diff options
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Daemon/Gprobe.php | 2 | ||||
-rw-r--r-- | Zotlabs/Daemon/Notifier.php | 84 | ||||
-rw-r--r-- | Zotlabs/Daemon/Onedirsync.php | 19 | ||||
-rw-r--r-- | Zotlabs/Lib/Libsync.php | 38 | ||||
-rw-r--r-- | Zotlabs/Lib/Libzot.php | 12 | ||||
-rw-r--r-- | Zotlabs/Module/Attach_edit.php | 203 | ||||
-rw-r--r-- | Zotlabs/Module/Cdav.php | 29 | ||||
-rw-r--r-- | Zotlabs/Module/Cloud.php | 20 | ||||
-rw-r--r-- | Zotlabs/Module/Dav.php | 7 | ||||
-rw-r--r-- | Zotlabs/Module/File_upload.php | 20 | ||||
-rw-r--r-- | Zotlabs/Module/Filestorage.php | 17 | ||||
-rw-r--r-- | Zotlabs/Module/Import.php | 12 | ||||
-rw-r--r-- | Zotlabs/Module/Item.php | 463 | ||||
-rw-r--r-- | Zotlabs/Module/Lockview.php | 60 | ||||
-rw-r--r-- | Zotlabs/Module/Owa.php | 20 | ||||
-rw-r--r-- | Zotlabs/Module/Rpost.php | 64 | ||||
-rw-r--r-- | Zotlabs/Storage/Browser.php | 373 | ||||
-rw-r--r-- | Zotlabs/Storage/Directory.php | 91 | ||||
-rw-r--r-- | Zotlabs/Update/_1240.php | 34 | ||||
-rw-r--r-- | Zotlabs/Widget/Categories.php | 8 |
20 files changed, 999 insertions, 577 deletions
diff --git a/Zotlabs/Daemon/Gprobe.php b/Zotlabs/Daemon/Gprobe.php index 6951aa1d4..9e74eb8b5 100644 --- a/Zotlabs/Daemon/Gprobe.php +++ b/Zotlabs/Daemon/Gprobe.php @@ -19,7 +19,7 @@ class Gprobe { if(! strpos($url,'@')) return; - $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + $r = q("select * from hubloc where hubloc_addr = '%s' and hubloc_network = 'zot6' limit 1", dbesc($url) ); diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php index 28c512d4a..18fc57118 100644 --- a/Zotlabs/Daemon/Notifier.php +++ b/Zotlabs/Daemon/Notifier.php @@ -17,26 +17,26 @@ require_once('include/bbcode.php'); /* * This file was at one time responsible for doing all deliveries, but this caused - * big problems on shared hosting systems, where the process might get killed by the - * hosting provider and nothing would get delivered. + * big problems on shared hosting systems, where the process might get killed by the + * hosting provider and nothing would get delivered. * It now only delivers one message under certain cases, and invokes a queued - * delivery mechanism (include/deliver.php) to deliver individual contacts at + * delivery mechanism (include/deliver.php) to deliver individual contacts at * controlled intervals. * This has a much better chance of surviving random processes getting killed - * by the hosting provider. + * by the hosting provider. * * The basic flow is: * Identify the type of message * Collect any information that needs to be sent * Convert it into a suitable generic format for sending - * Figure out who the recipients are and if we need to relay + * Figure out who the recipients are and if we need to relay * through a conversation owner - * Once we know what recipients are involved, collect a list of + * Once we know what recipients are involved, collect a list of * destination sites * Build and store a queue item for each unique site and invoke * a delivery process for each site or a small number of sites (1-3) * and add a slight delay between each delivery invocation if desired (usually) - * + * */ /* @@ -61,7 +61,7 @@ require_once('include/bbcode.php'); * * and ITEM_ID is the id of the item in the database that needs to be sent to others. * - * ZOT + * ZOT * permission_create abook_id * permission_accept abook_id * permission_reject abook_id @@ -167,7 +167,7 @@ class Notifier { $normal_mode = false; } elseif(in_array($cmd, [ 'permission_update', 'permission_reject', 'permission_accept', 'permission_create' ])) { - // Get the (single) recipient + // Get the (single) recipient $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_self = 0", intval($item_id) ); @@ -176,7 +176,7 @@ class Notifier { // Get the sender $channel = channelx_by_n($uid); if($channel) { - $perm_update = array('sender' => $channel, 'recipient' => $r[0], 'success' => false, 'deliveries' => ''); + $perm_update = array('sender' => $channel, 'recipient' => $r[0], 'success' => false, 'deliveries' => ''); if($cmd === 'permission_create') call_hooks('permissions_create',$perm_update); @@ -192,7 +192,7 @@ class Notifier { $deliveries[] = $perm_update['deliveries']; do_delivery($deliveries); } - return; + return; } else { $recipients[] = $r[0]['abook_xchan']; @@ -236,7 +236,7 @@ class Notifier { } } - $encoded_item = array('locations' => zot_encode_locations($channel),'type' => 'location', 'encoding' => 'zot'); + $encoded_item = array('locations' => Libzot::encode_locations($channel),'type' => 'location', 'encoding' => 'zot'); $target_item = array('aid' => $channel['channel_account_id'],'uid' => $channel['channel_id']); $private = false; $packet_type = 'location'; @@ -293,7 +293,7 @@ class Notifier { xchan_query($r); $r = fetch_post_tags($r); - + $target_item = $r[0]; if(in_array($target_item['author']['xchan_network'], ['rss', 'anon'])) { @@ -329,7 +329,7 @@ class Notifier { // Check for non published items, but allow an exclusion for transmitting hidden file activities if(intval($target_item['item_unpublished']) || intval($target_item['item_delayed']) || - intval($target_item['item_blocked']) || + intval($target_item['item_blocked']) || ( intval($target_item['item_hidden']) && ($target_item['obj_type'] !== ACTIVITY_OBJ_FILE))) { logger('notifier: target item not published, so not forwardable', LOGGER_DEBUG); return; @@ -372,7 +372,7 @@ class Notifier { xchan_query($r); $r = fetch_post_tags($r); - + $parent_item = $r[0]; $top_level_post = false; } @@ -397,7 +397,7 @@ class Notifier { z_root() . ZOT_APSCHEMA_REV ]], Activity::encode_activity($target_item) ); - } + } logger('target_item: ' . print_r($target_item,true), LOGGER_DEBUG); logger('encoded: ' . print_r($activity,true), LOGGER_DEBUG); @@ -405,11 +405,11 @@ class Notifier { // Send comments to the owner to re-deliver to everybody in the conversation // We only do this if the item in question originated on this site. This prevents looping. // To clarify, a site accepting a new comment is responsible for sending it to the owner for relay. - // Relaying should never be initiated on a post that arrived from elsewhere. + // Relaying should never be initiated on a post that arrived from elsewhere. // We should normally be able to rely on ITEM_ORIGIN, but start_delivery_chain() incorrectly set this // flag on comments for an extended period. So we'll also call comment_local_origin() which looks at - // the hostname in the message_id and provides a second (fallback) opinion. + // the hostname in the message_id and provides a second (fallback) opinion. $relay_to_owner = (((! $top_level_post) && (intval($target_item['item_origin'])) && comment_local_origin($target_item)) ? true : false); @@ -426,9 +426,9 @@ class Notifier { // tag_deliver'd post which needs to be sent back to the original author if(($cmd === 'uplink') && intval($parent_item['item_uplink']) && (! $top_level_post)) { - logger('notifier: uplink'); + logger('notifier: uplink'); $uplink = true; - } + } if(($relay_to_owner || $uplink) && ($cmd !== 'relay')) { logger('notifier: followup relay', LOGGER_DEBUG); @@ -445,8 +445,8 @@ class Notifier { logger('notifier: owner relay'); $upstream = false; // if our parent is a tag_delivery recipient, uplink to the original author causing - // a delivery fork. - + // a delivery fork. + if(($parent_item) && intval($parent_item['item_uplink']) && (! $top_level_post) && ($cmd !== 'uplink')) { // don't uplink a relayed post to the relay owner if($parent_item['source_xchan'] !== $parent_item['owner_xchan']) { @@ -462,7 +462,7 @@ class Notifier { if ($top_level_post) { // remove clones who will receive the post via sync $recipients = array_diff($recipients, [ $target_item['owner_xchan'] ]); - } + } // FIXME add any additional recipients such as mentions, etc. @@ -476,7 +476,7 @@ class Notifier { } } - $walltowall = (($top_level_post && $channel['xchan_hash'] === $target_item['author_xchan']) ? true : false); + $walltowall = (($top_level_post && $channel['xchan_hash'] === $target_item['author_xchan']) ? true : false); // Generic delivery section, we have an encoded item and recipients // Now start the delivery process @@ -505,7 +505,7 @@ class Notifier { if($details) { foreach($details as $d) { - $recip_list[] = $d['xchan_addr'] . ' (' . $d['xchan_hash'] . ')'; + $recip_list[] = $d['xchan_addr'] . ' (' . $d['xchan_hash'] . ')'; if($private) { $env_recips[] = [ 'guid' => $d['xchan_guid'], @@ -557,19 +557,19 @@ class Notifier { // shouldn't happen logger('notifier: private message with no envelope recipients.' . print_r($argv,true), LOGGER_NORMAL, LOG_NOTICE); } - + logger('notifier: recipients (may be delivered to more if public): ' . print_r($recip_list,true), LOGGER_DEBUG); - + // Now we have collected recipients (except for external mentions, FIXME) // Let's reduce this to a set of hubs; checking that the site is not dead. - $hubs = q("select hubloc.*, site.site_crypto, site.site_flags, site.site_version, site.site_project, site.site_dead from hubloc left join site on site_url = hubloc_url - where hubloc_hash in (" . protect_sprintf(implode(',',$recipients)) . ") + $hubs = q("select hubloc.*, site.site_crypto, site.site_flags, site.site_version, site.site_project, site.site_dead from hubloc left join site on site_url = hubloc_url + where hubloc_hash in (" . protect_sprintf(implode(',',$recipients)) . ") and hubloc_error = 0 and hubloc_deleted = 0" ); - // public posts won't make it to the local public stream unless there's a recipient on this site. + // public posts won't make it to the local public stream unless there's a recipient on this site. // This code block sees if it's a public post and localhost is missing, and if so adds an entry for the local sys channel to the $hubs list if (! $private) { @@ -583,7 +583,7 @@ class Notifier { } } if (! $found_localhost) { - $localhub = q("select hubloc.*, site.site_crypto, site.site_flags, site.site_version, site.site_project, site.site_dead from hubloc + $localhub = q("select hubloc.*, site.site_crypto, site.site_flags, site.site_version, site.site_project, site.site_dead from hubloc left join site on site_url = hubloc_url where hubloc_id_url = '%s' and hubloc_error = 0 and hubloc_deleted = 0", dbesc(z_root() . '/channel/sys') ); @@ -592,14 +592,14 @@ class Notifier { } } } - + if(! $hubs) { logger('notifier: no hubs', LOGGER_NORMAL, LOG_NOTICE); return; } /** - * Reduce the hubs to those that are unique. For zot hubs, we need to verify uniqueness by the sitekey, + * Reduce the hubs to those that are unique. For zot hubs, we need to verify uniqueness by the sitekey, * since it may have been a re-install which has not yet been detected and pruned. * For other networks which don't have or require sitekeys, we'll have to use the URL */ @@ -629,7 +629,7 @@ class Notifier { } } } - + if($hub['hubloc_network'] == 'zot') { if(! in_array($hub['hubloc_sitekey'],$keys)) { @@ -714,8 +714,8 @@ class Notifier { } // Do not change this to a uuid as long as we have traditional zot servers - // in the loop. The signature verification step can't handle dashes in the - // hashes. + // in the loop. The signature verification step can't handle dashes in the + // hashes. $hash = random_string(48); @@ -766,13 +766,13 @@ class Notifier { } } - $packet_type = (($upstream || $uplink) ? 'response' : 'activity'); + $packet_type = (($upstream || $uplink) ? 'response' : 'activity'); // block zot private reshares from zot6, as this could cause a number of privacy issues // due to parenting differences between the reshare implementations. In zot a reshare is // a standalone parent activity and in zot6 it is a followup/child of the original activity. // For public reshares, some comments to the reshare on the zot fork will not make it to zot6 - // due to these different message models. This cannot be prevented at this time. + // due to these different message models. This cannot be prevented at this time. if($packet_type === 'activity' && $activity['type'] === 'Announce' && intval($target_item['item_private'])) { continue; @@ -782,7 +782,7 @@ class Notifier { } else { // currently zot6 delivery is only performed on normal items and not sync items or mail or anything else - // Eventually we will do this for all deliveries, but for now ensure this is precisely what we are dealing + // Eventually we will do this for all deliveries, but for now ensure this is precisely what we are dealing // with before switching to zot6 as the primary zot6 handler checks for the existence of a message delivery report // to trigger dequeue'ing @@ -839,9 +839,9 @@ class Notifier { } } - $deliveries[] = $hash; + $deliveries[] = $hash; } - + if($normal_mode) { $x = q("select * from hook where hook = 'notifier_normal'"); if($x) { @@ -857,7 +857,7 @@ class Notifier { if ($dead) { foreach ($dead as $deceased) { if (is_array($target_item) && (! $target_item['item_deleted']) && (! get_config('system','disable_dreport'))) { - q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_name, dreport_result, dreport_time, dreport_xchan, dreport_queue ) + q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_name, dreport_result, dreport_time, dreport_xchan, dreport_queue ) values ( '%s', '%s','%s','%s','%s','%s','%s','%s' ) ", dbesc($target_item['mid']), dbesc($deceased['hubloc_host']), diff --git a/Zotlabs/Daemon/Onedirsync.php b/Zotlabs/Daemon/Onedirsync.php index cc16c0b58..2ad76761d 100644 --- a/Zotlabs/Daemon/Onedirsync.php +++ b/Zotlabs/Daemon/Onedirsync.php @@ -2,6 +2,8 @@ namespace Zotlabs\Daemon; +use Zotlabs\Lib\Libzot; + require_once('include/zot.php'); require_once('include/dir_fns.php'); @@ -11,7 +13,7 @@ class Onedirsync { static public function run($argc,$argv) { logger('onedirsync: start ' . intval($argv[1])); - + if(($argc > 1) && (intval($argv[1]))) $update_id = intval($argv[1]); @@ -19,7 +21,7 @@ class Onedirsync { logger('onedirsync: no update'); return; } - + $r = q("select * from updates where ud_id = %d limit 1", intval($update_id) ); @@ -50,10 +52,13 @@ class Onedirsync { // ignore doing an update if this ud_addr refers to a known dead hubloc - $h = q("select * from hubloc where hubloc_addr = '%s' limit 1", + $h = q("select * from hubloc where hubloc_addr = '%s'", dbesc($r[0]['ud_addr']) ); - if(($h) && ($h[0]['hubloc_status'] & HUBLOC_OFFLINE)) { + + $h = Libzot::zot_record_preferred($h); + + if(($h) && ($h['hubloc_status'] & HUBLOC_OFFLINE)) { $y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 ", intval(UPDATE_FLAGS_UPDATED), dbesc($r[0]['ud_addr']), @@ -63,13 +68,13 @@ class Onedirsync { return; } - // we might have to pull this out some day, but for now update_directory_entry() + // we might have to pull this out some day, but for now update_directory_entry() // runs zot_finger() and is kind of zot specific - if($h && $h[0]['hubloc_network'] !