discover conversation on this site. - + // to the local discover conversation on this site. + if(($owner_uid != $sys['channel_id']) && (! perm_is_allowed($owner_uid,$observer['xchan_hash'],'post_comments'))) { notice( t('Permission denied') . EOL); killme(); } - + $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['owner_xchan']) ); @@ -94,7 +97,7 @@ class Subthread extends \Zotlabs\Web\Controller { $thread_owner = $r[0]; else killme(); - + $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan']) ); @@ -102,50 +105,32 @@ class Subthread extends \Zotlabs\Web\Controller { $item_author = $r[0]; else killme(); - - - - + + + + $uuid = item_message_id(); $mid = z_root() . '/item/' . $uuid; $post_type = (($item['resource_type'] === 'photo') ? t('photo') : t('status')); - + $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink'])); - $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); - + $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + $body = $item['body']; - - $obj = json_encode(array( - 'type' => $objtype, - 'id' => $item['mid'], - 'parent' => (($item['thr_parent']) ? $item['thr_parent'] : $item['parent_mid']), - 'link' => $links, - 'title' => $item['title'], - 'content' => $item['body'], - 'created' => $item['created'], - 'edited' => $item['edited'], - 'author' => array( - 'name' => $item_author['xchan_name'], - 'address' => $item_author['xchan_addr'], - 'guid' => $item_author['xchan_guid'], - 'guid_sig' => $item_author['xchan_guid_sig'], - 'link' => array( - array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item_author['xchan_url']), - array('rel' => 'photo', 'type' => $item_author['xchan_photo_mimetype'], 'href' => $item_author['xchan_photo_m'])), - ), - )); - + + $obj = Activity::fetch_item( [ 'id' => $item['mid'] ] ); + if(! intval($item['item_thread_top'])) - $post_type = 'comment'; - + $post_type = 'comment'; + if($activity === ACTIVITY_FOLLOW) $bodyverb = t('%1$s is following %2$s\'s %3$s'); if($activity === ACTIVITY_UNFOLLOW) $bodyverb = t('%1$s stopped following %2$s\'s %3$s'); - + $arr = array(); - + $arr['uuid'] = $uuid; $arr['mid'] = $mid; $arr['aid'] = $owner_aid; @@ -161,35 +146,35 @@ class Subthread extends \Zotlabs\Web\Controller { $arr['item_wall'] = 1; else $arr['item_wall'] = 0; - + $ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]'; $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]'; - + $arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink ); - + $arr['verb'] = $activity; $arr['obj_type'] = $objtype; - $arr['obj'] = $obj; - + $arr['obj'] = json_encode($obj); + $arr['allow_cid'] = $item['allow_cid']; $arr['allow_gid'] = $item['allow_gid']; $arr['deny_cid'] = $item['deny_cid']; $arr['deny_gid'] = $item['deny_gid']; - - $post = item_store($arr); + + $post = item_store($arr); $post_id = $post['item_id']; - + $arr['id'] = $post_id; - + call_hooks('post_local_end', $arr); - + killme(); - - + + } - - - - + + + + } diff --git a/Zotlabs/Module/Suggest.php b/Zotlabs/Module/Suggest.php index 18961214e..0ed6ea8d7 100644 --- a/Zotlabs/Module/Suggest.php +++ b/Zotlabs/Module/Suggest.php @@ -15,17 +15,17 @@ class Suggest extends \Zotlabs\Web\Controller { if(! Apps::system_app_installed(local_channel(), 'Suggest Channels')) return; - + if(x($_GET,'ignore')) { q("insert into xign ( uid, xchan ) values ( %d, '%s' ) ", intval(local_channel()), dbesc($_GET['ignore']) ); } - + } - - + + function get() { if(! local_channel()) { @@ -45,22 +45,22 @@ class Suggest extends \Zotlabs\Web\Controller { $o = ''; nav_set_selected('Suggest Channels'); - + $_SESSION['return_url'] = z_root() . '/' . \App::$cmd; - + $r = suggestion_query(local_channel(),get_observer_hash()); - + if(! $r) { info( t('No suggestions available. If this is a new site, please try again in 24 hours.')); return; } - + $arr = array(); - + foreach($r as $rr) { - - $connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr']; - + + $connlnk = z_root() . '/follow?f=&url=' . $rr['xchan_addr']; + $arr[] = array( 'url' => chanlink_url($rr['xchan_url']), 'common' => $rr['total'], @@ -73,15 +73,15 @@ class Suggest extends \Zotlabs\Web\Controller { 'ignore' => t('Ignore/Hide') ); } - - + + $o = replace_macros(get_markup_template('suggest_page.tpl'),array( '$title' => t('Channel Suggestions'), '$entries' => $arr )); - + return $o; - + } - + } diff --git a/Zotlabs/Module/Uexport.php b/Zotlabs/Module/Uexport.php index 3d1587b87..55c316317 100644 --- a/Zotlabs/Module/Uexport.php +++ b/Zotlabs/Module/Uexport.php @@ -17,6 +17,7 @@ class Uexport extends Controller { if(argc() > 1) { $sections = (($_REQUEST['sections']) ? explode(',',$_REQUEST['sections']) : ''); + $zap_compat = (($_REQUEST['zap_compat']) ? intval($_REQUEST['zap_compat']) : false); $channel = App::get_channel(); @@ -32,12 +33,12 @@ class Uexport extends Controller { header('content-disposition: attachment; filename="' . $channel['channel_address'] . (($year) ? '-' . $year : '') . (($month) ? '-' . $month : '') . (($_REQUEST['sections']) ? '-' . $_REQUEST['sections'] : '') . '.json"' ); if($year) { - echo json_encode(identity_export_year(local_channel(),$year,$month)); + echo json_encode(identity_export_year(local_channel(),$year,$month, $zap_compat)); killme(); } if(argc() > 1 && argv(1) === 'basic') { - echo json_encode(identity_basic_export(local_channel(),$sections)); + echo json_encode(identity_basic_export(local_channel(),$sections, $zap_compat)); killme(); } @@ -46,7 +47,7 @@ class Uexport extends Controller { if(argc() > 1 && argv(1) === 'complete') { $sections = get_default_export_sections(); $sections[] = 'items'; - echo json_encode(identity_basic_export(local_channel(),$sections)); + echo json_encode(identity_basic_export(local_channel(),$sections, $zap_compat)); killme(); } } diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index d24a31a15..6f2864615 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -3,34 +3,35 @@ namespace Zotlabs\Module; require_once('include/zot.php'); +use Zotlabs\Lib\Keyutils; use Zotlabs\Lib\Libzot; class Wfinger extends \Zotlabs\Web\Controller { function init() { - + session_write_close(); $result = array(); - + $scheme = ''; - + if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS']) $scheme = 'https'; elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443)) $scheme = 'https'; - + $zot = intval($_REQUEST['zot']); - + if(($scheme !