diff options
Diffstat (limited to 'include')
40 files changed, 1320 insertions, 790 deletions
diff --git a/include/account.php b/include/account.php index 40cf281c3..51118c3c5 100644 --- a/include/account.php +++ b/include/account.php @@ -23,6 +23,7 @@ function get_account_by_id($account_id) { function check_account_email($email) { + $email = punify($email); $result = array('error' => false, 'message' => ''); // Caution: empty email isn't counted as an error in this function. @@ -139,7 +140,7 @@ function create_account($arr) { $result = array('success' => false, 'email' => '', 'password' => '', 'message' => ''); $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); - $email = ((x($arr,'email')) ? notags(trim($arr['email'])) : ''); + $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); $password = ((x($arr,'password')) ? trim($arr['password']) : ''); $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); $parent = ((x($arr,'parent')) ? intval($arr['parent']) : 0 ); @@ -330,7 +331,9 @@ function verify_email_address($arr) { function send_reg_approval_email($arr) { - $r = q("select * from account where account_roles & " . intval(ACCOUNT_ROLE_ADMIN)); + $r = q("select * from account where (account_roles & %d) >= 4096", + intval(ACCOUNT_ROLE_ADMIN) + ); if(! ($r && count($r))) return false; @@ -827,4 +830,4 @@ function get_account_techlevel($account_id = 0) { return (($x) ? intval($x['account_level']) : 0); -}
\ No newline at end of file +} diff --git a/include/api.php b/include/api.php index c91590070..6a05a40a5 100644 --- a/include/api.php +++ b/include/api.php @@ -193,26 +193,18 @@ require_once('include/api_zot.php'); $redirect = trim($_REQUEST['redirect_uris'][0]); else $redirect = trim($_REQUEST['redirect_uris']); + $grant_types = trim($_REQUEST['grant_types']); + $scope = trim($_REQUEST['scope']); $icon = trim($_REQUEST['logo_uri']); - if($oauth2) { - $r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) - VALUES ( '%s', '%s', '%s', null, null, null ) ", - dbesc($key), - dbesc($secret), - dbesc($redirect) - ); - } - else { - $r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid) - VALUES ('%s','%s','%s','%s','%s',%d)", - dbesc($key), - dbesc($secret), - dbesc($name), - dbesc($redirect), - dbesc($icon), - intval(0) - ); - } + $r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id) + VALUES ( '%s', '%s', '%s', '%s', '%s', '%s' ) ", + dbesc($key), + dbesc($secret), + dbesc($redirect), + dbesc($grant_types), + dbesc($scope), + dbesc((string) api_user()) + ); $ret['client_id'] = $key; $ret['client_secret'] = $secret; diff --git a/include/api_auth.php b/include/api_auth.php index 5c0bcb317..e2f7ab155 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -14,25 +14,58 @@ function api_login(&$a){ // login with oauth try { - $oauth = new ZotOAuth1(); - $req = OAuth1Request::from_request(); + // OAuth 2.0 + $storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db); + $server = new \Zotlabs\Identity\OAuth2Server($storage); + $request = \OAuth2\Request::createFromGlobals(); + if ($server->verifyResourceRequest($request)) { + $token = $server->getAccessTokenData($request); + $uid = $token['user_id']; + $r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1", + intval($uid) + ); + if (count($r)) { + $record = $r[0]; + } else { + header('HTTP/1.0 401 Unauthorized'); + echo('This api requires login'); + killme(); + } + + $_SESSION['uid'] = $record['channel_id']; + $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; + + $x = q("select * from account where account_id = %d LIMIT 1", + intval($record['channel_account_id']) + ); + if ($x) { + require_once('include/security.php'); + authenticate_success($x[0], null, true, false, true, true); + $_SESSION['allow_api'] = true; + call_hooks('logged_in', App::$user); + return; + } + } else { + // OAuth 1.0 + $oauth = new ZotOAuth1(); + $req = OAuth1Request::from_request(); - list($consumer,$token) = $oauth->verify_request($req); + list($consumer, $token) = $oauth->verify_request($req); - if (!is_null($token)){ - $oauth->loginUser($token->uid); + if (!is_null($token)) { + $oauth->loginUser($token->uid); - App::set_oauth_key($consumer->key); + App::set_oauth_key($consumer->key); - call_hooks('logged_in', App::$user); - return; + call_hooks('logged_in', App::$user); + return; + } + killme(); } - killme(); - } - catch(Exception $e) { + } catch (Exception $e) { logger($e->getMessage()); } - + // workarounds for HTTP-auth in CGI mode foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { diff --git a/include/attach.php b/include/attach.php index 39269eb03..2a9badaac 100644 --- a/include/attach.php +++ b/include/attach.php @@ -266,14 +266,12 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { return $ret; } - if(! perm_is_allowed($r[0]['uid'], $observer_hash, 'view_storage')) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $hash)) { $ret['message'] = t('Permission denied.'); return $ret; } - $sql_extra = permissions_sql($r[0]['uid'],$observer_hash); - - // Now we'll see if we can access the attachment + // We've already checked for existence and permissions $r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1", dbesc($hash), @@ -281,20 +279,12 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { ); if(! $r) { - $ret['message'] = t('Permission denied.'); + $ret['message'] = t('Unknown error.'); return $ret; } $r[0]['content'] = dbunescbin($r[0]['content']); - if($r[0]['folder']) { - $x = attach_can_view_folder($r[0]['uid'],$observer_hash,$r[0]['folder']); - if(! $x) { - $ret['message'] = t('Permission denied.'); - return $ret; - } - } - $ret['success'] = true; $ret['data'] = $r[0]; @@ -302,6 +292,29 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { } +function attach_can_view($uid,$ob_hash,$resource) { + + $sql_extra = permissions_sql($uid,$ob_hash); + $hash = $resource; + + if(! perm_is_allowed($uid,$ob_hash,'view_storage')) { + return false; + } + + $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", + dbesc($hash), + intval($uid) + ); + if(! $r) { + return false; + } + + return attach_can_view_folder($uid,$ob_hash,$r[0]['folder']); + +} + + + function attach_can_view_folder($uid,$ob_hash,$folder_hash) { $sql_extra = permissions_sql($uid,$ob_hash); @@ -948,6 +961,16 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { return $ret; } + // Update the folder timestamp @todo recurse to the storage root folder + + if($folder_hash) { + q("UPDATE attach set edited = '%s' where hash = '%s' and uid = %d and is_dir = 1", + dbesc($edited), + dbesc($folder_hash), + intval($channel_id) + ); + } + // Caution: This re-uses $sql_options set further above $r = q("select * from attach where uid = %d and hash = '%s' $sql_options limit 1", @@ -1562,8 +1585,8 @@ function get_cloud_url($channel_id, $channel_name, $attachHash) { } } while ($parentHash); - $url = z_root() . '/cloud/' . $channel_name . '/' . $parentFullPath . find_filename_by_hash($channel_id, $attachHash); + $url = z_root() . '/cloud/' . $channel_name . '/' . $parentFullPath . find_filename_by_hash($channel_id, $attachHash); return $url; } @@ -2276,33 +2299,22 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { if(! ($c && $resource_id)) return false; + + // find the resource to be moved + $r = q("select * from attach where hash = '%s' and uid = %d limit 1", dbesc($resource_id), intval($channel_id) ); - if(! $r) + if(! $r) { + logger('resource_id not found'); return false; + } $oldstorepath = dbunescbin($r[0]['content']); - if($r[0]['is_dir']) { - $move_success = true; - $x = q("select hash from attach where folder = '%s' and uid = %d", - dbesc($r[0]['hash']), - intval($channel_id) - ); - if($x) { - foreach($x as $xv) { - $rs = attach_move($channel_id,$xv['hash'],$r[0]['hash']); - if(! $rs) { - $move_success = false; - break; - } - } - } - return $move_success; - } + // find the resource we are moving to if($new_folder_hash) { $n = q("select * from attach where hash = '%s' and uid = %d and is_dir = 1 limit 1", @@ -2316,6 +2328,10 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { $newstorepath = dbunescbin($n[0]['content']) . '/' . $resource_id; } else { + + // root directory + + $newdirname = EMPTY_STR; $newstorepath = 'store/' . $c['channel_address'] . '/' . $resource_id; } @@ -2325,56 +2341,61 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { $filename = $r[0]['filename']; - $s = q("select filename, id, hash, filesize from attach where filename = '%s' and folder = '%s' ", - dbesc($filename), - dbesc($new_folder_hash) - ); + // don't do duplicate check unless our parent folder has changed. - if($s) { - $overwrite = get_pconfig($channel_id,'system','overwrite_dup_files'); - if($overwrite) { - /// @fixme - return; - } - else { - if(strpos($filename,'.') !== false) { - $basename = substr($filename,0,strrpos($filename,'.')); - $ext = substr($filename,strrpos($filename,'.')); + if($r[0]['folder'] !== $new_folder_hash) { + + $s = q("select filename, id, hash, filesize from attach where filename = '%s' and folder = '%s' ", + dbesc($filename), + dbesc($new_folder_hash) + ); + + if($s) { + $overwrite = get_pconfig($channel_id,'system','overwrite_dup_files'); + if($overwrite) { + /// @fixme + return; } else { - $basename = $filename; - $ext = ''; - } + if(strpos($filename,'.') !== false) { + $basename = substr($filename,0,strrpos($filename,'.')); + $ext = substr($filename,strrpos($filename,'.')); + } + else { + $basename = $filename; + $ext = ''; + } - $matches = false; - if(preg_match('/(.*?)\([0-9]{1,}\)$/',$basename,$matches)) - $basename = $matches[1]; + $matches = false; + if(preg_match('/(.*?)