== 'zot') + if($h && ! in_array($h['hubloc_network'], ['zot6', 'zot'])) return; - update_directory_entry($r[0]); + update_directory_entry($r[0]); return; } diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php index cff320e11..7b968532a 100644 --- a/Zotlabs/Lib/Libsync.php +++ b/Zotlabs/Lib/Libsync.php @@ -42,7 +42,7 @@ class Libsync { $channel = $r[0]; - // don't provide these in the export + // don't provide these in the export unset($channel['channel_active']); unset($channel['channel_password']); @@ -245,7 +245,7 @@ class Libsync { if(array_key_exists('app',$arr) && $arr['app']) sync_apps($channel,$arr['app']); - + if(array_key_exists('addressbook',$arr) && $arr['addressbook']) sync_addressbook($channel,$arr['addressbook']); @@ -260,7 +260,7 @@ class Libsync { if(array_key_exists('mail',$arr) && $arr['mail']) sync_mail($channel,$arr['mail']); - + if(array_key_exists('event',$arr) && $arr['event']) sync_events($channel,$arr['event']); @@ -269,7 +269,7 @@ class Libsync { if(array_key_exists('item',$arr) && $arr['item']) sync_items($channel,$arr['item'],((array_key_exists('relocate',$arr)) ? $arr['relocate'] : null)); - + // deprecated, maintaining for a few months for upward compatibility // this should sync webpages, but the logic is a bit subtle @@ -278,7 +278,7 @@ class Libsync { if(array_key_exists('menu',$arr) && $arr['menu']) sync_menus($channel,$arr['menu']); - + if(array_key_exists('file',$arr) && $arr['file']) sync_files($channel,$arr['file']); @@ -293,7 +293,7 @@ class Libsync { if(array_key_exists('channel_pageflags',$arr['channel']) && intval($arr['channel']['channel_pageflags'])) { // Several pageflags are site-specific and cannot be sync'd. - // Only allow those bits which are shareable from the remote and then + // Only allow those bits which are shareable from the remote and then // logically OR with the local flags $arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] & (PAGE_HIDDEN|PAGE_AUTOCONNECT|PAGE_APPLICATION|PAGE_PREMIUM|PAGE_ADULT); @@ -562,7 +562,7 @@ class Libsync { // our group list is already synchronised if($x) { foreach($x as $y) { - + // for each group, loop on members list we just received if(isset($y['hash']) && isset($members[$y['hash']])) { foreach($members[$y['hash']] as $member) { @@ -574,9 +574,9 @@ class Libsync { ); if($z) $found = true; - + // if somebody is in the group that wasn't before - add them - + if(! $found) { q("INSERT INTO pgrp_member (uid, gid, xchan) VALUES( %d, %d, '%s' ) ", @@ -587,7 +587,7 @@ class Libsync { } } } - + // now retrieve a list of members we have on this site $m = q("select xchan from pgrp_member where gid = %d and uid = %d", intval($y['id']), @@ -615,7 +615,7 @@ class Libsync { $disallowed = array('id','aid','uid','guid'); foreach($arr['profile'] as $profile) { - + $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']) @@ -628,7 +628,7 @@ class Libsync { 'profile_guid' => $profile['profile_guid'], ] ); - + $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']) @@ -713,7 +713,7 @@ class Libsync { if($arr['locations']) { if($absolute) - self::check_location_move($sender['hash'],$arr['locations']); + Libzot::check_location_move($sender['hash'],$arr['locations']); $xisting = q("select * from hubloc where hubloc_hash = '%s'", dbesc($sender['hash']) @@ -775,14 +775,14 @@ class Libsync { ); if($r) { logger('Hub exists: ' . $location['url'], LOGGER_DEBUG); - + // update connection timestamp if this is the site we're talking to // This only happens when called from import_xchan $current_site = false; $t = datetime_convert('UTC','UTC','now - 15 minutes'); - + if(array_key_exists('site',$arr) && $location['url'] == $arr['site']['url']) { q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d and hubloc_connected < '%s'", dbesc(datetime_convert()), @@ -903,12 +903,14 @@ class Libsync { $changed = true; if($location['primary']) { - $r = q("select * from hubloc where hubloc_addr = '%s' and hubloc_sitekey = '%s' limit 1", + $r = q("select * from hubloc where hubloc_addr = '%s' and hubloc_sitekey = '%s'", dbesc($location['address']), dbesc($location['sitekey']) ); - if($r) - hubloc_change_primary($r[0]); + if($r) { + $r = Libzot::zot_record_preferred($r); + hubloc_change_primary($r); + } } } diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index f0fe3ab24..972ebe0e9 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -1489,9 +1489,9 @@ class Libzot { $DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>'); if(($act) && ($act->obj) && (! is_array($act->obj))) { - // The initial object fetch failed using the sys channel credentials. + // The initial object fetch failed using the sys channel credentials. // Try again using the delivery channel credentials. - // We will also need to re-parse the $item array, + // We will also need to re-parse the $item array, // but preserve any values that were set during anonymous parsing. $o = Activity::fetch($act->obj,$channel); @@ -1505,7 +1505,7 @@ class Libzot { $result[] = $DR->get(); continue; } - } + } /** * We need to block normal top-level message delivery from our clones, as the delivered @@ -1634,7 +1634,7 @@ class Libzot { // have the copy and we don't want the request to loop. // Also don't do this if this comment came from a conversation request packet. // It's possible that comments are allowed but posting isn't and that could - // cause a conversation fetch loop. + // cause a conversation fetch loop. // We'll also check the send_stream permission - because if it isn't allowed, // the top level post is unlikely to be imported and // this is just an exercise in futility. @@ -2295,7 +2295,7 @@ class Libzot { * * @see import_directory_profile() * - * @param string $sender + * @param string $sender * @param array $arr * @param array $deliveries (unused) * @return void @@ -2316,7 +2316,7 @@ class Libzot { /** * @brief * - * @param string $sender + * @param string $sender * @param array $arr * @param array $deliveries (unused) deliveries is irrelevant * @return void diff --git a/Zotlabs/Module/Attach_edit.php b/Zotlabs/Module/Attach_edit.php new file mode 100644 index 000000000..5880d8f13 --- /dev/null +++ b/Zotlabs/Module/Attach_edit.php @@ -0,0 +1,203 @@ +<?php +namespace Zotlabs\Module; +/** + * @file Zotlabs/Module/Attach_edit.php + * + */ + +use App; +use Zotlabs\Web\Controller; +use Zotlabs\Lib\Libsync; +use Zotlabs\Access\AccessList; + +class Attach_edit extends Controller { + + function post() { + + if (!local_channel() && !remote_channel()) { + return; + } + + $attach_ids = ((x($_POST, 'attach_ids')) ? $_POST['attach_ids'] : []); + $attach_id = ((x($_POST, 'attach_id')) ? intval($_POST['attach_id']) : 0); + $channel_id = ((x($_POST, 'channel_id')) ? intval($_POST['channel_id']) : 0); + $dnd = ((x($_POST, 'dnd')) ? intval($_POST['dnd']) : 0); + $permissions = ((x($_POST, 'permissions')) ? intval($_POST['permissions']) : 0); + $return_path = ((x($_POST, 'return_path')) ? notags($_POST['return_path']) : 'cloud'); + $delete = ((x($_POST, 'delete')) ? intval($_POST['delete']) : 0); + $newfolder = ((x($_POST, 'newfolder_' . $attach_id)) ? notags($_POST['newfolder_' . $attach_id]) : ''); + if(! $newfolder) + $newfolder = ((x($_POST, 'newfolder')) ? notags($_POST['newfolder']) : ''); + $newfilename = ((x($_POST, 'newfilename_' . $attach_id)) ? notags($_POST['newfilename_' . $attach_id]) : ''); + $recurse = ((x($_POST, 'recurse_' . $attach_id)) ? intval($_POST['recurse_' . $attach_id]) : 0); + if(! $recurse) + $recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0); + $notify = ((x($_POST, 'notify_edit_' . $attach_id)) ? intval($_POST['notify_edit_' . $attach_id]) : 0); + $copy = ((x($_POST, 'copy_' . $attach_id)) ? intval($_POST['copy_' . $attach_id]) : 0); + if(! $copy) + $copy = ((x($_POST, 'copy')) ? intval($_POST['copy']) : 0); + + $categories = ((x($_POST, 'categories_' . $attach_id)) ? notags($_POST['categories_' . $attach_id]) : ''); + if(! $categories) + $categories = ((x($_POST, 'categories')) ? notags($_POST['categories']) : ''); + + if($attach_id) + $attach_ids[] = $attach_id; + + $single = ((count($attach_ids) === 1) ? true : false); + + $channel = channelx_by_n($channel_id); + + if (! $channel) { + notice(t('Channel not found.') . EOL); + return; + } + + $nick = $channel['channel_address']; + $observer = App::get_observer(); + $observer_hash = (($observer) ? $observer['xchan_hash'] : ''); + $is_owner = ((local_channel() == $channel_id) ? true : false); + + $ids_str = implode(',', $attach_ids); + + $r = q("SELECT id, uid, hash, creator, folder, filename, is_photo, is_dir FROM attach WHERE id IN ( %s ) AND uid = %d", + dbesc($ids_str), + intval($channel_id) + ); + + if (! $r) { + notice(t('File not found.') . EOL); + return; + } + + foreach ($r as $rr) { + $actions_done = ''; + $attach_id = $rr['id']; + $resource = $rr['hash']; + $creator = $rr['creator']; + $folder = $rr['folder']; + $filename = $rr['filename']; + $is_photo = intval($rr['is_photo']); + $is_dir = intval($rr['is_dir']); + $admin_delete = false; + + $is_creator = (($creator == $observer_hash) ? true : false); + $move = ((! $copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false); + + $perms = get_all_perms($channel_id, $observer_hash); + + if (! ($perms['view_storage'] || is_site_admin())) { + notice( t('Permission denied.') . EOL); + continue; + } + + if (! $perms['write_storage']) { + if (is_site_admin()) { + $admin_delete = true; + } + else { + notice( t('Permission denied.') . EOL); + continue; + } + } + + if (!$is_owner && !$admin_delete) { + if(! $is_creator) { + notice( t('Permission denied.') . EOL); + continue; + } + } + + if ($delete) { + attach_delete($channel_id, $resource, $is_photo); + $actions_done .= 'delete,'; + } + + if ($copy) { + if($is_dir && $resource == $newfolder) { + notice( t('Can not copy folder into itself.') . EOL); + continue; + } + $x = attach_copy($channel_id, $resource, $newfolder, (($single) ? $newfilename : '')); + if ($x['success']) + $resource = $x['resource_id']; + + $actions_done .= 'copy,'; + + } + + if ($move) { + if($is_dir && $resource == $newfolder) { + notice( sprintf(t('Can not move folder "%s" into itself.'), $filename) . EOL); + continue; + } + $x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : '')); + + $actions_done .= 'move,'; + + } + + if(! $delete && ! $dnd) { + if ($single || (! $single && $categories)) { + q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d", + intval($channel_id), + intval($attach_id), + intval(TERM_OBJ_FILE) + ); + $cat = explode(',', $categories); + if ($cat) { + foreach($cat as $term) { + $term = trim(escape_tags($term)); + if ($term) { + $term_link = z_root() . '/cloud/' . $nick . '/?cat=' . $term; + store_item_tag($channel_id, $attach_id, TERM_OBJ_FILE, TERM_CATEGORY, $term, $term_link); + } + } + $actions_done .= 'cat_add,'; + } + } + else { + q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d", + intval($channel_id), + intval($attach_id), + intval(TERM_OBJ_FILE) + ); + $actions_done .= 'cat_remove,'; + } + + if ($is_owner && ($single || (! $single && $permissions))) { + $acl = new AccessList($channel); + $acl->set_from_array($_REQUEST); + $x = $acl->get(); + + attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true); + $actions_done .= 'permissions,'; + + if ($notify) { + attach_store_item($channel, $observer, $resource); + $actions_done .