diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/attach.php | 39 | ||||
| -rw-r--r-- | include/connections.php | 2 | ||||
| -rwxr-xr-x | include/dba/dba_driver.php | 25 | ||||
| -rw-r--r-- | include/import.php | 7 | ||||
| -rw-r--r-- | include/network.php | 11 |
5 files changed, 69 insertions, 15 deletions
diff --git a/include/attach.php b/include/attach.php index 27bf0218a..0d2b43b58 100644 --- a/include/attach.php +++ b/include/attach.php @@ -266,14 +266,12 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { return $ret; } - if(! perm_is_allowed($r[0]['uid'], $observer_hash, 'view_storage')) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $hash)) { $ret['message'] = t('Permission denied.'); return $ret; } - $sql_extra = permissions_sql($r[0]['uid'],$observer_hash); - - // Now we'll see if we can access the attachment + // We've already checked for existence and permissions $r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1", dbesc($hash), @@ -281,20 +279,12 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { ); if(! $r) { - $ret['message'] = t('Permission denied.'); + $ret['message'] = t('Unknown error.'); return $ret; } $r[0]['content'] = dbunescbin($r[0]['content']); - if($r[0]['folder']) { - $x = attach_can_view_folder($r[0]['uid'],$observer_hash,$r[0]['folder']); - if(! $x) { - $ret['message'] = t('Permission denied.'); - return $ret; - } - } - $ret['success'] = true; $ret['data'] = $r[0]; @@ -302,6 +292,29 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { } +function attach_can_view($uid,$ob_hash,$resource) { + + $sql_extra = permissions_sql($uid,$ob_hash); + $hash = $resource; + + if(! perm_is_allowed($uid,$ob_hash,'view_storage')) { + return false; + } + + $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", + dbesc($hash), + intval($uid) + ); + if(! $r) { + return false; + } + + return attach_can_view_folder($uid,$ob_hash,$r[0]['folder']); + +} + + + function attach_can_view_folder($uid,$ob_hash,$folder_hash) { $sql_extra = permissions_sql($uid,$ob_hash); diff --git a/include/connections.php b/include/connections.php index e5bf07d96..32baa94bd 100644 --- a/include/connections.php +++ b/include/connections.php @@ -127,7 +127,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { return replace_macros(get_markup_template('xchan_vcard.tpl'),array( '$name' => $xchan['xchan_name'], '$photo' => ((is_array(App::$profile) && array_key_exists('photo',App::$profile)) ? App::$profile['photo'] : $xchan['xchan_photo_l']), - '$follow' => $xchan['xchan_addr'], + '$follow' => (($xchan['xchan_addr']) ? $xchan['xchan_addr'] : $xchan['xchan_url']), '$link' => zid($xchan['xchan_url']), '$connect' => $connect, '$newwin' => (($mode === 'chanview') ? t('New window') : ''), diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index b3298b673..9e9f24bb3 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -460,3 +460,28 @@ function db_logger($s,$level = LOGGER_NORMAL,$syslog = LOG_INFO) { \DBA::$logging = false; \DBA::$dba->debug = $saved; } + + +function db_columns($table) { + + if($table) { + if(ACTIVE_DBTYPE === DBTYPE_POSTGRES) { + $r = q("SELECT column_name as field FROM information_schema.columns WHERE table_schema = 'public' AND table_name = '%s'", + dbesc($table) + ); + if($r) { + return ids_to_array($r,'field'); + } + } + else { + $r = q("show columns in %s", + dbesc($table) + ); + if($r) { + return ids_to_array($r,'Field'); + } + } + } + + return []; +}
\ No newline at end of file diff --git a/include/import.php b/include/import.php index 0d3fb8c32..ae6a0ab6a 100644 --- a/include/import.php +++ b/include/import.php @@ -14,7 +14,7 @@ require_once('include/perm_upgrade.php'); * @param int $seize * @return boolean|array */ -function import_channel($channel, $account_id, $seize) { +function import_channel($channel, $account_id, $seize, $newname = '') { if(! array_key_exists('channel_system',$channel)) { $channel['channel_system'] = (($channel['channel_pageflags'] & 0x1000) ? 1 : 0); @@ -30,6 +30,11 @@ function import_channel($channel, $account_id, $seize) { $channel['channel_hash'] = make_xchan_hash($channel['channel_guid'],$channel['channel_guid_sig']); + if($newname) { + $channel['channel_address'] = $newname; + } + + // Check for duplicate channels $r = q("select * from channel where (channel_guid = '%s' or channel_hash = '%s' or channel_address = '%s' ) limit 1", diff --git a/include/network.php b/include/network.php index 72f1dacaf..8b7490a8a 100644 --- a/include/network.php +++ b/include/network.php @@ -648,6 +648,7 @@ function parse_xml_string($s, $strict = true) { libxml_use_internal_errors(true); + $x = @simplexml_load_string($s2); if($x === false) { logger('libxml: parse: error: ' . $s2, LOGGER_DATA); @@ -661,6 +662,16 @@ function parse_xml_string($s, $strict = true) { return $x; } + +function sxml2array ( $xmlObject, $out = array () ) +{ + foreach ( (array) $xmlObject as $index => $node ) + $out[$index] = ( is_object ( $node ) ) ? sxml2array ( $node ) : $node; + + return $out; +} + + /** * @brief Scales an external image. * |