diff options
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Daemon/Onepoll.php | 8 | ||||
-rw-r--r-- | Zotlabs/Lib/Activity.php | 212 | ||||
-rw-r--r-- | Zotlabs/Lib/Apps.php | 1 | ||||
-rw-r--r-- | Zotlabs/Lib/Libzot.php | 11 | ||||
-rw-r--r-- | Zotlabs/Module/Album.php | 103 | ||||
-rw-r--r-- | Zotlabs/Module/Apschema.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Import.php | 37 | ||||
-rw-r--r-- | Zotlabs/Module/Notes.php | 11 | ||||
-rw-r--r-- | Zotlabs/Module/Photo.php | 118 | ||||
-rw-r--r-- | Zotlabs/Module/Photos.php | 6 | ||||
-rw-r--r-- | Zotlabs/Module/Search.php | 24 | ||||
-rw-r--r-- | Zotlabs/Module/Wfinger.php | 52 | ||||
-rw-r--r-- | Zotlabs/Module/Xrd.php | 27 | ||||
-rw-r--r-- | Zotlabs/Web/HTTPSig.php | 370 | ||||
-rw-r--r-- | Zotlabs/Widget/Messages.php | 4 | ||||
-rw-r--r-- | Zotlabs/Widget/Notes.php | 1 |
16 files changed, 595 insertions, 392 deletions
diff --git a/Zotlabs/Daemon/Onepoll.php b/Zotlabs/Daemon/Onepoll.php index e2a02ede4..79fd06df9 100644 --- a/Zotlabs/Daemon/Onepoll.php +++ b/Zotlabs/Daemon/Onepoll.php @@ -48,15 +48,11 @@ class Onepoll { $contact = $contacts[0]; $importer_uid = $contact['abook_channel']; - $r = q("SELECT * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d limit 1", - intval($importer_uid) - ); + $importer = channelx_by_n($importer_uid); - if (!$r) + if (!$importer) return; - $importer = $r[0]; - logger("onepoll: poll: ({$contact['id']}) IMPORTER: {$importer['xchan_name']}, CONTACT: {$contact['xchan_name']}"); $last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] <= NULL_DATE)) diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index c355aa26e..96b747c30 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -8,8 +8,6 @@ use Zotlabs\Access\PermissionRoles; use Zotlabs\Access\Permissions; use Zotlabs\Daemon\Master; use Zotlabs\Web\HTTPSig; -use Zotlabs\Lib\XConfig; -use Zotlabs\Lib\Libzot; require_once('include/event.php'); require_once('include/html2plain.php'); @@ -104,7 +102,7 @@ class Activity { if ($x['success']) { $m = parse_url($url); if ($m) { - $y = [ 'scheme' => $m['scheme'], 'host' => $m['host'] ]; + $y = ['scheme' => $m['scheme'], 'host' => $m['host']]; if (array_key_exists('port', $m)) $y['port'] = $m['port']; $site_url = unparse_url($y); @@ -288,21 +286,21 @@ class Activity { 'type' => $type . 'Page', ]; - $numpages = $total / App::$pager['itemspage']; - $lastpage = (($numpages > intval($numpages)) ? intval($numpages) + 1 : $numpages); + $numpages = $total / App::$pager['itemspage']; + $lastpage = (($numpages > intval($numpages)) ? intval($numpages) + 1 : $numpages); $url_parts = parse_url($id); $ret['partOf'] = z_root() . '/' . $url_parts['path']; $extra_query_args = ''; - $query_args = null; - if(isset($url_parts['query'])) { + $query_args = null; + if (isset($url_parts['query'])) { parse_str($url_parts['query'], $query_args); } - if(is_array($query_args)) { + if (is_array($query_args)) { unset($query_args['page']); - foreach($query_args as $k => $v) + foreach ($query_args as $k => $v) $extra_query_args .= '&' . urlencode($k) . '=' . urlencode($v); } @@ -376,11 +374,33 @@ class Activity { return $ret; } - static function encode_item($i) { + static function encode_simple_collection($items, $id, $type, $total = 0, $extra = null) { - $ret = []; + $ret = [ + 'id' => z_root() . '/' . $id, + 'type' => $type, + 'totalItems' => $total, + ]; + + if ($extra) { + $ret = array_merge($ret, $extra); + } + if ($items) { + if ($type === 'OrderedCollection') { + $ret['orderedItems'] = $items; + } + else { + $ret['items'] = $items; + } + } + return $ret; + } + + static function encode_item($i) { + + $ret = []; if ($i['verb'] === ACTIVITY_FRIEND) { // Hubzilla 'make-friend' activity, no direct mapping from AS1 to AS2 - make it a note @@ -1108,7 +1128,7 @@ class Activity { } $arr = [ - 'xchan' => $p, + 'xchan' => $p, 'encoded' => $ret ]; @@ -1122,8 +1142,8 @@ class Activity { $ret = []; if ($item[$elm]) { - if (! is_array($item[$elm])) { - $item[$elm] = json_decode($item[$elm],true); + if (!is_array($item[$elm])) { + $item[$elm] = json_decode($item[$elm], true); } if ($item[$elm]['type'] === ACTIVITY_OBJ_PHOTO) { $item[$elm]['id'] = $item['mid']; @@ -1153,22 +1173,22 @@ class Activity { } $acts = [ - 'http://activitystrea.ms/schema/1.0/post' => 'Create', - 'http://activitystrea.ms/schema/1.0/share' => 'Announce', - 'http://activitystrea.ms/schema/1.0/update' => 'Update', - 'http://activitystrea.ms/schema/1.0/like' => 'Like', - 'http://activitystrea.ms/schema/1.0/favorite' => 'Like', - 'http://purl.org/zot/activity/dislike' => 'Dislike', - 'http://activitystrea.ms/schema/1.0/tag' => 'Add', - 'http://activitystrea.ms/schema/1.0/follow' => 'Follow', - 'http://activitystrea.ms/schema/1.0/unfollow' => 'Unfollow', + 'http://activitystrea.ms/schema/1.0/post' => 'Create', + 'http://activitystrea.ms/schema/1.0/share' => 'Announce', + 'http://activitystrea.ms/schema/1.0/update' => 'Update', + 'http://activitystrea.ms/schema/1.0/like' => 'Like', + 'http://activitystrea.ms/schema/1.0/favorite' => 'Like', + 'http://purl.org/zot/activity/dislike' => 'Dislike', + 'http://activitystrea.ms/schema/1.0/tag' => 'Add', + 'http://activitystrea.ms/schema/1.0/follow' => 'Follow', + 'http://activitystrea.ms/schema/1.0/unfollow' => 'Unfollow', 'http://activitystrea.ms/schema/1.0/stop-following' => 'Unfollow', - 'http://purl.org/zot/activity/attendyes' => 'Accept', - 'http://purl.org/zot/activity/attendno' => 'Reject', - 'http://purl.org/zot/activity/attendmaybe' => 'TentativeAccept', - 'Invite' => 'Invite', - 'Delete' => 'Delete', - 'Undo' => 'Undo' + 'http://purl.org/zot/activity/attendyes' => 'Accept', + 'http://purl.org/zot/activity/attendno' => 'Reject', + 'http://purl.org/zot/activity/attendmaybe' => 'TentativeAccept', + 'Invite' => 'Invite', + 'Delete' => 'Delete', + 'Undo' => 'Undo' ]; call_hooks('activity_mapper', $acts); @@ -1201,22 +1221,22 @@ class Activity { static function activity_decode_mapper($verb) { $acts = [ - 'http://activitystrea.ms/schema/1.0/post' => 'Create', - 'http://activitystrea.ms/schema/1.0/share' => 'Announce', - 'http://activitystrea.ms/schema/1.0/update' => 'Update', - 'http://activitystrea.ms/schema/1.0/like' => 'Like', - 'http://activitystrea.ms/schema/1.0/favorite' => 'Like', - 'http://purl.org/zot/activity/dislike' => 'Dislike', - 'http://activitystrea.ms/schema/1.0/tag' => 'Add', - 'http://activitystrea.ms/schema/1.0/follow' => 'Follow', - 'http://activitystrea.ms/schema/1.0/unfollow' => 'Unfollow', + 'http://activitystrea.ms/schema/1.0/post' => 'Create', + 'http://activitystrea.ms/schema/1.0/share' => 'Announce', + 'http://activitystrea.ms/schema/1.0/update' => 'Update', + 'http://activitystrea.ms/schema/1.0/like' => 'Like', + 'http://activitystrea.ms/schema/1.0/favorite' => 'Like', + 'http://purl.org/zot/activity/dislike' => 'Dislike', + 'http://activitystrea.ms/schema/1.0/tag' => 'Add', + 'http://activitystrea.ms/schema/1.0/follow' => 'Follow', + 'http://activitystrea.ms/schema/1.0/unfollow' => 'Unfollow', 'http://activitystrea.ms/schema/1.0/stop-following' => 'Unfollow', - 'http://purl.org/zot/activity/attendyes' => 'Accept', - 'http://purl.org/zot/activity/attendno' => 'Reject', - 'http://purl.org/zot/activity/attendmaybe' => 'TentativeAccept', - 'Invite' => 'Invite', - 'Delete' => 'Delete', - 'Undo' => 'Undo' + 'http://purl.org/zot/activity/attendyes' => 'Accept', + 'http://purl.org/zot/activity/attendno' => 'Reject', + 'http://purl.org/zot/activity/attendmaybe' => 'TentativeAccept', + 'Invite' => 'Invite', + 'Delete' => 'Delete', + 'Undo' => 'Undo' ]; call_hooks('activity_decode_mapper', $acts); @@ -1328,7 +1348,7 @@ class Activity { * */ - if (in_array($act->type, [ 'Follow', 'Invite', 'Join'])) { + if (in_array($act->type, ['Follow', 