\([0-9]{1,}\)$/',$basename,$matches)) + $basename = $matches[1]; - $v = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' ", - dbesc($basename . $ext), - dbesc($basename . '(%)' . $ext), - dbesc($new_folder_hash) - ); + $v = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' ", + dbesc($basename . $ext), + dbesc($basename . '(%)' . $ext), + dbesc($new_folder_hash) + ); - if($v) { - $x = 1; + if($v) { + $x = 1; - do { - $found = false; - foreach($v as $vv) { - if($vv['filename'] === $basename . '(' . $x . ')' . $ext) { - $found = true; - break; + do { + $found = false; + foreach($v as $vv) { + if($vv['filename'] === $basename . '(' . $x . ')' . $ext) { + $found = true; + break; + } } + if($found) + $x++; } - if($found) - $x++; + while($found); + $filename = $basename . '(' . $x . ')' . $ext; } - while($found); - $filename = $basename . '(' . $x . ')' . $ext; + else + $filename = $basename . $ext; } - else - $filename = $basename . $ext; } } @@ -2413,6 +2434,24 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { ); } + if($r[0]['is_dir']) { + $move_success = true; + $x = q("select hash from attach where folder = '%s' and uid = %d", + dbesc($r[0]['hash']), + intval($channel_id) + ); + if($x) { + foreach($x as $xv) { + $rs = attach_move($channel_id,$xv['hash'],$r[0]['hash']); + if(! $rs) { + $move_success = false; + break; + } + } + } + return $move_success; + } + return true; } diff --git a/include/auth.php b/include/auth.php index 6f5e58361..b952754fd 100644 --- a/include/auth.php +++ b/include/auth.php @@ -37,6 +37,7 @@ require_once('include/security.php'); function account_verify_password($login, $pass) { $ret = [ 'account' => null, 'channel' => null, 'xchan' => null ]; + $login = punify($login); $email_verify = get_config('system', 'verify_email'); $register_policy = get_config('system', 'register_policy'); @@ -48,51 +49,91 @@ function account_verify_password($login, $pass) { $channel = null; $xchan = null; - if(! strpos($login,'@')) { - $channel = channelx_by_nick($login); - if(! $channel) { - $x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1", - dbesc($login), - dbesc($pass) - ); - if($x) { - $ret['xchan'] = atoken_xchan($x[0]); - atoken_create_xchan($ret['xchan']); - return $ret; + $addon_auth = [ + 'username' => $login, + 'password' => trim($pass), + 'authenticated' => 0, + 'user_record' => null + ]; + + /** + * + * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record + * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained + * and later plugins should not interfere with an earlier one that succeeded. + * + */ + + call_hooks('authenticate', $addon_auth); + + if(($addon_auth['authenticated']) && is_array($addon_auth['user_record']) && (! empty($addon_auth['user_record']))) { + $ret['account'] = $addon_auth['user_record']; + return $ret; + } + else { + if(! strpos($login,'@')) { + $channel = channelx_by_nick($login); + if(! $channel) { + $x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1", + dbesc($login), + dbesc($pass) + ); + if($x) { + $ret['xchan'] = atoken_xchan($x[0]); + atoken_create_xchan($ret['xchan']); + return $ret; + } } } - } - if($channel) { - $where = " where account_id = " . intval($channel['channel_account_id']) . " "; - } - else { - $where = " where account_email = '" . dbesc($login) . "' "; - } + if($channel) { + $where = " where account_id = " . intval($channel['channel_account_id']) . " "; + } + else { + $where = " where account_email = '" . dbesc($login) . "' "; + } - $a = q("select * from account $where"); - if(! $a) { - return null; - } + $a = q("select * from account $where"); + if(! $a) { + return null; + } - $account = $a[0]; + $account = $a[0]; - // Currently we only verify email address if there is an open registration policy. - // This isn't because of any policy - it's because the workflow gets too complicated if - // you have to verify the email and then go through the account approval workflow before - // letting them login. + // Currently we only verify email address if there is an open registration policy. + // This isn't because of any policy - it's because the workflow gets too complicated if + // you have to verify the email and then go through the account approval workflow before + // letting them login. - if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($account['account_flags'] & ACCOUNT_UNVERIFIED)) { - logger('email verification required for ' . $login); - return ( [ 'reason' => 'unvalidated' ] ); - } + if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($account['account_flags'] & ACCOUNT_UNVERIFIED)) { + logger('email verification required for ' . $login); + return ( [ 'reason' => 'unvalidated' ] ); + } - if(($account['account_flags'] == ACCOUNT_OK) - && (hash('whirlpool',$account['account_salt'] . $pass) === $account['account_password'])) { - logger('password verified for ' . $login); - $ret['account'] = $account; - if($channel) - $ret['channel'] = $channel; - return $ret; + if($channel) { + // Try the authentication plugin again since weve determined we are using the channel login instead of account login + $addon_auth = [ + 'username' => $account['account_email'], + 'password' => trim($pass), + 'authenticated' => 0, + 'user_record' => null + ]; + + call_hooks('authenticate', $addon_auth); + + if(($addon_auth['authenticated']) && is_array($addon_auth['user_record']) && (! empty($addon_auth['user_record']))) { + $ret['account'] = $addon_auth['user_record']; + return $ret; + } + } + + if(($account['account_flags'] == ACCOUNT_OK) + && (hash('whirlpool',$account['account_salt'] . $pass) === $account['account_password'])) { + logger('password verified for ' . $login); + $ret['account'] = $account; + if($channel) + $ret['channel'] = $channel; + return $ret; + } } $error = 'password failed for ' . $login; @@ -144,8 +185,17 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && // process logout request $args = array('channel_id' => local_channel()); call_hooks('logging_out', $args); - App::$session->nuke(); - info( t('Logged out.') . EOL); + + + if($_SESSION['delegate'] && $_SESSION['delegate_push']) { + $_SESSION = $_SESSION['delegate_push']; + info( t('Delegation session ended.') . EOL); + } + else { + App::$session->nuke(); + info( t('Logged out.') . EOL); + } + goaway(z_root()); } @@ -232,52 +282,29 @@ else { if((x($_POST, 'auth-params')) && $_POST['auth-params'] === 'login') { - $record = null; - - $addon_auth = array( - 'username' => trim($_POST['username']), - 'password' => trim($_POST['password']), - 'authenticated' => 0, - 'user_record' => null - ); - - /** - * - * A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record - * Plugins should never set 'authenticated' except to indicate success - as hooks may be chained - * and later plugins should not interfere with an earlier one that succeeded. - * - */ - - call_hooks('authenticate', $addon_auth); - $atoken = null; $account = null; + $channel = null; - if(($addon_auth['authenticated']) && (count($addon_auth['user_record']))) { - $account = $addon_auth['user_record']; + $verify = account_verify_password($_POST['username'], $_POST['password']); + if($verify && array_key_exists('reason',$verify) && $verify['reason'] === 'unvalidated') { + notice( t('Email validation is incomplete. Please check your email.')); + goaway(z_root() . '/email_validation/' . bin2hex(punify(trim(escape_tags($_POST['username']))))); + } + elseif($verify) { + $atoken = $verify['xchan']; + $channel = $verify['channel']; + $account = App::$account = $verify['account']; } - else { - $verify = account_verify_password($_POST['username'], $_POST['password']); - if($verify && array_key_exists('reason',$verify) && $verify['reason'] === 'unvalidated') { - notice( t('Email validation is incomplete. Please check your email.')); - goaway(z_root() . '/email_validation/' . bin2hex(trim(escape_tags($_POST['username'])))); - } - elseif($verify) { - $atoken = $verify['xchan']; - $channel = $verify['channel']; - $account = App::$account = $verify['account']; - } - if(App::$account) { - $_SESSION['account_id'] = App::$account['account_id']; - } - elseif($atoken) { - atoken_login($atoken); - } - else { - notice( t('Failed authentication') . EOL); - } + if(App::$account) { + $_SESSION['account_id'] = App::$account['account_id']; + } + elseif($atoken) { + atoken_login($atoken); + } + else { + notice( t('Failed authentication') . EOL); } if(! ($account || $atoken)) { @@ -316,8 +343,9 @@ else { // if we haven't failed up this point, log them in. $_SESSION['last_login_date'] = datetime_convert(); - if(! $atoken) + if(! $atoken) { authenticate_success($account,$channel,true, true); + } } } diff --git a/include/bbcode.php b/include/bbcode.php index 03a46444b..345b5b025 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -85,12 +85,14 @@ function tryoembed($match) { function nakedoembed($match) { $url = ((count($match) == 2) ? $match[1] : $match[2]); - $o = oembed_fetch_url($url); + $strip_url = strip_escaped_zids($url); + + $o = oembed_fetch_url($strip_url); if ($o['type'] == 'error') - return $match[0]; + return str_replace($url,$strip_url,$match[0]); - return '[embed]' . $url . '[/embed]'; + return '[embed]' . $strip_url . '[/embed]'; } function tryzrlaudio($match) { @@ -311,6 +313,19 @@ function bb_ShareAttributes($match) { if ($matches[1] != "") $posted = $matches[1]; + $auth = ""; + preg_match("/auth='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") { + if($matches[1] === 'true') + $auth = true; + else + $auth = false; + } + + if($auth === EMPTY_STR) { + $auth = is_matrix_url($profile); + } + // message_id is never used, do we still need it? $message_id = ""; preg_match("/message_id='(.*?)'/ism", $attributes, $matches); @@ -329,7 +344,7 @@ function bb_ShareAttributes($match) { $headline = '<div class="shared_container"> <div class="shared_header">'; if ($avatar != "") - $headline .= '<a href="' . zid($profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>'; + $headline .