= 'notify,'; + } + } + } + + if (! $admin_delete && $actions_done) { + $sync = attach_export_data($channel, $resource, (($delete) ? true : false)); + + if ($sync) { + Libsync::build_sync_packet($channel_id, ['file' => [$sync]]); + } + } + + logger('attach_edit: ' . $actions_done); + + } + + if($dnd || $delete) { + json_return_and_die([ 'success' => true ]); + } + + goaway($return_path); + + } + +} diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index d7d57664c..0f4f4585e 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -5,6 +5,8 @@ use App; use Zotlabs\Lib\Apps; use Zotlabs\Web\Controller; use Zotlabs\Web\HTTPSig; +use Zotlabs\Lib\Libzot; + require_once('include/event.php'); @@ -47,11 +49,12 @@ class Cdav extends Controller { if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { - $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + $r = q("select * from hubloc where hubloc_addr = '%s'", dbesc($keyId) ); if($r) { - $c = channelx_by_hash($r[0]['hubloc_hash']); + $r = Libzot::zot_record_preferred($r); + $c = channelx_by_hash($r['hubloc_hash']); if($c) { $a = q("select * from account where account_id = %d limit 1", intval($c['channel_account_id']) @@ -157,10 +160,10 @@ class Cdav extends Controller { } } - + // Track CDAV updates from remote clients - $httpmethod = $_SERVER['REQUEST_METHOD']; + $httpmethod = $_SERVER['REQUEST_METHOD']; if($httpmethod === 'PUT' || $httpmethod === 'DELETE') { @@ -190,9 +193,9 @@ class Cdav extends Controller { if($x = get_cdav_id($principalUri, explode("/", $httpuri)[4], $cdavtable)) { $cdavdata = $this->get_cdav_data($x['id'], $cdavtable); - + $etag = (isset($_SERVER['HTTP_IF_MATCH']) ? $_SERVER['HTTP_IF_MATCH'] : false); - + // delete if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag) build_sync_packet($channel['channel_id'], [ @@ -762,7 +765,7 @@ class Cdav extends Controller { $cardData = $vcard->serialize(); $carddavBackend->updateCard($id, $uri, $cardData); - + build_sync_packet($channel['channel_id'], [ 'addressbook' => [ 'action' => 'update_card', @@ -804,7 +807,7 @@ class Cdav extends Controller { $src = $_FILES['userfile']['tmp_name']; if($src) { - + $carddata = @file_get_contents($src); if($_REQUEST['c_upload']) { @@ -840,13 +843,13 @@ class Cdav extends Controller { $objects = new \Sabre\VObject\Splitter\VCard($carddata); $profile = \Sabre\VObject\Node::PROFILE_CARDDAV; $backend = new \Sabre\CardDAV\Backend\PDO($pdo); - + $cdavdata = $this->get_cdav_data($id, 'addressbooks'); } - + $ids = []; import_cdav_card($id, $ext, $table, $column, $objects, $profile, $backend, $ids, true); - + build_sync_packet($channel['channel_id'], [ $sync => [ 'action' => 'import', @@ -1013,7 +1016,7 @@ class Cdav extends Controller { $catsenabled = feature_enabled(local_channel(), 'categories'); require_once('include/acl_selectors.php'); - + $accesslist = new \Zotlabs\Access\AccessList($channel); $perm_defaults = $accesslist->get(); @@ -1427,7 +1430,7 @@ class Cdav extends Controller { return; $uri = 'principals/' . $channel['channel_address']; - + $r = q("select * from principals where uri = '%s' limit 1", dbesc($uri) diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index f595e0fac..39ae0f92f 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -8,7 +8,11 @@ namespace Zotlabs\Module; */ use Sabre\DAV as SDAV; -use \Zotlabs\Storage; +use \Zotlabs\Web\Controller; +use \Zotlabs\Storage\BasicAuth; +use \Zotlabs\Storage\Directory; +use \Zotlabs\Storage\Browser; + // composer autoloader for SabreDAV require_once('vendor/autoload.php'); @@ -20,7 +24,7 @@ require_once('include/attach.php'); * @brief Cloud Module. * */ -class Cloud extends \Zotlabs\Web\Controller { +class Cloud extends Controller { /** * @brief Fires up the SabreDAV server. @@ -42,7 +46,7 @@ class Cloud extends \Zotlabs\Web\Controller { - $auth = new \Zotlabs\Storage\BasicAuth(); + $auth = new BasicAuth(); $ob_hash = get_observer_hash(); @@ -72,7 +76,7 @@ class Cloud extends \Zotlabs\Web\Controller { if($x !== \App::$query_string) goaway(z_root() . '/' . $x); - $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth); + $rootDirectory = new Directory('/', [], $auth); // A SabreDAV server-object $server = new SDAV\Server($rootDirectory); @@ -85,7 +89,7 @@ class Cloud extends \Zotlabs\Web\Controller { $is_readable = false; // provide a directory view for the cloud in Hubzilla - $browser = new \Zotlabs\Storage\Browser($auth); + $browser = new Browser($auth); $auth->setBrowserPlugin($browser); $server->addPlugin($browser); @@ -105,13 +109,13 @@ class Cloud extends \Zotlabs\Web\Controller { if($browser->build_page) construct_page(); - + killme(); } function DAVException($err) { - + if($err instanceof \Sabre\DAV\Exception\NotFound) { notice( t('Not found') . EOL); } @@ -126,7 +130,7 @@ class Cloud extends \Zotlabs\Web\Controller { } construct_page(); - + killme(); } diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index adab25e45..949b89950 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -51,11 +51,12 @@ class Dav extends \Zotlabs\Web\Controller { if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { - $r = q("select * from hubloc where hubloc_addr = '%s' limit 1", + $r = q("select * from hubloc where hubloc_addr = '%s'", dbesc($keyId) ); if($r) { - $c = channelx_by_hash($r[0]['hubloc_hash']); + $r = Libzot::zot_record_preferred($r); + $c = channelx_by_hash($r['hubloc_hash']); if($c) { $a = q("select * from account where account_id = %d limit 1", intval($c['channel_account_id']) @@ -99,7 +100,7 @@ class Dav extends \Zotlabs\Web\Controller { $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV'); - $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth); + $rootDirectory = new \Zotlabs\Storage\Directory('/', [], $auth); // A SabreDAV server-object $server = new SDAV\Server($rootDirectory); diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php index 1735e9487..6794dceee 100644 --- a/Zotlabs/Module/File_upload.php +++ b/Zotlabs/Module/File_upload.php @@ -11,17 +11,16 @@ require_once('include/photos.php'); class File_upload extends \Zotlabs\Web\Controller { function post() { - logger('file upload: ' . print_r($_REQUEST,true)); logger('file upload: ' . print_r($_FILES,true)); - + $channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null); - + if(! $channel) { logger('channel not found'); killme(); } - + $_REQUEST['source'] = 'file_upload'; if($channel['channel_id'] != local_channel()) { @@ -40,13 +39,11 @@ class File_upload extends \Zotlabs\Web\Controller { $r = attach_mkdir($channel, get_observer_hash(), $_REQUEST); if($r['success']) { $hash = $r['data']['hash']; - $sync = attach_export_data($channel,$hash); if($sync) { Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync))); } - goaway(z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']); - + goaway(z_root() . '/' . $_REQUEST['return_url']); } } else { @@ -54,8 +51,6 @@ class File_upload extends \Zotlabs\Web\Controller { $matches = []; $partial = false; - - if(array_key_exists('HTTP_CONTENT_RANGE',$_SERVER)) { $pm = preg_match('/bytes (\d*)\-(\d*)\/(\d*)/',$_SERVER['HTTP_CONTENT_RANGE'],$matches); if($pm) { @@ -83,7 +78,7 @@ class File_upload extends \Zotlabs\Web\Controller { ]; } } - else { + else { if(! array_key_exists('userfile',$_FILES)) { $_FILES['userfile'] = [ 'name' => $_FILES['files']['name'], @@ -103,8 +98,9 @@ class File_upload extends \Zotlabs\Web\Controller { } } + goaway(z_root() . '/' . $_REQUEST['return_url']); - + } - + } diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php index 0c6233493..0d132e998 100644 --- a/Zotlabs/Module/Filestorage.php +++ b/Zotlabs/Module/Filestorage.php @@ -11,6 +11,9 @@ class Filestorage extends \Zotlabs\Web\Controller { function post() { + notice( t('Deprecated!') . EOL); + return; + $channel_id = ((x($_POST, 'uid')) ? intval($_POST['uid']) : 0); if((! $channel_id) || (! local_channel()) || ($channel_id != local_channel())) { @@ -47,6 +50,9 @@ class Filestorage extends \Zotlabs\Web\Controller { function get() { + notice( t('Deprecated!') . EOL); + return; + if(argc() > 1) $which = argv(1); else { @@ -88,7 +94,7 @@ class Filestorage extends \Zotlabs\Web\Controller { } else { notice( t('Permission denied.') . EOL); - if($json_return) + if($json_return) json_return_and_die([ 'success' => false ]); return; } @@ -102,24 +108,23 @@ class Filestorage extends \Zotlabs\Web\Controller { if(! $r) { notice( t('File not found.') . EOL); - if($json_return) + if($json_return) json_return_and_die([ 'success' => false ]); goaway(z_root() . '/cloud/' . $which); } - if(local_channel() !== $owner) { + if((local_channel() !== $owner) && !$admin_delete) { if($r[0]['creator'] && $r[0]['creator'] !== $ob_hash) { notice( t('Permission denied.') . EOL); - if($json_return) + if($json_return) json_return_and_die([ 'success' => false ]); goaway(z_root() . '/cloud/' . $which); } } - $f = $r[0]; $channel = channelx_by_n($owner); @@ -138,7 +143,7 @@ class Filestorage extends \Zotlabs\Web\Controller { if($json_return) json_return_and_die([ 'success' => true ]); - goaway(dirname($url)); + //goaway(dirname($url)); } diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 2c6e09fa7..f8fc366e0 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -68,7 +68,7 @@ class Import extends \Zotlabs\Web\Controller { notice( t('Nothing to import.') . EOL); return; } else if(strpos($old_address, 'ï¼ ')) { - // if you copy the identity address from your profile page, make it work for convenience - WARNING: this is a utf-8 variant and NOT an ASCII ampersand. Please do not edit. + // if you copy the identity address from your profile page, make it work for convenience - WARNING: this is a utf-8 variant and NOT an ASCII ampersand. Please do not edit. $old_address = str_replace('ï¼ ', '@', $old_address); } @@ -231,7 +231,8 @@ class Import extends \Zotlabs\Web\Controller { 'hubloc_host' => \App::get_hostname(), 'hubloc_callback' => z_root() . '/post', 'hubloc_sitekey' => get_config('system','pubkey'), - 'hubloc_updated' => datetime_convert() + 'hubloc_updated' => datetime_convert(), + 'hubloc_id_url' => channel_url($channel) ] ); @@ -442,7 +443,7 @@ class Import extends \Zotlabs\Web\Controller { if(array_key_exists('abook_instance',$abook) && $abook['abook_instance'] && strpos($abook['abook_instance'],z_root()) === false) { $abook['abook_not_here'] = 1; - } + } if($abook['abook_self']) { $role = get_pconfig($channel['channel_id'],'system','permissions_role'); @@ -584,11 +585,6 @@ class Import extends \Zotlabs\Web\Controller { if(array_key_exists('item_id',$data) && $data['item_id']) import_item_ids($channel,$data['item_id']); - // send out refresh requests - // notify old server that it may no longer be primary. - - \Zotlabs\Daemon\Master::Summon(array('Notifier','location',$channel['channel_id'])); - // This will indirectly perform a refresh_all *and* update the directory \Zotlabs\Daemon\Master::Summon(array('Directory', $channel['channel_id'])); diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 7c438c309..9a120dac1 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -26,17 +26,17 @@ require_once('include/conversation.php'); /** * * This is the POST destination for most all locally posted - * text stuff. This function handles status, wall-to-wall status, - * local comments, and remote coments that are posted on this site + * text stuff. This function handles status, wall-to-wall status, + * local comments, and remote coments that are posted on this site * (as opposed to being delivered in a feed). - * Also processed here are posts and comments coming through the - * statusnet/twitter API. - * All of these become an "item" which is our basic unit of + * Also processed here are posts and comments coming through the + * statusnet/twitter API. + * All of these become an "item" which is our basic unit of * information. - * Posts that originate externally or do not fall into the above - * posting categories go through item_store() instead of this function. + * Posts that originate externally or do not fall into the above + * posting categories go through item_store() instead of this function. * - */ + */ class Item extends Controller { @@ -107,7 +107,7 @@ class Item extends Controller { } $parents_str = ids_to_querystr($i,'item_id'); - + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal order by item.id asc", dbesc($parents_str) ); @@ -285,7 +285,7 @@ class Item extends Controller { // This will change. Figure out who the observer is and whether or not // they have permission to post here. Else ignore the post. - + if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'anonname'))) return; @@ -293,25 +293,25 @@ class Item extends Controller { $channel = null; $observer = null; $datarray = []; - - + + /** * Is this a reply to something? */ - + $parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0); $parent_mid = ((x($_REQUEST,'parent_mid')) ? trim($_REQUEST['parent_mid']) : ''); $mode = (($_REQUEST['conv_mode'] === 'channel') ? 