'Invite', 'Join'])) { $their_follow_id = $act->id; } @@ -1351,8 +1371,8 @@ class Activity { } } - $x = \Zotlabs\Access\PermissionRoles::role_perms('social'); - $their_perms = \Zotlabs\Access\Permissions::FilledPerms($x['perms_connect']); + $x = PermissionRoles::role_perms('social'); + $their_perms = Permissions::FilledPerms($x['perms_connect']); if ($contact && $contact['abook_id']) { @@ -1426,7 +1446,7 @@ class Activity { } $ret = $r[0]; - $p = \Zotlabs\Access\Permissions::connect_perms($channel['channel_id']); + $p = Permissions::connect_perms($channel['channel_id']); $my_perms = $p['perms']; $automatic = $p['automatic']; @@ -1447,13 +1467,13 @@ class Activity { ] ); - if($my_perms) - foreach($my_perms as $k => $v) - set_abconfig($channel['channel_id'],$ret['xchan_hash'],'my_perms',$k,$v); + if ($my_perms) + foreach ($my_perms as $k => $v) + set_abconfig($channel['channel_id'], $ret['xchan_hash'], 'my_perms', $k, $v); - if($their_perms) - foreach($their_perms as $k => $v) - set_abconfig($channel['channel_id'],$ret['xchan_hash'],'their_perms',$k,$v); + if ($their_perms) + foreach ($their_perms as $k => $v) + set_abconfig($channel['channel_id'], $ret['xchan_hash'], 'their_perms', $k, $v); if ($r) { logger("New ActivityPub follower for {$channel['channel_name']}"); @@ -1543,16 +1563,16 @@ class Activity { return; } -/* not implemented - if (array_key_exists('movedTo',$person_obj) && $person_obj['movedTo'] && ! is_array($person_obj['movedTo'])) { - $tgt = self::fetch($person_obj['movedTo']); - if (is_array($tgt)) { - self::actor_store($person_obj['movedTo'],$tgt); - ActivityPub::move($person_obj['id'],$tgt); - } - return; - } -*/ + /* not implemented + if (array_key_exists('movedTo',$person_obj) && $person_obj['movedTo'] && ! is_array($person_obj['movedTo'])) { + $tgt = self::fetch($person_obj['movedTo']); + if (is_array($tgt)) { + self::actor_store($person_obj['movedTo'],$tgt); + ActivityPub::move($person_obj['id'],$tgt); + } + return; + } + */ $ap_hubloc = null; $hublocs = self::get_actor_hublocs($url); @@ -1570,7 +1590,7 @@ class Activity { if ($ap_hubloc) { // we already have a stored record. Determine if it needs updating. - if ($ap_hubloc['hubloc_updated'] < datetime_convert('UTC','UTC',' now - 3 days') || $force) { + if ($ap_hubloc['hubloc_updated'] < datetime_convert('UTC', 'UTC', ' now - 3 days') || $force) { $person_obj = self::fetch($url); } else { @@ -1582,7 +1602,7 @@ class Activity { $url = $person_obj['id']; } - if (! $url) { + if (!$url) { return; } @@ -1665,9 +1685,9 @@ class Activity { } $m = parse_url($url); - if($m) { + if ($m) { $hostname = $m['host']; - $baseurl = $m['scheme'] . '://' . $m['host'] . (($m['port']) ? ':' . $m['port'] : ''); + $baseurl = $m['scheme'] . '://' . $m['host'] . (($m['port']) ? ':' . $m['port'] : ''); $site_url = $m['scheme'] . '://' . $m['host']; } @@ -1675,11 +1695,11 @@ class Activity { dbesc($url) ); - if($r) { + if ($r) { // Record exists. Cache existing records for one week at most // then refetch to catch updated profile photos, names, etc. $d = datetime_convert('UTC', 'UTC', 'now - 3 days'); - if($r[0]['hubloc_updated'] > $d && !$force) { + if ($r[0]['hubloc_updated'] > $d && !$force) { return; } @@ -1713,14 +1733,14 @@ class Activity { xchan_store_lowlevel( [ - 'xchan_hash' => escape_tags($url), - 'xchan_guid' => escape_tags($url), - 'xchan_pubkey' => escape_tags($pubkey), - 'xchan_addr' => '', - 'xchan_url' => escape_tags($profile), - 'xchan_name' => escape_tags($name), - 'xchan_name_date' => datetime_convert(), - 'xchan_network' => 'activitypub' + 'xchan_hash' => escape_tags($url), + 'xchan_guid' => escape_tags($url), + 'xchan_pubkey' => escape_tags($pubkey), + 'xchan_addr' => '', + 'xchan_url' => escape_tags($profile), + 'xchan_name' => escape_tags($name), + 'xchan_name_date' => datetime_convert(), + 'xchan_network' => 'activitypub' ] ); @@ -1787,9 +1807,9 @@ class Activity { static function create_note($channel, $observer_hash, $act) { - $s = []; + $s = []; $is_sys_channel = is_sys_channel($channel['channel_id']); - $parent = ((array_key_exists('inReplyTo', $act->obj)) ? urldecode($act->obj['inReplyTo']) : ''); + $parent = ((array_key_exists('inReplyTo', $act->obj)) ? urldecode($act->obj['inReplyTo']) : ''); if ($parent) { @@ -2141,7 +2161,7 @@ class Activity { // Unfollow is not defined by ActivityStreams, which prefers Undo->Follow. // This may have to be revisited if AP projects start using Follow for objects other than actors. - if (in_array($act->type, [ 'Follow', 'Unfollow' ])) { + if (in_array($act->type, ['Follow', 'Unfollow'])) { return false; } @@ -2164,11 +2184,11 @@ class Activity { $s['parent_mid'] = $act->parent_id; if (array_key_exists('published', $act->data)) { - $s['created'] = datetime_convert('UTC', 'UTC', $act->data['published']); + $s['created'] = datetime_convert('UTC', 'UTC', $act->data['published']); $s['commented'] = $s['created']; } elseif (array_key_exists('published', $act->obj)) { - $s['created'] = datetime_convert('UTC', 'UTC', $act->obj['published']); + $s['created'] = datetime_convert('UTC', 'UTC', $act->obj['published']); $s['commented'] = $s['created']; } if (array_key_exists('updated', $act->data)) { @@ -2240,10 +2260,10 @@ class Activity { } } - if (! array_key_exists('created', $s)) + if (!array_key_exists('created', $s)) $s['created'] = datetime_convert(); - if (! array_key_exists('edited', $s)) + if (!array_key_exists('edited', $s)) $s['edited'] = $s['created']; $s['title'] = (($response_activity) ? EMPTY_STR : self::bb_content($content, 'name')); @@ -2452,7 +2472,7 @@ class Activity { } - if ($act->obj['type'] === 'Image' && strpos($s['body'],'zrl=') === false) { + if ($act->obj['type'] === 'Image' && strpos($s['body'], 'zrl=') === false) { $ptr = null; @@ -3120,7 +3140,7 @@ class Activity { static function announce_note($channel, $observer_hash, $act) { - $s = []; + $s = []; $is_sys_channel = is_sys_channel($channel['channel_id']); if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') && !$is_sys_channel) { @@ -3380,7 +3400,7 @@ class Activity { $ret = false; foreach ($attach as $a) { - if (array_key_exists('type',$a) && stripos($a['type'], 'image') !== false) { + if (array_key_exists('type', $a) && stripos($a['type'], 'image') !== false) { if (self::media_not_in_body($a['href'], $body)) { $ret .= "\n\n" . '[img]' . $a['href'] . '[/img]'; } @@ -3553,7 +3573,7 @@ class Activity { } static function get_cached_actor($id) { - $actor = XConfig::Get($id,'system', 'actor_record'); + $actor = XConfig::Get($id, 'system', 'actor_record'); if ($actor) { return $actor; @@ -3561,7 +3581,7 @@ class Activity { // try other get_cached_actor providers (e.g. diaspora) $hookdata = [ - 'id' => $id, + 'id' => $id, 'actor' => false ]; @@ -3572,8 +3592,6 @@ class Activity { static function get_actor_hublocs($url, $options = 'all') { - $hublocs = false; - switch ($options) { case 'activitypub': $hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where hubloc_hash = '%s' and hubloc_deleted = 0 ", @@ -3598,18 +3616,18 @@ class Activity { } static function get_actor_collections($url) { - $ret = []; - $actor_record = XConfig::Get($url,'system','actor_record'); - if (! $actor_record) { + $ret = []; + $actor_record = XConfig::Get($url, 'system', 'actor_record'); + if (!