= '<a href="' . (($auth) ? zid($profile) : $profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>'; if(strpos($link,'/cards/')) $type = t('card'); @@ -341,8 +356,8 @@ function bb_ShareAttributes($match) { // Bob Smith wrote the following post 2 hours ago $fmt = sprintf( t('%1$s wrote the following %2$s %3$s'), - '<a href="' . zid($profile) . '" >' . $author . '</a>', - '<a href="' . zid($link) . '" >' . $type . '</a>', + '<a href="' . (($auth) ? zid($profile) : $profile) . '" >' . $author . '</a>', + '<a href="' . (($auth) ? zid($link) : $link) . '" >' . $type . '</a>', $reldate ); @@ -393,7 +408,7 @@ function bb_ShareAttributesSimple($match) { if ($matches[1] != "") $profile = $matches[1]; - $text = html_entity_decode("♲ ", ENT_QUOTES, 'UTF-8') . ' <a href="' . $profile . '">' . $author . '</a>: div class="reshared-content">' . $match[2] . '</div>'; + $text = html_entity_decode("♲ ", ENT_QUOTES, 'UTF-8') . ' <a href="' . $profile . '">' . $author . '</a>: <div class="reshared-content">' . $match[2] . '</div>'; return($text); } @@ -668,6 +683,31 @@ function bb_fixtable_lf($match) { } +function bbtopoll($s) { + + $pl = []; + + $match = ''; + if(! preg_match("/\[poll=(.*?)\](.*?)\[\/poll\]/ism",$s,$match)) { + return null; + } + $pl['poll_id'] = $match[1]; + $pl['poll_question'] = $match[2]; + + $match = ''; + if(preg_match_all("/\[poll\-answer=(.*?)\](.*?)\[\/poll\-answer\]/is",$s,$match,PREG_SET_ORDER)) { + $pl['answer'] = []; + foreach($match as $m) { + $ans = [ 'answer_id' => $m[1], 'answer_text' => $m[2] ]; + $pl['answer'][] = $ans; + } + } + + return $pl; + +} + + function parseIdentityAwareHTML($Text) { // Hide all [noparse] contained bbtags by spacefying them @@ -742,10 +782,16 @@ function parseIdentityAwareHTML($Text) { function bbcode($Text, $options = []) { + if(! is_array($options)) { + $options = []; + } + $preserve_nl = ((array_key_exists('preserve_nl',$options)) ? $options['preserve_nl'] : false); $tryoembed = ((array_key_exists('tryoembed',$options)) ? $options['tryoembed'] : true); $cache = ((array_key_exists('cache',$options)) ? $options['cache'] : false); + $newwin = ((array_key_exists('newwin',$options)) ? $options['newwin'] : true); + $target = (($newwin) ? ' target="_blank" ' : ''); call_hooks('bbcode_filter', $Text); @@ -766,6 +812,11 @@ function bbcode($Text, $options = []) { $ev = bbtoevent($Text); + // and the same with polls + + $pl = bbtopoll($Text); + + // process [observer] tags before we do anything else because we might // be stripping away stuff that then doesn't need to be worked on anymore @@ -891,7 +942,7 @@ function bbcode($Text, $options = []) { if($tryoembed) { $Text = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", 'tryoembed', $Text); } - $Text = preg_replace("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1<a href="$2" target="_blank" rel="nofollow noopener">$2</a>', $Text); + $Text = preg_replace("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1<a href="$2" ' . $target . ' rel="nofollow noopener">$2</a>', $Text); } if (strpos($Text,'[/share]') !== false) { @@ -903,16 +954,16 @@ function bbcode($Text, $options = []) { } } if (strpos($Text,'[/url]') !== false) { - $Text = preg_replace("/\#\^\[url\]([$URLSearchString]*)\[\/url\]/ism", '<span class="bookmark-identifier">#^</span><a class="bookmark" href="$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); - $Text = preg_replace("/\#\^\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '<span class="bookmark-identifier">#^</span><a class="bookmark" href="$1" target="_blank" rel="nofollow noopener" >$2</a>', $Text); - $Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '<a href="$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); - $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '<a href="$1" target="_blank" rel="nofollow noopener" >$2</a>', $Text); + $Text = preg_replace("/\#\^\[url\]([$URLSearchString]*)\[\/url\]/ism", '<span class="bookmark-identifier">#^</span><a class="bookmark" href="$1" ' . $target . ' rel="nofollow noopener" >$1</a>', $Text); + $Text = preg_replace("/\#\^\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '<span class="bookmark-identifier">#^</span><a class="bookmark" href="$1" ' . $target . ' rel="nofollow noopener" >$2</a>', $Text); + $Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '<a href="$1" ' . $target . ' rel="nofollow noopener" >$1</a>', $Text); + $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '<a href="$1" ' . $target . ' rel="nofollow noopener" >$2</a>', $Text); } if (strpos($Text,'[/zrl]') !== false) { - $Text = preg_replace("/\#\^\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '<span class="bookmark-identifier">#^</span><a class="zrl bookmark" href="$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); - $Text = preg_replace("/\#\^\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '<span class="bookmark-identifier">#^</span><a class="zrl bookmark" href="$1" target="_blank" rel="nofollow noopener" >$2</a>', $Text); - $Text = preg_replace("/\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '<a class="zrl" href="$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); - $Text = preg_replace("/\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '<a class="zrl" href="$1" target="_blank" rel="nofollow noopener" >$2</a>', $Text); + $Text = preg_replace("/\#\^\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '<span class="bookmark-identifier">#^</span><a class="zrl bookmark" href="$1" ' . $target . ' rel="nofollow noopener" >$1</a>', $Text); + $Text = preg_replace("/\#\^\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '<span class="bookmark-identifier">#^</span><a class="zrl bookmark" href="$1" ' . $target . ' rel="nofollow noopener" >$2</a>', $Text); + $Text = preg_replace("/\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '<a class="zrl" href="$1" ' . $target . ' rel="nofollow noopener" >$1</a>', $Text); + $Text = preg_replace("/\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '<a class="zrl" href="$1" ' . $target . ' rel="nofollow noopener" >$2</a>', $Text); } if (get_account_techlevel() < 2) @@ -920,8 +971,8 @@ function bbcode($Text, $options = []) { // Perform MAIL Search if (strpos($Text,'[/mail]') !== false) { - $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '<a href="mailto:$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); - $Text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.*?)\[\/mail\]/", '<a href="mailto:$1" target="_blank" rel="nofollow noopener" >$2</a>', $Text); + $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '<a href="mailto:$1" ' . $target . ' rel="nofollow noopener" >$1</a>', $Text); + $Text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.*?)\[\/mail\]/", '<a href="mailto:$1" ' . $target . ' rel="nofollow noopener" >$2</a>', $Text); } @@ -952,11 +1003,11 @@ function bbcode($Text, $options = []) { } // Check for strike-through text if (strpos($Text,'[s]') !== false) { - $Text = preg_replace("(\[s\](.*?)\[\/s\])ism", '<strike>$1</strike>', $Text); + $Text = preg_replace("(\[s\](.*?)\[\/s\])ism", '<span style="text-decoration: line-through;">$1</span>', $Text); } // Check for over-line text if (strpos($Text,'[o]') !== false) { - $Text = preg_replace("(\[o\](.*?)\[\/o\])ism", '<span class="overline">$1</span>', $Text); + $Text = preg_replace("(\[o\](.*?)\[\/o\])ism", '<span style="text-decoration: overline;">$1</span>', $Text); } if (strpos($Text,'[sup]') !== false) { $Text = preg_replace("(\[sup\](.*?)\[\/sup\])ism", '<sup>$1</sup>', $Text); @@ -1243,28 +1294,18 @@ function bbcode($Text, $options = []) { // if video couldn't be embedded, link to it instead. if (strpos($Text,'[/video]') !== false) { - $Text = preg_replace("/\[video\](.*?)\[\/video\]/", '<a href="$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); + $Text = preg_replace("/\[video\](.*?)\[\/video\]/", '<a href="$1" ' . $target . ' rel="nofollow noopener" >$1</a>', $Text); } if (strpos($Text,'[/audio]') !== false) { - $Text = preg_replace("/\[audio\](.*?)\[\/audio\]/", '<a href="$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); + $Text = preg_replace("/\[audio\](.*?)\[\/audio\]/", '<a href="$1" ' . $target . ' rel="nofollow noopener" >$1</a>', $Text); } if (strpos($Text,'[/zvideo]') !== false) { - $Text = preg_replace("/\[zvideo\](.*?)\[\/zvideo\]/", '<a class="zid" href="$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); + $Text = preg_replace("/\[zvideo\](.*?)\[\/zvideo\]/", '<a class="zid" href="$1" ' . $target . ' rel="nofollow noopener" >$1</a>', $Text); } if (strpos($Text,'[/zaudio]') !== false) { - $Text = preg_replace("/\[zaudio\](.*?)\[\/zaudio\]/", '<a class="zid" href="$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); - } - -// if ($tryoembed){ -// if (strpos($Text,'[/iframe]') !== false) { -// $Text = preg_replace_callback("/\[iframe\](.*?)\[\/iframe\]/ism", 'bb_iframe', $Text); -// } -// } else { -// if (strpos($Text,'[/iframe]') !== false) { -// $Text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '<a href="$1" target="_blank" rel="nofollow noopener" >$1</a>', $Text); -// } -// } + $Text = preg_replace("/\[zaudio\](.*?)