== 'https') && (! $zot)) { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 500 . ' ' . 'Webfinger requires HTTPS'); killme(); } - - + + $resource = $_REQUEST['resource']; logger('webfinger: ' . $resource,LOGGER_DEBUG); - + $root_resource = false; $pchan = false; @@ -39,9 +40,9 @@ class Wfinger extends \Zotlabs\Web\Controller { $root_resource = true; $r = null; - + if(($resource) && (! $root_resource)) { - + if(strpos($resource,'acct:') === 0) { $channel = str_replace('acct:','',$resource); if(substr($channel,0,1) === '@' && strpos(substr($channel,1),'@')) { @@ -56,12 +57,12 @@ class Wfinger extends \Zotlabs\Web\Controller { goaway('https://' . $host . '/.well-known/webfinger?f=&resource=' . $resource . (($zot) ? '&zot=' . $zot : '')); } $channel = substr($channel,0,strpos($channel,'@')); - } + } } if(strpos($resource,'http') === 0) { $channel = str_replace('~','',basename($resource)); } - + if(substr($channel,0,1) === '[' ) { $channel = substr($channel,1); $channel = substr($channel,0,-1); @@ -74,16 +75,16 @@ class Wfinger extends \Zotlabs\Web\Controller { $r[0] = pchan_to_chan($r[0]); } } - else { + else { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc($channel) ); } } - + header('Access-Control-Allow-Origin: *'); - + if($root_resource) { $result['subject'] = $resource; @@ -100,52 +101,52 @@ class Wfinger extends \Zotlabs\Web\Controller { - + } if($resource && $r) { - + $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", dbesc($r[0]['channel_hash']) ); - + $result['subject'] = $resource; - + $aliases = array( z_root() . (($pchan) ? '/pchan/' : '/channel/') . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address'], z_root() . '/@' . $r[0]['channel_address'] ); - + if($h) { foreach($h as $hh) { $aliases[] = 'acct:' . $hh['hubloc_addr']; } } - + $result['aliases'] = []; - + $result['properties'] = [ 'http://webfinger.net/ns/name' => $r[0]['channel_name'], 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'], 'http://purl.org/zot/federation' => 'zot6,zot' ]; - - foreach($aliases as $alias) + + foreach($aliases as $alias) if($alias != $resource) $result['aliases'][] = $alias; - + if($pchan) { $result['links'] = [ - + [ 'rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], 'href' => $r[0]['xchan_photo_l'] ], - + [ 'rel' => 'http://webfinger.net/rel/profile-page', 'href' => $r[0]['xchan_url'], @@ -153,7 +154,7 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'magic-public-key', - 'href' => 'data:application/magic-public-key,' . salmon_key($r[0]['channel_pubkey']), + 'href' => 'data:application/magic-public-key,' . Keyutils::salmonKey($r[0]['channel_pubkey']), ] ]; @@ -167,13 +168,13 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], - 'href' => $r[0]['xchan_photo_l'] + 'href' => $r[0]['xchan_photo_l'] ], [ 'rel' => 'http://microformats.org/profile/hcard', 'type' => 'text/html', - 'href' => z_root() . '/hcard/' . $r[0]['channel_address'] + 'href' => z_root() . '/hcard/' . $r[0]['channel_address'] ], [ @@ -187,8 +188,8 @@ class Wfinger extends \Zotlabs\Web\Controller { ], [ - 'rel' => 'http://schemas.google.com/g/2010#updates-from', - 'type' => 'application/atom+xml', + 'rel' => 'http://schemas.google.com/g/2010#updates-from', + 'type' => 'application/atom+xml', 'href' => z_root() . '/ofeed/' . $r[0]['channel_address'] ], @@ -221,7 +222,7 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'magic-public-key', - 'href' => 'data:application/magic-public-key,' . salmon_key($r[0]['channel_pubkey']), + 'href' => 'data:application/magic-public-key,' . Keyutils::salmonKey($r[0]['channel_pubkey']), ] ]; } @@ -236,12 +237,12 @@ class Wfinger extends \Zotlabs\Web\Controller { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request'); killme(); } - + $arr = [ 'channel' => $r[0], 'pchan' => $pchan, 'request' => $_REQUEST, 'result' => $result ]; call_hooks('webfinger',$arr); json_return_and_die($arr['result'],'application/jrd+json'); - + } - + } diff --git a/Zotlabs/Module/Xrd.php b/Zotlabs/Module/Xrd.php index 959e31cbe..21574eb8d 100644 --- a/Zotlabs/Module/Xrd.php +++ b/Zotlabs/Module/Xrd.php @@ -1,19 +1,21 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Keyutils; + require_once('include/crypto.php'); class Xrd extends \Zotlabs\Web\Controller { function init() { - + $uri = urldecode(notags(trim($_GET['uri']))); $subject = $uri; logger('xrd: ' . $uri,LOGGER_DEBUG); - + $resource = $uri; - + if(substr($uri,0,4) === 'http') { $uri = str_replace('~','',$uri); $name = basename($uri); @@ -22,29 +24,29 @@ class Xrd extends \Zotlabs\Web\Controller { $local = str_replace('acct:', '', $uri); if(substr($local,0,2) == '//') $local = substr($local,2); - + $name = substr($local,0,strpos($local,'@')); } - + $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name) ); - if(! $r) + if(! $r) killme(); - - $salmon_key = salmon_key($r[0]['channel_pubkey']); - + + $salmon_key = Keyutils::salmonKey($r[0]['channel_pubkey']); + header('Access-Control-Allow-Origin: *'); header("Content-type: application/xrd+xml"); - - + + $aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']); - + for($x = 0; $x < count($aliases); $x ++) { if($aliases[$x] === $resource) unset($aliases[$x]); } - + $o = replace_macros(get_markup_template('xrd_person.tpl'), array( '$nick' => $r[0]['channel_address'], '$accturi' => $resource, @@ -60,14 +62,14 @@ class Xrd extends \Zotlabs\Web\Controller { '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?f=&url={uri}', )); - - + + $arr = array('user' => $r[0], 'xml' => $o); call_hooks('personal_xrd', $arr); - + echo $arr['xml']; killme(); - + } - + } diff --git a/Zotlabs/Module/Zotfeed.php b/Zotlabs/Module/Zotfeed.php index 2566924aa..e47367036 100644 --- a/Zotlabs/Module/Zotfeed.php +++ b/Zotlabs/Module/Zotfeed.php @@ -19,7 +19,7 @@ class Zotfeed extends Controller { killme(); } - $channel = ((argv(1)) ? channelx_by_nick(argv(1)) : get_sys_channel()); + $channel = channelx_by_nick(argv(1)); if (!