'channel' : 'network'); - + $remote_xchan = ((x($_REQUEST,'remote_xchan')) ? trim($_REQUEST['remote_xchan']) : false); $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($remote_xchan) ); if($r) $remote_observer = $r[0]; - else + else $remote_xchan = $remote_observer = false; - + $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0); require_once('include/channel.php'); @@ -321,7 +321,7 @@ class Item extends Controller { $channel = $sys; $observer = $sys; } - + if(x($_REQUEST,'dropitems')) { require_once('include/items.php'); $arr_drop = explode(',',$_REQUEST['dropitems']); @@ -330,36 +330,36 @@ class Item extends Controller { echo json_encode($json); killme(); } - + call_hooks('post_local_start', $_REQUEST); - + // logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA); - + $api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false); - + $consensus = intval($_REQUEST['consensus']); $nocomment = intval($_REQUEST['nocomment']); $is_poll = ((trim($_REQUEST['poll_answers'][0]) != '' && trim($_REQUEST['poll_answers'][1]) != '') ? true : false); // 'origin' (if non-zero) indicates that this network is where the message originated, - // for the purpose of relaying comments to other conversation members. + // for the purpose of relaying comments to other conversation members. // If using the API from a device (leaf node) you must set origin to 1 (default) or leave unset. // If the API is used from another network with its own distribution - // and deliveries, you may wish to set origin to 0 or false and allow the other + // and deliveries, you may wish to set origin to 0 or false and allow the other // network to relay comments. - - // If you are unsure, it is prudent (and important) to leave it unset. - + + // If you are unsure, it is prudent (and important) to leave it unset. + $origin = (($api_source && array_key_exists('origin',$_REQUEST)) ? intval($_REQUEST['origin']) : 1); - + // To represent message-ids on other networks - this will create an iconfig record - + $namespace = (($api_source && array_key_exists('namespace',$_REQUEST)) ? strip_tags($_REQUEST['namespace']) : ''); $remote_id = (($api_source && array_key_exists('remote_id',$_REQUEST)) ? strip_tags($_REQUEST['remote_id']) : ''); - + $owner_hash = null; - + $message_id = ((x($_REQUEST,'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : ''); $created = ((x($_REQUEST,'created')) ? datetime_convert(date_default_timezone_get(),'UTC',$_REQUEST['created']) : datetime_convert()); $post_id = ((x($_REQUEST,'post_id')) ? intval($_REQUEST['post_id']) : 0); @@ -373,49 +373,49 @@ class Item extends Controller { $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); $obj_type = ((x($_REQUEST,'obj_type')) ? escape_tags($_REQUEST['obj_type']) : ACTIVITY_OBJ_NOTE); - - // allow API to bulk load a bunch of imported items with sending out a bunch of posts. + + // allow API to bulk load a bunch of imported items with sending out a bunch of posts. $nopush = ((x($_REQUEST,'nopush')) ? intval($_REQUEST['nopush']) : 0); - + /* * Check service class limits */ if ($uid && !(x($_REQUEST,'parent')) && !(x($_REQUEST,'post_id'))) { $ret = $this->item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false)); - if (!$ret['success']) { + if (!$ret['success']) { notice( t($ret['message']) . EOL) ; if($api_source) - return ( [ 'success' => false, 'message' => 'service class exception' ] ); - if(x($_REQUEST,'return')) + return ( [ 'success' => false, 'message' => 'service class exception' ] ); + if(x($_REQUEST,'return')) goaway(z_root() . "/" . $return_path ); killme(); } } - + if($pagetitle) { require_once('library/urlify/URLify.php'); $pagetitle = strtolower(\URLify::transliterate($pagetitle)); } - - + + $item_flags = $item_restrict = 0; $expires = NULL_DATE; - + $route = ''; $parent_item = null; $parent_contact = null; $thr_parent = ''; $parid = 0; $r = false; - + if($parent || $parent_mid) { - + if(! x($_REQUEST,'type')) $_REQUEST['type'] = 'net-comment'; - + if($obj_type == ACTIVITY_OBJ_NOTE) $obj_type = ACTIVITY_OBJ_COMMENT; - + if($parent) { $r = q("SELECT * FROM item WHERE id = %d LIMIT 1", intval($parent) @@ -438,7 +438,7 @@ class Item extends Controller { ); } - // if interacting with a pubstream item, + // if interacting with a pubstream item, // create a copy of the parent in your stream if($r[0]['uid'] === $sys['channel_id'] && local_channel()) { @@ -449,8 +449,8 @@ class Item extends Controller { if(! $r) { notice( t('Unable to locate original post.') . EOL); if($api_source) - return ( [ 'success' => false, 'message' => 'invalid post id' ] ); - if(x($_REQUEST,'return')) + return ( [ 'success' => false, 'message' => 'invalid post id' ] ); + if(x($_REQUEST,'return')) goaway(z_root() . "/" . $return_path ); killme(); } @@ -461,15 +461,15 @@ class Item extends Controller { $parent = $r[0]['id']; // multi-level threading - preserve the info but re-parent to our single level threading - + $thr_parent = $parent_mid; - + $route = $parent_item['route']; - + } $moderated = false; - + if(! $observer) { $observer = \App::get_observer(); if(! $observer) { @@ -479,13 +479,13 @@ class Item extends Controller { $remote_xchan = $remote_observer = $observer; } } - } - + } + if(! $observer) { notice( t('Permission denied.') . EOL) ; if($api_source) - return ( [ 'success' => false, 'message' => 'permission denied' ] ); - if(x($_REQUEST,'return')) + return ( [ 'success' => false, 'message' => 'permission denied' ] ); + if(x($_REQUEST,'return')) goaway(z_root() . "/" . $return_path ); killme(); } @@ -499,12 +499,12 @@ class Item extends Controller { if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])==1 ) $can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments'); } - + if(! $can_comment) { notice( t('Permission denied.') . EOL) ; if($api_source) - return ( [ 'success' => false, 'message' => 'permission denied' ] ); - if(x($_REQUEST,'return')) + return ( [ 'success' => false, 'message' => 'permission denied' ] ); + if(x($_REQUEST,'return')) goaway(z_root() . "/" . $return_path ); killme(); } @@ -513,30 +513,30 @@ class Item extends Controller { if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],($webpage) ? 'write_pages' : 'post_wall')) { notice( t('Permission denied.') . EOL) ; if($api_source) - return ( [ 'success' => false, 'message' => 'permission denied' ] ); - if(x($_REQUEST,'return')) + return ( [ 'success' => false, 'message' => 'permission denied' ] ); + if(x($_REQUEST,'return')) goaway(z_root() . "/" . $return_path ); killme(); } } - - + + // is this an edited post? - + $orig_post = null; - + if($namespace && $remote_id) { // It wasn't an internally generated post - see if we've got an item matching this remote service id $i = q("select iid from iconfig where cat = 'system' and k = '%s' and v = '%s' limit 1", dbesc($namespace), - dbesc($remote_id) + dbesc($remote_id) ); if($i) - $post_id = $i[0]['iid']; + $post_id = $i[0]['iid']; } - + $iconfig = null; - + if($post_id) { $i = q("SELECT * FROM item WHERE uid = %d AND id = %d LIMIT 1", intval($profile_uid), @@ -549,8 +549,8 @@ class Item extends Controller { intval($post_id) ); } - - + + if(! $channel) { if($uid && $uid == $profile_uid) { $channel = \App::get_channel(); @@ -564,19 +564,19 @@ class Item extends Controller { $channel = $r[0]; } } - - + + if(! $channel) { logger("mod_item: no channel."); if($api_source) - return ( [ 'success' => false, 'message' => 'no channel' ] ); - if(x($_REQUEST,'return')) + return ( [ 'success' => false, 'message' => 'no channel' ] ); + if(x($_REQUEST,'return')) goaway(z_root() . "/" . $return_path ); killme(); } - + $owner_xchan = null; - + $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($channel['channel_hash']) ); @@ -586,50 +586,50 @@ class Item extends Controller { else { logger("mod_item: no owner."); if($api_source) - return ( [ 'success' => false, 'message' => 'no owner' ] ); - if(x($_REQUEST,'return')) + return ( [ 'success' => false, 'message' => 'no owner' ] ); + if(x($_REQUEST,'return')) goaway(z_root() . "/" . $return_path ); killme(); } - + $walltowall = false; $walltowall_comment = false; - + if($remote_xchan && ! $moderated) $observer = $remote_observer; - + if($observer) { logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG); - + // wall-to-wall detection. // For top-level posts, if the author and owner are different it's a wall-to-wall // For comments, We need to additionally look at the parent and see if it's a wall post that originated locally. - + if($observer['xchan_name'] != $owner_xchan['xchan_name']) { if(($parent_item) && ($parent_item['item_wall'] && $parent_item['item_origin'])) { $walltowall_comment = true; $walltowall = true; } if(! $parent) { - $walltowall = true; + $walltowall = true; } } } - + $acl = new \Zotlabs\Access\AccessList($channel); - $view_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'); + $view_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_stream'); $comment_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments'); - + $public_policy = ((x($_REQUEST,'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($view_policy,true)); if($webpage) $public_policy = ''; if($public_policy) $private = 1; - + if($orig_post) { $private = 0; - // webpages are allowed to change ACLs after the fact. Normal conversation items aren't. + // webpages are allowed to change ACLs after the fact. Normal conversation items aren't. if($webpage) { $acl->set_from_array($_REQUEST); } @@ -641,8 +641,8 @@ class Item extends Controller { if($public_policy || $acl->is_private()) { $private = (($private) ? $private : 1); - } - + } + $location = $orig_post['location']; $coord = $orig_post['coord']; $verb = $orig_post['verb']; @@ -651,7 +651,7 @@ class Item extends Controller { $summary = trim($_REQUEST['summary']); $body = trim($_REQUEST['body']); $item_flags = $orig_post['item_flags']; - + $item_origin = $orig_post['item_origin']; $item_unseen = $orig_post['item_unseen']; $item_starred = $orig_post['item_starred']; @@ -675,16 +675,16 @@ class Item extends Controller { $item_delayed = $orig_post['item_delayed']; $item_pending_remove = $orig_post['item_pending_remove']; $item_blocked = $orig_post['item_blocked']; - - - + + + $postopts = $orig_post['postopts']; $created = $orig_post['created']; $expires = $orig_post['expires']; $mid = $orig_post['mid']; $parent_mid = $orig_post['parent_mid']; $plink = $orig_post['plink']; - + } else { if(! $walltowall) { @@ -695,18 +695,18 @@ class Item extends Controller { $acl->set_from_array($_REQUEST); } elseif(! $api_source) { - + // if no ACL has been defined and we aren't using the API, the form // didn't send us any parameters. This means there's no ACL or it has // been reset to the default audience. // If $api_source is set and there are no ACL parameters, we default // to the channel permissions which were set in the ACL contructor. - + $acl->set(array('allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '')); } } - - + + $location = notags(trim($_REQUEST['location'])); $coord = notags(trim($_REQUEST['coord'])); $verb = notags(trim($_REQUEST['verb'])); @@ -716,12 +716,12 @@ class Item extends Controller { $body .= trim($_REQUEST['attachment']); $postopts = ''; - $allow_empty = ((array_key_exists('allow_empty',$_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0); + $allow_empty = ((array_key_exists('allow_empty',$_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0); $private = (($private) ? $private : intval($acl->is_private() || ($public_policy))); - + // If this is a comment, set the permissions from the parent. - + if($parent_item) { $acl->set($parent_item); $private = intval($acl->is_private() || $parent_item['item_private']); @@ -729,21 +729,21 @@ class Item extends Controller { $owner_hash = $parent_item['owner_xchan']; $webpage = $parent_item['item_type']; } - + if((! $allow_empty) && (! strlen($body))) { if($preview) killme(); info( t('Empty post discarded.') . EOL ); if($api_source) - return ( [ 'success' => false, 'message' => 'no content' ] ); - if(x($_REQUEST,'return')) + return ( [ 'success' => false, 'message' => 'no content' ] ); + if(x($_REQUEST,'return')) goaway(z_root() . "/" . $return_path ); killme(); } } - - - + + + if(feature_enabled($profile_uid,'content_expire')) { if(x($_REQUEST,'expire')) { $expires = datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expire']); @@ -756,16 +756,16 @@ class Item extends Controller { $mimetype = notags(trim($_REQUEST['mimetype'])); if(! $mimetype) $mimetype = 'text/bbcode'; - - $execflag = ((intval($uid) == intval($profile_uid) + + $execflag = ((intval($uid) == intval($profile_uid) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false); if($preview) { $summary = z_input_filter($summary,$mimetype,$execflag); $body = z_input_filter($body,$mimetype,$execflag); } - + $arr = [ 'profile_uid' => $profile_uid, 'summary' => $summary, 'content' => $body, 'mimetype' => $mimetype ]; call_hooks('post_content',$arr); @@ -773,7 +773,7 @@ class Item extends Controller { $body = $arr['content']; $mimetype = $arr['mimetype']; - + $gacl = $acl->get(); $str_contact_allow = $gacl['allow_cid']; $str_group_allow = $gacl['allow_gid']; @@ -784,7 +784,7 @@ class Item extends Controller { $groupww = false; // if this is a wall-to-wall post to a group, turn it into a direct message - + $role = get_pconfig($profile_uid,'system','permissions_role'); $rolesettings = PermissionRoles::role_perms($role); @@ -793,19 +793,19 @@ class Item extends Controller { $is_group = (($channel_type === 'group') ? true : false); - if (($is_group) && ($walltowall) && (! $walltowall_comment)) { + if (($is_group) && ($walltowall) && (! $walltowall_comment)) { $groupww = true; $str_contact_allow = $owner_xchan['xchan_hash']; $str_group_allow = ''; } $post_tags = []; - + if($mimetype === 'text/bbcode') { - - require_once('include/text.php'); - - + + require_once('include/text.php'); + + // BBCODE alert: the following functions assume bbcode input // and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) // we may need virtual or template classes to implement the possible alternatives @@ -819,31 +819,31 @@ class Item extends Controller { $body_content = preg_replace("/\[summary\](.*?)