\[\/zaudio\]/", '<a class="zid" href="$1" ' . $target . ' rel="nofollow noopener" >$1</a>', $Text); + } // oembed tag $Text = oembed_bbcode2html($Text); diff --git a/include/channel.php b/include/channel.php index a8ddfa978..1a62dcd3c 100644 --- a/include/channel.php +++ b/include/channel.php @@ -780,7 +780,7 @@ function identity_basic_export($channel_id, $sections = null) { } } - if(in_array('channel',$sections)) { + if(in_array('channel',$sections) || in_array('profile',$sections)) { $r = q("select * from profile where uid = %d", intval($channel_id) ); @@ -1126,8 +1126,7 @@ function channel_export_items($channel_id, $start, $finish) { /** * @brief Loads a profile into the App structure. * - * The function requires a writeable copy of the main App structure, and the - * nickname of a valid channel. + * The function requires the nickname of a valid channel. * * Permissions of the current observer are checked. If a restricted profile is available * to the current observer, that will be loaded instead of the channel default profile. @@ -1235,7 +1234,7 @@ function profile_load($nickname, $profile = '') { ); if($z) { $p[0]['picdate'] = $z[0]['xchan_photo_date']; - $p[0]['reddress'] = str_replace('@','@',$z[0]['xchan_addr']); + $p[0]['reddress'] = str_replace('@','@',unpunify($z[0]['xchan_addr'])); } // fetch user tags if this isn't the default profile @@ -1256,7 +1255,7 @@ function profile_load($nickname, $profile = '') { App::$profile = $p[0]; App::$profile_uid = $p[0]['profile_uid']; - App::$page['title'] = App::$profile['channel_name'] . " - " . channel_reddress(App::$profile); + App::$page['title'] = App::$profile['channel_name'] . " - " . unpunify(channel_reddress(App::$profile)); App::$profile['permission_to_view'] = $can_view_profile; @@ -1574,14 +1573,25 @@ function advanced_profile() { $profile['howlong'] = relative_date(App::$profile['howlong'], t('for %1$d %2$s')); } + if(App::$profile['keywords']) { + $keywords = str_replace(',',' ', App::$profile['keywords']); + $keywords = str_replace(' ',' ', $keywords); + $karr = explode(' ', $keywords); + if($karr) { + for($cnt = 0; $cnt < count($karr); $cnt ++) { + $karr[$cnt] = '<a href="' . z_root() . '/directory/f=&keywords=' . trim($karr[$cnt]) . '">' . $karr[$cnt] . '</a>'; + } + } + $profile['keywords'] = array( t('Tags:'), implode(' ', $karr)); + } + + if(App::$profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), App::$profile['sexual'] ); if(App::$profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify(App::$profile['homepage']) ); if(App::$profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify(App::$profile['hometown']) ); - if(App::$profile['keywords']) $profile['keywords'] = array( t('Tags:'), App::$profile['keywords']); - if(App::$profile['politic']) $profile['politic'] = array( t('Political Views:'), App::$profile['politic']); if(App::$profile['religion']) $profile['religion'] = array( t('Religion:'), App::$profile['religion']); @@ -1766,6 +1776,17 @@ function get_default_profile_photo($size = 300) { if(! $scheme) $scheme = 'rainbow_man'; + if(! is_dir('images/default_profile_photos/' . $scheme)) { + $x = [ 'scheme' => $scheme, 'size' => $size, 'url' => '' ]; + call_hooks('default_profile_photo',$x); + if($x['url']) { + return $x['url']; + } + else { + $scheme = 'rainbow_man'; + } + } + return 'images/default_profile_photos/' . $scheme . '/' . $size . '.png'; } @@ -1897,6 +1918,7 @@ function is_public_profile() { function get_profile_fields_basic($filter = 0) { $profile_fields_basic = (($filter == 0) ? get_config('system','profile_fields_basic') : null); + if(! $profile_fields_basic) $profile_fields_basic = array('fullname','pdesc','chandesc','comms','gender','dob','dob_tz','region','country_name','marital','sexual','homepage','hometown','keywords','about','contact'); @@ -2229,6 +2251,11 @@ function get_zcard_embed($channel, $observer_hash = '', $args = array()) { * - false if no channel with $nick was found */ function channelx_by_nick($nick) { + + // If we are provided a Unicode nickname convert to IDN + + $nick = punify($nick); + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and channel_removed = 0 LIMIT 1", dbesc($nick) ); @@ -2552,7 +2579,7 @@ function channel_remove($channel_id, $local = true, $unset_session = false) { q("DELETE FROM photo WHERE uid = %d", intval($channel_id)); q("DELETE FROM attach WHERE uid = %d", intval($channel_id)); q("DELETE FROM profile WHERE uid = %d", intval($channel_id)); - q("DELETE FROM src WHERE src_channel_id = %d", intval($channel_id)); + q("DELETE FROM source WHERE src_channel_id = %d", intval($channel_id)); $r = q("select hash FROM attach WHERE uid = %d", intval($channel_id)); if($r) { @@ -2714,7 +2741,7 @@ function anon_identity_init($reqvars) { $hash = hash('md5',$anon_email); - $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'anon' limit 1", dbesc($anon_email), dbesc($hash) ); @@ -2725,19 +2752,19 @@ function anon_identity_init($reqvars) { 'xchan_hash' => $hash, 'xchan_name' => $anon_name, 'xchan_url' => $anon_url, - 'xchan_network' => 'unknown', + 'xchan_network' => 'anon', 'xchan_name_date' => datetime_convert() ]); - $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' limit 1", + $x = q("select * from xchan where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'anon' limit 1", dbesc($anon_email), dbesc($hash) ); $photo = z_root() . '/' . get_default_profile_photo(300); $photos = import_xchan_photo($photo,$hash); - $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'unknown' ", + $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_guid = '%s' and xchan_hash = '%s' and xchan_network = 'anon' ", dbesc(datetime_convert()), dbesc($photos[0]), dbesc($photos[1]), diff --git a/include/connections.php b/include/connections.php index e9d7daa2d..32baa94bd 100644 --- a/include/connections.php +++ b/include/connections.php @@ -100,7 +100,6 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { if(! $xchan) return; -// FIXME - show connect button to observer if appropriate $connect = false; if(local_channel()) { $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", @@ -111,6 +110,12 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { $connect = t('Connect'); } + // don't provide a connect button for transient or one-way identities + + if(in_array($xchan['xchan_network'],['rss','anon','unknown']) || strpos($xchan['xchan_addr'],'guest:') === 0) { + $connect = false; + } + if(array_key_exists('channel_id',$xchan)) App::$profile_uid = $xchan['channel_id']; @@ -122,7 +127,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { return replace_macros(get_markup_template('xchan_vcard.tpl'),array( '$name' => $xchan['xchan_name'], '$photo' => ((is_array(App::$profile) && array_key_exists('photo',App::$profile)) ? App::$profile['photo'] : $xchan['xchan_photo_l']), - '$follow' => $xchan['xchan_addr'], + '$follow' => (($xchan['xchan_addr']) ? $xchan['xchan_addr'] : $xchan['xchan_url']), '$link' => zid($xchan['xchan_url']), '$connect' => $connect, '$newwin' => (($mode === 'chanview') ? t('New window') : ''), @@ -421,7 +426,10 @@ function random_profile() { for($i = 0; $i < $retryrandom; $i++) { - $r = q("select xchan_url, xchan_hash from xchan left join hubloc on hubloc_hash = xchan_hash where xchan_hidden = 0 and xchan_system = 0 and hubloc_connected > %s - interval %s order by $randfunc limit 1", + $r = q("select xchan_url, xchan_hash from xchan left join hubloc on hubloc_hash = xchan_hash where + xchan_hidden = 0 and xchan_system = 0 and + xchan_network = 'zot' and xchan_deleted = 0 and + hubloc_connected > %s - interval %s order by $randfunc limit 1", db_utcnow(), db_quoteinterval('30 day') ); diff --git a/include/conversation.php b/include/conversation.php index 0bb9c769a..4a1cdc7da 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -404,7 +404,7 @@ function count_descendants($item) { * @return boolean */ function visible_activity($item) { - $hidden_activities = [ ACTIVITY_LIKE, ACTIVITY_DISLIKE, ACTIVITY_AGREE, ACTIVITY_DISAGREE, ACTIVITY_ABSTAIN, ACTIVITY_ATTEND, ACTIVITY_ATTENDNO, ACTIVITY_ATTENDMAYBE ]; + $hidden_activities = [ ACTIVITY_LIKE, ACTIVITY_DISLIKE, ACTIVITY_AGREE, ACTIVITY_DISAGREE, ACTIVITY_ABSTAIN, ACTIVITY_ATTEND, ACTIVITY_ATTENDNO, ACTIVITY_ATTENDMAYBE, ACTIVITY_POLLRESPONSE ]; if(intval($item['item_notshown'])) return false; @@ -838,11 +838,11 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa $item_object = new Zotlabs\Lib\ThreadItem($item); $conv->add_thread($item_object); - if($page_mode === 'list') { + if(($page_mode === 'list') || ($page_mode === 'pager_list')) { $item_object->set_template('conv_list.tpl'); $item_object->set_display_mode('list'); } - if($page_mode === 'cards') { + if($mode === 'cards' || $mode === 'articles') { $item_object->set_reload($jsreload); } @@ -857,7 +857,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa } } - if($page_mode === 'traditional' || $page_mode === 'preview') { + if(in_array($page_mode, [ 'traditional', 'preview', 'pager_list'] )) { $page_template = get_markup_template("threaded_conversation.tpl"); } elseif($update) { @@ -930,7 +930,7 @@ function thread_action_menu($item,$mode = '') { $menu[] = [ 'menu' => 'view_source', 'title' => t('View Source'), - 'icon' => 'eye', + 'icon' => 'code', 'action' => 'viewsrc(' . $item['id'] . '); return false;', 'href' => '#' ]; @@ -1001,18 +1001,21 @@ function thread_author_menu($item, $mode = '') { $profile_link = chanlink_hash($item['author_xchan']); $contact = false; - if(App::$contacts && array_key_exists($item['author_xchan'],App::$contacts)) - $contact = App::$contacts[$item['author_xchan']]; - else - if($local_channel && $item['author']['xchan_addr']) - $follow_url = z_root() . '/follow/?f=&url=' . urlencode($item['author']['xchan_addr']); - + if($channel['channel_hash'] !