diff options
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Lib/Activity.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Lib/Libsync.php | 15 | ||||
| -rw-r--r-- | Zotlabs/Lib/Libzot.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Lib/Share.php | 8 | ||||
| -rw-r--r-- | Zotlabs/Lib/ThreadItem.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Dreport.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Module/Editblock.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Editlayout.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Editwebpage.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Embed.php | 22 | ||||
| -rw-r--r-- | Zotlabs/Module/Magic.php | 64 | ||||
| -rw-r--r-- | Zotlabs/Module/Owa.php | 180 | ||||
| -rw-r--r-- | Zotlabs/Module/Profperm.php | 79 | ||||
| -rw-r--r-- | Zotlabs/Render/SmartyTemplate.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Storage/Directory.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Storage/File.php | 5 |
16 files changed, 218 insertions, 193 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index b6f38df20..22dbaad84 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -637,7 +637,9 @@ class Activity { $ret['tag'] = $t; } - if (str_contains($i['body'], '[/share]')) { + // TODO: Do not replace the if the owner is a forum. + // Receivers will not be able to fetch the original in that case. + if (str_contains($i['body'], '[/share]') && !$i['owner']['xchan_pubforum']) { preg_match_all('/\[share(.*?)\[\/share\]/ism', $i['body'], $all_shares, PREG_SET_ORDER); $quote_urls = []; @@ -2351,7 +2353,7 @@ class Activity { continue; } - $s['body'] = self::pasteQuote($s['body'], $quote); + $s['body'] = self::pasteQuote($s['body'] ?? EMPTY_STR, $quote); $s['term'] = $quote['term']; } } diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php index c6b149738..63e78159e 100644 --- a/Zotlabs/Lib/Libsync.php +++ b/Zotlabs/Lib/Libsync.php @@ -199,8 +199,7 @@ class Libsync { dbesc($sender) ); - $mid = 'sync'; - + $mid = $arr['item'][0]['message_id'] ?? 'sync'; $DR = new DReport(z_root(), $sender, $d, $mid); @@ -306,15 +305,8 @@ class Libsync { if (array_key_exists('item', $arr) && $arr['item']) { sync_items($channel, $arr['item'], ((array_key_exists('relocate', $arr)) ? $arr['relocate'] : null)); - $mid = $arr['item'][0]['message_id'] . '#sync'; } - // deprecated, maintaining for a few months for upward compatibility - // this should sync webpages, but the logic is a bit subtle - - //if (array_key_exists('item_id', $arr) && $arr['item_id']) - // sync_items($channel, $arr['item_id']); - if (array_key_exists('menu', $arr) && $arr['menu']) sync_menus($channel, $arr['menu']); @@ -757,12 +749,11 @@ class Libsync { */ call_hooks('process_channel_sync_delivery', $addon); - $DR = new DReport(z_root(), $d, $d, $mid, 'channel sync processed'); - - $DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>'); + $DR->update('channel sync processed'); $result[] = $DR->get(); } + return $result; } diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index d2d696356..08a3f27c9 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -116,10 +116,6 @@ class Libzot { } if ($msg) { - $actors = get_hubloc_id_urls_by_x($channel['channel_hash']); - if ($encoding === 'activitystreams' && array_key_exists('actor', $msg) && is_string($msg['actor']) && in_array($msg['actor'], $actors)) { - $msg = JSalmon::sign($msg, $actors[0], $channel['channel_prvkey']); - } $data['data'] = $msg; } else { diff --git a/Zotlabs/Lib/Share.php b/Zotlabs/Lib/Share.php index 8abbfda80..0bcee5247 100644 --- a/Zotlabs/Lib/Share.php +++ b/Zotlabs/Lib/Share.php @@ -118,11 +118,8 @@ class Share { $photo_bb = $object['body']; } - if (strpos($this->item['body'], "[/share]") !== false) { - $pos = strpos($this->item['body'], "[share"); - $bb = substr($this->item['body'], $pos); - } else { - $bb = "[share author='".urlencode($this->item['author']['xchan_name']). + if (!str_contains($this->item['body'], '[/share]')) { + $bb .