$actor_record) { return $ret; } - foreach ( [ 'inbox','outbox','followers','following' ] as $collection) { + foreach (['inbox', 'outbox', 'followers', 'following'] as $collection) { if (isset($actor_record[$collection]) && $actor_record[$collection]) { $ret[$collection] = $actor_record[$collection]; } } - if (array_path_exists('endpoints/sharedInbox',$actor_record) && $actor_record['endpoints']['sharedInbox']) { + if (array_path_exists('endpoints/sharedInbox', $actor_record) && $actor_record['endpoints']['sharedInbox']) { $ret['sharedInbox'] = $actor_record['endpoints']['sharedInbox']; } diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php index 2c5b8a546..669dd6307 100644 --- a/Zotlabs/Lib/Apps.php +++ b/Zotlabs/Lib/Apps.php @@ -210,6 +210,7 @@ class Apps { * * @param string $f filename * @param boolean $translate (optional) default true + * @param boolean $sync (optional) default false * @return boolean|array */ static public function parse_app_description($f, $translate = true, $sync = false) { diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 200a2c486..31b8f04de 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -1486,10 +1486,11 @@ class Libzot { * @param boolean $relay * @param boolean $public (optional) default false * @param boolean $request (optional) default false + * @param boolean $force (optional) default false - should only be set for manual fetch * @return array */ - static function process_delivery($sender, $act, $arr, $deliveries, $relay, $public = false, $request = false) { + static function process_delivery($sender, $act, $arr, $deliveries, $relay, $public = false, $request = false, $force = false) { $result = []; @@ -1591,7 +1592,7 @@ class Libzot { if ((!$tag_delivery) && (!$local_public)) { $allowed = (perm_is_allowed($channel['channel_id'], $sender, $perm)); - if (!$allowed) { + if ((!$allowed) && $perm === 'post_comments') { $parent = q("select * from item where mid = '%s' and uid = %d limit 1", dbesc($arr['parent_mid']), intval($channel['channel_id']) @@ -1617,7 +1618,7 @@ class Libzot { // doesn't exist. if ($perm === 'send_stream') { - if (get_pconfig($channel['channel_id'], 'system', 'hyperdrive', false) || $arr['verb'] === ACTIVITY_SHARE) { + if ($force || get_pconfig($channel['channel_id'], 'system', 'hyperdrive', false) || $arr['verb'] === ACTIVITY_SHARE) { $allowed = true; } } @@ -1892,7 +1893,7 @@ class Libzot { return $result; } - static public function fetch_conversation($channel, $mid) { + static public function fetch_conversation($channel, $mid, $force = false) { // Use Zotfinger to create a signed request @@ -1996,7 +1997,7 @@ class Libzot { logger('FOF Activity received: ' . print_r($arr, true), LOGGER_DATA, LOG_DEBUG); logger('FOF Activity recipient: ' . $channel['channel_hash'], LOGGER_DATA, LOG_DEBUG); - $result = self::process_delivery($arr['owner_xchan'], $AS, $arr, [$channel['channel_hash']], false, false, true); + $result = self::process_delivery($arr['owner_xchan'], $AS, $arr, [$channel['channel_hash']], false, false, true, $force); if ($result) { $ret = array_merge($ret, $result); } diff --git a/Zotlabs/Module/Album.php b/Zotlabs/Module/Album.php new file mode 100644 index 000000000..f80880184 --- /dev/null +++ b/Zotlabs/Module/Album.php @@ -0,0 +1,103 @@ +<?php + +namespace Zotlabs\Module; + +use App; +use Zotlabs\Web\Controller; +use Zotlabs\Lib\Activity; +use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\Config; +use Zotlabs\Web\HTTPSig; + +require_once('include/security.php'); +require_once('include/attach.php'); +require_once('include/photo/photo_driver.php'); +require_once('include/photos.php'); + + +class Album extends Controller { + + function init() { + + if (ActivityStreams::is_as_request()) { + $sigdata = HTTPSig::verify(EMPTY_STR); + if ($sigdata['portable_id'] && $sigdata['header_valid']) { + $portable_id = $sigdata['portable_id']; + if (!check_channelallowed($portable_id)) { + http_status_exit(403, 'Permission denied'); + } + if (!check_siteallowed($sigdata['signer'])) { + http_status_exit(403, 'Permission denied'); + } + observer_auth($portable_id); + } + elseif (Config::get('system', 'require_authenticated_fetch', false)) { + http_status_exit(403, 'Permission denied'); + } + + $observer_xchan = get_observer_hash(); + $allowed = false; + + $bear = Activity::token_from_request(); + if ($bear) { + logger('bear: ' . $bear, LOGGER_DEBUG); + } + + $channel = null; + + if (argc() > 1) { + $channel = channelx_by_nick(argv(1)); + } + if (!$channel) { + http_status_exit(404, 'Not found.'); + } + + $sql_extra = permissions_sql($channel['channel_id'], $observer_xchan); + + if (argc() > 2) { + $folder = argv(2); + $r = q("select * from attach where is_dir = 1 and hash = '%s' and uid = %d $sql_extra limit 1", + dbesc($folder), + intval($channel['channel_id']) + ); + $allowed = (($r) ? attach_can_view($channel['channel_id'], $observer_xchan, $r[0]['hash'] /*,$bear */) : false); + } + else { + $folder = EMPTY_STR; + $allowed = perm_is_allowed($channel['channel_id'], $observer_xchan, 'view_storage'); + } + + if (!$allowed) { + http_status_exit(403, 'Permission denied.'); + } + + $x = q("select * from attach where folder = '%s' and uid = %d $sql_extra", + dbesc($folder), + intval($channel['channel_id']) + ); + + $contents = []; + + if ($x) { + foreach ($x as $xv) { + if (intval($xv['is_dir'])) { + continue; + } + if (!attach_can_view($channel['channel_id'], $observer_xchan, $xv['hash'] /*,$bear*/)) { + continue; + } + if (intval($xv['is_photo'])) { + $contents[] = z_root() . '/photo/' . $xv['hash']; + } + } + } + + $obj = Activity::encode_simple_collection($contents, App::$query_string, 'OrderedCollection', count($contents)); + as_return_and_die($obj, $channel); + + } + + } + +} + diff --git a/Zotlabs/Module/Apschema.php b/Zotlabs/Module/Apschema.php index 6b0325d44..eab82eb29 100644 --- a/Zotlabs/Module/Apschema.php +++ b/Zotlabs/Module/Apschema.php @@ -50,7 +50,7 @@ class Apschema extends \Zotlabs\Web\Controller { 'guid' => 'diaspora:guid', 'Hashtag' => 'as:Hashtag' - + ] ]; diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index eee72b945..c4c844b25 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -89,8 +89,6 @@ class Import extends Controller { } $api_path .= 'channel/export/basic?f=&channel=' . $channelname; - if ($import_posts) - $api_path .= '&posts=1'; $binary = false; $redirects = 0; @@ -522,31 +520,38 @@ class Import extends Controller { // This will indirectly perform a refresh_all *and* update the directory Master::Summon(array('Directory', $channel['channel_id'])); - if ($api_path && $import_posts) { // we are importing from a server and not a file + $cf_api_compat = true; - $m = parse_url($api_path); + if ($api_path && $import_posts) { // we are importing from a server and not a file + if (version_compare($data['compatibility']['version'], '6.3.4', '>=')) { - $hz_server = $m['scheme'] . '://' . $m['host']; + $m = parse_url($api_path); - $since = datetime_convert(date_default_timezone_get(),date_default_timezone_get(),'0001-01-01 00:00'); - $until = datetime_convert(date_default_timezone_get(),date_default_timezone_get(),'now + 1 day'); + $hz_server = $m['scheme'] . '://' . $m['host']; - $poll_interval = get_config('system','poll_interval',3); - $page = 0; + $since = datetime_convert(date_default_timezone_get(),date_default_timezone_get(),'0001-01-01 00:00'); + $until = datetime_convert(date_default_timezone_get(),date_default_timezone_get(),'now + 1 day'); - Master::Summon([ 'Content_importer', sprintf('%d',$page), $since, $until, $channel['channel_address'], urlencode($hz_server) ]); - Master::Summon([ 'File_importer',sprintf('%d',$page), $channel['channel_address'], urlencode($hz_server) ]); + $poll_interval = get_config('system','poll_interval',3); + $page = 0; + Master::Summon([ 'Content_importer', sprintf('%d',$page), $since, $until, $channel['channel_address'], urlencode($hz_server) ]); + Master::Summon([ 'File_importer',sprintf('%d',$page), $channel['channel_address'], urlencode($hz_server) ]); + } + else { + $cf_api_compat = false; + } } - // i do not think this is still used - //if (array_key_exists('item_id', $data) && $data['item_id']) - // import_item_ids($channel, $data['item_id']); - change_channel($channel['channel_id']); - if ($api_path && $import_posts) + if ($api_path && $import_posts && $cf_api_compat) { goaway(z_root() . '/import_progress'); + } + + if (!