== $item['author_xchan']) { + if(App::$contacts && array_key_exists($item['author_xchan'],App::$contacts)) { + $contact = App::$contacts[$item['author_xchan']]; + } + else { + if($local_channel && $item['author']['xchan_addr'] && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown' ]))) { + $follow_url = z_root() . '/follow/?f=&url=' . urlencode($item['author']['xchan_addr']) . '&interactive=0'; + } + } - if($item['uid'] > 0 && author_is_pmable($item['author'],$contact)) { - $pm_url = z_root() . '/mail/new/?f=&hash=' . urlencode($item['author_xchan']); + if($item['uid'] > 0 && author_is_pmable($item['author'],$contact)) { + $pm_url = z_root() . '/mail/new/?f=&hash=' . urlencode($item['author_xchan']); + } } - if($contact) { $poke_link = z_root() . '/poke/?f=&c=' . $contact['abook_id']; if (! intval($contact['abook_self'])) @@ -1039,7 +1042,7 @@ function thread_author_menu($item, $mode = '') { if($posts_link) { $menu[] = [ 'menu' => 'view_posts', - 'title' => t('Activity/Posts'), + 'title' => t('Recent Activity'), 'icon' => 'fw', 'action' => '', 'href' => $posts_link @@ -1051,8 +1054,8 @@ function thread_author_menu($item, $mode = '') { 'menu' => 'follow', 'title' => t('Connect'), 'icon' => 'fw', - 'action' => '', - 'href' => $follow_url + 'action' => 'doFollowAuthor(\'' . $follow_url . '\'); return false;', + 'href' => '#', ]; } @@ -1279,7 +1282,7 @@ function status_editor($a, $x, $popup = false) { if(x($x, 'hide_weblink')) $weblink = false; - $embedPhotos = t('Embed image from photo albums'); + $embedPhotos = t('Embed (existing) photo from your photo albums'); $writefiles = (($mimetype === 'text/bbcode') ? perm_is_allowed($x['profile_uid'], get_observer_hash(), 'write_storage') : false); if(x($x, 'hide_attach')) @@ -1302,6 +1305,10 @@ function status_editor($a, $x, $popup = false) { $webpage = ((x($x,'webpage')) ? $x['webpage'] : ''); + $reset = ((x($x,'reset')) ? $x['reset'] : ''); + + $feature_auto_save_draft = ((feature_enabled($x['profile_uid'], 'auto_save_draft')) ? "true" : "false"); + $tpl = get_markup_template('jot-header.tpl'); App::$page['htmlhead'] .= replace_macros($tpl, array( @@ -1323,6 +1330,8 @@ function status_editor($a, $x, $popup = false) { '$modalerroralbum' => t('Error getting album'), '$nocomment_enabled' => t('Comments enabled'), '$nocomment_disabled' => t('Comments disabled'), + '$auto_save_draft' => $feature_auto_save_draft, + '$reset' => $reset )); $tpl = get_markup_template('jot.tpl'); @@ -1379,7 +1388,7 @@ function status_editor($a, $x, $popup = false) { '$underline' => t('Underline'), '$quote' => t('Quote'), '$code' => t('Code'), - '$attach' => t('Attach file'), + '$attach' => t('Attach/Upload file'), '$weblink' => $weblink, '$embedPhotos' => $embedPhotos, '$embedPhotosModalTitle' => t('Embed an image from your albums'), @@ -1435,7 +1444,8 @@ function status_editor($a, $x, $popup = false) { '$expiryModalCANCEL' => t('Cancel'), '$expanded' => ((x($x, 'expanded')) ? $x['expanded'] : false), '$bbcode' => ((x($x, 'bbcode')) ? $x['bbcode'] : false), - '$parent' => ((array_key_exists('parent',$x) && $x['parent']) ? $x['parent'] : 0) + '$parent' => ((array_key_exists('parent',$x) && $x['parent']) ? $x['parent'] : 0), + '$reset' => $reset )); if ($popup === true) { @@ -1607,7 +1617,7 @@ function prepare_page($item) { // prepare_body calls unobscure() as a side effect. Do it here so that // the template will get passed an unobscured title. - $body = prepare_body($item, true); + $body = prepare_body($item, [ 'newwin' => false ]); if(App::$page['template'] == 'none') { $tpl = 'page_display_empty.tpl'; @@ -1721,7 +1731,7 @@ function network_tabs() { if(feature_enabled(local_channel(),'star_posts')) { $tabs[] = array( 'label' => t('Starred'), - 'url'=>z_root() . '/' . $cmd . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1', + 'url'=>z_root() . '/' . $cmd . '/?f=' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : '') . '&star=1', 'sel'=>$starred_active, 'title' => t('Favourite Posts'), ); diff --git a/include/datetime.php b/include/datetime.php index 766c90d16..3a07f1ccf 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -125,10 +125,16 @@ function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d */ function dob($dob) { + $y = substr($dob,0,4); + if((! ctype_digit($y)) || ($y < 1900)) + $ignore_year = true; + else + $ignore_year = false; + if ($dob === '0000-00-00' || $dob === '') $value = ''; else - $value = (($year) ? datetime_convert('UTC','UTC',$dob,'Y-m-d') : datetime_convert('UTC','UTC',$dob,'m-d')); + $value = (($ignore_year) ? datetime_convert('UTC','UTC',$dob,'m-d') : datetime_convert('UTC','UTC',$dob,'Y-m-d')); $o = replace_macros(get_markup_template("field_input.tpl"), [ '$field' => [ 'dob', t('Birthday'), $value, ((intval($value)) ? t('Age: ') . age($value,App::$user['timezone'],App::$user['timezone']) : ''), '', 'placeholder="' . t('YYYY-MM-DD or MM-DD') .'"' ] diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index b3298b673..9e9f24bb3 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -460,3 +460,28 @@ function db_logger($s,$level = LOGGER_NORMAL,$syslog = LOG_INFO) { \DBA::$logging = false; \DBA::$dba->debug = $saved; } + + +function db_columns($table) { + + if($table) { + if(ACTIVE_DBTYPE === DBTYPE_POSTGRES) { + $r = q("SELECT column_name as field FROM information_schema.columns WHERE table_schema = 'public' AND table_name = '%s'", + dbesc($table) + ); + if($r) { + return ids_to_array($r,'field'); + } + } + else { + $r = q("show columns in %s", + dbesc($table) + ); + if($r) { + return ids_to_array($r,'Field'); + } + } + } + + return []; +}
\ No newline at end of file diff --git a/include/dba/dba_pdo.php b/include/dba/dba_pdo.php index f24c5381a..5002f53e7 100755 --- a/include/dba/dba_pdo.php +++ b/include/dba/dba_pdo.php @@ -100,7 +100,9 @@ class dba_pdo extends dba_driver { if($this->debug) { db_logger('dba_pdo: DEBUG: ' . printable($sql) . ' returned ' . count($r) . ' results.', LOGGER_NORMAL, LOG_INFO); - db_logger('dba_pdo: ' . printable(print_r($r,true)), LOGGER_NORMAL, LOG_INFO); + if(intval($this->debug) > 1) { + db_logger('dba_pdo: ' . printable(print_r($r,true)), LOGGER_NORMAL, LOG_INFO); + } } return (($this->error) ? false : $r); diff --git a/include/event.php b/include/event.php index 1077a3c64..84a16e8be 100644 --- a/include/event.php +++ b/include/event.php @@ -1322,3 +1322,25 @@ function translate_type($type) { return [$type, t('Other') . ' (' . $type . ')']; } } + + +function cal_store_lowlevel($arr) { + + $store = [ + 'cal_aid' => ((array_key_exists('cal_aid',$arr)) ? $arr['cal_aid'] : 0), + 'cal_uid' => ((array_key_exists('cal_uid',$arr)) ? $arr['cal_uid'] : 0), + 'cal_hash' => ((array_key_exists('cal_hash',$arr)) ? $arr['cal_hash'] : ''), + 'cal_name' => ((array_key_exists('cal_name',$arr)) ? $arr['cal_name'] : ''), + 'uri' => ((array_key_exists('uri',$arr)) ? $arr['uri'] : ''), + 'logname' => ((array_key_exists('logname',$arr)) ? $arr['logname'] : ''), + 'pass' => ((array_key_exists('pass',$arr)) ? $arr['pass'] : ''), + 'ctag' => ((array_key_exists('ctag',$arr)) ? $arr['ctag'] : ''), + 'synctoken' => ((array_key_exists('synctoken',$arr)) ? $arr['synctoken'] : ''), + 'cal_types' => ((array_key_exists('cal_types',$arr)) ? $arr['cal_types'] : ''), + ]; + + return create_table_from_array('cal', $store); + +} + + diff --git a/include/features.php b/include/features.php index 993266977..c865f6754 100644 --- a/include/features.php +++ b/include/features.php @@ -28,8 +28,9 @@ function get_feature_default($feature) { $f = get_features(false); foreach($f as $cat) { foreach($cat as $feat) { - if(is_array($feat) && $feat[0] === $feature) + if(is_array($feat) && $feat[0] === $feature) { return $feat[3]; + } } } return false; @@ -43,8 +44,9 @@ function feature_level($feature,$def) { return $def; } -function get_features($filtered = true) { +function get_features($filtered = true, $level = (-1)) { + $account = \App::get_account(); $arr = [ @@ -53,7 +55,14 @@ function get_features($filtered = true) { t('General Features'), - + [ + 'start_menu', + t('New Member Links'), + t('Display new member quick links menu'), + (($account['account_created'] > datetime_convert('','','now - 60 days')) ? true : false), + get_config('feature_lock','start_menu'), + feature_level('start_menu',1), + ], [ 'advanced_profiles', @@ -237,14 +246,23 @@ function get_features($filtered = true) { [ 'oauth_clients', - t('OAuth Clients'), - t('Manage authenticatication tokens for mobile and remote apps.'), + t('OAuth1 Clients'), + t('Manage OAuth1 authenticatication tokens for mobile and remote apps.'), false, get_config('feature_lock','oauth_clients'), feature_level('oauth_clients',1), ], [ + 'oauth2_clients', + t('OAuth2 Clients'), + t('Manage OAuth2 authenticatication tokens for mobile and remote apps.'), + false, + get_config('feature_lock','oauth2_clients'), + feature_level('oauth2_clients',1), + ], + + [ 'access_tokens', t('Access Tokens'), t('Create access tokens so that non-members can access private content.'), @@ -332,6 +350,15 @@ function get_features($filtered = true) { feature_level('suppress_duplicates',1), ], + [ + 'auto_save_draft', + t('Auto-save drafts of posts and comments'), + t('Automatically saves post and comment drafts in local browser storage to help prevent accidental loss of compositions'), + true, + get_config('feature_lock','auto_save_draft'), + feature_level('auto_save_draft',1), + ], + ], // Network Tools @@ -481,7 +508,7 @@ function get_features($filtered = true) { $arr = $x['features']; - $techlevel = get_account_techlevel(); + $techlevel = (($level >= 0) ? $level : get_account_techlevel()); // removed any locked features and remove the entire category if this makes it empty diff --git a/include/feedutils.php b/include/feedutils.php index 369193fce..afbe4229e 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -668,6 +668,14 @@ function get_atom_elements($feed, $item) { } $termterm = notags(trim(unxmlify($term))); + // Mastodon auto generates an nsfw category tag for any 'content-warning' message. + // Most people use CW and use both summary/content as a spoiler and we honour that + // construct so the post will already be collapsed. The generated tag is almost + // always wrong and even if it isn't we would already be doing the right thing. + + if($mastodon && $termterm === 'nsfw' && $summary && $res['body']) + continue; + if($termterm) { $terms[] = array( 'otype' => TERM_OBJ_POST, @@ -926,6 +934,7 @@ function feed_get_reshare(&$res,$item) { "' profile='" . $share['profile'] . "' avatar='" . $share['avatar'] . "' link='" . $share['alternate'] . + "' auth='" . 