aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Attach.php32
-rw-r--r--Zotlabs/Module/Photo.php7
-rw-r--r--Zotlabs/Module/Sse_bs.php28
3 files changed, 46 insertions, 21 deletions
diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php
index 0bf7689be..cf78ac690 100644
--- a/Zotlabs/Module/Attach.php
+++ b/Zotlabs/Module/Attach.php
@@ -14,6 +14,7 @@ class Attach extends Controller {
$attach_ids = ((x($_REQUEST, 'attach_ids')) ? $_REQUEST['attach_ids'] : []);
$attach_path = ((x($_REQUEST, 'attach_path')) ? $_REQUEST['attach_path'] : '');
+ $download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : '');
$channel_id = ((x($_REQUEST, 'channel_id')) ? intval($_REQUEST['channel_id']) : 0);
$channel = channelx_by_n($channel_id);
@@ -52,6 +53,9 @@ class Attach extends Controller {
];
Verify::create('zip_token', 0, $token, json_encode($meta));
+ Verify::create('download_token', 0, $download_token, $token);
+
+
json_return_and_die([
'success' => true,
@@ -69,12 +73,32 @@ class Attach extends Controller {
return;
}
- if(argv(1) === 'download') {
+ $token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : '');
+ $download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : '');
- $token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : '');
+ if(argv(1) === 'check') {
+ $meta = Verify::get_meta('download_token', 0, $download_token);
+
+ if(! $meta)
+ killme();
+
+ json_return_and_die([
+ 'success' => true,
+ 'token' => $meta
+ ]);
+ }
+
+ if(argv(1) === 'download') {
$meta = Verify::get_meta('zip_token', 0, $token);
+
+ if(! $meta)
+ killme();
+
$meta = json_decode($meta, true);
+ // make sure we remove the download_token in case we have not checked yet
+ Verify::get_meta('download_token', 0, $download_token);
+
header('Content-Type: application/zip');
header('Content-Disposition: attachment; filename="'. $meta['zip_filename'] . '"');
header('Content-Length: ' . filesize($meta['zip_path']));
@@ -82,7 +106,7 @@ class Attach extends Controller {
$istream = fopen($meta['zip_path'], 'rb');
$ostream = fopen('php://output', 'wb');
if($istream && $ostream) {
- pipe_streams($istream,$ostream);
+ pipe_streams($istream, $ostream);
fclose($istream);
fclose($ostream);
}
@@ -123,7 +147,7 @@ class Attach extends Controller {
$istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb');
$ostream = fopen('php://output','wb');
if($istream && $ostream) {
- pipe_streams($istream,$ostream);
+ pipe_streams($istream, $ostream);
fclose($istream);
fclose($ostream);
}
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index 01edda9ae..814705a85 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -35,7 +35,7 @@ class Photo extends \Zotlabs\Web\Controller {
call_hooks('cache_mode_hook', $cache_mode);
$observer_xchan = get_observer_hash();
- $cachecontrol = '';
+ $cachecontrol = ', no-cache';
if(isset($type)) {
@@ -102,7 +102,7 @@ class Photo extends \Zotlabs\Web\Controller {
$modified = filemtime($default);
}
- $cachecontrol = ', must-revalidate';
+ $cachecontrol .= ', must-revalidate';
}
else {
@@ -169,6 +169,7 @@ class Photo extends \Zotlabs\Web\Controller {
$url = z_root() . '/sslify/' . $filename . '?f=&url=' . urlencode($url);
goaway($url);
}
+ $cachecontrol = '';
}
}
}
@@ -271,7 +272,7 @@ class Photo extends \Zotlabs\Web\Controller {
// in the event that infrastructure caching is present.