\[\/summary\]/ism", '',$body); $body = trim($body_content); } - + $summary = cleanup_bbcode($summary); $body = cleanup_bbcode($body); - + // Look for tags and linkify them $results = linkify_tags($summary, ($uid) ? $uid : $profile_uid); $results = linkify_tags($body, ($uid) ? $uid : $profile_uid); if($results) { - + // Set permissions based on tag replacements set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $parent_item, $private); - + foreach($results as $result) { $success = $result['success']; if($success['replaced']) { $post_tags[] = array( - 'uid' => $profile_uid, + 'uid' => $profile_uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url'] - ); + ); } } @@ -854,10 +854,10 @@ class Item extends Controller { $private = 2; } - + /** * - * When a photo was uploaded into the message using the (profile wall) ajax + * When a photo was uploaded into the message using the (profile wall) ajax * uploader, The permissions are initially set to disallow anybody but the * owner from seeing it. This is because the permissions may not yet have been * set for the post. If it's private, the photo permissions should be set @@ -867,27 +867,27 @@ class Item extends Controller { * * If the post was end-to-end encrypted we can't find images and attachments in the body, * use our media_str input instead which only contains these elements - but only do this - * when encrypted content exists because the photo/attachment may have been removed from + * when encrypted content exists because the photo/attachment may have been removed from * the post and we should keep it private. If it's encrypted we have no way of knowing - * so we'll set the permissions regardless and realise that the media may not be - * referenced in the post. + * so we'll set the permissions regardless and realise that the media may not be + * referenced in the post. * */ - + if(! $preview) { fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - + fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($summary,'[/crypt]')) ? $_POST['media_str'] : $summary),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - + } - - + + $attachments = ''; $match = false; - + if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { $attachments = array(); $i = 0; @@ -910,10 +910,9 @@ class Item extends Controller { } } - if(preg_match_all('/(\[share=(.*?)\](.*?)\[\/share\])/',$body,$match)) { - // process share by id + // process share by id $i = 0; foreach($match[2] as $mtch) { @@ -922,11 +921,11 @@ class Item extends Controller { $i++; } } - + } - + // BBCODE end alert - + if(strlen($categories)) { $cats = explode(',',$categories); @@ -943,15 +942,15 @@ class Item extends Controller { } $post_tags[] = array( - 'uid' => $profile_uid, + 'uid' => $profile_uid, 'ttype' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), 'url' => $catlink - ); + ); } } - + if($orig_post) { // preserve original tags $t = q("select * from term where oid = %d and otype = %d and uid = %d and ttype in ( %d, %d, %d )", @@ -965,26 +964,26 @@ class Item extends Controller { if($t) { foreach($t as $t1) { $post_tags[] = array( - 'uid' => $profile_uid, + 'uid' => $profile_uid, 'ttype' => $t1['ttype'], 'otype' => TERM_OBJ_POST, 'term' => $t1['term'], 'url' => $t1['url'], - ); + ); } } - } - - + } + + $item_unseen = ((local_channel() != $profile_uid) ? 1 : 0); $item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0); $item_origin = (($origin) ? 1 : 0); $item_consensus = (($consensus) ? 1 : 0); $item_nocomment = (($nocomment) ? 1 : 0); - - + + // determine if this is a wall post - + if($parent) { $item_wall = $parent_item['item_wall']; } @@ -993,20 +992,20 @@ class Item extends Controller { $item_wall = 1; } } - - + + if($moderated) $item_blocked = ITEM_MODERATED; - - + + if(! strlen($verb)) $verb = ACTIVITY_POST ; - + $notify_type = (($parent) ? 'comment-new' : 'wall-new' ); - + if(! $mid) { $uuid = (($message_id) ? $message_id : item_message_id()); - $mid = z_root() . '/item/' . $uuid; + $mid = z_root() . '/item/' . $uuid; } @@ -1034,23 +1033,23 @@ class Item extends Controller { if(! $parent_mid) { $parent_mid = $mid; } - + if($parent_item) $parent_mid = $parent_item['mid']; // Fallback so that we alway have a thr_parent - + if(!$thr_parent) $thr_parent = $mid; - + $item_thread_top = ((! $parent) ? 1 : 0); - + // fix permalinks for cards - + if($webpage == ITEM_TYPE_CARD) { $plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : $uuid); } @@ -1138,27 +1137,27 @@ class Item extends Controller { $datarray['item_unpublished'] = intval($item_unpublished); $datarray['item_delayed'] = intval($item_delayed); $datarray['item_pending_remove'] = intval($item_pending_remove); - $datarray['item_blocked'] = intval($item_blocked); + $datarray['item_blocked'] = intval($item_blocked); $datarray['layout_mid'] = $layout_mid; $datarray['public_policy'] = $public_policy; - $datarray['comment_policy'] = map_scope($comment_policy); + $datarray['comment_policy'] = map_scope($comment_policy); $datarray['term'] = array_unique($post_tags, SORT_REGULAR); $datarray['plink'] = $plink; $datarray['route'] = $route; // A specific ACL over-rides public_policy completely - + if(! empty_acl($datarray)) $datarray['public_policy'] = ''; if($iconfig) $datarray['iconfig'] = $iconfig; - + // preview mode - prepare the body for display and send it via json - + if($preview) { require_once('include/conversation.php'); - + $datarray['owner'] = $owner_xchan; $datarray['author'] = $observer; $datarray['attach'] = json_encode($datarray['attach']); @@ -1169,45 +1168,45 @@ class Item extends Controller { } if($orig_post) $datarray['edit'] = true; - + // suppress duplicates, *unless* you're editing an existing post. This could get picked up // as a duplicate if you're editing it very soon after posting it initially and you edited - // some attribute besides the content, such as title or categories. + // some attribute besides the content, such as title or categories. if(feature_enabled($profile_uid,'suppress_duplicates') && (! $orig_post)) { - + $z = q("select created from item where uid = %d and created > %s - INTERVAL %s and body = '%s' limit 1", intval($profile_uid), db_utcnow(), db_quoteinterval('2 MINUTE'), dbesc($body) ); - + if($z) { $datarray['cancel'] = 1; notice( t('Duplicate post suppressed.') . EOL); logger('Duplicate post. Faking plugin cancel.'); } } - + call_hooks('post_local',$datarray); - + if(x($datarray,'cancel')) { logger('mod_item: post cancelled by plugin or duplicate suppressed.'); if($return_path) goaway(z_root() . "/" . $return_path); if($api_source) - return ( [ 'success' => false, 'message' => 'operation cancelled' ] ); + return ( [ 'success' => false, 'message' => 'operation cancelled' ] ); $json = array('cancel' => 1); $json['reload'] = z_root() . '/' . $_REQUEST['jsreload']; echo json_encode($json); killme(); } - - + + if(mb_strlen($datarray['title']) > 191) $datarray['title'] = mb_substr($datarray['title'],0,191); - + if($webpage) { IConfig::Set($datarray,'system', webpage_to_namespace($webpage), (($pagetitle) ? $pagetitle : basename($datarray['mid'])), true); @@ -1220,20 +1219,20 @@ class Item extends Controller { if($orig_post) { $datarray['id'] = $post_id; - + $x = item_store_update($datarray,$execflag); - + // We only need edit activities for other federated protocols - // which do not support edits natively. While this does federate + // which do not support edits natively. While this does federate // edits, it presents a number of issues locally - such as #757 and #758. // The SQL check for an edit activity would not perform that well so to fix these issues - // requires an additional item flag (perhaps 'item_edit_activity') that we can add to the + // requires an additional item flag (perhaps 'item_edit_activity') that we can add to the // query for searches and notifications. - // For now we'll just forget about trying to make edits work on network protocols that - // don't support them. + // For now we'll just forget about trying to make edits work on network protocols that + // don't support them. - // item_create_edit_activity($x); + // item_create_edit_activity($x); if(! $parent) { $r = q("select * from item where id = %d", @@ -1247,7 +1246,7 @@ class Item extends Controller { } if(! $nopush) Master::Summon([ 'Notifier', 'edit_post', $post_id ]); - + if($api_source) return($x); @@ -1260,18 +1259,18 @@ class Item extends Controller { } else $post_id = 0; - + $post = item_store($datarray,$execflag); - + $post_id = $post['item_id']; $datarray = $post['item']; if($post_id) { logger('mod_item: saved item ' . $post_id); - + if($parent) { - + // prevent conversations which you are involved from being expired if(local_channel()) @@ -1279,7 +1278,7 @@ class Item extends Controller { // only send comment notification if this is a wall-to-wall comment, // otherwise it will happen during delivery - + if(($datarray['owner_xchan'] != $datarray['author_xchan']) && (intval($parent_item['item_wall']))) { Enotify::submit(array( 'type' => NOTIFY_COMMENT, @@ -1292,12 +1291,12 @@ class Item extends Controller { 'parent' => $parent, 'parent_mid' => $parent_item['mid'] )); - + } } else { $parent = $post_id; - + if(($datarray['owner_xchan'] != $datarray['author_xchan']) && ($datarray['item_type'] == ITEM_TYPE_POST)) { Enotify::submit(array( 'type' => NOTIFY_WALL, @@ -1309,7 +1308,7 @@ class Item extends Controller { 'otype' => 'item' )); } - + if($uid && $uid == $profile_uid && (is_item_normal($datarray))) { q("update channel set channel_lastpost = '%s' where channel_id = %d", dbesc(datetime_convert()), @@ -1317,11 +1316,11 @@ class Item extends Controller { ); } } - + // photo comments turn the corresponding item visible to the profile wall // This way we don't see every picture in your new photo album posted to your wall at once. // They will show up as people comment on them. - + if(intval($parent_item['item_hidden'])) { $r = q("UPDATE item SET item_hidden = 0 WHERE id = %d", intval($parent_item['id']) @@ -1337,7 +1336,7 @@ class Item extends Controller { return ( [ 'success' => false, 'message' => 'system error' ] ); killme(); } - + if(($parent == $post_id) || ($datarray['item_private'] == 1)) { $r = q("select * from item where id = %d", intval($post_id) @@ -1348,10 +1347,10 @@ class Item extends Controller { Libsync::build_sync_packet($profile_uid,array('item' => array(encode_item($sync_item[0],true)))); } } - + $datarray['id'] = $post_id; $datarray['llink'] = z_root() . '/display/' . gen_link_id($datarray['mid']); - + call_hooks('post_local_end', $datarray); if ($groupww) { @@ -1360,18 +1359,18 @@ class Item extends Controller { if(! $nopush) Master::Summon([ 'Notifier', $notify_type, $post_id ]); - + logger('post_complete'); if($moderated) { info(t('Your comment is awaiting approval.') . EOL); } - + // figure out how to return, depending on from whence we came - + if($api_source) return $post; - + if($return_path) { goaway(z_root() . "/" . $return_path); } @@ -1382,7 +1381,7 @@ class Item extends Controller { $item[] = $datarray; $item[0]['owner'] = $owner_xchan; $item[0]['author'] = $observer; - $item[0]['attach'] = json_encode($datarray['attach']); + $item[0]['attach'] = $datarray['attach']; $json = [ 'success' => 1, @@ -1392,29 +1391,29 @@ class Item extends Controller { if(x($_REQUEST,'jsreload') && strlen($_REQUEST['jsreload'])) $json['reload'] = z_root() . '/' . $_REQUEST['jsreload']; - + logger('post_json: ' . print_r($json,true), LOGGER_DEBUG); - + echo json_encode($json); killme(); // NOTREACHED } - - + + function get() { - + if((! local_channel()) && (! remote_channel())) return; - + if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) { - + require_once('include/items.php'); $i = q("select id, uid, item_origin, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1", intval(argv(2)) ); - + if($i) { $can_delete = false; $local_delete = false; @@ -1422,14 +1421,14 @@ class Item extends Controller { if(local_channel() && local_channel() == $i[0]['uid']) { $local_delete = true; } - + $ob_hash = get_observer_hash(); if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) { $can_delete = true; } // The site admin can delete any post/item on the site. - // If the item originated on this site+channel the deletion will propagate downstream. + // If the item originated on this site+channel the deletion will propagate downstream. // Otherwise just the local copy is removed. if(is_site_admin()) { @@ -1443,11 +1442,11 @@ class Item extends Controller { notice( t('Permission denied.') . EOL); return; } - + // if this is a different page type or it's just a local delete // but not by the item author or owner, do a simple deletion - $complex = false; + $complex = false; if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) { drop_item($i[0]['id']); @@ -1473,15 +1472,15 @@ class Item extends Controller { } } } - - - + + + function item_check_service_class($channel_id,$iswebpage) { $ret = array('success' => false, 'message' => ''); - + if ($iswebpage) { - $r = q("select count(i.id) as total from item i - right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id ) + $r = q("select count(i.id) as total from item i + right join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id ) and i.parent=i.id and i.item_type = %d and i.item_deleted = 0 and i.uid= %d ", intval(ITEM_TYPE_WEBPAGE), intval($channel_id) @@ -1492,11 +1491,11 @@ class Item extends Controller { intval($channel_id) ); } - + if(! $r) { $ret['message'] = t('Unable to obtain post information from database.'); return $ret; - } + } if (!