'false' . "' posted='" . $share['created'] . "' message_id='" . $share['message_id'] . "']"; @@ -1323,6 +1332,12 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { // immediate parent wasn't found. Turn into a top-level post if permissions allow // but save the thread_parent in case we need to refer to it later. + if($importer['channel_system']) { + if( ! \Zotlabs\Lib\MessageFilter::evaluate($datarray,get_config('system','pubstream_incl'),get_config('system','pubstream_excl'))) { + continue; + } + } + if(! post_is_importable($datarray, $contact)) continue; @@ -1473,6 +1488,12 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { $author['owner_avatar'] = $contact['thumb']; } + if($importer['channel_system']) { + if( ! \Zotlabs\Lib\MessageFilter::evaluate($datarray,get_config('system','pubstream_incl'),get_config('system','pubstream_excl'))) { + continue; + } + } + if(! post_is_importable($datarray, $contact)) continue; diff --git a/include/follow.php b/include/follow.php index 0843802c5..e2f0a8f4d 100644 --- a/include/follow.php +++ b/include/follow.php @@ -88,9 +88,18 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) // Premium channel, set confirm before callback to avoid recursion - if(array_key_exists('connect_url',$j) && ($interactive) && (! $confirm)) - goaway(zid($j['connect_url'])); - + if(array_key_exists('connect_url',$j) && (! $confirm)) { + if($interactive) { + goaway(zid($j['connect_url'])); + } + else { + $result['message'] = t('Premium channel - please visit:') . ' ' . zid($j['connect_url']); + logger('mod_follow: ' . $result['message']); + return $result; + } + } + + // do we have an xchan and hubloc? // If not, create them. @@ -141,15 +150,15 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) // attempt network auto-discovery - $d = discover_by_webbie($url,$protocol); + $wf = discover_by_webbie($url,$protocol); - if((! $d) && ($is_http)) { + if((! $wf) && ($is_http)) { // try RSS discovery $feeds = get_config('system','feed_contacts'); - if(($feeds) && ($protocol === '' || $protocol === 'feed')) { + if(($feeds) && ($protocol === '' || $protocol === 'feed' || $protocol === 'rss')) { $d = discover_by_url($url); } else { @@ -158,9 +167,9 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) } } - if($d) { + if($wf || $d) { $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1", - dbesc($url), + dbesc(($wf) ? $wf : $url), dbesc($url) ); } diff --git a/include/group.php b/include/group.php index 03ebf7ee5..8c95f6224 100644 --- a/include/group.php +++ b/include/group.php @@ -284,7 +284,7 @@ function group_side($every="connections",$each="group",$edit = false, $group_id 'text' => t('All Channels'), 'id' => 0, 'selected' => (($group_id == 0) ? 'group-selected' : ''), - 'href' => $every . (($every === 'network') ? '?f=&gid=0' : ''), + 'href' => $every . (($every === 'network') ? '?f=&gid=0' : '') . ((x($_GET,'order')) ? '&order=' . $_GET['order'] : ''), ); diff --git a/include/help.php b/include/help.php index 0dc37e517..ce389b4db 100644 --- a/include/help.php +++ b/include/help.php @@ -306,7 +306,7 @@ function store_doc_file($s) { require_once('include/html2plain.php'); - $item['body'] = html2plain(prepare_text(file_get_contents($s),$mimetype, true)); + $item['body'] = html2plain(prepare_text(file_get_contents($s),$mimetype, [ 'cache' => true ])); $item['mimetype'] = 'text/plain'; $item['plink'] = z_root() . '/' . str_replace('doc','help',$s); diff --git a/include/html2bbcode.php b/include/html2bbcode.php index 4166299db..1a03fbdaf 100644 --- a/include/html2bbcode.php +++ b/include/html2bbcode.php @@ -164,6 +164,7 @@ function html2bbcode($message) node2bbcode($doc, 'b', array(), '[b]', '[/b]'); node2bbcode($doc, 'i', array(), '[i]', '[/i]'); node2bbcode($doc, 'u', array(), '[u]', '[/u]'); + node2bbcode($doc, 's', array(), '[s]', '[/s]'); node2bbcode($doc, 'big', array(), "[size=large]", "[/size]"); node2bbcode($doc, 'small', array(), "[size=small]", "[/size]"); diff --git a/include/hubloc.php b/include/hubloc.php index 0d1a2e560..33d5dcbb2 100644 --- a/include/hubloc.php +++ b/include/hubloc.php @@ -270,7 +270,8 @@ function locations_by_netid($netid) { dbesc($netid) ); - return array_elm_to_str($locs,'location',', '); + + return array_elm_to_str($locs,'location',', ','trim_and_unpunify'); } diff --git a/include/import.php b/include/import.php index 9920df8be..ae6a0ab6a 100644 --- a/include/import.php +++ b/include/import.php @@ -14,17 +14,27 @@ require_once('include/perm_upgrade.php'); * @param int $seize * @return boolean|array */ -function import_channel($channel, $account_id, $seize) { +function import_channel($channel, $account_id, $seize, $newname = '') { if(! array_key_exists('channel_system',$channel)) { $channel['channel_system'] = (($channel['channel_pageflags'] & 0x1000) ? 1 : 0); $channel['channel_removed'] = (($channel['channel_pageflags'] & 0x8000) ? 1 : 0); } + if(intval($channel['channel_removed'])) { + notice( t('Unable to import a removed channel.') . EOL); + return false; + } + // Ignore the hash provided and re-calculate $channel['channel_hash'] = make_xchan_hash($channel['channel_guid'],$channel['channel_guid_sig']); + if($newname) { + $channel['channel_address'] = $newname; + } + + // Check for duplicate channels $r = q("select * from channel where (channel_guid = '%s' or channel_hash = '%s' or channel_address = '%s' ) limit 1", @@ -94,7 +104,7 @@ function import_channel($channel, $account_id, $seize) { } if($clean) { - create_table_from_array('channel',$clean); + channel_store_lowlevel($clean); } $r = q("select * from channel where channel_account_id = %d and channel_guid = '%s' limit 1", @@ -175,7 +185,7 @@ function import_profiles($channel, $profiles) { $profile['thumb'] = z_root() . '/photo/' . basename($profile['thumb']); } - create_table_from_array('profile', $profile); + profile_store_lowlevel($profile); } } } diff --git a/include/items.php b/include/items.php index 790b91c88..e75a9659d 100755 --- a/include/items.php +++ b/include/items.php @@ -178,7 +178,7 @@ function item_normal() { } function item_normal_search() { - return " and item.item_hidden = 0 and item.item_type in (0,3,6) and item.item_deleted = 0 + return " and item.item_hidden = 0 and item.item_type in (0,3,6,7) and item.item_deleted = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 and item.item_blocked = 0 and item.obj_type != '" . ACTIVITY_OBJ_FILE . "' "; } @@ -261,6 +261,7 @@ function can_comment_on_post($observer_xchan, $item) { return true; break; case 'public': + case 'authenticated': // We don't really allow or support public comments yet, but anonymous // folks won't ever reach this point (as $observer_xchan will be empty). // This means the viewer has an xchan and we can identify them. @@ -268,7 +269,6 @@ function can_comment_on_post($observer_xchan, $item) { break; case 'any connections': case 'contacts': - case 'authenticated': case '': if(array_key_exists('owner',$item) && get_abconfig($item['uid'],$item['owner']['abook_xchan'],'their_perms','post_comments')) { return true; @@ -969,6 +969,10 @@ function import_author_unknown($x) { return false; } +function empty_acl($item) { + return (($item['allow_cid'] === EMPTY_STR && $item['allow_gid'] === EMPTY_STR && $item['deny_cid'] === EMPTY_STR && $item['deny_gid'] === EMPTY_STR) ? true : false); +} + function encode_item($item,$mirror = false) { $x = array(); $x['type'] = 'activity'; @@ -1412,6 +1416,13 @@ function get_mail_elements($x) { } else { $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8',false) : ''); + + $maxlen = get_max_import_size(); + + if($maxlen && mb_strlen($arr['body']) > $maxlen) { + $arr['body'] = mb_substr($arr['body'],0,$maxlen,'UTF-8'); + logger('message length exceeds max_import_size: truncated'); + } } $arr['title'] = (($x['title'])? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : ''); @@ -1966,23 +1977,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) { */ call_hooks('post_remote_end', $arr); - // update the commented timestamp on the parent - unless this is potentially a clone of an older item - // which we don't wish to bring to the surface. As the queue only holds deliveries for 3 days, it's - // suspected of being an older cloned item if the creation time is older than that. - - if($arr['created'] > datetime_convert('','','now - 4 days')) { - $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", - dbesc($arr['parent_mid']), - intval($arr['uid']) - ); - - q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", - dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), - dbesc(datetime_convert()), - intval($parent_id) - ); - } - + item_update_parent_commented($arr); // If _creating_ a deleted item, don't propagate it further or send out notifications. // We need to store the item details just in case the delete came in before the original post, @@ -2313,6 +2308,36 @@ function item_store_update($arr, $allow_exec = false, $deliver = true) { return $ret; } +function item_update_parent_commented($item) { + + + $update_parent = true; + + // update the commented timestamp on the parent + // - unless this is a moderated comment or a potential clone of an older item + // which we don't wish to bring to the surface. As the queue only holds deliveries + // for 3 days, it's suspected of being an older cloned item if the creation time + //is older than that. + + if(intval($item['item_blocked']) === ITEM_MODERATED) + $update_parent = false; + + if($item['created'] < datetime_convert('','','now - 4 days')) + $update_parent = false; + + if($update_parent) { + $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", + dbesc($item['parent_mid']), + intval($item['uid']) + ); + + q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", + dbesc(($z) ? $z[0]['commented'] : datetime_convert()), + dbesc(datetime_convert()), + intval($item['parent']) + ); + } +} function send_status_notifications($post_id,$item) { @@ -2507,43 +2532,7 @@ function tag_deliver($uid, $item_id) { */ if($item['obj_type'] === ACTIVITY_OBJ_TAGTERM) { - - // We received a community tag activity for a post. - // See if we are the owner of the parent item and have given permission to tag our posts. - // If so tag the parent