$channel) { killme(); } @@ -120,45 +120,5 @@ class Zotfeed extends Controller { as_return_and_die($ret, $channel); } - - /* - $result = array('success' => false); - - $mindate = (($_REQUEST['mindate']) ? datetime_convert('UTC','UTC',$_REQUEST['mindate']) : ''); - if(! $mindate) - $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); - - if(observer_prohibited()) { - $result['message'] = 'Public access denied'; - json_return_and_die($result); - } - - $observer = App::get_observer(); - - logger('observer: ' . get_observer_hash(), LOGGER_DEBUG); - - $channel_address = ((argc() > 1) ? argv(1) : ''); - if($channel_address) { - $r = q("select channel_id, channel_name from channel where channel_address = '%s' and channel_removed = 0 limit 1", - dbesc(argv(1)) - ); - } - else { - $x = get_sys_channel(); - if($x) - $r = array($x); - $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); - } - if(! $r) { - $result['message'] = 'Channel not found.'; - json_return_and_die($result); - } - - logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); - $result['project'] = 'Hubzilla'; - $result['messages'] = zot_feed($r[0]['channel_id'],$observer['xchan_hash'],array('mindate' => $mindate)); - $result['success'] = true; - json_return_and_die($result); - */ } } diff --git a/Zotlabs/Render/SmartyInterface.php b/Zotlabs/Render/SmartyInterface.php index a40effecf..d80ea3f3a 100644 --- a/Zotlabs/Render/SmartyInterface.php +++ b/Zotlabs/Render/SmartyInterface.php @@ -35,7 +35,7 @@ class SmartyInterface extends Smarty { $this->right_delimiter = App::get_template_rdelim('smarty3'); // Don't report errors so verbosely - $this->error_reporting = E_ALL & (~E_NOTICE); + $this->error_reporting = E_ALL & ~E_WARNING & ~E_NOTICE; } function parsed($template = '') { diff --git a/Zotlabs/Update/_1242.php b/Zotlabs/Update/_1242.php new file mode 100644 index 000000000..c2c9a66d0 --- /dev/null +++ b/Zotlabs/Update/_1242.php @@ -0,0 +1,21 @@ +<?php + +namespace Zotlabs\Update; + +class _1242 { + + function run() { + $p = dbq("SELECT * FROM pconfig WHERE k LIKE '%password%'"); + foreach ($p as $pp) { + if ($pp['v'][0] === '{') { + $a = json_decode($pp['v'], true); + if (isset($a['encrypted'])) { + $v = crypto_unencapsulate($a, get_config('system', 'prvkey')); + set_pconfig($pp['uid'], $pp['cat'], $pp['k'], obscurify($v)); + } + } + } + return UPDATE_SUCCESS; + } + +}
\ No newline at end of file diff --git a/Zotlabs/Update/_1243.php b/Zotlabs/Update/_1243.php new file mode 100644 index 000000000..850cb1d6c --- /dev/null +++ b/Zotlabs/Update/_1243.php @@ -0,0 +1,17 @@ +<?php + +namespace Zotlabs\Update; + +class _1243 { + + function run() { + + $x = get_config('system','filesystem_storage_thumbnails'); + del_config('system','filesystem_storage_thumbnails'); + if ($x !== false) + set_config('system','photo_storage_type', intval($x)); + + return UPDATE_SUCCESS; + } + +} diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 7c3903682..35b18c763 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -3,8 +3,9 @@ namespace Zotlabs\Web; use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\Crypto; +use Zotlabs\Lib\Keyutils; use Zotlabs\Lib\Webfinger; -use Zotlabs\Web\HTTPHeaders; use Zotlabs\Lib\Libzot; /** @@ -157,7 +158,7 @@ class HTTPSig { return $result; } - $x = rsa_verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm); + $x = Crypto::verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm); logger('verified: ' . $x, LOGGER_DEBUG); @@ -171,7 +172,7 @@ class HTTPSig { $fetched_key = self::get_key($key,$keytype,$result['signer'],true); if ($fetched_key && $fetched_key['public_key']) { - $y = rsa_verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm); + $y = Crypto::verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm); logger('verified: (cache reload) ' . $x, LOGGER_DEBUG); } @@ -249,10 +250,10 @@ class HTTPSig { static function convertKey($key) { if(strstr($key,'RSA ')) { - return rsatopem($key); + return Keyutils::rsaToPem($key); } elseif(substr($key,0,5) === 'data:') { - return convert_salmon_key($key); + return Keyutils::convertSalmonKey($key); } else { return $key; @@ -417,7 +418,7 @@ class HTTPSig { $headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; if($encryption) { - $x = crypto_encapsulate($headerval,$encryption['key'],$encryption['algorithm']); + $x = Crypto::encapsulate($headerval,$encryption['key'],$encryption['algorithm']); if(is_array($x)) { $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"'; } @@ -491,7 +492,7 @@ class HTTPSig { $headers = rtrim($headers,"\n"); } - $sig = base64_encode(rsa_sign($headers,$prvkey,$alg)); + $sig = base64_encode(Crypto::sign($headers,$prvkey,$alg)); $ret['headers'] = $fields; $ret['signature'] = $sig; @@ -567,7 +568,7 @@ class HTTPSig { $data = $matches[1]; if($iv && $key && $alg && $data) { - return crypto_unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey); + return Crypto::unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey); } return ''; diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index 96bf131b8..a6a841ccb 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -2,6 +2,7 @@ namespace Zotlabs\Web; +use App; use Zotlabs\Extend\Route; use Exception; @@ -43,7 +44,7 @@ class Router { */ function __construct() { - $module = \App::$module; + $module = App::$module; $modname = "Zotlabs\\Module\\" . ucfirst($module); if(strlen($module)) { @@ -60,7 +61,7 @@ class Router { include_once($route[0]); if(class_exists($modname)) { $this->controller = new $modname; - \App::$module_loaded = true; + App::$module_loaded = true; } } } @@ -68,15 +69,15 @@ class Router { // legacy plugins - this can be removed when they have all been converted - if(! (\App::$module_loaded)) { - if(is_array(\App::$plugins) && in_array($module,\App::$plugins) && file_exists("addon/{$module}/{$module}.php")) { + if(! (App::$module_loaded)) { + if(is_array(App::$plugins) && in_array($module, App::$plugins) && file_exists("addon/{$module}/{$module}.php")) { include_once("addon/{$module}/{$module}.php"); if(class_exists($modname)) { $this->controller = new $modname; - \App::$module_loaded = true; + App::$module_loaded = true; } elseif(function_exists($module . '_module')) { - \App::$module_loaded = true; + App::$module_loaded = true; } } } @@ -86,40 +87,40 @@ class Router { * Otherwise, look for the standard program module */ - if(! (\App::$module_loaded)) { + if(! (App::$module_loaded)) { try { $filename = 'Zotlabs/SiteModule/'. ucfirst($module). '.php'; if(file_exists($filename)) { // This won't be picked up by the autoloader, so load it explicitly require_once($filename); $this->controller = new $modname; - \App::$module_loaded = true; + App::$module_loaded = true; } else { $filename = 'Zotlabs/Module/'. ucfirst($module). '.php'; if(file_exists($filename)) { $this->controller = new $modname; - \App::$module_loaded = true; + App::$module_loaded = true; } } - if(! \App::$module_loaded) - throw new \Exception('Module not found'); + if(! App::$module_loaded) + throw new Exception('Module not found'); } - catch(\Exception $e) { + catch(Exception $e) { if(file_exists("mod/site/{$module}.php")) { include_once("mod/site/{$module}.php"); - \App::$module_loaded = true; + App::$module_loaded = true; } elseif(file_exists("mod/{$module}.php")) { include_once("mod/{$module}.php"); - \App::$module_loaded = true; + App::$module_loaded = true; } } } $x = [ 'module' => $module, - 'installed' => \App::$module_loaded, + 'installed' => App::$module_loaded, 'controller' => $this->controller ]; /** @@ -136,7 +137,7 @@ class Router { */ call_hooks('module_loaded', $x); if($x['installed']) { - \App::$module_loaded = true; + App::$module_loaded = true; $this->controller = $x['controller']; } @@ -144,7 +145,7 @@ class Router { * The URL provided does not resolve to a valid module. */ - if(! (\App::$module_loaded)) { + if(! (App::$module_loaded)) { // undo the setting of a letsencrypt acme-challenge rewrite rule // which blocks access to our .well-known routes. @@ -160,7 +161,7 @@ class Router { $x = [ 'module' => $module, - 'installed' => \App::$module_loaded, + 'installed' => App::$module_loaded, 'controller' => $this->controller ]; call_hooks('page_not_found',$x); @@ -181,14 +182,14 @@ class Router { header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found'); $tpl = get_markup_template('404.tpl'); - \App::$page['content'] = replace_macros($tpl, array( + App::$page['content'] = replace_macros($tpl, array( '$message' => t('Page not found.') )); // pretend this is a module so it will initialise the theme - \App::$module = '404'; - \App::$module_loaded = true; - \App::$error = true; + App::$module = '404'; + App::$module_loaded = true; + App::$error = true; } } } @@ -203,9 +204,9 @@ class Router { * Call module functions */ - if(\App::$module_loaded) { + if(App::$module_loaded) { - \App::$page['page_title'] = \App::$module; + App::$page['page_title'] = App::$module; $placeholder = ''; /* @@ -216,13 +217,13 @@ class Router { */ $arr = array('init' => true, 'replace' => false); - call_hooks(\App::$module . '_mod_init', $arr); + call_hooks(App::$module . '_mod_init', $arr); if(! $arr['replace']) { if($this->controller && method_exists($this->controller,'init')) { $this->controller->init(); } - elseif(function_exists(\App::$module . '_init')) { - $func = \App::$module . '_init'; + elseif(function_exists(App::$module . '_init')) { + $func = App::$module . '_init'; $func($a); } } @@ -258,41 +259,41 @@ class Router { $func = str_replace('-', '_', $current_theme[0]) . '_init'; $func($a); } - elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) { - require_once('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php'); - if(function_exists(str_replace('-', '_', \App::$theme_info['extends']) . '_init')) { - $func = str_replace('-', '_', \App::$theme_info['extends']) . '_init'; + elseif (x(App::$theme_info, 'extends') && file_exists('view/theme/' . App::$theme_info['extends'] . '/php/theme.php')) { + require_once('view/theme/' . App::$theme_info['extends'] . '/php/theme.php'); + if(function_exists(str_replace('-', '_', App::$theme_info['extends']) . '_init')) { + $func = str_replace('-', '_', App::$theme_info['extends']) . '_init'; $func($a); } } - if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error) && (! x($_POST, 'auth-params'))) { - call_hooks(\App::$module . '_mod_post', $_POST); + if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! App::$error) && (! x($_POST, 'auth-params'))) { + call_hooks(App::$module . '_mod_post', $_POST); if($this->controller && method_exists($this->controller,'post')) { $this->controller->post(); } - elseif(function_exists(\App::$module . '_post')) { - $func = \App::$module . '_post'; + elseif(function_exists(App::$module . '_post')) { + $func = App::$module . '_post'; $func($a); } } - if(! \App::$error) { - $arr = array('content' => \App::$page['content'], 'replace' => false); - call_hooks(\App::$module . '_mod_content', $arr); + if(! App::$error) { + $arr = array('content' => App::$page['content'], 'replace' => false); + call_hooks(App::$module . '_mod_content', $arr); if(! $arr['replace']) { if($this->controller && method_exists($this->controller,'get')) { $arr = array('content' => $this->controller->get()); } - elseif(function_exists(\App::$module . '_content')) { - $func = \App::$module . '_content'; + elseif(function_exists(App::$module . '_content')) { + $func = App::$module . '_content'; $arr = array('content' => $func($a)); } } - call_hooks(\App::$module . '_mod_aftercontent', $arr); - \App::$page['content'] = (($arr['replace']) ? $arr['content'] : \App::$page['content'] . $arr['content']); + call_hooks(App::$module . '_mod_aftercontent', $arr); + App::$page['content'] = ((isset($arr['replace'])) ? $arr['content'] : App::$page['content'] . $arr['content']); } } } diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index fe0a3fbf9..6f92a0319 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -29,34 +29,44 @@ class Session { /* * Set our session storage functions. */ - + if($this->custom_handler) { /* Custom handler (files, memached, redis..) */ $session_save_handler = strval(get_config('system', 'session_save_handler', Null)); $session_save_path = strval(get_config('system', 'session_save_path', Null)); - $session_gc_probability = intval(get_config('system', 'session_gc_probability', 1)); - $session_gc_divisor = intval(get_config('system', 'session_gc_divisor', 100)); - if(!