$cf_api_compat) { + notice(t('Automatic content and files import was not possible due to API version incompatiblity. Please import content and files manually!') . EOL); + } goaway(z_root()); diff --git a/Zotlabs/Module/Notes.php b/Zotlabs/Module/Notes.php index 6e8e03f20..57b8f30db 100644 --- a/Zotlabs/Module/Notes.php +++ b/Zotlabs/Module/Notes.php @@ -19,7 +19,12 @@ class Notes extends Controller { if(! Apps::system_app_installed(local_channel(), 'Notes')) return EMPTY_STR; - $ret = array('success' => true); + $ret = [ + 'success' => false, + 'html' => '' + ]; + + if(array_key_exists('note_text',$_REQUEST)) { $body = escape_tags($_REQUEST['note_text']); @@ -33,6 +38,10 @@ class Notes extends Controller { set_pconfig(local_channel(),'notes','text.bak',$old_text); } set_pconfig(local_channel(),'notes','text',$body); + + $ret['html'] = bbcode($body); + $ret['success'] = true; + } // push updates to channel clones diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 87697f5a7..10d2e8f47 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -3,6 +3,12 @@ namespace Zotlabs\Module; +use Zotlabs\Lib\Activity; +use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Web\HTTPSig; +use Zotlabs\Lib\Config; + + require_once('include/security.php'); require_once('include/attach.php'); require_once('include/photo/photo_driver.php'); @@ -11,6 +17,48 @@ class Photo extends \Zotlabs\Web\Controller { function init() { + if (ActivityStreams::is_as_request()) { + + $sigdata = HTTPSig::verify(EMPTY_STR); + if ($sigdata['portable_id'] && $sigdata['header_valid']) { + $portable_id = $sigdata['portable_id']; + if (! check_channelallowed($portable_id)) { + http_status_exit(403, 'Permission denied'); + } + if (! check_siteallowed($sigdata['signer'])) { + http_status_exit(403, 'Permission denied'); + } + observer_auth($portable_id); + } + elseif (Config::get('system','require_authenticated_fetch',false)) { + http_status_exit(403,'Permission denied'); + } + + $observer_xchan = get_observer_hash(); + $allowed = false; + + $bear = Activity::token_from_request(); + if ($bear) { + logger('bear: ' . $bear, LOGGER_DEBUG); + } + + $r = q("select * from item where resource_type = 'photo' and resource_id = '%s' limit 1", + dbesc(argv(1)) + ); + if ($r) { + $allowed = attach_can_view($r[0]['uid'],$observer_xchan,argv(1)/*,$bear*/); + } + if (! $allowed) { + http_status_exit(404,'Permission denied.'); + } + $channel = channelx_by_n($r[0]['uid']); + + $obj = json_decode($r[0]['obj'],true); + + as_return_and_die($obj,$channel); + + } + $streaming = null; $channel = null; $person = 0; @@ -33,19 +81,19 @@ class Photo extends \Zotlabs\Web\Controller { $cache_mode = [ 'on' => false, 'age' => 86400, 'exp' => true, 'leak' => false ]; call_hooks('cache_mode_hook', $cache_mode); - + $observer_xchan = get_observer_hash(); $cachecontrol = ', no-cache'; if(isset($type)) { - + /** * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites. - * + * */ - + $default = get_default_profile_photo(); - + if($type === 'profile') { switch($res) { case 'm': @@ -62,9 +110,9 @@ class Photo extends \Zotlabs\Web\Controller { break; } } - + $uid = $person; - + $data = ''; if ($uid > 0) { @@ -81,13 +129,13 @@ class Photo extends \Zotlabs\Web\Controller { else $data = dbunescbin($r[0]['content']); } - + if(! $data) { $d = [ 'imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data' => '', 'mimetype' => '' ]; call_hooks('get_profile_photo',$d); - + $resolution = $d['imgscale']; - $uid = $d['channel_id']; + $uid = $d['channel_id']; $default = $d['default']; $data = $d['data']; $mimetype = $d['mimetype']; @@ -105,11 +153,11 @@ class Photo extends \Zotlabs\Web\Controller { $cachecontrol .= ', must-revalidate'; } else { - + /** * Other photos */ - + /* Check for a cookie to indicate display pixel density, in order to detect high-resolution displays. This procedure was derived from the "Retina Images" by Jeremey Worboys, used in accordance with the Creative Commons Attribution 3.0 Unported License. @@ -127,12 +175,12 @@ class Photo extends \Zotlabs\Web\Controller { // $prvcachecontrol = 'no-cache'; $status = 'no cookie'; } - + $resolution = 0; - + if(strpos($photo,'.') !== false) $photo = substr($photo,0,strpos($photo,'.')); - + if(substr($photo,-2,1) == '-') { $resolution = intval(substr($photo,-1,1)); $photo = substr($photo,0,-2); @@ -140,7 +188,7 @@ class Photo extends \Zotlabs\Web\Controller { if ($resolution == 2 && ($cookie_value > 1)) $resolution = 1; } - + $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1", dbesc($photo), intval($resolution) @@ -151,7 +199,7 @@ class Photo extends \Zotlabs\Web\Controller { $u = intval($r[0]['photo_usage']); if($u) { $allowed = 1; - if($u === PHOTO_COVER) + if($u === PHOTO_COVER) if($resolution < PHOTO_RES_COVER_1200) $allowed = (-1); if($u === PHOTO_PROFILE) @@ -184,9 +232,9 @@ class Photo extends \Zotlabs\Web\Controller { dbesc($photo), intval($resolution) ); - + $exists = (($e) ? true : false); - + if($exists && $allowed) { $expires = strtotime($e[0]['expires'] . 'Z'); $data = dbunescbin($e[0]['content']); @@ -209,16 +257,16 @@ class Photo extends \Zotlabs\Web\Controller { } } - } + } else http_status_exit(404,'not found'); } if(! $data) killme(); - + $etag = '"' . md5($data . $modified) . '"'; - + if($modified == 0) $modified = time(); @@ -241,39 +289,39 @@ class Photo extends \Zotlabs\Web\Controller { } if(isset($prvcachecontrol)) { - + // it is a private photo that they have no permission to view. // tell the browser not to cache it, in case they authenticate // and subsequently have permission to see it - + header("Cache-Control: " . $prvcachecontrol); - + } else { // The photo cache default is 1 day to provide a privacy trade-off, - // as somebody reducing photo permissions on a photo that is already + // as somebody reducing photo permissions on a photo that is already // "in the wild" won't be able to stop the photo from being viewed // for this amount amount of time once it is in the browser cache. - // The privacy expectations of your site members and their perception + // The privacy expectations of your site members and their perception // of privacy where it affects the entire project may be affected. - // This has performance considerations but we highly recommend you - // leave it alone. - + // This has performance considerations but we highly recommend you + // leave it alone. + $maxage = $cache_mode['age']; if($cache_mode['exp'] || (! isset($expires)) || (isset($expires) && $expires - 60 < time())) $expires = time() + $maxage; else $maxage = $expires - time(); - + header("Expires: " . gmdate("D, d M Y H:i:s", $expires) . " GMT"); - // set CDN/Infrastructure caching much lower than maxage + // set CDN/Infrastructure caching much lower than maxage // in the event that infrastructure caching is present. $smaxage = intval($maxage/12); header("Cache-Control: s-maxage=" . $smaxage . ", max-age=" . $maxage . $cachecontrol); - + } header("Content-type: " . $mimetype); @@ -281,7 +329,7 @@ class Photo extends \Zotlabs\Web\Controller { header("ETag: " . $etag); header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); - // If it's a file resource, stream it. + // If it's a file resource, stream it. if($streaming) { if(strpos($streaming,'store') !