$iswebpage) { $max = engr_units_to_bytes(service_class_fetch($channel_id,'total_items')); @@ -1510,13 +1509,13 @@ class Item extends Controller { if(! service_class_allows($channel_id,'total_pages',$r[0]['total'])) { $result['message'] .= upgrade_message() . sprintf( t('You have reached your limit of %1$.0f webpages.'),$max); return $result; - } + } } - + $ret['success'] = true; return $ret; } - + function extract_bb_poll_data(&$body,$item) { $multiple = false; @@ -1550,7 +1549,7 @@ class Item extends Controller { } $matches = null; - + if (preg_match('/\[question=multiple\](.*?)\[\/question\]/ism',$body,$matches)) { $obj['content'] = bbcode($matches[1]); $body = str_replace('[question=multiple]' . $matches[1] . '[/question]', $matches[1], $body); @@ -1558,7 +1557,7 @@ class Item extends Controller { } $matches = null; - + if (preg_match('/\[ends\](.*?)\[\/ends\]/ism',$body,$matches)) { $obj['endTime'] = datetime_convert(date_default_timezone_get(),'UTC', $matches[1],ATOM_TIME); $body = str_replace('[ends]' . $matches[1] . '[/ends]', EMPTY_STR, $body); diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php index 8c8519c57..11c781df0 100644 --- a/Zotlabs/Module/Lockview.php +++ b/Zotlabs/Module/Lockview.php @@ -19,22 +19,22 @@ class Lockview extends \Zotlabs\Web\Controller { } } } - + $type = ((argc() > 1) ? argv(1) : 0); if (is_numeric($type)) { $item_id = intval($type); $type='item'; - } + } else { $item_id = ((argc() > 2) ? intval(argv(2)) : 0); } - + if(! $item_id) killme(); - + if (! in_array($type, array('item', 'photo', 'attach', 'event', 'menu_item', 'chatroom'))) killme(); - + // we have different naming in in menu_item table and chatroom table switch($type) { case 'menu_item': @@ -47,17 +47,17 @@ class Lockview extends \Zotlabs\Web\Controller { $id = 'id'; break; } - + $r = q("SELECT * FROM %s WHERE $id = %d LIMIT 1", dbesc($type), intval($item_id) ); - + if(! $r) killme(); - + $item = $r[0]; - + //we have different naming in in menu_item table and chatroom table switch($type) { case 'menu_item': @@ -70,37 +70,37 @@ class Lockview extends \Zotlabs\Web\Controller { $uid = $item['uid']; break; } - + if($uid != local_channel()) { echo '<div class="dropdown-item">' . t('Remote privacy information not available.') . '</div>'; killme(); } - - if(intval($item['item_private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) + + if(intval($item['item_private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) && (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) { - + // if the post is private, but public_policy is blank ("visible to the internet"), and there aren't any // specific recipients, we're the recipient of a post with "bcc" or targeted recipients; so we'll just show it // as unknown specific recipients. The sender will have the visibility list and will fall through to the // next section. - + echo '<div class="dropdown-item">' . translate_scope((! $item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>'; killme(); } - + $allowed_users = expand_acl($item['allow_cid']); $allowed_groups = expand_acl($item['allow_gid']); $deny_users = expand_acl($item['deny_cid']); $deny_groups = expand_acl($item['deny_gid']); - + $o = '<div class="dropdown-item">' . t('Visible to:') . '</div>'; $l = array(); - + stringify_array_elms($allowed_groups,true); stringify_array_elms($allowed_users,true); stringify_array_elms($deny_groups,true); stringify_array_elms($deny_users,true); - + $profile_groups = []; if($allowed_groups) { @@ -113,24 +113,24 @@ class Lockview extends \Zotlabs\Web\Controller { if(count($profile_groups)) { $r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><b>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</b></div>'; } if(count($allowed_groups)) { $r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $allowed_groups) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><b>' . $rr['gname'] . '</b></div>'; } if(count($allowed_users)) { $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item">' . $rr['xchan_name'] . '</div>'; if($atokens) { foreach($atokens as $at) { - if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) { + if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) { $l[] = '<div class="dropdown-item">' . $at['xchan_name'] . '</div>'; } } @@ -149,7 +149,7 @@ class Lockview extends \Zotlabs\Web\Controller { if(count($profile_groups)) { $r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><b><strike>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</strike></b></div>'; } @@ -158,18 +158,18 @@ class Lockview extends \Zotlabs\Web\Controller { if(count($deny_groups)) { $r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $deny_groups) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><b><strike>' . $rr['gname'] . '</strike></b></div>'; } if(count($deny_users)) { $r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )"); if($r) - foreach($r as $rr) + foreach($r as $rr) $l[] = '<div class="dropdown-item"><strike>' . $rr['xchan_name'] . '</strike></div>'; if($atokens) { foreach($atokens as $at) { - if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) { + if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) { $l[] = '<div class="dropdown-item"><strike>' . $at['xchan_name'] . '</strike></div>'; } } @@ -177,11 +177,11 @@ class Lockview extends \Zotlabs\Web\Controller { } - + echo $o . implode($l); killme(); - - + + } - + } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 561e35754..28c70d168 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -11,9 +11,9 @@ use Zotlabs\Web\Controller; * See spec/OpenWebAuth/Home.md * Requests to this endpoint should be signed using HTTP Signatures * using the 'Authorization: Signature' authentication method - * If the signature verifies a token is returned. + * If the signature verifies a token is returned. * - * This token may be exchanged for an authenticated cookie. + * This token may be exchanged for an authenticated cookie. */ class Owa extends Controller { @@ -31,17 +31,15 @@ class Owa extends Controller { if ($sigblock) { $keyId = $sigblock['keyId']; if ($keyId) { - $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", - dbesc(str_replace('acct:','',$keyId)), + $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash + WHERE hubloc_id_url = '%s'", dbesc($keyId) ); if (! $r) { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if ($found) { - $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", - dbesc(str_replace('acct:','',$keyId)), + $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash + WHERE OR hubloc_id_url = '%s'", dbesc($keyId) ); } @@ -51,16 +49,16 @@ class Owa extends Controller { $verified = HTTPSig::verify(file_get_contents('php://input')); if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) { logger('OWA header: ' . print_r($verified,true),LOGGER_DATA); - logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); + logger('OWA success: ' . $hubloc['hubloc_id_url'],LOGGER_DATA); $ret['success'] = true; $token = random_string(32); - Verify::create('owt',0,$token,$hubloc['hubloc_addr']); + Verify::create('owt',0,$token,$hubloc['hubloc_id_url']); $result = ''; openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); $ret['encrypted_token'] = base64url_encode($result); break; } else { - logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_addr']); + logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']); } } } diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php index f03dae2bf..031270845 100644 --- a/Zotlabs/Module/Rpost.php +++ b/Zotlabs/Module/Rpost.php @@ -10,7 +10,7 @@ require_once('include/zot.php'); /** * remote post - * + * * https://yoursite/rpost?f=&title=&body=&remote_return= * * This can be called via either GET or POST, use POST for long body content as suhosin often limits GET parameter length @@ -20,7 +20,7 @@ require_once('include/zot.php'); * body= Body of post * url= URL which will be parsed and the results appended to the body * source= Source application - * post_id= post_id of post to 'share' (local use only) + * post_id= post_id of post to 'share' (local use only) * remote_return= absolute URL to return after posting is finished * type= choices are 'html' or 'bbcode', default is 'bbcode' * @@ -32,16 +32,16 @@ require_once('include/zot.php'); class Rpost extends \Zotlabs\Web\Controller { function get() { - + $o = ''; - + if(! local_channel()) { if(remote_channel()) { // redirect to your own site. // We can only do this with a GET request so you'll need to keep the text short or risk getting truncated // by the wretched beast called 'suhosin'. All the browsers now allow long GET requests, but suhosin // blocks them. - + $url = get_rpost_path(\App::get_observer()); // make sure we're not looping to our own hub if(($url) && (! stristr($url, \App::get_hostname()))) { @@ -53,10 +53,10 @@ class Rpost extends \Zotlabs\Web\Controller { goaway($url); } } - + // The login procedure is going to bugger our $_REQUEST variables // so save them in the session. - + if(array_key_exists('body',$_REQUEST)) { $_SESSION['rpost'] = $_REQUEST; } @@ -64,14 +64,14 @@ class Rpost extends \Zotlabs\Web\Controller { } nav_set_selected('Post'); - + // If we have saved rpost session variables, but nothing in the current $_REQUEST, recover the saved variables - + if((! array_key_exists('body',$_REQUEST)) && (array_key_exists('rpost',$_SESSION))) { $_REQUEST = $_SESSION['rpost']; unset($_SESSION['rpost']); } - + if(array_key_exists('channel',$_REQUEST)) { $r = q("select channel_id from channel where channel_account_id = %d and channel_address = '%s' limit 1", intval(get_account_id()), @@ -82,7 +82,7 @@ class Rpost extends \Zotlabs\Web\Controller { $change = change_channel($r[0]['channel_id']); } } - + if($_REQUEST['remote_return']) { $_SESSION['remote_return'] = $_REQUEST['remote_return']; } @@ -91,21 +91,27 @@ class Rpost extends \Zotlabs\Web\Controller { goaway($_SESSION['remote_return']); goaway(z_root() . '/network'); } - + $plaintext = true; - + if(array_key_exists('type', $_REQUEST) && $_REQUEST['type'] === 'html') { require_once('include/html2bbcode.php'); - $_REQUEST['body'] = html2bbcode($_REQUEST['body']); + $_REQUEST['body'] = html2bbcode($_REQUEST['body']); } - + $channel = \App::get_channel(); - - - $acl = new \Zotlabs\Access\AccessList($channel); - - $channel_acl = $acl->get(); - + + if($_REQUEST['acl']) { + $acl = new \Zotlabs\Access\AccessList([]); + $acl->set($_REQUEST['acl']); + $channel_acl = $acl->get(); + } + else { + $acl = new \Zotlabs\Access\AccessList($channel); + $channel_acl = $acl->get(); + } + + if($_REQUEST['url']) { $x = z_fetch_url(z_root() . '/linkinfo?f=&url=' . urlencode($_REQUEST['url'])); if($x['success']) @@ -115,7 +121,7 @@ class Rpost extends \Zotlabs\Web\Controller { if($_REQUEST['post_id']) { $_REQUEST['body'] .= '[share=' . intval($_REQUEST['post_id']) . '][/share]'; } - + $x = array( 'is_owner' => true, 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), @@ -137,19 +143,19 @@ class Rpost extends \Zotlabs\Web\Controller { 'bbcode' => true, 'jotnets' => true ); - + $editor = status_editor($a,$x,false,'Rpost'); - + $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( '$title' => t('Edit post'), '$cancel' => '', '$editor' => $editor )); - + return $o; - + } - - - + + + } diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index fde66efcd..7b20e9ddb 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -3,6 +3,7 @@ namespace Zotlabs\Storage; use Sabre\DAV; +use App; /** * @brief Provides a DAV frontend for the webbrowser. @@ -76,49 +77,82 @@ class Browser extends DAV\Browser\Plugin { * @param string $path which should be displayed */ public function generateDirectoryIndex($path) { - // (owner_id = channel_id) is visitor owner of this directory? - $is_owner = ((local_channel() && $this->auth->owner_id == local_channel()) ? true : false); - - if ($this->auth->getTimezone()) - date_default_timezone_set($this->auth->getTimezone()); require_once('include/conversation.php'); require_once('include/text.php'); - if ($this->auth->owner_nick) { - $html = ''; - } - $files = $this->server->getPropertiesForPath($path, array( - '{DAV:}displayname', - '{DAV:}resourcetype', - '{DAV:}getcontenttype', - '{DAV:}getcontentlength', - '{DAV:}getlastmodified', - ), 1); + $nick = $this->auth->owner_nick; + $channel_id = $this->auth->owner_id; + + // Is visitor owner of this directory? + $is_owner = ((local_channel() && $channel_id == local_channel()) ? true : false); + $cat = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : ''); + + if ($this->auth->getTimezone()) { + date_default_timezone_set($this->auth->getTimezone()); + } + $files = $this->server->getPropertiesForPath($path, [], 1); $parent = $this->server->tree->getNodeForPath($path); - $parentpath = array(); - // only show parent if not leaving /cloud/; TODO how to improve this? - if ($path && $path != "cloud") { - list($parentUri) = \Sabre\Uri\split($path); - $fullPath = \Sabre\HTTP\encodePath($this->server->getBaseUri() . $parentUri); + $arr = explode('/', $parent->os_path); + end($arr); + $folder_parent = ((isset($arr[1])) ? prev($arr) : ''); + + $folder_list = attach_folder_select_list($channel_id); + + $siteroot_disabled = get_config('system', 'cloud_disable_siteroot'); + $is_root_folder = (($path === 'cloud/' . $nick) ? true : false); - $parentpath['icon'] = $this->enableAssets ? '<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl('icons/parent' . $this->iconExtension) . '" width="24" alt="' . t('parent') . '"></a>' : ''; - $parentpath['path'] = $fullPath; + $parent_path = ''; + + if ($channel_id && ! $cat && !