$session_save_handler || !$session_save_path) { - logger('Session save handler or path not set.',LOGGER_NORMAL,LOG_ERR); + + if(is_null($session_save_handler) || is_null($session_save_path)) { + logger('Session save handler or path not set', LOGGER_NORMAL, LOG_ERR); } else { - ini_set('session.save_handler', $session_save_handler); - ini_set('session.save_path', $session_save_path); - ini_set('session.gc_probability', $session_gc_probability); - ini_set('session.gc_divisor', $session_gc_divisor); + // Check if custom sessions backend exists + $clsname = '\Zotlabs\Web\Session' . ucfirst(strtolower($session_save_handler)); + if (class_exists($clsname)) { + $handler = new $clsname($session_save_path); + } + else { + ini_set('session.save_handler', $session_save_handler); + ini_set('session.save_path', $session_save_path); + ini_set('session.gc_probability', intval(get_config('system', 'session_gc_probability', 1))); + ini_set('session.gc_divisor', intval(get_config('system', 'session_gc_divisor', 100))); + } } } else { - $handler = new \Zotlabs\Web\SessionHandler(); + $handler = new SessionHandler(); + } + + if (isset($handler)) { $this->handler = $handler; - $x = session_set_save_handler($handler,false); - if(! $x) - logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR); + $x = session_set_save_handler($handler, false); + if(! $x) + logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR); } + // Force cookies to be secure (https only) if this site is SSL enabled. // Must be done before session_start(). diff --git a/Zotlabs/Web/SessionRedis.php b/Zotlabs/Web/SessionRedis.php new file mode 100644 index 000000000..b4f5d54b3 --- /dev/null +++ b/Zotlabs/Web/SessionRedis.php @@ -0,0 +1,123 @@ +<?php + +namespace Zotlabs\Web; + + +class SessionRedis implements \SessionHandlerInterface { + + private $redis = null; + + + function __construct($connection) { + + $this->redis = new \Redis(); + + $credentials = parse_url($connection); + + try { + if (isset($credentials['path'])) + $this->redis->connect($credentials['path']); + else { + + if (isset($credentials['query'])) + $vars = parse_str($credentials['query']); + else + $vars = []; + + $this->redis->connect( + (isset($credentials['scheme']) ? $credentials['scheme'] . '://' : '') . $credentials['host'], + (isset($credentials['port']) ? $credentials['port'] : 6379), + (isset($vars['timeout']) ? $vars['timeout'] : 1), + null, + 0, + (isset($vars['read_timeout']) ? $vars['read_timeout'] : 0) + ); + + if (isset($vars['auth'])) + $this->redis->auth($vars['auth']); + } + } + catch(\RedisException $ex) { + logger('Error connecting to Redis: ' . $ex->getMessage()); + } + } + + + function open($s, $n) { + + return true; + } + + // IMPORTANT: if we read the session and it doesn't exist, create an empty record. + // We rely on this due to differing PHP implementation of session_regenerate_id() + // some which call read explicitly and some that do not. So we call it explicitly + // just after sid regeneration to force a record to exist. + + function read($id) { + + if ($id) { + $data = $this->redis->get($id); + + if ($data) + return $data; + else + $this->redis->setEx($id, 300, ''); + } + + return ''; + } + + + function write($id, $data) { + + // Pretend everything is hunky-dory, even though it isn't. + // There probably isn't anything we can do about it in any event. + // See: https://stackoverflow.com/a/43636110 + + if(! $id || ! $data) + return true; + + + // Unless we authenticate somehow, only keep a session for 5 minutes + // The viewer can extend this by performing any web action using the + // original cookie, but this allows us to cleanup the hundreds or + // thousands of empty sessions left around from web crawlers which are + // assigned cookies on each page that they never use. + + $expire = 300; + + if($_SESSION) { + if(array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me'])) + $expire = 60 * 60 * 24 * 365; + elseif(local_channel()) + $expire = 60 * 60 * 24 * 3; + elseif(remote_channel()) + $expire = 60 * 60 * 24 * 1; + } + + $this->redis->setEx($id, $expire, $data); + + return true; + } + + + function close() { + + return true; + } + + + function destroy ($id) { + + $this->redis->del($id); + + return true; + } + + + function gc($expire) { + + return true; + } + +} diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index ac792dd69..de0d5a883 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -112,7 +112,7 @@ class WebServer { // now that we've been through the module content, see if the page reported // a permission problem and if so, a 403 response would seem to be in order. - if(is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { + if(isset($_SESSION['sysmsg']) && is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.')); } @@ -137,9 +137,9 @@ class WebServer { private function create_channel_links() { - /* Initialise the Link: response header if this is a channel page. + /* Initialise the Link: response header if this is a channel page. * This cannot be done inside the channel module because some protocol - * addons over-ride the module functions and these links are common + * addons over-ride the module functions and these links are common * to all protocol drivers; thus doing it here avoids duplication. */ @@ -156,7 +156,7 @@ class WebServer { 'url' => z_root() . '/.well-known/webfinger?f=&resource=acct%3A' . argv(1) . '%40' . \App::get_hostname() ], ]; - $x = [ 'channel_address' => argv(1), 'channel_links' => \App::$channel_links ]; + $x = [ 'channel_address' => argv(1), 'channel_links' => \App::$channel_links ]; call_hooks('channel_links', $x ); \App::$channel_links = $x['channel_links']; header('Link: ' . \App::get_channel_links()); diff --git a/Zotlabs/Widget/Activity_filter.php b/Zotlabs/Widget/Activity_filter.php index 002a642cb..b7a69752e 100644 --- a/Zotlabs/Widget/Activity_filter.php +++ b/Zotlabs/Widget/Activity_filter.php @@ -12,10 +12,14 @@ class Activity_filter { if(! local_channel()) return ''; - $cmd = \App::$cmd; - $filter_active = false; - - $tabs = []; + $filter_active = ''; + $dm_active = ''; + $events_active = ''; + $polls_active = ''; + $starred_active = ''; + $conv_active = ''; + $tabs = []; + $cmd = \App::$cmd; if(x($_GET,'dm')) { $dm_active = (($_GET['dm'] == 1) ? 