== false) $istream = fopen($streaming,'rb'); @@ -300,5 +348,5 @@ class Photo extends \Zotlabs\Web\Controller { killme(); } - + } diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 57126df5f..45fe3d9e0 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -713,13 +713,15 @@ class Photos extends \Zotlabs\Web\Controller { ]); if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) { - \App::set_pager_itemspage(30); $album = $x['display_path']; } else { - goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); + $album = '/'; + //goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); } + \App::set_pager_itemspage(30); + if($_GET['order'] === 'posted') $order = 'ASC'; else diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index 06a761998..5db0ce423 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -3,6 +3,7 @@ namespace Zotlabs\Module; use App; +use Zotlabs\Lib\Libzot; use Zotlabs\Lib\Activity; use Zotlabs\Lib\ActivityStreams; use Zotlabs\Web\Controller; @@ -57,26 +58,15 @@ class Search extends Controller { $o .= search($search, 'search-box', '/search', ((local_channel()) ? true : false)); if (local_channel() && strpos($search, 'https://') === 0 && !$update && !$load) { - $j = Activity::fetch(punify($search), App::get_channel()); - if ($j) { - $AS = new ActivityStreams($j); - if ($AS->is_valid()) { - // check if is_an_actor, otherwise import activity - if (is_array($AS->obj) && !ActivityStreams::is_an_actor($AS->obj)) { - $item = Activity::decode_note($AS); - if ($item) { - logger('parsed_item: ' . print_r($item, true), LOGGER_DATA); - Activity::store(App::get_channel(), $observer_hash, $AS, $item, true, true); - goaway(z_root() . '/display/' . gen_link_id($item['mid'])); - } - } - } + $f = Libzot::fetch_conversation(App::get_channel(), punify($search), true); + + if ($f) { + goaway(z_root() . '/hq/' . gen_link_id($f['message_id'])); } else { - // try other fetch providers (e.g. diaspora) + // try other fetch providers (e.g. diaspora, pubcrawl) $hookdata = [ - 'channel' => App::get_channel(), - 'data' => $search + 'url' => punify($search) ]; call_hooks('fetch_provider', $hookdata); } diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 6dedc1ef1..43102f006 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -72,20 +72,16 @@ class Wfinger extends \Zotlabs\Web\Controller { dbesc($channel) ); if($r) { - $r[0] = pchan_to_chan($r[0]); + $r = pchan_to_chan($r[0]); } } else { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash - where channel_address = '%s' limit 1", - dbesc($channel) - ); + $r = channelx_by_nick($channel); } } header('Access-Control-Allow-Origin: *'); - if($root_resource) { $result['subject'] = $resource; $result['properties'] = [ @@ -107,15 +103,15 @@ class Wfinger extends \Zotlabs\Web\Controller { if($resource && $r) { $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", - dbesc($r[0]['channel_hash']) + dbesc($r['channel_hash']) ); $result['subject'] = $resource; $aliases = array( - z_root() . (($pchan) ? '/pchan/' : '/channel/') . $r[0]['channel_address'], - z_root() . '/~' . $r[0]['channel_address'], - z_root() . '/@' . $r[0]['channel_address'] + z_root() . (($pchan) ? '/pchan/' : '/channel/') . $r['channel_address'], + z_root() . '/~' . $r['channel_address'], + z_root() . '/@' . $r['channel_address'] ); if($h) { @@ -127,9 +123,9 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['aliases'] = []; $result['properties'] = [ - 'http://webfinger.net/ns/name' => $r[0]['channel_name'], - 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], - 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'], + 'http://webfinger.net/ns/name' => $r['channel_name'], + 'http://xmlns.com/foaf/0.1/name' => $r['channel_name'], + 'https://w3id.org/security/v1#publicKeyPem' => $r['xchan_pubkey'], 'http://purl.org/zot/federation' => 'zot6,zot' ]; @@ -143,18 +139,18 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'http://webfinger.net/rel/avatar', - 'type' => $r[0]['xchan_photo_mimetype'], - 'href' => $r[0]['xchan_photo_l'] + 'type' => $r['xchan_photo_mimetype'], + 'href' => $r['xchan_photo_l'] ], [ 'rel' => 'http://webfinger.net/rel/profile-page', - 'href' => $r[0]['xchan_url'], + 'href' => $r['xchan_url'], ], [ 'rel' => 'magic-public-key', - 'href' => 'data:application/magic-public-key,' . Keyutils::salmonKey($r[0]['channel_pubkey']), + 'href' => 'data:application/magic-public-key,' . Keyutils::salmonKey($r['channel_pubkey']), ] ]; @@ -167,14 +163,14 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'http://webfinger.net/rel/avatar', - 'type' => $r[0]['xchan_photo_mimetype'], - 'href' => $r[0]['xchan_photo_l'] + 'type' => $r['xchan_photo_mimetype'], + 'href' => $r['xchan_photo_l'] ], [ 'rel' => 'http://microformats.org/profile/hcard', 'type' => 'text/html', - 'href' => z_root() . '/hcard/' . $r[0]['channel_address'] + 'href' => z_root() . '/hcard/' . $r['channel_address'] ], [ @@ -184,18 +180,18 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'http://webfinger.net/rel/profile-page', - 'href' => z_root() . '/profile/' . $r[0]['channel_address'], + 'href' => z_root() . '/profile/' . $r['channel_address'], ], [ 'rel' => 'http://schemas.google.com/g/2010#updates-from', 'type' => 'application/atom+xml', - 'href' => z_root() . '/ofeed/' . $r[0]['channel_address'] + 'href' => z_root() . '/ofeed/' . $r['channel_address'] ], [ 'rel' => 'http://webfinger.net/rel/blog', - 'href' => z_root() . '/channel/' . $r[0]['channel_address'], + 'href' => z_root() . '/channel/' . $r['channel_address'], ], [ @@ -206,12 +202,12 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'http://purl.org/zot/protocol/6.0', 'type' => 'application/x-zot+json', - 'href' => channel_url($r[0]) + 'href' => channel_url($r) ], [ 'rel' => 'http://purl.org/zot/protocol', - 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr'], + 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r['xchan_addr'], ], [ @@ -222,14 +218,14 @@ class Wfinger extends \Zotlabs\Web\Controller { [ 'rel' => 'magic-public-key', - 'href' => 'data:application/magic-public-key,' . Keyutils::salmonKey($r[0]['channel_pubkey']), + 'href' => 'data:application/magic-public-key,' . Keyutils::salmonKey($r['channel_pubkey']), ] ]; } if($zot) { // get a zotinfo packet and return it with webfinger - $result['zot'] = Libzot::zotinfo( [ 'address' => $r[0]['xchan_addr'] ]); + $result['zot'] = Libzot::zotinfo( [ 'address' => $r['xchan_addr'] ]); } } @@ -238,7 +234,7 @@ class Wfinger extends \Zotlabs\Web\Controller { killme(); } - $arr = [ 'channel' => $r[0], 'pchan' => $pchan, 'request' => $_REQUEST, 'result' => $result ]; + $arr = [ 'channel' => $r, 'pchan' => $pchan, 'request' => $_REQUEST, 'result' => $result ]; call_hooks('webfinger',$arr); json_return_and_die($arr['result'],'application/jrd+json'); diff --git a/Zotlabs/Module/Xrd.php b/Zotlabs/Module/Xrd.php index 21574eb8d..b7868c2cc 100644 --- a/Zotlabs/Module/Xrd.php +++ b/Zotlabs/Module/Xrd.php @@ -28,19 +28,18 @@ class Xrd extends \Zotlabs\Web\Controller { $name = substr($local,0,strpos($local,'@')); } - $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", - dbesc($name) - ); + $r = channelx_by_nick($name); + if(! $r) killme(); - $salmon_key = Keyutils::salmonKey($r[0]['channel_pubkey']); + $salmon_key = Keyutils::salmonKey($r['channel_pubkey']); header('Access-Control-Allow-Origin: *'); header("Content-type: application/xrd+xml"); - $aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']); + $aliases = array('acct:' . channel_reddress($r), z_root() . '/channel/' . $r['channel_address'], z_root() . '/~' . $r['channel_address']); for($x = 0; $x < count($aliases); $x ++) { if($aliases[$x] === $resource) @@ -48,23 +47,23 @@ class Xrd extends \Zotlabs\Web\Controller { } $o = replace_macros(get_markup_template('xrd_person.tpl'), array( - '$nick' => $r[0]['channel_address'], + '$nick' => $r['channel_address'], '$accturi' => $resource, '$subject' => $subject, '$aliases' => $aliases, - '$channel_url' => z_root() . '/channel/' . $r[0]['channel_address'], - '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], - '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], - '$atom' => z_root() . '/ofeed/' . $r[0]['channel_address'], - '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], - '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], - '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], + '$channel_url' => z_root() . '/channel/' . $r['channel_address'], + '$profile_url' => z_root() . '/channel/' . $r['channel_address'], + '$hcard_url' => z_root() . '/hcard/' . $r['channel_address'], + '$atom' => z_root() . '/ofeed/' . $r['channel_address'], + '$zot_post' => z_root() . '/post/' . $r['channel_address'], + '$poco_url' => z_root() . '/poco/' . $r['channel_address'], + '$photo' => z_root() . '/photo/profile/l/' . $r['channel_id'], '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?f=&url={uri}', )); - $arr = array('user' => $r[0], 'xml' => $o); + $arr = array('user' => $r, 'xml' => $o); call_hooks('personal_xrd', $arr); echo $arr['xml']; diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 35b18c763..7da9acabf 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -2,10 +2,13 @@ namespace Zotlabs\Web; +use DateTime; +use DateTimeZone; use Zotlabs\Lib\ActivityStreams; use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Keyutils; use Zotlabs\Lib\Webfinger; +use Zotlabs\Lib\Zotfinger; use Zotlabs\Lib\Libzot; /** @@ -13,7 +16,6 @@ use Zotlabs\Lib\Libzot; * * @see https://tools.ietf.org/html/draft-cavage-http-signatures-10 */ - class HTTPSig { /** @@ -26,10 +28,10 @@ class HTTPSig { * @return string The generated digest header string for $body */ - static function generate_digest_header($body,$alg = 'sha256') { + static function generate_digest_header($body, $alg = 'sha256') { $digest = base64_encode(hash($alg, $body, true)); - switch($alg) { + switch ($alg) { case 'sha512': return 'SHA-512=' . $digest; case 'sha256': @@ -39,29 +41,29 @@ class HTTPSig { } } - static function find_headers($data,&$body) { + static function find_headers($data, &$body) { // decide if $data arrived via controller submission or curl - if(is_array($data) && $data['header']) { - if(! $data['success']) + if (is_array($data) && $data['header']) { + if (!$data['success']) return []; - $h = new HTTPHeaders($data['header']); - $headers = $h->fetcharr(); - $body = $data['body']; + $h = new HTTPHeaders($data['header']); + $headers = $h->fetcharr(); + $body = $data['body']; $headers['(request-target)'] = $data['request_target']; } else { - $headers = []; + $headers = []; $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; - $headers['content-type'] = $_SERVER['CONTENT_TYPE']; - $headers['content-length'] = $_SERVER['CONTENT_LENGTH']; + $headers['content-type'] = $_SERVER['CONTENT_TYPE']; + $headers['content-length'] = $_SERVER['CONTENT_LENGTH']; - foreach($_SERVER as $k => $v) { - if(strpos($k,'HTTP_') === 0) { - $field = str_replace('_','-',strtolower(substr($k,5))); + foreach ($_SERVER as $k => $v) { + if (strpos($k, 'HTTP_') === 0) { + $field = str_replace('_', '-', strtolower(substr($k, 5))); $headers[$field] = $v; } } @@ -77,10 +79,10 @@ class HTTPSig { // See draft-cavage-http-signatures-10 - static function verify($data,$key = '', $keytype = '') { + static function verify($data, $key = '', $keytype = '') { - $body = $data; - $headers = null; + $body = $data; + $headers = null; $result = [ 'signer' => '', @@ -92,21 +94,21 @@ class HTTPSig { ]; - $headers = self::find_headers($data,$body); + $headers = self::find_headers($data, $body); - if(! $headers) + if (!$headers) return $result; $sig_block = null; - if(array_key_exists('signature',$headers)) { + if (array_key_exists('signature', $headers)) { $sig_block = self::parse_sigheader($headers['signature']); } - elseif(array_key_exists('authorization',$headers)) { + elseif (array_key_exists('authorization', $headers)) { $sig_block = self::parse_sigheader($headers['authorization']); } - if(! $sig_block) { + if (!$sig_block) { logger('no signature provided.', LOGGER_DEBUG); return $result; } @@ -117,71 +119,71 @@ class HTTPSig { $result['header_signed'] = true; $signed_headers = $sig_block['headers']; - if(! $signed_headers) - $signed_headers = [ 'date' ]; + if (!$signed_headers) + $signed_headers = ['date']; $signed_data = ''; - foreach($signed_headers as $h) { - if(array_key_exists($h,$headers)) { + foreach ($signed_headers as $h) { + if (array_key_exists($h, $headers)) { $signed_data .= $h . ': ' . $headers[$h] . "\n"; } - if($h === 'date') { - $d = new \DateTime($headers[$h]); - $d->setTimeZone(new \DateTimeZone('UTC')); - $dplus = datetime_convert('UTC','UTC','now + 1 day'); - $dminus = datetime_convert('UTC','UTC','now - 1 day'); - $c = $d->format('Y-m-d H:i:s'); - if($c > $dplus || $c < $dminus) { + if ($h === 'date') { + $d = new DateTime($headers[$h]); + $d->setTimeZone(new DateTimeZone('UTC')); + $dplus = datetime_convert('UTC', 'UTC', 'now + 1 day'); + $dminus = datetime_convert('UTC', 'UTC', 'now - 1 day'); + $c = $d->format('Y-m-d H:i:s'); + if ($c > $dplus || $c < $dminus) { logger('bad time: ' . $c); return $result; } } } - $signed_data = rtrim($signed_data,"\n"); + $signed_data = rtrim($signed_data, "\n"); $algorithm = null; - if($sig_block['algorithm'] === 'rsa-sha256') { + if ($sig_block['algorithm'] === 'rsa-sha256') { $algorithm = 'sha256'; } - if($sig_block['algorithm'] === 'rsa-sha512') { + if ($sig_block['algorithm'] === 'rsa-sha512') { $algorithm = 'sha512'; } - if(! array_key_exists('keyId',$sig_block)) + if (!array_key_exists('keyId', $sig_block)) return $result; $result['signer'] = $sig_block['keyId']; - $cached_key = self::get_key($key,$keytype,$result['signer']); + $cached_key = self::get_key($key, $keytype, $result['signer']); - if(! ($cached_key && $cached_key['public_key'])) { + if (!($cached_key && $cached_key['public_key'])) { return $result; } - $x = Crypto::verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm); + $x = Crypto::verify($signed_data, $sig_block['signature'], $cached_key['public_key'], $algorithm); logger('verified: ' . $x, LOGGER_DEBUG); $fetched_key = ''; - if(! $x) { + if (!$x) { // try again, ignoring the local actor (xchan) cache and refetching the key // from its source - $fetched_key = self::get_key($key,$keytype,$result['signer'],true); + $fetched_key = self::get_key($key, $keytype, $result['signer'], true); if ($fetched_key && $fetched_key['public_key']) { - $y = Crypto::verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm); + $y = Crypto::verify($signed_data, $sig_block['signature'], $fetched_key['public_key'], $algorithm); logger('verified: (cache reload) ' . $x, LOGGER_DEBUG); } - if (! $y) { + if (!$y) { logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($fetched_key['public_key']) ? '' : ' no key')); $sig_block['signature'] = base64_encode($sig_block['signature']); - logger('affected sigblock: ' . print_r($sig_block,true)); - logger('headers: ' . print_r($headers,true)); - logger('server: ' . print_r($_SERVER,true)); + logger('affected sigblock: ' . print_r($sig_block, true)); + logger('headers: ' . print_r($headers, true)); + logger('server: ' . print_r($_SERVER, true)); return $result; } @@ -189,58 +191,59 @@ class HTTPSig { $key = (($fetched_key) ? $fetched_key : $cached_key); - $result['portable_id'] = $key['portable_id']; + $result['portable_id'] = $key['portable_id']; $result['header_valid'] = true; - if(in_array('digest',$signed_headers)) { + if (in_array('digest', $signed_headers)) { $result['content_signed'] = true; - $digest = explode('=', $headers['digest'], 2); - if($digest[0] === 'SHA-256') + $digest = explode('=', $headers['digest'], 2); + if ($digest[0] === 'SHA-256') $hashalg = 'sha256'; - if($digest[0] === 'SHA-512') + if ($digest[0] === 'SHA-512') $hashalg = 'sha512'; - if(base64_encode(hash($hashalg,$body,true)) === $digest[1]) { + if (base64_encode(hash($hashalg, $body, true)) === $digest[1]) { $result['content_valid'] = true; } logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false')); - if (! $result['content_valid']) { - logger('invalid content signature: data ' . print_r($data,true)); - logger('invalid content signature: headers ' . print_r($headers,true)); - logger('invalid content signature: body ' . print_r($body,true)); + if (!