= "[share author='".urlencode($this->item['author']['xchan_name']). "' profile='" . $this->item['author']['xchan_url'] . "' avatar='" . $this->item['author']['xchan_photo_s'] . "' link='" . $this->item['plink'] . @@ -137,7 +134,6 @@ class Share { } return $bb; - } } diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index 46fe6d815..ff27bba44 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -120,10 +120,10 @@ class ThreadItem { $locktype = 0; } - $shareable = ((local_channel() && $conv->get_profile_owner() == local_channel()) && (intval($item['item_private']) === 0)); + $shareable = ((local_channel() && $conv->get_profile_owner() == local_channel()) && (intval($item['item_private']) === 0) && !str_contains($item['body'], '[/share]')); // allow an exemption for sharing stuff from your private feeds - if($item['author']['xchan_network'] === 'rss') + if ($item['author']['xchan_network'] === 'rss') $shareable = true; $repeatable = ((local_channel() && $conv->get_profile_owner() == local_channel()) && intval($item['item_private']) === 0 && in_array($item['author']['xchan_network'], ['zot6', 'activitypub'])); diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index d1ffb8027..7fd921def 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -61,12 +61,10 @@ class Dreport extends \Zotlabs\Web\Controller { return; } - $r = q("select * from dreport where dreport_xchan = '%s' and (dreport_mid = '%s' or dreport_mid = '%s' or dreport_mid = '%s' or dreport_mid = '%s')", + $r = q("select * from dreport where dreport_xchan = '%s' and (dreport_mid = '%s' or dreport_mid = '%s')", dbesc($channel['channel_hash']), dbesc($mid), - dbesc($mid . '#sync'), - dbesc(str_replace('/item/', '/activity/', $mid)), - dbesc(str_replace('/item/', '/activity/', $mid) . '#sync') + dbesc(str_replace('/item/', '/activity/', $mid)) ); if(! $r) { diff --git a/Zotlabs/Module/Editblock.php b/Zotlabs/Module/Editblock.php index 1cbb1aee2..cb1a21a11 100644 --- a/Zotlabs/Module/Editblock.php +++ b/Zotlabs/Module/Editblock.php @@ -122,10 +122,10 @@ class Editblock extends \Zotlabs\Web\Controller { 'ptyp' => $itm[0]['type'], 'mimeselect' => true, 'mimetype' => $itm[0]['mimetype'], - 'body' => undo_post_tagging($content), + 'body' => htmlspecialchars_decode(undo_post_tagging($content), ENT_COMPAT), 'post_id' => $post_id, 'visitor' => true, - 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'title' => htmlspecialchars_decode($itm[0]['title'], ENT_COMPAT), 'placeholdertitle' => t('Title (optional)'), 'pagetitle' => $block_title, 'profile_uid' => (intval($channel['channel_id'])), diff --git a/Zotlabs/Module/Editlayout.php b/Zotlabs/Module/Editlayout.php index 1a3f5614c..8c1281c16 100644 --- a/Zotlabs/Module/Editlayout.php +++ b/Zotlabs/Module/Editlayout.php @@ -121,9 +121,9 @@ class Editlayout extends \Zotlabs\Web\Controller { 'hide_preview' => true, 'disable_comments' => true, 'ptyp' => $itm[0]['obj_type'], - 'body' => undo_post_tagging($itm[0]['body']), + 'body' => htmlspecialchars_decode(undo_post_tagging($itm[0]['body']), ENT_COMPAT), 'post_id' => $post_id, - 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'title' => htmlspecialchars_decode($itm[0]['title'], ENT_COMPAT), 'pagetitle' => $layout_title, 'ptlabel' => t('Layout Name'), 'placeholdertitle' => t('Layout Description (Optional)'), diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php index ab4858d63..abe0adad8 100644 --- a/Zotlabs/Module/Editwebpage.php +++ b/Zotlabs/Module/Editwebpage.php @@ -144,7 +144,7 @@ class Editwebpage extends \Zotlabs\Web\Controller { 'hide_location' => true, 'hide_voting' => true, 'ptyp' => $itm[0]['type'], - 'body' => undo_post_tagging($content), + 'body' => htmlspecialchars_decode(undo_post_tagging($content), ENT_COMPAT), 'post_id' => $post_id, 'visitor' => ($is_owner) ? true : false, 'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')), @@ -154,7 +154,7 @@ class Editwebpage extends \Zotlabs\Web\Controller { 'mimeselect' => true, 'layout' => $layout, 'layoutselect' => true, - 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), + 