'active' : ''); @@ -64,6 +68,8 @@ class Activity_filter { ); if($groups) { + $group_active = ''; + foreach($groups as $g) { if(x($_GET,'gid')) { $group_active = (($_GET['gid'] == $g['id']) ? 'active' : ''); @@ -95,6 +101,8 @@ class Activity_filter { $channel = App::get_channel(); if($forums) { + $forum_active = ''; + foreach($forums as $f) { if(x($_GET,'pf') && x($_GET,'cid')) { $forum_active = ((x($_GET,'pf') && $_GET['cid'] == $f['abook_id']) ? 'active' : ''); @@ -103,10 +111,10 @@ class Activity_filter { $fsub[] = [ 'label' => $f['xchan_name'], 'img' => $f['xchan_photo_s'], - 'url' => (($f['private_forum']) ? $f['xchan_url'] . '/?f=&zid=' . $channel['xchan_addr'] : z_root() . '/' . $cmd . '/?f=&pf=1&cid=' . $f['abook_id']), + 'url' => ((isset($f['private_forum'])) ? $f['xchan_url'] . '/?f=&zid=' . $channel['xchan_addr'] : z_root() . '/' . $cmd . '/?f=&pf=1&cid=' . $f['abook_id']), 'sel' => $forum_active, 'title' => t('Show posts to this forum'), - 'lock' => (($f['private_forum']) ? 'lock' : '') + 'lock' => ((isset($f['private_forum'])) ? 'lock' : '') ]; } @@ -160,6 +168,8 @@ class Activity_filter { ); if($terms) { + $file_active = ''; + foreach($terms as $t) { if(x($_GET,'file')) { $file_active = (($_GET['file'] == $t['term']) ? 'active' : ''); diff --git a/Zotlabs/Widget/Cover_photo.php b/Zotlabs/Widget/Cover_photo.php index 955048992..97323ea8c 100644 --- a/Zotlabs/Widget/Cover_photo.php +++ b/Zotlabs/Widget/Cover_photo.php @@ -9,7 +9,7 @@ class Cover_photo { require_once('include/channel.php'); $o = ''; - if(\App::$module == 'channel' && $_REQUEST['mid']) + if(\App::$module == 'channel' && isset($_REQUEST['mid'])) return ''; $channel_id = 0; diff --git a/Zotlabs/Widget/Notifications.php b/Zotlabs/Widget/Notifications.php index e2a543f80..dd5a6cd46 100644 --- a/Zotlabs/Widget/Notifications.php +++ b/Zotlabs/Widget/Notifications.php @@ -175,13 +175,13 @@ class Notifications { ]; } - $o = replace_macros(get_markup_template('notifications_widget.tpl'), array( + $o = replace_macros(get_markup_template('notifications_widget.tpl'), [ '$module' => \App::$module, '$notifications' => $notifications, '$no_notifications' => t('Sorry, you have got no notifications at the moment'), '$loading' => t('Loading'), - '$startpage' => $channel['channel_startpage'] - )); + '$startpage' => ($channel ? $channel['channel_startpage'] : '') + ]); return $o; diff --git a/Zotlabs/Widget/Pinned.php b/Zotlabs/Widget/Pinned.php index 0a7806908..cad139a91 100644 --- a/Zotlabs/Widget/Pinned.php +++ b/Zotlabs/Widget/Pinned.php @@ -43,7 +43,7 @@ class Pinned { $midb64 = 'b64.' . base64url_encode($item['mid']); - if(in_array($observer['xchan_hash'], get_pconfig($item['uid'], 'pinned_hide', $midb64, []))) + if(isset($observer['xchan_hash']) && in_array($observer['xchan_hash'], get_pconfig($item['uid'], 'pinned_hide', $midb64, []))) continue; $author = channelx_by_hash($item['author_xchan']); @@ -67,7 +67,7 @@ class Pinned { $conv_responses['attendno'] = [ 'title' => t('Not attending','title') ]; $conv_responses['attendmaybe'] = [ 'title' => t('Might attend','title') ]; if($commentable && $observer) { - $attend = array( t('I will attend'), t('I will not attend'), t('I might attend')); + $attend = [ t('I will attend'), t('I will not attend'), t('I might attend') ]; $isevent = true; } } @@ -78,7 +78,7 @@ class Pinned { $conv_responses['disagree'] = [ 'title' => t('Disagree','title') ]; $conv_responses['abstain'] = [ 'title' => t('Abstain','title') ]; if($commentable && $observer) { - $conlabels = array( t('I agree'), t('I disagree'), t('I abstain')); + $conlabels = [ t('I agree'), t('I disagree'), t('I abstain') ]; $canvote = true; } } @@ -93,14 +93,13 @@ class Pinned { // This actually turns out not to be possible in some protocol stacks without opening up hundreds of new issues. // Will allow it only for uri resolvable sources. if(strpos($item['mid'],'http') === 0) { - $share = []; //Not yet ready for primetime - //$share = array( t('Repeat This'), t('repeat')); + $share = []; // Isn't yet ready for primetime + //$share = [ t('Repeat This'), t('repeat') ]; } - $embed = array( t('Share This'), t('share')); + $embed = [ t('Share This'), t('share') ]; } - - if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0) - $is_new = true; + + $is_new = boolval(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0); $body = prepare_body($item,true); @@ -118,7 +117,7 @@ class Pinned { 'isevent' => $isevent, 'attend' => $attend, 'consensus' => $consensus, - 'conlabels' => $conlabels, + 'conlabels' => ($canvote ? $conlabels : []), 'canvote' => $canvote, 'linktitle' => sprintf( t('View %s\'s profile - %s'), $profile_name, ($author['xchan_addr'] ? $author['xchan_addr'] : $author['xchan_url']) ), 'olinktitle' => sprintf( t('View %s\'s profile - %s'), $owner['xchan_name'], ($owner['xchan_addr'] ? $owner['xchan_addr'] : $owner['xchan_url']) ), @@ -135,7 +134,6 @@ class Pinned { 'localtime' => datetime_convert('UTC', date_default_timezone_get(), $item['created'], 'r'), 'editedtime' => (($item['edited'] != $item['created']) ? sprintf( t('last edited: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['edited'], 