$smaxage = intval($maxage/12);
- header("Cache-Control: no-cache, s-maxage=" . $smaxage . ", max-age=" . $maxage . $cachecontrol);
+ header("Cache-Control: s-maxage=" . $smaxage . ", max-age=" . $maxage . $cachecontrol);
}
diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php
index 287c24829..534c63d46 100644
--- a/Zotlabs/Module/Sse_bs.php
+++ b/Zotlabs/Module/Sse_bs.php
@@ -162,7 +162,7 @@ class Sse_bs extends Controller {
$item_normal = item_normal();
if ($notifications) {
- $items = q("SELECT * FROM item
+ $items = q("SELECT * FROM item
WHERE uid = %d
AND created <= '%s'
AND item_unseen = 1 AND item_wall = 0 AND item_private IN (0, 1)
@@ -190,7 +190,7 @@ class Sse_bs extends Controller {
}
- $r = q("SELECT count(id) as total FROM item
+ $r = q("SELECT count(id) as total FROM item
WHERE uid = %d and item_unseen = 1 AND item_wall = 0 AND item_private IN (0, 1)
AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
AND author_xchan != '%s'
@@ -231,10 +231,10 @@ class Sse_bs extends Controller {
$item_normal = item_normal();
if ($notifications) {
- $items = q("SELECT * FROM item
+ $items = q("SELECT * FROM item
WHERE uid = %d
AND created <= '%s'
- AND item_unseen = 1 AND item_wall = 0 AND item_private = 2
+ AND item_unseen = 1 AND item_private = 2
AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
AND author_xchan != '%s'
$item_normal
@@ -259,8 +259,8 @@ class Sse_bs extends Controller {
}
- $r = q("SELECT count(id) as total FROM item
- WHERE uid = %d and item_unseen = 1 AND item_wall = 0 AND item_private = 2
+ $r = q("SELECT count(id) as total FROM item
+ WHERE uid = %d and item_unseen = 1 AND item_private = 2
$item_normal
$sql_extra
AND author_xchan != '%s'",
@@ -300,10 +300,10 @@ class Sse_bs extends Controller {
$item_normal = item_normal();
if ($notifications) {
- $items = q("SELECT * FROM item
+ $items = q("SELECT * FROM item
WHERE uid = %d
AND created <= '%s'
- AND item_unseen = 1 AND item_wall = 1
+ AND item_unseen = 1 AND item_wall = 1 AND item_private IN (0, 1)
AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
AND author_xchan != '%s'
$item_normal
@@ -328,8 +328,8 @@ class Sse_bs extends Controller {
}
- $r = q("SELECT count(id) as total FROM item
- WHERE uid = %d and item_unseen = 1 AND item_wall = 1
+ $r = q("SELECT count(id) as total FROM item
+ WHERE uid = %d and item_unseen = 1 AND item_wall = 1 AND item_private IN (0, 1)
$item_normal
$sql_extra
AND author_xchan != '%s'",
@@ -379,7 +379,7 @@ class Sse_bs extends Controller {
$item_normal = item_normal();
if ($notifications) {
- $items = q("SELECT * FROM item
+ $items = q("SELECT * FROM item
WHERE uid = %d
AND created <= '%s'
AND item_unseen = 1
@@ -410,7 +410,7 @@ class Sse_bs extends Controller {
}
- $r = q("SELECT count(id) as total FROM item
+ $r = q("SELECT count(id) as total FROM item
WHERE uid = %d AND item_unseen = 1
AND created > '%s'
$item_normal
@@ -516,7 +516,7 @@ class Sse_bs extends Controller {
$p_str = ids_to_querystr($p, 'parent');
$p_sql = (($p_str) ? "OR parent IN ( $p_str )" : '');
- $r = q("select mid from item
+ $r = q("select mid from item
where uid = %d and ( owner_xchan = '%s' OR author_xchan = '%s' $p_sql ) and item_unseen = 1 $sql_extra $item_normal",
intval(self::$uid),
dbesc($forums[$x]['xchan_hash']),
@@ -577,7 +577,7 @@ class Sse_bs extends Controller {
$item_normal = item_normal();
- $r = q("SELECT * FROM item
+ $r = q("SELECT * FROM item
WHERE verb = '%s'
AND obj_type IN ('Document', 'Video', 'Audio', 'Image')
AND uid = %d