'title' => htmlspecialchars_decode($itm[0]['title'], ENT_COMPAT), 'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'), 'profile_uid' => (intval($owner)), 'bbcode' => (($mimetype == 'text/bbcode') ? true : false) diff --git a/Zotlabs/Module/Embed.php b/Zotlabs/Module/Embed.php deleted file mode 100644 index 77b9254dd..000000000 --- a/Zotlabs/Module/Embed.php +++ /dev/null @@ -1,22 +0,0 @@ -<?php -namespace Zotlabs\Module; - -require_once('include/security.php'); -require_once('include/bbcode.php'); - - -class Embed extends \Zotlabs\Web\Controller { - - function init() { - - $post_id = ((argc() > 1) ? intval(argv(1)) : 0); - - if(! $post_id) - killme(); - - echo '[share=' . $post_id . '][/share]'; - killme(); - - } - -} diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 122d90b1b..6aba9b1ba 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -6,6 +6,8 @@ use Zotlabs\Web\Controller; use Zotlabs\Web\HTTPSig; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\SConfig; +use GuzzleHttp\Psr7\Request; +use HttpSignature\HttpMessageSigner; class Magic extends Controller { @@ -101,26 +103,65 @@ class Magic extends Controller { $dest = strip_zids($dest); $dest = strip_query_param($dest,'f'); - // We now post to the OWA endpoint. This improves security by providing a signed digest + // try RFC9421 first + + $request = new Request( + 'GET', + $owapath, + [ + 'Host' => $parsed['host'], + 'Date' => gmdate('D, d M Y H:i:s T'), + 'Accept' => 'application/x-zot+json', + 'X-Open-Web-Auth' => random_string(), + ], + ); + + $signer = new HttpMessageSigner(); + + $signer->setPrivateKey($channel['channel_prvkey']); + $signer->setAlgorithm('rsa-v1_5-sha256'); + $signer->setKeyId(channel_url($channel)); + $signer->setCreated(time()); + $signer->setExpires(time() + 3600); - $data = json_encode([ 'OpenWebAuth' => random_string() ]); + $coveredFields = '("@method" "@target-uri" "host" "date" "accept" "x-open-web-auth")'; + $request = $signer->signRequest($coveredFields, $request); + $signedHeaders = $signer->getHeaders($request); - $headers = []; - $headers['Accept'] = 'application/x-zot+json' ; - $headers['Content-Type'] = 'application/x-zot+json' ; - $headers['X-Open-Web-Auth'] = random_string(); - $headers['Host'] = $parsed['host']; - $headers['(request-target)'] = 'get /owa'; + $curlHeaders = []; + foreach ($signedHeaders as $key => $value) { + $curlHeaders[] = $key . ': ' . $value; + } - $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512'); $redirects = 0; + $x = z_fetch_url($owapath, false, $redirects, ['headers' => $curlHeaders]); + logger('owa RFC9421 fetch returned: ' . print_r($x,true),LOGGER_DATA); + + $rfc9421 = false; + + if ($x['success']) { + $rfc9421_result = json_decode($x['body'], true); + $rfc9421 = $rfc9421_result['success']; + } + + if (!$rfc9421 || ($x['return_code'] >= 400 && $x['return_code'] != 404)) { + $headers = []; + $headers['Accept'] = 'application/x-zot+json' ; + $headers['Content-Type'] = 'application/x-zot+json' ; + $headers['X-Open-Web-Auth'] = random_string(); + $headers['Host'] = $parsed['host']; + $headers['(request-target)'] = 'get /owa'; - $x = z_fetch_url($owapath, false, $redirects, ['headers' => $headers]); + $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512'); + $redirects = 0; - logger('owa fetch returned: ' . print_r($x,true),LOGGER_DATA); + $x = z_fetch_url($owapath, false, $redirects, ['headers' => $headers]); + logger('owa fetch returned: ' . print_r($x,true),LOGGER_DATA); + } if ($x['success']) { $j = json_decode($x['body'],true); + if ($j['success'] && $j['encrypted_token']) { // decrypt the token using our private key $token = ''; @@ -139,7 +180,6 @@ class Magic extends Controller { echo $o; killme(); - } } } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 254b1c7d1..dab2ea5fe 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -19,96 +19,128 @@ use Zotlabs\Web\Controller; class Owa extends Controller { public function init(): void - { + { $ret = [ 'success' => false ]; - if (!