$result['content_valid']) { + logger('invalid content signature: data ' . print_r($data, true)); + logger('invalid content signature: headers ' . print_r($headers, true)); + logger('invalid content signature: body ' . print_r($body, true)); } } return $result; } - static function get_key($key,$keytype,$id) { + static function get_key($key, $keytype, $id, $force = false) { - if(is_array($key)) - btlogger('key is array: ' . print_r($key,true)); + if (is_array($key)) + btlogger('key is array: ' . print_r($key, true)); - if($key) { - if(function_exists($key)) { + if ($key) { + if (function_exists($key)) { return $key($id); } - return [ 'public_key' => $key ]; + return ['public_key' => $key]; } - if($keytype === 'zot6') { - $key = self::get_zotfinger_key($id); - if($key) { + if ($keytype === 'zot6') { + $key = self::get_zotfinger_key($id, $force); + if ($key) { return $key; } } - if(strpos($id,'#') === false) { - $key = self::get_webfinger_key($id); + if (strpos($id, '#') === false) { + $key = self::get_webfinger_key($id, $force); + if ($key) { + return $key; + } } - if(! $key) { - $key = self::get_activitystreams_key($id); - } + $key = self::get_activitystreams_key($id, $force); return $key; @@ -249,10 +252,10 @@ class HTTPSig { static function convertKey($key) { - if(strstr($key,'RSA ')) { + if (strstr($key, 'RSA ')) { return Keyutils::rsaToPem($key); } - elseif(substr($key,0,5) === 'data:') { + elseif (substr($key, 0, 5) === 'data:') { return Keyutils::convertSalmonKey($key); } else { @@ -263,70 +266,88 @@ class HTTPSig { /** - * @brief + * @brief get a cached key or fetch it with ActivityStreams * * @param string $id - * @return boolean|string - * false if no pub key found, otherwise return the pub key + * @param boolean $force (optional, default false) + * @return boolean|array + * false if no pub key found, otherwise return an array with the pub key */ - static function get_activitystreams_key($id) { - - // remove fragment - - $url = ((strpos($id,'#')) ? substr($id,0,strpos($id,'#')) : $id); + static function get_activitystreams_key($id, $force = false) { - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' and hubloc_network in ('zot6', 'activitypub')", - dbesc(str_replace('acct:','',$url)), - dbesc($url) - ); + // Check the local cache first, but remove any fragments like #main-key since these won't be present in our cached data + $url = ((strpos($id, '#')) ? substr($id, 0, strpos($id, '#')) : $id); - $x = Libzot::zot_record_preferred($x); + // $force is used to ignore the local cache and only use the remote data; for instance the cached key might be stale + if (!$force) { + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where (hubloc_id_url = '%s' or hubloc_hash = '%s') and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", + dbesc($url), + dbesc($url) + ); - if($x && $x['xchan_pubkey']) { - return [ 'portable_id' => $x['xchan_hash'], 'public_key' => $x['xchan_pubkey'] , 'hubloc' => $x ]; + if ($x) { + $best = Libzot::zot_record_preferred($x); + } + if ($best && $best['xchan_pubkey']) { + return ['portable_id' => $best['xchan_hash'], 'public_key' => $best['xchan_pubkey'], 'hubloc' => $best]; + } } + // The record wasn't in cache. Fetch it now. $r = ActivityStreams::fetch($id); - if($r) { - if(array_key_exists('publicKey',$r) && array_key_exists('publicKeyPem',$r['publicKey']) && array_key_exists('id',$r['publicKey'])) { - if($r['publicKey']['id'] === $id || $r['id'] === $id) { - $portable_id = ((array_key_exists('owner',$r['publicKey'])) ? $r['publicKey']['owner'] : EMPTY_STR); - return [ 'public_key' => self::convertKey($r['publicKey']['publicKeyPem']), 'portable_id' => $portable_id, 'hubloc' => [] ]; + if ($r) { + if (array_key_exists('publicKey', $r) && array_key_exists('publicKeyPem', $r['publicKey']) && array_key_exists('id', $r['publicKey'])) { + if ($r['publicKey']['id'] === $id || $r['id'] === $id) { + $portable_id = ((array_key_exists('owner', $r['publicKey'])) ? $r['publicKey']['owner'] : EMPTY_STR); + return ['public_key' => self::convertKey($r['publicKey']['publicKeyPem']), 'portable_id' => $portable_id, 'hubloc' => []]; } } } + + // No key was found return false; } + /** + * @brief get a cached key or fetch it with Webfinger + * + * @param string $id + * @param boolean $force (optional, default false) + * @return boolean|array + * false if no pub key found, otherwise return an array with the pub key + */ - static function get_webfinger_key($id) { + static function get_webfinger_key($id, $force = false) { - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s'", - dbesc(str_replace('acct:','',$id)), - dbesc($id) - ); + if (!$force) { + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", + dbesc($id) + ); - $x = Libzot::zot_record_preferred($x); + if ($x) { + $best = Libzot::zot_record_preferred($x); + } - if($x && $x['xchan_pubkey']) { - return [ 'portable_id' => $x['xchan_hash'], 'public_key' => $x['xchan_pubkey'] , 'hubloc' => $x ]; + if ($best && $best['xchan_pubkey']) { + return ['portable_id' => $best['xchan_hash'], 'public_key' => $best['xchan_pubkey'], 'hubloc' => $best]; + } } - $wf = Webfinger::exec($id); - $key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ]; + $wf = Webfinger::exec($id); + $key = ['portable_id' => '', 'public_key' => '', 'hubloc' => []]; - if($wf) { - if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) { + if ($wf) { + if (array_key_exists('properties', $wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem', $wf['properties'])) { $key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']); } - if(array_key_exists('links', $wf) && is_array($wf['links'])) { - foreach($wf['links'] as $l) { - if(! (is_array($l) && array_key_exists('rel',$l))) { + if (array_key_exists('links', $wf) && is_array($wf['links'])) { + foreach ($wf['links'] as $l) { + if (!(is_array($l) && array_key_exists('rel', $l))) { continue; } - if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) { + if ($l['rel'] === 'magic-public-key' && array_key_exists('href', $l) && $key['public_key'] === EMPTY_STR) { $key['public_key'] = self::convertKey($l['href']); } } @@ -336,51 +357,64 @@ class HTTPSig { return (($key['public_key']) ? $key : false); } - static function get_zotfinger_key($id) { + /** + * @brief get a cached key or fetch it with Zotfinger + * + * @param string $id + * @param boolean $force (optional, default false) + * @return boolean|array + * false if no pub key found, otherwise return an array with the public key + */ - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' and hubloc_network = 'zot6'", - dbesc(str_replace('acct:','',$id)), - dbesc($id) - ); + static function get_zotfinger_key($id, $force = false) { + if (!$force) { + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network = 'zot6' order by hubloc_id desc", + dbesc($id) + ); - if($x && $x[0]['xchan_pubkey']) { - return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ]; + if ($x) { + $best = Libzot::zot_record_preferred($x); + } + + if ($best && $best['xchan_pubkey']) { + return ['portable_id' => $best['xchan_hash'], 'public_key' => $best['xchan_pubkey'], 'hubloc' => $best]; + } } - $wf = Webfinger::exec($id); - $key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ]; + $wf = Webfinger::exec($id); + $key = ['portable_id' => '', 'public_key' => '', 'hubloc' => []]; - if($wf) { - if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) { + if ($wf) { + if (array_key_exists('properties', $wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem', $wf['properties'])) { $key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']); } - if(array_key_exists('links', $wf) && is_array($wf['links'])) { - foreach($wf['links'] as $l) { - if(! (is_array($l) && array_key_exists('rel',$l))) { + if (array_key_exists('links', $wf) && is_array($wf['links'])) { + foreach ($wf['links'] as $l) { + if (!