'r') ) : ''), 'expiretime' => ($item['expires'] > NULL_DATE ? sprintf( t('Expires: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['expires'], 'r') ) : ''), - 'lock' => $lock, 'verified' => $verified, 'forged' => $forged, 'location' => $location, @@ -150,12 +148,12 @@ class Pinned { 'event' => $body['event'], 'has_tags' => (($body['tags'] || $body['categories'] || $body['mentions'] || $body['attachments'] || $body['folders']) ? true : false), // Item toolbar buttons - 'share' => $share, - 'embed' => $embed, + 'share' => (isset($share) && count($share) ? $share : false), + 'embed' => (isset($embed) && count($embed) ? $embed : false), 'plink' => get_plink($item), 'pinned' => t('Pinned post'), - 'pinme' => (($observer['xchan_hash'] == $owner['xchan_hash']) ? t('Unpin from the top') : ''), - 'hide' => (! $is_new && $observer && ($observer['xchan_hash'] != $owner['xchan_hash']) ? t("Don't show") : ''), + 'pinme' => (isset($observer['xchan_hash']) && $observer['xchan_hash'] == $owner['xchan_hash'] ? t('Unpin from the top') : ''), + 'hide' => (! $is_new && isset($observer['xchan_hash']) && $observer['xchan_hash'] != $owner['xchan_hash'] ? t("Don't show") : ''), // end toolbar buttons 'modal_dismiss' => t('Close'), 'responses' => $conv_responses diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php index 8d198f506..6ce2174f7 100644 --- a/Zotlabs/Zot/Auth.php +++ b/Zotlabs/Zot/Auth.php @@ -2,6 +2,8 @@ namespace Zotlabs\Zot; +use Zotlabs\Lib\Crypto; + class Auth { protected $test; @@ -68,7 +70,7 @@ class Auth { if(strstr($this->desturl,z_root() . '/rmagic')) goaway(z_root()); - $this->Finalise(); + $this->Finalise(); } @@ -76,7 +78,7 @@ class Auth { // Try and find a hubloc for the person attempting to auth. // Since we're matching by address, we have to return all entries - // some of which may be from re-installed hubs; and we'll need to + // some of which may be from re-installed hubs; and we'll need to // try each sequentially to see if one can pass the test $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash @@ -130,9 +132,9 @@ class Auth { // Also check that they are coming from the same site as they authenticated with originally. - $already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel()) + $already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel()) && ($hubloc['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); - + if($this->delegate && $this->delegate !== $_SESSION['delegate_channel']) $already_authed = false; @@ -158,17 +160,17 @@ class Auth { return false; } - // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the + // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the // site private key - // The actual channel sending the packet ($c[0]) is not important, but this provides a + // The actual channel sending the packet ($c[0]) is not important, but this provides a // generic zot packet with a sender which can be verified $x = q("select site_crypto from site where site_url = '%s' limit 1", dbesc($hubloc['hubloc_url']) ); - $p = zot_build_packet($channel,$type = 'auth_check', - array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), + $p = zot_build_packet($channel,$type = 'auth_check', + array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), $hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec); $this->Debug('auth check packet created using sitekey ' . $hubloc['hubloc_sitekey']); @@ -192,12 +194,12 @@ class Auth { $this->Debug('auth check request returned ' . print_r($j, true)); - if(! $j['success']) + if(! $j['success']) return false; // legit response, but we do need to check that this wasn't answered by a man-in-middle - if (! rsa_verify($this->sec . $hubloc['xchan_hash'],base64url_decode($j['confirm']),$hubloc['xchan_pubkey'])) { + if (! Crypto::verify($this->sec . $hubloc['xchan_hash'],base64url_decode($j['confirm']),$hubloc['xchan_pubkey'])) { logger('final confirmation failed.'); if($this->test) $this->Debug('final confirmation failed. ' . $sec . print_r($j,true) . print_r($hubloc,true)); @@ -290,7 +292,7 @@ class Auth { * Magic Auth * ========== * - * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), + * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), * a redirection is made via $mysite/magic to the zot endpoint of the remote site ($remotesite) with special GET parameters. * * The endpoint is typically https://$remotesite/post - or whatever was specified as the callback url in prior communications @@ -299,7 +301,7 @@ class Auth { * Five GET parameters are supplied: * * auth => the urlencoded webbie (channel@host.domain) of the channel requesting access * * dest => the desired destination URL (urlencoded) - * * sec => a random string which is also stored on $mysite for use during the verification phase. + * * sec => a random string which is also stored on $mysite for use during the verification phase. * * version => the zot revision * * delegate => optional urlencoded webbie of a local channel to invoke delegation rights for * @@ -336,8 +338,8 @@ class Auth { * } * \endcode * - * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see - * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the + * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see + * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the * destination channel's private key and base64url encoded. If everything checks out, a json packet is returned: * * \code{.json} @@ -351,10 +353,10 @@ class Auth { * \endcode * * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the - * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. - * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful - * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. - * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is + * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. + * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful + * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. + * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is * a string