$this->validateAuthorizationHeader()) { - $this->error('Missing or invalid authorization header.'); - } + // try OpenWebAuth over RFC9421 - $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION'] ?? $_SERVER['REDIRECT_REMOTE_USER']; + $sigdata = HTTPSig::verify(EMPTY_STR); - $sigblock = HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']); - if ($sigblock) { - $keyId = $sigblock['keyId']; - $parsed = parse_url($keyId); - if (str_starts_with($parsed['scheme'],'http')) { - unset($parsed['fragment']); - unset($parsed['query']); - $keyId = unparse_url($parsed); - } - else { - $keyId = str_replace('acct:', '', $keyId); + if ($sigdata && $sigdata['portable_id'] && $sigdata['header_valid']) { + $portable_id = $sigdata['portable_id']; + + if (!check_channelallowed($portable_id)) { + json_return_and_die($ret, 'application/x-zot+json'); } - if ($keyId) { - $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s') - AND hubloc_deleted = 0 AND xchan_pubkey != '' - ORDER BY hubloc_id DESC", - dbesc($keyId), - dbesc($keyId), - dbesc($keyId) - ); - if (! $r) { - $found = discover_by_webbie($keyId); - logger('found = ' . print_r($found, true)); - if ($found) { - $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s') AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC ", - dbesc($keyId), - dbesc($keyId), - dbesc($keyId) - ); - } - } - if ($r) { - foreach ($r as $hubloc) { - $verified = HTTPSig::verify(file_get_contents('php://input'), $hubloc['xchan_pubkey']); - if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) { - logger('OWA header: ' . print_r($verified,true),LOGGER_DATA); - logger('OWA success: ' . $hubloc['hubloc_id_url'],LOGGER_DATA); - $ret['success'] = true; - $token = random_string(32); - Verify::create('owt',0,$token,$hubloc['hubloc_id_url']); - $result = ''; - openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); - $ret['encrypted_token'] = base64url_encode($result); - break; - } else { - logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']); - } - } + if (!check_siteallowed($sigdata['signer'])) { + json_return_and_die($ret, 'application/x-zot+json'); + } - if (!$ret['success']) { + $hubs = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash + WHERE hubloc_hash = '%s' ORDER BY hubloc_id DESC", + dbesc($portable_id) + ); + + if ($hubs) { + logger('OWA RFC9421 success: ' . $hubs[0]['hubloc_id_url'], LOGGER_DATA); + $ret['success'] = true; + $token = random_string(32); + Verify::create('owt', 0, $token, $hubs[0]['hubloc_id_url']); + $result = ''; + openssl_public_encrypt($token, $result, $hubs[0]['xchan_pubkey']); + $ret['encrypted_token'] = base64url_encode($result); + } + } + else { + if (!$this->validateAuthorizationHeader()) { + $this->error('Missing or invalid authorization header.'); + } - // Possible a reinstall? - // In this case we probably already have an old hubloc - // but not the new one yet. + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_AUTHORIZATION'] ?? $_SERVER['REDIRECT_REMOTE_USER']; + $sigblock = HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']); + if ($sigblock) { + $keyId = $sigblock['keyId']; + $parsed = parse_url($keyId); + if (str_starts_with($parsed['scheme'],'http')) { + unset($parsed['fragment']); + unset($parsed['query']); + $keyId = unparse_url($parsed); + } + else { + $keyId = str_replace('acct:', '', $keyId); + } + if ($keyId) { + $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash + WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s') + AND hubloc_deleted = 0 AND xchan_pubkey != '' + ORDER BY hubloc_id DESC", + dbesc($keyId), + dbesc($keyId), + dbesc($keyId) + ); + if (! $r) { $found = discover_by_webbie($keyId); - + logger('found = ' . print_r($found, true)); if ($found) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s') AND hubloc_deleted = 0 ORDER BY hubloc_id DESC LIMIT 1", - dbesc(str_replace('acct:', '', $keyId)), + WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s') AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC ", + dbesc($keyId), + dbesc($keyId), dbesc($keyId) ); + } + } + + if ($r) { + foreach ($r as $hubloc) { + $verified = HTTPSig::verify(file_get_contents('php://input'), $hubloc['xchan_pubkey']); + if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) { + logger('OWA header: ' . print_r($verified,true),LOGGER_DATA); + logger('OWA success: ' . $hubloc['hubloc_id_url'],LOGGER_DATA); + $ret['success'] = true; + $token = random_string(32); + Verify::create('owt',0,$token,$hubloc['hubloc_id_url']); + $result = ''; + openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); + $ret['encrypted_token'] = base64url_encode($result); + break; + } else { + logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']); + } + } - if ($r) { - $verified = HTTPSig::verify(file_get_contents('php://input'), $r[0]['xchan_pubkey']); - if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) { - logger('OWA header: ' . print_r($verified,true), LOGGER_DATA); - logger('OWA success: ' . $r[0]['hubloc_id_url'], LOGGER_DATA); - $ret['success'] = true; - $token = random_string(32); - Verify::create('owt', 0, $token, $r[0]['hubloc_id_url']); - $result = ''; - openssl_public_encrypt($token, $result, $r[0]['xchan_pubkey']); - $ret['encrypted_token'] = base64url_encode($result); - } else { - logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']); + if (!$ret['success']) { + + // Possible a reinstall? + // In this case we probably already have an old hubloc + // but not the new one yet. + + $found = discover_by_webbie($keyId); + + if ($found) { + $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash + WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s') AND hubloc_deleted = 0 ORDER BY hubloc_id DESC LIMIT 1", + dbesc(str_replace('acct:', '', $keyId)), + dbesc($keyId) + ); + + if ($r) { + $verified = HTTPSig::verify(file_get_contents('php://input'), $r[0]['xchan_pubkey']); + if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) { + logger('OWA header: ' . print_r($verified,true), LOGGER_DATA); + logger('OWA success: ' . $r[0]['hubloc_id_url'], LOGGER_DATA); + $ret['success'] = true; + $token = random_string(32); + Verify::create('owt', 0, $token, $r[0]['hubloc_id_url']); + $result = ''; + openssl_public_encrypt($token, $result, $r[0]['xchan_pubkey']); + $ret['encrypted_token'] = base64url_encode($result); + } else { + logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']); + } } } } diff --git a/Zotlabs/Module/Profperm.php b/Zotlabs/Module/Profperm.php index 4594728b1..713f7bda2 100644 --- a/Zotlabs/Module/Profperm.php +++ b/Zotlabs/Module/Profperm.php @@ -44,6 +44,7 @@ class Profperm extends \Zotlabs\Web\Controller { if($switchtotext === false) $switchtotext = 400; + $change = 0; if((argc() > 2) && intval(argv(1)) && intval(argv(2))) { $r = q("SELECT abook_id FROM abook WHERE abook_id = %d and abook_channel = %d limit 1", @@ -74,10 +75,11 @@ class Profperm extends \Zotlabs\Web\Controller { dbesc($profile['profile_guid']) ); - $ingroup = array(); - if($r) + $ingroup = []; + if($r) { foreach($r as $member) $ingroup[] = $member['abook_id']; + } $members = $r; @@ -104,68 +106,57 @@ class Profperm extends \Zotlabs\Web\Controller { ); $members = $r; - - $ingroup = array(); - if(count($r)) + $ingroup = []; + if($r) { foreach($r as $member) $ingroup[] = $member['abook_id']; + } } $o .= '<h2>' . t('Profile Visibility Editor') . '</h2>'; - $o .= '<h3>' . t('Profile') . ' \'' . $profile['profile_name'] . '\'</h3>'; - $o .= '<div id="prof-edit-desc">' . t('Click on a contact to add or remove.') . '</div>'; - } - $o .= '<div id="prof-update-wrapper">'; - if($change) - $o = ''; - - $o .= '<div id="prof-members-title">'; - $o .= '<h3>' . t('Visible To') . '</h3>'; - $o .= '</div>'; - $o .= '<div id="prof-members">'; - + // Build template data + $members_tpl = []; $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false); - - foreach($members as $member) { - if($member['xchan_url']) { - $member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['abook_id'] . '); return false;'; - $o .