($siteroot_disabled && $is_root_folder)) { + list($parent_uri) = \Sabre\Uri\split($path); + $parent_path = \Sabre\HTTP\encodePath($this->server->getBaseUri() . $parent_uri); } - $f = array(); + $embedable_video_types = [ + 'video/mp4', + 'video/ogg', + 'video/webm' + ]; + + $embedable_audio_types = [ + 'audio/mpeg', + 'audio/wav', + 'audio/ogg', + 'audio/webm' + ]; + + $f = []; + foreach ($files as $file) { - $ft = array(); + + $ft = []; $type = null; - // This is the current directory, we can skip it - if (rtrim($file['href'], '/') == $path) continue; + $href = rtrim($file['href'], '/'); + + // This is the current directory - skip it + if ($href === $path) + continue; - list(, $name) = \Sabre\Uri\split($file['href']); + $node = $this->server->tree->getNodeForPath($href); + $data = $node->data; + $attach_hash = $data['hash']; + $folder_hash = $node->folder_hash; + + list(, $filename) = \Sabre\Uri\split($href); + + $name = isset($file[200]['{DAV:}displayname']) ? $file[200]['{DAV:}displayname'] : $filename; + $name = $this->escapeHTML($name); + + $size = isset($file[200]['{DAV:}getcontentlength']) ? (int)$file[200]['{DAV:}getcontentlength'] : ''; + + $lastmodified = ((isset($file[200]['{DAV:}getlastmodified'])) ? $file[200]['{DAV:}getlastmodified']->getTime()->format('Y-m-d H:i:s') : ''); if (isset($file[200]['{DAV:}resourcetype'])) { + $type = $file[200]['{DAV:}resourcetype']->getValue(); // resourcetype can have multiple values @@ -128,22 +162,22 @@ class Browser extends DAV\Browser\Plugin { // Some name mapping is preferred switch ($v) { case '{DAV:}collection' : - $type[$k] = t('Collection'); + $type[$k] = 'Collection'; break; case '{DAV:}principal' : - $type[$k] = t('Principal'); + $type[$k] = 'Principal'; break; case '{urn:ietf:params:xml:ns:carddav}addressbook' : - $type[$k] = t('Addressbook'); + $type[$k] = 'Addressbook'; break; case '{urn:ietf:params:xml:ns:caldav}calendar' : - $type[$k] = t('Calendar'); + $type[$k] = 'Calendar'; break; case '{urn:ietf:params:xml:ns:caldav}schedule-inbox' : - $type[$k] = t('Schedule Inbox'); + $type[$k] = 'Schedule Inbox'; break; case '{urn:ietf:params:xml:ns:caldav}schedule-outbox' : - $type[$k] = t('Schedule Outbox'); + $type[$k] = 'Schedule Outbox'; break; case '{http://calendarserver.org/ns/}calendar-proxy-read' : $type[$k] = 'Proxy-Read'; @@ -158,124 +192,167 @@ class Browser extends DAV\Browser\Plugin { // If no resourcetype was found, we attempt to use // the contenttype property - if (!$type && isset($file[200]['{DAV:}getcontenttype'])) { + if (! $type && isset($file[200]['{DAV:}getcontenttype'])) { $type = $file[200]['{DAV:}getcontenttype']; } - if (!$type) $type = t('Unknown'); - $size = isset($file[200]['{DAV:}getcontentlength']) ? (int)$file[200]['{DAV:}getcontentlength'] : ''; - $lastmodified = ((isset($file[200]['{DAV:}getlastmodified'])) ? $file[200]['{DAV:}getlastmodified']->getTime()->format('Y-m-d H:i:s') : ''); - - $fullPath = \Sabre\HTTP\encodePath('/' . trim($this->server->getBaseUri() . ($path ? $path . '/' : '') . $name, '/')); - - $displayName = isset($file[200]['{DAV:}displayname']) ? $file[200]['{DAV:}displayname'] : $name; - - $displayName = $this->escapeHTML($displayName); - $type = $this->escapeHTML($type); - - - $icon = ''; - - if ($this->enableAssets) { - $node = $this->server->tree->getNodeForPath(($path ? $path . '/' : '') . $name); - foreach (array_reverse($this->iconMap) as $class=>$iconName) { - if ($node instanceof $class) { - $icon = '<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl($iconName . $this->iconExtension) . '" alt="" width="24"></a>'; - break; - } - } - } - - $parentHash = ''; - $owner = $this->auth->owner_id; - $splitPath = explode('/', $fullPath); - if (count($splitPath) > 3) { - for ($i = 3; $i < count($splitPath); $i++) { - $attachName = urldecode($splitPath[$i]); - $attachHash = $this->findAttachHash($owner, $parentHash, $attachName); - $parentHash = $attachHash; - } + if (! $type) { + $type = $data['filetype']; } + $type = $this->escapeHTML($type); - // generate preview icons for tile view. + // generate preview icons for tile view. // Currently we only handle images, but this could potentially be extended with plugins - // to provide document and video thumbnails. SVG, PDF and office documents have some + // to provide document and video thumbnails. SVG, PDF and office documents have some // security concerns and should only be allowed on single-user sites with tightly controlled - // upload access. system.thumbnail_security should be set to 1 if you want to include these - // types + // upload access. system.thumbnail_security should be set to 1 if you want to include these + // types $is_creator = false; $photo_icon = ''; $preview_style = intval(get_config('system','thumbnail_security',0)); - $r = q("select content, creator from attach where hash = '%s' and uid = %d limit 1", - dbesc($attachHash), - intval($owner) - ); - - if($r) { - $is_creator = (($r[0]['creator'] === get_observer_hash()) ? true : false); - if(file_exists(dbunescbin($r[0]['content']) . '.thumb')) { - $photo_icon = 'data:image/jpeg;base64,' . base64_encode(file_get_contents(dbunescbin($r[0]['content']) . '.thumb')); -// logger('found thumb: ' . $photo_icon); - } - } + $is_creator = (($data['creator'] === get_observer_hash()) ? true : false); - if(strpos($type,'image/') === 0 && $attachHash) { - $r = q("select resource_id, imgscale from photo where resource_id = '%s' and imgscale in ( %d, %d ) order by imgscale asc limit 1", - dbesc($attachHash), + if(strpos($type,'image/') === 0 && $attach_hash) { + $p = q("select resource_id, imgscale from photo where resource_id = '%s' and imgscale in ( %d, %d ) order by imgscale asc limit 1", + dbesc($attach_hash), intval(PHOTO_RES_320), intval(PHOTO_RES_PROFILE_80) ); - if($r) { - $photo_icon = 'photo/' . $r[0]['resource_id'] . '-' . $r[0]['imgscale']; + if($p) { + $photo_icon = 'photo/' . $p[0]['resource_id'] . '-' . $p[0]['imgscale']; } if($type === 'image/svg+xml' && $preview_style > 0) { - $photo_icon = $fullPath; + $photo_icon = $href; } } - $g = [ 'resource_id' => $attachHash, 'thumbnail' => $photo_icon, 'security' => $preview_style ]; + $g = [ 'resource_id' => $attach_hash, 'thumbnail' => $photo_icon, 'security' => $preview_style ]; call_hooks('file_thumbnail', $g); $photo_icon = $g['thumbnail']; + $lockstate = (($data['allow_cid'] || $data['allow_gid'] || $data['deny_cid'] || $data['deny_gid']) ? 'lock' : 'unlock'); + $id = $data['id']; - $attachIcon = ""; // "<a href=\"attach/".$attachHash."\" title=\"".$displayName."\"><i class=\"fa fa-arrow-circle-o-down\"></i></a>"; + if($id) { + $terms = q("select * from term where oid = %d AND otype = %d", + intval($id), + intval(TERM_OBJ_FILE) + ); + + $categories = []; + $terms_str = ''; + if($terms) { + foreach($terms as $t) { + $term = htmlspecialchars($t['term'],ENT_COMPAT,'UTF-8',false) ; + if(! trim($term)) + continue; + $categories[] = array('term' => $term, 'url' => $t['url']); + if ($terms_str) + $terms_str .= ','; + $terms_str .= $term; + } + $ft['terms'] = replace_macros(get_markup_template('item_categories.tpl'),array( + '$categories' => $categories + )); + } + } // put the array for this file together - $ft['attachId'] = $this->findAttachIdByHash($attachHash); - $ft['fileStorageUrl'] = substr($fullPath, 0, strpos($fullPath, "cloud/")) . "filestorage/" . $this->auth->owner_nick; + $ft['attach_id'] = $id; $ft['icon'] = $icon; $ft['photo_icon'] = $photo_icon; - $ft['attachIcon'] = (($size) ? $attachIcon : ''); - // @todo Should this be an item value, not a global one? $ft['is_owner'] = $is_owner; $ft['is_creator'] = $is_creator; - $ft['fullPath'] = $fullPath; - $ft['displayName'] = $displayName; + $ft['rel_path'] = (($data) ? '/cloud/' . $nick .'/' . $data['display_path'] : $href); + $ft['full_path'] = z_root() . (($data) ? '/cloud/' . $nick .'/' . $data['display_path'] : $href); + $ft['name'] = $name; $ft['type'] = $type; $ft['size'] = $size; - $ft['sizeFormatted'] = userReadableSize($size); - $ft['lastmodified'] = (($lastmodified) ? datetime_convert('UTC', date_default_timezone_get(), $lastmodified) : ''); - $ft['iconFromType'] = getIconFromType($type); + $ft['collection'] = (($type === 'Collection') ? true : false); + $ft['size_formatted'] = userReadableSize($size); + $ft['last_modified'] = (($lastmodified) ? datetime_convert('UTC', date_default_timezone_get(), $lastmodified) : ''); + $ft['icon_from_type'] = getIconFromType($type); + + $ft['allow_cid'] = acl2json($data['allow_cid']); + $ft['allow_gid'] = acl2json($data['allow_gid']); + $ft['deny_cid'] = acl2json($data['deny_cid']); + $ft['deny_gid'] = acl2json($data['deny_gid']); + + $ft['raw_allow_cid'] = $data['allow_cid']; + $ft['raw_allow_gid'] = $data['allow_gid']; + $ft['raw_deny_cid'] = $data['deny_cid']; + $ft['raw_deny_gid'] = $data['deny_gid']; + + $ft['lockstate'] = $lockstate; + $ft['resource'] = $data['hash']; + $ft['folder'] = $data['folder']; + $ft['revision'] = $data['revision']; + $ft['newfilename'] = ['newfilename_' . $id, t('Change filename to'), $name]; + $ft['categories'] = ['categories_' . $id, t('Categories'), $terms_str]; + + // create a copy of the list which we can alter for the current resource + $folders = $folder_list; + if($data['is_dir']) { + // can not copy a folder into itself + unset($folders[$folder_hash]); + } + + $ft['newfolder'] = ['newfolder_' . $id, t('Select a target location'), $data['folder'], '', $folders]; + $ft['copy'] = ['copy_' . $id, t('Copy to target location'), 0, '', [t('No'), t('Yes')]]; + $ft['recurse'] = ['recurse_' . $id, t('Set permissions for all files and sub folders'), 0, '', [t('No'), t('Yes')]]; + $ft['notify'] = ['notify_edit_' . $id, t('Notify your contacts about this file'), 0, '', [t('No'), t('Yes')]]; + + $embed_bbcode = ''; + $link_bbcode = ''; + $attach_bbcode = ''; + + if($data['is_photo']) { + $embed_bbcode = '[zmg]' . $ft['full_path'] . '[/zmg]'; + } + elseif(strpos($type, 'video') === 0 && in_array($type, $embedable_video_types)) { + $embed_bbcode = '[zvideo]' . $ft['full_path'] . '[/zvideo]'; + } + elseif(strpos($type, 'audio') === 0 && in_array($type, $embedable_audio_types)) { + $embed_bbcode = '[zaudio]' . $ft['full_path'] . '[/zaudio]'; + } + $ft['embed_bbcode'] = $embed_bbcode; + + if(! $data['is_dir']) { + $attach_bbcode = '[attachment]' . $data['hash'] . ',' . $data['revision'] . '[/attachment]'; + } + $ft['attach_bbcode'] = $attach_bbcode; + + $link_bbcode = '[zrl]' . $ft['full_path'] . '[/zrl]'; + $ft['link_bbcode'] = $link_bbcode; $f[] = $ft; } - $output = ''; if ($this->enablePost) { - $this->server->emit('onHTMLActionsPanel', array($parent, &$output, $path)); + $this->server->emit('onHTMLActionsPanel', [$parent, &$output, $path]); } $deftiles = (($is_owner) ? 0 : 1); + $tiles = ((array_key_exists('cloud_tiles',$_SESSION)) ? intval($_SESSION['cloud_tiles']) : $deftiles); $_SESSION['cloud_tiles'] = $tiles; - - $html .= replace_macros(get_markup_template('cloud.tpl'), array( - '$header' => t('Files') . ": " . $this->escapeHTML($path) . "/", + + $header = (($cat) ? t('File category') . ": " . $this->escapeHTML($cat) : t('Files')); + + $channel = channelx_by_n($channel_id); + if($channel) { + $acl = new \Zotlabs\Access\AccessList($channel); + $channel_acl = $acl->get(); + $lockstate = (($acl->is_private()) ? 'lock' : 'unlock'); + } + + $html = replace_macros(get_markup_template('cloud.tpl'), array( + '$header' => $header, '$total' => t('Total'), '$actionspanel' => $output, '$shared' => t('Shared'), @@ -284,8 +361,11 @@ class Browser extends DAV\Browser\Plugin { '$is_owner' => $is_owner, '$is_admin' => is_site_admin(), '$admin_delete' => t('Admin Delete'), - '$parentpath' => $parentpath, - '$cpath' => bin2hex(\App::$query_string), + '$parentpath' => $parent_path, + '$folder_parent' => $folder_parent, + '$folder' => $parent->folder_hash, + '$is_root_folder' => $is_root_folder, + '$cpath' => bin2hex(App::$query_string), '$tiles' => intval($_SESSION['cloud_tiles']), '$entries' => $f, '$name' => t('Name'), @@ -293,17 +373,33 @@ class Browser extends DAV\Browser\Plugin { '$size' => t('Size'), '$lastmod' => t('Last Modified'), '$parent' => t('parent'), - '$edit' => t('Edit'), + '$edit' => t('Submit'), '$delete' => t('Delete'), - '$nick' => $this->auth->getCurrentUser() - )); + '$channel_id' => $channel_id, + '$cpdesc' => t('Copy/paste this code to attach file to a post'), + '$cpldesc' => t('Copy/paste this URL to link file from a web page'), + + '$categories' => ['categories', t('Categories')], + '$recurse' => ['recurse', t('Set permissions for all files and sub folders'), 0, '', [t('No'), t('Yes')]], + '$newfolder' => ['newfolder', t('Select a target location'), $parent->folder_hash, '', $folder_list], + '$copy' => ['copy', t('Copy to target location'), 0, '', [t('No'), t('Yes')]], + '$return_path' => $path, + + '$lockstate' => $lockstate, + '$allow_cid' => acl2json($channel_acl['allow_cid']), + '$allow_gid' => acl2json($channel_acl['allow_gid']), + '$deny_cid' => acl2json($channel_acl['deny_cid']), + '$deny_gid' => acl2json($channel_acl['deny_gid']) + + + )); $a = false; nav_set_selected('Files'); - \App::$page['content'] = $html; + App::$page['content'] = $html; load_pdl(); $current_theme = \Zotlabs\Render\Theme::current(); @@ -335,6 +431,7 @@ class Browser extends DAV\Browser\Plugin { // SimpleCollection, we won't need to show the panel either. if (get_class($node) === 'Sabre\\DAV\\SimpleCollection') return; + require_once('include/acl_selectors.php'); $aclselect = null; @@ -387,9 +484,38 @@ class Browser extends DAV\Browser\Plugin { $special = 'cloud/' . $this->auth->owner_nick; $count = strlen($special); + + if(strpos($path,$special) === 0) - $path = trim(substr($path,$count),'/'); + $display_path = trim(substr($path,$count),'/'); + + $breadcrumbs_html = ''; + + if($display_path && ! $_REQUEST['cat']){ + $breadcrumbs = []; + $folders = explode('/', $display_path); + $folder_hashes = explode('/', $node->os_path); + $breadcrumb_path = z_root() . '/cloud/' . $this->auth->owner_nick; + + $breadcrumbs[] = [ + 'name' => $this->auth->owner_nick, + 'hash' => '', + 'path' => $breadcrumb_path + ]; + + foreach($folders as $i => $name) { + $breadcrumb_path .