whose contents are not defined by protocol. Example: "basic" or "gold". * * @param[in,out] \App &$a diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index 778b701cd..cadde5415 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -2,6 +2,7 @@ namespace Zotlabs\Zot; +use Zotlabs\Lib\Crypto; use Zotlabs\Web\HTTPSig; /** @@ -109,7 +110,7 @@ class Finger { $result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]); } } - } + } else { $rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token; @@ -135,7 +136,7 @@ class Finger { if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); if($signed_token) { - $valid = rsa_verify('token.' . self::$token, base64url_decode($signed_token), $x['key']); + $valid = Crypto::verify('token.' . self::$token, base64url_decode($signed_token), $x['key']); if(! $valid) { logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR); diff --git a/Zotlabs/Zot/Receiver.php b/Zotlabs/Zot/Receiver.php index c521c9d64..f0378b650 100644 --- a/Zotlabs/Zot/Receiver.php +++ b/Zotlabs/Zot/Receiver.php @@ -2,6 +2,8 @@ namespace Zotlabs\Zot; +use Zotlabs\Lib\Crypto; + class Receiver { protected $data; @@ -30,7 +32,8 @@ class Receiver { $this->encrypted = ((array_key_exists('iv',$data)) ? true : false); if($this->encrypted) { - $this->data = @json_decode(@crypto_unencapsulate($data,$prvkey),true); + $data['encrypted'] = true; + $this->data = @json_decode(@Crypto::unencapsulate($data,$prvkey),true); } if(! $this->data) $this->data = $data; @@ -72,7 +75,7 @@ class Receiver { $this->validated = true; } - + function Dispatch() { /* Handle tasks which don't require sender validation */ @@ -144,8 +147,8 @@ class Receiver { * $contents->iv and $contents->key are random strings encrypted with this site's RSA public key and then base64url encoded. * * Once decrypted, one will find the normal json_encoded zot message packet. - * - * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup + * + * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup * * Standard packet: (used by notify, purge, refresh, force_refresh, and auth_check) * \code{.json} @@ -167,7 +170,7 @@ class Receiver { * \endcode * * Signature fields are all signed with the sender channel private key and base64url encoded. - * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private + * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private * key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates * a public message or visible to all potential listeners on this site. * @@ -186,7 +189,7 @@ class Receiver { * * In the pickup packet, the sig fields correspond to the respective data * element signed with this site's system private key and then base64url encoded. - * The "secret" is the same as the original secret from the notify packet. + * The "secret" is the same as the original secret from the notify packet. * * If verification is successful, a json structure is returned containing a * success indicator and an array of type 'pickup'. @@ -283,18 +286,18 @@ class Receiver { * } * \endcode * - * The ping packet can be used to verify that a site has not been re-installed, and to + * The ping packet can be used to verify that a site has not been re-installed, and to * initiate corrective action if it has. The url_sig is signed with the site private key * and base64url encoded - and this should verify with the enclosed sitekey. Failure to * verify indicates the site is corrupt or otherwise unable to communicate using zot. * This return packet is not otherwise verified, so should be compared with other * results obtained from this site which were verified prior to taking action. For instance - * if you have one verified result with this signature and key, and other records for this + * if you have one verified result with this signature and key, and other records for this * url which have different signatures and keys, it indicates that the site was re-installed * and corrective action may commence (remove or mark invalid any entries with different * signatures). * If you have no records which match this url_sig and key - no corrective action should - * be taken as this packet may have been returned by an imposter. + * be taken as this packet may have been returned by an imposter. * * @param[in,out] App &$a */ diff --git a/Zotlabs/Zot6/Receiver.php b/Zotlabs/Zot6/Receiver.php index a9a7ab0df..6440c5da5 100644 --- a/Zotlabs/Zot6/Receiver.php +++ b/Zotlabs/Zot6/Receiver.php @@ -3,6 +3,7 @@ namespace Zotlabs\Zot6; use Zotlabs\Lib\Config; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Libzot; use Zotlabs\Web\HTTPSig; @@ -70,7 +71,7 @@ class Receiver { $this->encrypted = ((array_key_exists('encrypted',$this->data) && intval($this->data['encrypted'])) ? true : false); if ($this->encrypted && $this->prvkey) { - $uncrypted = crypto_unencapsulate($this->data,$this->prvkey); + $uncrypted = Crypto::unencapsulate($this->data,$this->prvkey); if ($uncrypted) { $this->data = json_decode($uncrypted,true); } @@ -88,7 +89,7 @@ class Receiver { if ($this->error) { // make timing attacks on the decryption engine a bit more difficult usleep(mt_rand(10000,100000)); - return($this->response); + return($this->response); } if ($this->data) { @@ -126,7 +127,7 @@ class Receiver { $x = Libzot::register_hub($this->sigdata['signer']); if($x['success']) { $hub = Libzot::valid_hub($this->sender,$this->site_id); - } + } if(! $hub) { $this->response['message'] = 'sender unknown'; return false; @@ -168,8 +169,8 @@ class Receiver { } } return $result; - } - + } + function Dispatch() { switch ($this->messagetype) { @@ -207,13 +208,13 @@ class Receiver { $this->EncryptResponse(); } - return($this->response); + return($this->response); } function EncryptResponse() { $algorithm = Libzot::best_algorithm($this->hub['site_crypto']); if ($algorithm) { - $this->response = crypto_encapsulate(json_encode($this->response),$this->hub['hubloc_sitekey'], $algorithm); + $this->response = Crypto::encapsulate(json_encode($this->response),$this->hub['hubloc_sitekey'], $algorithm); } } |