post. - - logger('tag_deliver: community tag activity received'); - - if(($item['owner_xchan'] === $u[0]['channel_hash']) && (! get_pconfig($u[0]['channel_id'],'system','blocktags'))) { - logger('tag_deliver: community tag recipient: ' . $u[0]['channel_name']); - $j_tgt = json_decode($item['target'],true); - if($j_tgt && $j_tgt['id']) { - $p = q("select * from item where mid = '%s' and uid = %d limit 1", - dbesc($j_tgt['id']), - intval($u[0]['channel_id']) - ); - if($p) { - $j_obj = json_decode($item['obj'],true); - logger('tag_deliver: tag object: ' . print_r($j_obj,true), LOGGER_DATA); - if($j_obj && $j_obj['id'] && $j_obj['title']) { - if(is_array($j_obj['link'])) - $taglink = get_rel_link($j_obj['link'],'alternate'); - - store_item_tag($u[0]['channel_id'],$p[0]['id'],TERM_OBJ_POST,TERM_COMMUNITYTAG,$j_obj['title'],$j_obj['id']); - $x = q("update item set edited = '%s', received = '%s', changed = '%s' where mid = '%s' and uid = %d", - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc($j_tgt['id']), - intval($u[0]['channel_id']) - ); - Zotlabs\Daemon\Master::Summon(array('Notifier','edit_post',$p[0]['id'])); - } - } - } - } - else - logger('Tag permission denied for ' . $u[0]['channel_address']); + item_community_tag($u[0],$item); } /* @@ -2738,6 +2727,61 @@ function tag_deliver($uid, $item_id) { } + +function item_community_tag($channel,$item) { + + + // We received a community tag activity for a post. + // See if we are the owner of the parent item and have given permission to tag our posts. + // If so tag the parent post. + + logger('tag_deliver: community tag activity received: channel: ' . $channel['channel_name']); + + $tag_the_post = false; + $p = null; + + $j_obj = json_decode($item['obj'],true); + $j_tgt = json_decode($item['target'],true); + if($j_tgt && $j_tgt['id']) { + $p = q("select * from item where mid = '%s' and uid = %d limit 1", + dbesc($j_tgt['id']), + intval($channel['channel_id']) + ); + } + if($p) { + xchan_query($p); + $items = fetch_post_tags($p,true); + $pitem = $items[0]; + $auth = get_iconfig($item,'system','communitytagauth'); + if($auth) { + if(rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['owner']['xchan_pubkey']) || rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['author']['xchan_pubkey'])) { + logger('tag_deliver: tagging the post: ' . $channel['channel_name']); + $tag_the_post = true; + } + } + else { + if(($pitem['owner_xchan'] === $channel['channel_hash']) && (! intval(get_pconfig($channel['channel_id'],'system','blocktags')))) { + logger('tag_deliver: community tag recipient: ' . $channel['channel_name']); + $tag_the_post = true; + $sig = rsa_sign('tagauth.' . $item['mid'],$channel['channel_prvkey']); + logger('tag_deliver: setting iconfig for ' . $item['id']); + set_iconfig($item['id'],'system','communitytagauth',base64url_encode($sig),1); + } + } + + if($tag_the_post) { + store_item_tag($channel['channel_id'],$pitem['id'],TERM_OBJ_POST,TERM_COMMUNITYTAG,$j_obj['title'],$j_obj['id']); + } + else { + logger('Tag permission denied for ' . $channel['channel_address']); + } + } + +} + + + + /** * @brief This function is called pre-deliver to see if a post matches the criteria to be tag delivered. * @@ -2988,62 +3032,56 @@ function start_delivery_chain($channel, $item, $item_id, $parent) { * @param array $item */ function check_item_source($uid, $item) { + + logger('source: uid: ' . $uid, LOGGER_DEBUG); + $xchan = (($item['source_xchan']) ? $item['source_xchan'] : $item['owner_xchan']); + $r = q("select * from source where src_channel_id = %d and ( src_xchan = '%s' or src_xchan = '*' ) limit 1", intval($uid), - dbesc(($item['source_xchan']) ? $item['source_xchan'] : $item['owner_xchan']) + dbesc($xchan) ); - if(! $r) + if(! $r) { + logger('source: no source record for this channel and source', LOGGER_DEBUG); return false; + } - $x = q("select abook_their_perms, abook_feed from abook where abook_channel = %d and abook_xchan = '%s' limit 1", + $x = q("select abook_feed from abook where abook_channel = %d and abook_xchan = '%s' limit 1", intval($uid), - dbesc($item['owner_xchan']) + dbesc($xchan) ); - if(! $x) + if(! $x) { + logger('source: not connected to this channel.'); return false; + } - if(! get_abconfig($uid,$item['owner_xchan'],'their_perms','republish')) + if(! get_abconfig($uid,$xchan,'their_perms','republish')) { + logger('source: no republish permission'); return false; + } - if($item['item_private'] && (! intval($x[0]['abook_feed']))) + if($item['item_private'] && (! intval($x[0]['abook_feed']))) { + logger('source: item is private'); return false; + } - if($r[0]['src_channel_xchan'] === $item['owner_xchan']) + if($r[0]['src_channel_xchan'] === $xchan) { + logger('source: cannot source yourself'); return false; + } - - // since we now have connection filters with more features, the source filter is redundant and can probably go away - - if(! $r[0]['src_patt']) + if (! $r[0]['src_patt']) { + logger('source: success'); return true; + } - - require_once('include/html2plain.php'); - $text = prepare_text($item['body'],$item['mimetype']); - $text = html2plain($text); - - $tags = ((count($item['term'])) ? $item['term'] : false); - - $words = explode("\n",$r[0]['src_patt']); - if($words) { - foreach($words as $word) { - $w = trim($word); - if(! $w) - continue; - if(substr($w,0,1) === '#' && $tags) { - foreach($tags as $t) - if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($w,1)) || (substr($w,1) === '*'))) - return true; - } - elseif((strpos($w,'/') === 0) && preg_match($w,$text)) - return true; - elseif(stristr($text,$w) !== false) - return true; - } + if (\Zotlabs\Lib\MessageFilter::evaluate($item, $r[0]['src_patt'], EMPTY_STR)) { + logger('source: text filter success'); + return true; } + logger('source: filter fail'); return false; } @@ -3061,69 +3099,8 @@ function post_is_importable($item,$abook) { if(! ($abook['abook_incl'] || $abook['abook_excl'])) return true; - require_once('include/html2plain.php'); - - unobscure($item); - - $text = prepare_text($item['body'],$item['mimetype']); - $text = html2plain(($item['title']) ? $item['title'] . ' ' . $text : $text); - - - $lang = null; - - if((strpos($abook['abook_incl'],'lang=') !== false) || (strpos($abook['abook_excl'],'lang=') !== false)) { - $lang = detect_language($text); - } - $tags = ((count($item['term'])) ? $item['term'] : false); - - // exclude always has priority - - $exclude = (($abook['abook_excl']) ? explode("\n",$abook['abook_excl']) : null); - - if($exclude) { - foreach($exclude as $word) { - $word = trim($word); - if(! $word) - continue; - if(substr($word,0,1) === '#' && $tags) { - foreach($tags as $t) - if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*'))) - return false; - } - elseif((strpos($word,'/') === 0) && preg_match($word,$text)) - return false; - elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0)) - return false; - elseif(stristr($text,$word) !== false) - return false; - } - } + return \Zotlabs\Lib\MessageFilter::evaluate($item,$abook['abook_incl'],$abook['abook_excl']); - $include = (($abook['abook_incl']) ? explode("\n",$abook['abook_incl']) : null); - - if($include) { - foreach($include as $word) { - $word = trim($word); - if(! $word) - continue; - if(substr($word,0,1) === '#' && $tags) { - foreach($tags as $t) - if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*'))) - return true; - } - elseif((strpos($word,'/') === 0) && preg_match($word,$text)) - return true; - elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0)) - return true; - elseif(stristr($text,$word) !== false) - return true; - } - } - else { - return true; - } - - return false; } @@ -3460,11 +3437,14 @@ function item_getfeedattach($item) { } -function item_expire($uid,$days) { +function item_expire($uid,$days,$comment_days = 7) { if((! $uid) || ($days < 1)) return; + if(! $comment_days) + $comment_days = 7; + // $expire_network_only = save your own wall posts // and just expire conversations started by others // do not enable this until we can pass bulk delete messages through zot @@ -3483,6 +3463,7 @@ function item_expire($uid,$days) { $r = q("SELECT id FROM item WHERE uid = %d AND created < %s - INTERVAL %s + AND commented < %s - INTERVAL %s AND item_retained = 0 AND item_thread_top = 1 AND resource_type = '' @@ -3490,7 +3471,9 @@ function item_expire($uid,$days) { $sql_extra $item_normal LIMIT $expire_limit ", intval($uid), db_utcnow(), - db_quoteinterval(intval($days).' DAY') + db_quoteinterval(intval($days) . ' DAY'), + db_utcnow(), + db_quoteinterval(intval($comment_days) . ' DAY') ); if(! $r) @@ -3511,7 +3494,6 @@ function item_expire($uid,$days) { drop_item($item['id'],false); } -// Zotlabs\Daemon\Master::Summon(array('Notifier','expire',$uid)); } function retain_item($id) { diff --git a/include/markdown.php b/include/markdown.php index e4a35e3c3..de9862801 100644 --- a/include/markdown.php +++ b/include/markdown.php @@ -75,10 +75,10 @@ function markdown_to_bb($s, $use_zrl = false, $options = []) { // Convert everything that looks like a link to a link if($use_zrl) { $s = str_replace(['[img', '/img]'], ['[zmg', '/zmg]'], $s); - $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]+)/ismu", '$1[zrl=$2$3]$2$3[/zrl]',$s); + $s = preg_replace("/([^\]\=\{]|^)(https?\:\/\/)([a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]+)/ismu", '$1[zrl=$2$3]$2$3[/zrl]',$s); } else { - $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]+)/ismu", '$1[url=$2$3]$2$3[/url]',$s); + $s = preg_replace("/([^\]\=\{]|^)(https?