(is_array($l) && array_key_exists('rel', $l))) { continue; } - if($l['rel'] === 'http://purl.org/zot/protocol/6.0' && array_key_exists('href',$l) && $l['href'] !== EMPTY_STR) { + if ($l['rel'] === 'http://purl.org/zot/protocol/6.0' && array_key_exists('href', $l) && $l['href'] !== EMPTY_STR) { // The third argument to Zotfinger::exec() tells it not to verify signatures // Since we're inside a function that is fetching keys with which to verify signatures, // this is necessary to prevent infinite loops. - $z = \Zotlabs\Lib\Zotfinger::exec($l['href'],null,false); - if($z) { + $z = Zotfinger::exec($l['href'], null, false); + if ($z) { $i = Libzot::import_xchan($z['data']); - if($i['success']) { + if ($i['success']) { $key['portable_id'] = $i['hash']; - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network = 'zot6'", + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network = 'zot6' order by hubloc_id desc", dbesc($l['href']) ); - if($x) { + if ($x) { $key['hubloc'] = $x[0]; } } } } - if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) { + if ($l['rel'] === 'magic-public-key' && array_key_exists('href', $l) && $key['public_key'] === EMPTY_STR) { $key['public_key'] = self::convertKey($l['href']); } } @@ -402,39 +436,39 @@ class HTTPSig { * @param array $encryption [ 'key', 'algorithm' ] or false * @return array */ - static function create_sig($head, $prvkey, $keyid = EMPTY_STR, $auth = false, $alg = 'sha256', $encryption = false ) { + static function create_sig($head, $prvkey, $keyid = EMPTY_STR, $auth = false, $alg = 'sha256', $encryption = false) { $return_headers = []; - if($alg === 'sha256') { + if ($alg === 'sha256') { $algorithm = 'rsa-sha256'; } - if($alg === 'sha512') { + if ($alg === 'sha512') { $algorithm = 'rsa-sha512'; } - $x = self::sign($head,$prvkey,$alg); + $x = self::sign($head, $prvkey, $alg); $headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; - if($encryption) { - $x = Crypto::encapsulate($headerval,$encryption['key'],$encryption['algorithm']); - if(is_array($x)) { + if ($encryption) { + $x = Crypto::encapsulate($headerval, $encryption['key'], $encryption['algorithm']); + if (is_array($x)) { $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"'; } } - if($auth) { + if ($auth) { $sighead = 'Authorization: Signature ' . $headerval; } else { $sighead = 'Signature: ' . $headerval; } - if($head) { - foreach($head as $k => $v) { + if ($head) { + foreach ($head as $k => $v) { // strip the request-target virtual header from the output headers - if($k === '(request-target)') { + if ($k === '(request-target)') { continue; } $return_headers[] = $k . ': ' . $v; @@ -454,8 +488,8 @@ class HTTPSig { static function set_headers($headers) { - if($headers && is_array($headers)) { - foreach($headers as $h) { + if ($headers && is_array($headers)) { + foreach ($headers as $h) { header($h); } } @@ -465,7 +499,7 @@ class HTTPSig { /** * @brief * - * @param array $head + * @param array $head * @param string $prvkey * @param string $alg (optional) default 'sha256' * @return array @@ -478,21 +512,21 @@ class HTTPSig { $headers = ''; $fields = ''; - logger('signing: ' . print_r($head,true), LOGGER_DATA); + logger('signing: ' . print_r($head, true), LOGGER_DATA); - if($head) { - foreach($head as $k => $v) { + if ($head) { + foreach ($head as $k => $v) { $headers .= strtolower($k) . ': ' . trim($v) . "\n"; - if($fields) + if ($fields) $fields .= ' '; $fields .= strtolower($k); } // strip the trailing linefeed - $headers = rtrim($headers,"\n"); + $headers = rtrim($headers, "\n"); } - $sig = base64_encode(Crypto::sign($headers,$prvkey,$alg)); + $sig = base64_encode(Crypto::sign($headers, $prvkey, $alg)); $ret['headers'] = $fields; $ret['signature'] = $sig; @@ -513,26 +547,26 @@ class HTTPSig { static function parse_sigheader($header) { - $ret = []; + $ret = []; $matches = []; // if the header is encrypted, decrypt with (default) site private key and continue - if(preg_match('/iv="(.*?)"/ism',$header,$matches)) + if (preg_match('/iv="(.*?)"/ism', $header, $matches)) $header = self::decrypt_sigheader($header); - if(preg_match('/keyId="(.*?)"/ism',$header,$matches)) + if (preg_match('/keyId="(.*?)"/ism', $header, $matches)) $ret['keyId'] = $matches[1]; - if(preg_match('/algorithm="(.*?)"/ism',$header,$matches)) + if (preg_match('/algorithm="(.*?)"/ism', $header, $matches)) $ret['algorithm'] = $matches[1]; - if(preg_match('/headers="(.*?)"/ism',$header,$matches)) + if (preg_match('/headers="(.*?)"/ism', $header, $matches)) $ret['headers'] = explode(' ', $matches[1]); - if(preg_match('/signature="(.*?)"/ism',$header,$matches)) - $ret['signature'] = base64_decode(preg_replace('/\s+/','',$matches[1])); + if (preg_match('/signature="(.*?)"/ism', $header, $matches)) + $ret['signature'] = base64_decode(preg_replace('/\s+/', '', $matches[1])); - if(($ret['signature']) && ($ret['algorithm']) && (! $ret['headers'])) - $ret['headers'] = [ 'date' ]; + if (($ret['signature']) && ($ret['algorithm']) && (!$ret['headers'])) + $ret['headers'] = ['date']; - return $ret; + return $ret; } @@ -552,23 +586,23 @@ class HTTPSig { $iv = $key = $alg = $data = null; - if(! $prvkey) { + if (!$prvkey) { $prvkey = get_config('system', 'prvkey'); } $matches = []; - if(preg_match('/iv="(.*?)"/ism',$header,$matches)) + if (preg_match('/iv="(.*?)"/ism', $header, $matches)) $iv = $matches[1]; - if(preg_match('/key="(.*?)"/ism',$header,$matches)) + if (preg_match('/key="(.*?)"/ism', $header, $matches)) $key = $matches[1]; - if(preg_match('/alg="(.*?)"/ism',$header,$matches)) + if (preg_match('/alg="(.*?)"/ism', $header, $matches)) $alg = $matches[1]; - if(preg_match('/data="(.*?)"/ism',$header,$matches)) + if (preg_match('/data="(.*?)"/ism', $header, $matches)) $data = $matches[1]; - if($iv && $key && $alg && $data) { - return Crypto::unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey); + if ($iv && $key && $alg && $data) { + return Crypto::unencapsulate(['encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data], $prvkey); } return ''; diff --git a/Zotlabs/Widget/Messages.php b/Zotlabs/Widget/Messages.php index eb3a07da1..c0fef9f75 100644 --- a/Zotlabs/Widget/Messages.php +++ b/Zotlabs/Widget/Messages.php @@ -220,8 +220,8 @@ class Messages { $entries[$i]['created'] = datetime_convert('UTC', date_default_timezone_get(), $notice['created']); $entries[$i]['summary'] = $summary; $entries[$i]['b64mid'] = basename($notice['link']); - $entries[$i]['href'] = z_root() . '/hq/' . basename($notice['link']); - $entries[$i]['icon'] = ''; + $entries[$i]['href'] = (($notice['ntype'] & NOTIFY_INTRO) ? $notice['link'] : z_root() . '/hq/' . basename($notice['link'])); + $entries[$i]['icon'] = (($notice['ntype'] & NOTIFY_INTRO) ? '<i class="fa fa-user-plus"></i>' : ''); $i++; } diff --git a/Zotlabs/Widget/Notes.php b/Zotlabs/Widget/Notes.php index 05c1a0292..66c90ef7d 100644 --- a/Zotlabs/Widget/Notes.php +++ b/Zotlabs/Widget/Notes.php @@ -20,6 +20,7 @@ class Notes { $o = replace_macros($tpl, array( '$banner' => t('Notes'), '$text' => $text, + '$html' => bbcode($text), '$save' => t('Save'), '$app' => ((isset($arr['app'])) ? true : false), '$hidden' => ((isset($arr['hidden'])) ? true : false) |