= micropro($member,true,'mpprof', $textmode); + if($members) { + foreach($members as $member) { + if($member['xchan_url']) { + $member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['abook_id'] . '); return false;'; + $members_tpl[] = [ 'micro' => micropro($member, true, 'mpprof', $textmode) ]; + } } } - $o .= '</div><div id="prof-members-end"></div>'; - $o .= '<hr id="prof-separator" />'; - - $o .= '<div id="prof-all-contcts-title">'; - $o .= '<h3>' . t("All Connections") . '</h3>'; - $o .= '</div>'; - $o .= '<div id="prof-all-contacts">'; - - $r = abook_connections(local_channel()); - if($r) { - $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); - foreach($r as $member) { - if(! in_array($member['abook_id'],$ingroup)) { - $member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['abook_id'] . '); return false;'; - $o .= micropro($member,true,'mpprof',$textmode); - } + $all_members_tpl = []; + $r = abook_connections(local_channel()); + if($r) { + $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); + foreach($r as $member) { + if(! in_array($member['abook_id'], $ingroup)) { + $member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['abook_id'] . '); return false;'; + $all_members_tpl[] = [ 'micro' => micropro($member, true, 'mpprof', $textmode) ]; } } + } - $o .= '</div><div id="prof-all-contacts-end"></div>'; + // Use tpl for the inner part + $inner_html = replace_macros(get_markup_template('profile_members.tpl'), [ + '$visible_to' => t('Visible To'), + '$all_connections' => t('All Connections'), + '$members' => $members_tpl, + '$all_members' => $all_members_tpl, + ]); if($change) { - echo $o; + echo $inner_html; killme(); } - $o .= '</div>'; - return $o; + $o .= $inner_html; + return $o; } - - } + diff --git a/Zotlabs/Render/SmartyTemplate.php b/Zotlabs/Render/SmartyTemplate.php index 79f03637b..a4ae8b68a 100644 --- a/Zotlabs/Render/SmartyTemplate.php +++ b/Zotlabs/Render/SmartyTemplate.php @@ -72,7 +72,7 @@ class SmartyTemplate implements TemplateEngine { if ($root != '' && substr($root,-1) != '/' ) { $root .= '/'; } - foreach ( [ $root . "view/$lang/$file", $root . "view/en/$file", '' ] as $template_file) { + foreach ( [ $root . "view/lang/$lang/$file", $root . "view/lang/en/$file", '' ] as $template_file) { if (is_file($template_file)) { break; } diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php index a68fdcf26..35335edcc 100644 --- a/Zotlabs/Storage/Directory.php +++ b/Zotlabs/Storage/Directory.php @@ -866,7 +866,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo $path = $path . '/' . $r[0]['filename']; } if (! $r) { - $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, os_storage, created, edited from attach + $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, is_photo, os_storage, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d $perms order by filename limit 1", dbesc($folder), dbesc(basename($file)), @@ -875,7 +875,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo } if (! $r) { $errors = true; - $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, os_storage, created, edited from attach + $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, is_photo, os_storage, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d order by filename limit 1", dbesc($folder), dbesc(basename($file)), diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php index 642dd4515..ff3a59b8e 100644 --- a/Zotlabs/Storage/File.php +++ b/Zotlabs/Storage/File.php @@ -93,19 +93,20 @@ class File extends DAV\Node implements DAV\IFile { $x = attach_syspaths($this->auth->owner_id,$this->data['hash']); - $y = q("update attach set display_path = '%s where hash = '%s' and uid = %d", + $y = q("update attach set display_path = '%s' where hash = '%s' and uid = %d", dbesc($x['path']), dbesc($this->data['hash']), intval($this->auth->owner_id) ); - if($this->data->is_photo) { + if($this->data['is_photo']) { $r = q("update photo set filename = '%s', display_path = '%s' where resource_id = '%s' and uid = %d", dbesc($newName), dbesc($x['path']), dbesc($this->data['hash']), intval($this->auth->owner_id) ); + } $ch = channelx_by_n($this->auth->owner_id); |