= '/' . $name; + $breadcrumbs[] = [ + 'name' => $name, + 'hash' => $folder_hashes[$i], + 'path' => $breadcrumb_path + ]; + } + $breadcrumbs_html = replace_macros(get_markup_template('breadcrumb.tpl'), array( + '$breadcrumbs' => $breadcrumbs + )); + } $output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array( '$folder_header' => t('Create new folder'), @@ -404,11 +530,11 @@ class Browser extends DAV\Browser\Plugin { '$deny_cid' => acl2json($channel_acl['deny_cid']), '$deny_gid' => acl2json($channel_acl['deny_gid']), '$lockstate' => $lockstate, - '$return_url' => \App::$cmd, - '$path' => $path, - '$folder' => find_folder_hash_by_path($this->auth->owner_id, $path), + '$return_url' => $path, + '$folder' => $node->folder_hash, '$dragdroptext' => t('Drop files here to immediately upload'), - '$notify' => ['notify', t('Show in your contacts shared folder'), 0, '', [t('No'), t('Yes')]] + '$notify' => ['notify', t('Show in your contacts shared folder'), 0, '', [t('No'), t('Yes')]], + '$breadcrumbs_html' => $breadcrumbs_html )); } @@ -453,6 +579,21 @@ class Browser extends DAV\Browser\Plugin { return $hash; } + protected function findAttachHashFlat($owner, $attachName) { + $r = q("SELECT hash FROM attach WHERE uid = %d AND filename = '%s' ORDER BY edited DESC LIMIT 1", + intval($owner), + dbesc($attachName) + ); + $hash = ''; + if ($r) { + foreach ($r as $rr) { + $hash = $rr['hash']; + } + } + + return $hash; + } + /** * @brief Returns an attachment's id for a given hash. * diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php index 1231dfa25..c56ffcbbb 100644 --- a/Zotlabs/Storage/Directory.php +++ b/Zotlabs/Storage/Directory.php @@ -25,7 +25,10 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo * @var string $red_path */ private $red_path; - private $folder_hash; + public $folder_hash; + public $data; + + /** * @brief The full path as seen in the browser. * /cloud + $red_path @@ -41,7 +44,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo * * @var string $os_path */ - private $os_path = ''; + public $os_path = ''; /** * @brief Sets up the directory node, expects a full path. @@ -49,7 +52,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo * @param string $ext_path a full path * @param BasicAuth &$auth_plugin */ - public function __construct($ext_path, &$auth_plugin) { + public function __construct($ext_path, $data, &$auth_plugin) { // $ext_path = urldecode($ext_path); logger('directory ' . $ext_path, LOGGER_DATA); $this->ext_path = $ext_path; @@ -61,6 +64,8 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo } $this->auth = $auth_plugin; $this->folder_hash = ''; + $this->data = $data; + $this->getDir(); if($this->auth->browser) { @@ -116,7 +121,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo $modulename = \App::$module; if ($this->red_path === '/' && $name === $modulename) { - return new Directory('/' . $modulename, $this->auth); + return new Directory('/' . $modulename, [], $this->auth); } $x = $this->FileData($this->ext_path . '/' . $name, $this->auth); @@ -269,8 +274,8 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo dbesc($f), dbesc(datetime_convert()), dbesc(datetime_convert()), - '', - '', + '', + '', dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), @@ -293,7 +298,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo else { $size = file_put_contents($f, $data); } - + // delete attach entry if file_put_contents() failed if ($size === false) { logger('file_put_contents() failed to ' . $f); @@ -374,7 +379,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo $args = array( 'resource_id' => $hash, 'album' => $album, 'os_syspath' => $f, 'os_path' => $xpath['os_path'], 'display_path' => $xpath['path'], 'filename' => $name, 'getimagesize' => $gis, 'directory' => $direct); $p = photo_upload($c[0], \App::get_observer(), $args); } - + \Zotlabs\Daemon\Master::Summon([ 'Thumbnail' , $hash ]); $sync = attach_export_data($c[0], $hash); @@ -402,13 +407,14 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo if ($r) { - // When initiated from DAV, set the 'force' flag on attach_mkdir(). This will cause the operation to report success even if the - // folder already exists. + // When initiated from DAV, set the 'force' flag on attach_mkdir(). This will cause the operation to report success even if the + // folder already exists. require_once('include/attach.php'); $result = attach_mkdir($r[0], $this->auth->observer, array('filename' => $name, 'folder' => $this->folder_hash, 'force' => true)); if($result['success']) { + $sync = attach_export_data($r[0],$result['data']['hash']); logger('createDirectory: attach_export_data returns $sync:' . print_r($sync, true), LOGGER_DEBUG); @@ -476,15 +482,16 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo public function moveInto($targetName,$sourcePath, DAV\INode $sourceNode) { - if(! $this->auth->owner_id) { - return false; - } + $channel_id = $this->auth->owner_id; + // Files have $sourceNode->data['hash'] set. For directories rely on $sourceNode->folder_hash. + $resource_id = ((isset($sourceNode->data['hash'])) ? $sourceNode->data['hash'] : $sourceNode->folder_hash); + $new_folder_hash = $this->folder_hash; - if(! ($sourceNode->data && $sourceNode->data->hash)) { + if(!$channel_id && !$resource_id) return false; - } - return attach_move($this->auth->owner_id, $sourceNode->data->hash, $this->folder_hash); + $ret = attach_move($channel_id, $resource_id, $new_folder_hash); + return $ret['success']; } @@ -515,6 +522,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo $file = trim($file, '/'); $path_arr = explode('/', $file); + if (! $path_arr) return; @@ -609,6 +617,9 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo $file = trim($file, '/'); $path_arr = explode('/', $file); + $cat = $_REQUEST['cat']; + + if (! $path_arr) return null; @@ -679,7 +690,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo $_SESSION['cloud_sort'] = 'name'; switch($_SESSION['cloud_sort']) { - case 'size': + case 'size': $suffix = ' order by is_dir desc, filesize asc '; break; // The following provides inconsistent results for directories because we re-calculate the date for directories based on the most recent change @@ -692,17 +703,34 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo break; } - $r = q("select $prefix id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, created, edited from attach where folder = '%s' and uid = %d $perms $suffix", - dbesc($folder), - intval($channel_id) - ); + if ($cat) { + $r = q("select $prefix attach.id, attach.uid, attach.hash, attach.filename, attach.is_photo, + attach.filetype, attach.filesize, attach.revision, attach.folder, attach.creator, + attach.flags, attach.is_dir, attach.created, attach.edited, attach.display_path, + attach.allow_cid, attach.allow_gid, attach.deny_cid, attach.deny_gid from attach + left join term on attach.id = term.oid + where term.term = '%s' and attach.uid = %d $perms $suffix", + dbesc($cat), + intval($channel_id) + ); + } + else { + $r = q("select $prefix attach.id, attach.uid, attach.hash, attach.filename, attach.is_photo, + attach.filetype, attach.filesize, attach.revision, attach.folder, attach.creator, + attach.flags, attach.is_dir, attach.created, attach.edited, attach.display_path, + attach.allow_cid, attach.allow_gid, attach.deny_cid, attach.deny_gid from attach + where folder = '%s' and uid = %d $perms $suffix", + dbesc($folder), + intval($channel_id) + ); + } foreach ($r as $rr) { if(\App::$module === 'cloud' && (strpos($rr['filename'],'.') === 0) && (! get_pconfig($channel_id,'system','show_dot_files')) ) continue; // @FIXME I don't think we use revisions currently in attach structures. - // In case we see any in the wild provide a unique filename. This + // In case we see any in the wild provide a unique filename. This // name may or may not be accessible if($rr['revision']) @@ -710,13 +738,12 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo //logger('filename: ' . $rr['filename'], LOGGER_DEBUG); if (intval($rr['is_dir'])) { - $ret[] = new Directory($path . '/' . $rr['filename'], $auth); + $ret[] = new Directory($path . '/' . $rr['filename'], $rr, $auth); } else { $ret[] = new File($path . '/' . $rr['filename'], $rr, $auth); } } - return $ret; } @@ -738,15 +765,14 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo return $ret; } - $r = q("SELECT channel_id, channel_address, profile.publish FROM channel left join profile on profile.uid = channel.channel_id WHERE channel_removed = 0 AND channel_system = 0 AND (channel_pageflags & %d) = 0", + $r = q("SELECT channel_id, channel_address, profile.publish FROM channel left join profile on profile.uid = channel.channel_id WHERE channel_removed = 0 AND channel_system = 0 AND (channel_pageflags & %d) = 0 and profile.is_default = 1", intval(PAGE_HIDDEN) ); - if ($r) { foreach ($r as $rr) { - if (perm_is_allowed($rr['channel_id'], $auth->observer, 'view_storage') && $rr['publish']) { + if ((perm_is_allowed($rr['channel_id'], $auth->observer, 'view_storage') && $rr['publish'])|| $rr['channel_id'] == $this->auth->channel_id) { logger('found channel: /cloud/' . $rr['channel_address'], LOGGER_DATA); - $ret[] = new Directory($rr['channel_address'], $auth); + $ret[] = new Directory($rr['channel_address'], [], $auth); } } } @@ -778,7 +804,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo } if ((! $file) || ($file === '/')) { - return new Directory('/', $auth); + return new Directory('/', [], $auth); } $file = trim($file, '/'); @@ -848,7 +874,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo if ($test) return true; // final component was a directory. - return new Directory($file, $auth); + return new Directory($file, [], $auth); } if ($errors) { @@ -867,7 +893,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo return true; if (intval($r[0]['is_dir'])) { - return new Directory($path . '/' . $r[0]['filename'], $auth); + return new Directory($path . '/' . $r[0]['filename'], [], $auth); } else { return new File($path . '/' . $r[0]['filename'], $r[0], $auth); @@ -888,7 +914,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo $used = 0; $limit = 0; $free = 0; - + if ($this->auth->owner_id) { $channel = channelx_by_n($this->auth->owner_id); if($channel) { @@ -919,5 +945,4 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo return [ (int) $used, (int) $free ]; } - } diff --git a/Zotlabs/Update/_1240.php b/Zotlabs/Update/_1240.php new file mode 100644 index 000000000..d007c9fa9 --- /dev/null +++ b/Zotlabs/Update/_1240.php @@ -0,0 +1,34 @@ +<?php + +namespace Zotlabs\Update; + +class _1240 { + + function run() { + + q("START TRANSACTION"); + + // remove broken xchan entries + $r0 = dbq("DELETE FROM xchan WHERE xchan_hash = ''"); + + // remove broken hubloc entries + $r1 = dbq("DELETE FROM hubloc WHERE hubloc_hash = ''"); + + // fix legacy zot hubloc_id_url + $r2 = dbq("UPDATE hubloc + SET hubloc_id_url = CONCAT(hubloc_url, '/channel/', SUBSTRING(hubloc_addr FROM 1 FOR POSITION('@' IN hubloc_addr) -1)) + WHERE hubloc_network = 'zot' + AND hubloc_id_url = ''" + ); + + if($r0 && $r1 && $r2) { + q("COMMIT"); + return UPDATE_SUCCESS; + } + + q("ROLLBACK"); + return UPDATE_FAILED; + + } + +} diff --git a/Zotlabs/Widget/Categories.php b/Zotlabs/Widget/Categories.php index 82c37cd0c..94ad469da 100644 --- a/Zotlabs/Widget/Categories.php +++ b/Zotlabs/Widget/Categories.php @@ -21,7 +21,9 @@ class Categories { if(($articles) && (! Apps::system_app_installed(App::$profile['profile_uid'],'Articles'))) return ''; - if((! App::$profile['profile_uid']) + $files = ((array_key_exists('files',$arr) && $arr['files']) ? true : false); + + if((! App::$profile['profile_uid']) || (! perm_is_allowed(App::$profile['profile_uid'],get_observer_hash(),(($cards || $articles) ? 'view_pages' : 'view_stream')))) { return ''; } @@ -29,12 +31,14 @@ class Categories { $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); $srchurl = (($cards) ? App::$argv[0] . '/' . App::$argv[1] : App::$query_string); $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); - $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); + $srchurl = str_replace(array('?f=','&f=', '/?'),array('', '', ''),$srchurl); if($cards) return cardcategories_widget($srchurl, $cat); elseif($articles) return articlecategories_widget($srchurl, $cat); + elseif($files) + return filecategories_widget($srchurl, $cat); else return categories_widget($srchurl, $cat); |