\:\/\/)([a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]+)/ismu", '$1[url=$2$3]$2$3[/url]',$s); } // remove duplicate adjacent code tags @@ -207,7 +207,7 @@ function bb_to_markdown($Text, $options = []) { $Text = bbcode($Text, [ 'tryoembed' => false ]); // Markdownify does not preserve previously escaped html entities such as <> and &. - $Text = str_replace(array('<','>','&'),array('&_lt_;','&_gt_;','&_amp_;'),$Text); + //$Text = str_replace(array('<','>','&'),array('&_lt_;','&_gt_;','&_amp_;'),$Text); // Now convert HTML to Markdown @@ -215,7 +215,7 @@ function bb_to_markdown($Text, $options = []) { // It also adds backslashes to our attempt at getting around the html entity preservation for some weird reason. - $Text = str_replace(array('&\\_lt\\_;','&\\_gt\\_;','&\\_amp\\_;'),array('<','>','&'),$Text); + //$Text = str_replace(array('&\\_lt\\_;','&\\_gt\\_;','&\\_amp\\_;'),array('<','>','&'),$Text); // If the text going into bbcode() has a plain URL in it, i.e. // with no [url] tags around it, it will come out of parseString() diff --git a/include/nav.php b/include/nav.php index df58ee96f..c5ceb97c5 100644 --- a/include/nav.php +++ b/include/nav.php @@ -17,15 +17,7 @@ function nav($template = 'default') { if(!(x(App::$page,'nav'))) App::$page['nav'] = ''; - $base = z_root(); - - App::$page['htmlhead'] .= <<< EOT -<script>$(document).ready(function() { - $("#nav-search-text").search_autocomplete('$base/acl'); -}); - -</script> -EOT; + App::$page['htmlhead'] .= '<script>$(document).ready(function() { $("#nav-search-text").search_autocomplete(\'' . z_root() . '/acl' . '\');});</script>'; $is_owner = (((local_channel()) && ((App::$profile_uid == local_channel()) || (App::$profile_uid == 0))) ? true : false); @@ -176,7 +168,7 @@ EOT; $nav['help'] = [$help_url, t('Help'), "", t('Help and documentation'), 'help_nav_btn', $context_help, $enable_context_help]; } - $nav['search'] = ['search', t('Search'), "", t('Search site @name, #tag, ?docs, content')]; + $nav['search'] = ['search', t('Search'), "", t('Search site @name, !forum, #tag, ?docs, content')]; /** @@ -287,7 +279,7 @@ EOT; '$is_owner' => $is_owner, '$sel' => App::$nav_sel, '$powered_by' => $powered_by, - '$help' => t('@name, #tag, ?doc, content'), + '$help' => t('@name, !forum, #tag, ?doc, content'), '$pleasewait' => t('Please wait...'), '$nav_apps' => $nav_apps, '$navbar_apps' => $navbar_apps, diff --git a/include/network.php b/include/network.php index f8cb68613..ceba56e06 100644 --- a/include/network.php +++ b/include/network.php @@ -368,27 +368,6 @@ function z_post_url($url, $params, $redirects = 0, $opts = array()) { return($ret); } -/** - * @brief Like z_post_url() but with an application/json HTTP header. - * - * Add a "Content-Type: application/json" HTTP-header to $opts and call z_post_url(). - * - * @see z_post_url() - * - * @param string $url - * @param array $params - * @param number $redirects default 0 - * @param array $opts (optional) curl options - * @return z_post_url() - */ -function z_post_url_json($url, $params, $redirects = 0, $opts = array()) { - - $opts = array_merge($opts, array('headers' => array('Content-Type: application/json'))); - - return z_post_url($url,json_encode($params),$redirects,$opts); -} - - function json_return_and_die($x, $content_type = 'application/json') { header("Content-type: $content_type"); echo json_encode($x); @@ -669,6 +648,7 @@ function parse_xml_string($s, $strict = true) { libxml_use_internal_errors(true); + $x = @simplexml_load_string($s2); if($x === false) { logger('libxml: parse: error: ' . $s2, LOGGER_DATA); @@ -682,6 +662,16 @@ function parse_xml_string($s, $strict = true) { return $x; } + +function sxml2array ( $xmlObject, $out = array () ) +{ + foreach ( (array) $xmlObject as $index => $node ) + $out[$index] = ( is_object ( $node ) ) ? sxml2array ( $node ) : $node; + + return $out; +} + + /** * @brief Scales an external image. * @@ -779,7 +769,7 @@ function scale_external_images($s, $include_link = true, $scale_replace = false) * @brief xml2array() will convert the given XML text to an array in the XML structure. * * Link: http://www.bin-co.com/php/scripts/xml2array/ - * Portions significantly re-written by mike@macgirvin.com for Friendica + * Portions significantly re-written by mike@macgirvin.com * (namespaces, lowercase tags, get_attribute default changed, more...) * * Examples: $array = xml2array(file_get_contents('feed.xml')); @@ -1009,7 +999,7 @@ function discover_by_url($url, $arr = null) { return false; $network = (($arr['network']) ? $arr['network'] : 'unknown'); - $name = (($arr['name']) ? $arr['name'] : 'unknown'); + $name = (trim($arr['name']) ? trim($arr['name']) : 'unknown'); $photo = (($arr['photo']) ? $arr['photo'] : ''); $addr = (($arr['addr']) ? $arr['addr'] : ''); $guid = $url; @@ -1113,6 +1103,9 @@ function discover_by_url($url, $arr = null) { if(! $name) $name = notags($feed->get_description()); + if(! trim($name)) + $name = 'unknown'; + $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($guid) ); @@ -1160,8 +1153,6 @@ function discover_by_webbie($webbie, $protocol = '') { $network = null; -// $webbie = strtolower($webbie); - $x = webfinger_rfc7033($webbie, true); if($x && array_key_exists('links',$x) && $x['links']) { foreach($x['links'] as $link) { @@ -1192,9 +1183,10 @@ function discover_by_webbie($webbie, $protocol = '') { logger('webfinger: ' . print_r($x,true), LOGGER_DATA, LOG_INFO); $arr = [ - 'address' => $webbie, - 'protocol' => $protocol, - 'success' => false, + 'address' => $webbie, + 'protocol' => $protocol, + 'success' => false, + 'xchan' => '', 'webfinger' => $x ]; /** @@ -1207,7 +1199,7 @@ function discover_by_webbie($webbie, $protocol = '') { */ call_hooks('discover_channel_webfinger', $arr); if($arr['success']) - return true; + return $arr['xchan']; return false; } @@ -1240,16 +1232,9 @@ function webfinger_rfc7033($webbie, $zot = false) { } logger('fetching url from resource: ' . $rhs . ':' . $webbie); - // The default curl Accept: header is */*, which is incorrectly handled by Mastodon servers - // and results in a 406 (Not Acceptable) response, and will also incorrectly produce an XML - // document if you use 'application/jrd+json, */*'. We could set this to application/jrd+json, - // but some test webfinger servers may not explicitly set the content type and they would be - // blocked. The best compromise until Mastodon is fixed is to remove the Accept header which is - // accomplished by setting it to nothing. - $counter = 0; $s = z_fetch_url('https://' . $rhs . '/.well-known/webfinger?f=&resource=' . $resource . (($zot) ? '&zot=1' : ''), - false, $counter, [ 'headers' => [ 'Accept:' ] ]); + false, $counter, [ 'headers' => [ 'Accept: application/jrd+json, */*' ] ]); if($s['success']) { $j = json_decode($s['body'], true); @@ -1607,6 +1592,7 @@ function get_site_info() { 'register_policy' => $register_policy[get_config('system','register_policy')], 'invitation_only' => (bool) intval(get_config('system','invitation_only')), 'directory_mode' => $directory_mode[get_config('system','directory_mode')], + 'directory_server' => get_config('system','directory_server'), 'language' => get_config('system','language'), 'rss_connections' => (bool) intval(get_config('system','feed_contacts')), 'expiration' => $site_expire, @@ -1844,7 +1830,8 @@ function z_mail($params) { $messageHeader = $params['additionalMailHeader'] . "From: $fromName <{$params['fromEmail']}>\n" . - "Reply-To: $fromName <{$params['replyTo']}>"; + "Reply-To: $fromName <{$params['replyTo']}>\n" . + "Content-Type: text/plain; charset=UTF-8"; // send the message $res = mail( @@ -1873,7 +1860,7 @@ function probe_api_path($host) { foreach($paths as $path) { $curpath = $scheme . '://' . $host . $path; $x = z_fetch_url($curpath); - if($x['success'] && ! strlen($x['body'], 'not implemented')) + if($x['success'] && ! strpos($x['body'], 'not implemented')) return str_replace('version', '', $curpath); } } @@ -2068,4 +2055,4 @@ function jsonld_document_loader($url) { } return []; -}
\ No newline at end of file +} diff --git a/include/oembed.php b/include/oembed.php index c2bf0a0ed..41ab001d3 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -32,6 +32,7 @@ function oembed_action($embedurl) { $action = 'block'; } } + if(strpos($embedurl,'.well-known') !== false) $action = 'block'; @@ -104,6 +105,7 @@ function oembed_action($embedurl) { // if the url is embeddable with oembed, return the bbcode link. function oembed_process($url) { + $j = oembed_fetch_url($url); logger('oembed_process: ' . print_r($j,true), LOGGER_DATA, LOG_DEBUG); if($j && $j['type'] !== 'error') @@ -131,6 +133,7 @@ function oembed_fetch_url($embedurl){ } } + $txt = null; // we should try to cache this and avoid a lookup on each render @@ -216,10 +219,19 @@ function oembed_fetch_url($embedurl){ } - $j = json_decode($txt,true); + if(strpos(strtolower($embedurl),'.pdf') !== false) { + $action = 'allow'; + $j = [ 'html' => '<object data="' . $embedurl . '" type="application/pdf" width="500" height="720">' . '<a href="' . $embedurl . '">' . t('View PDF') . '</a></object>', 'width' => 500, 'height' => 720, 'type' => 'pdf' ]; + + } + + if(! $j) { + $j = json_decode($txt,true); + } - if(! $j) + if(! $j) { $j = []; + } if($action === 'filter') { if($j['html']) { @@ -233,9 +245,11 @@ function oembed_fetch_url($embedurl){ if(preg_match('#\<iframe(.*?)src\=[\'\"](.*?)[\'\"]#',$j['html'],$matches)) { $x = z_fetch_url($matches[2]); - $j['html'] = $x['body']; + $orig = $j['html'] = $x['body']; } - + + logger('frame src: ' . $j['html'], LOGGER_DATA); + $j['html'] = purify_html($j['html'],$allow_position); if($j['html'] != $orig) { logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO); @@ -314,6 +328,11 @@ function oembed_format_object($j){ //$ret = "<a href='".$embedurl."'>".$j['title']."</a>"; }; break; + case 'pdf': { + $ret = $j['html']; + break; + } + case "rich": { // not so safe.. $ret.= $jhtml; diff --git a/include/permissions.php b/include/permissions.php index f97142fab..185d37b6a 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -46,7 +46,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { // First find out what the channel owner declared permissions to be. - $channel_perm = \Zotlabs\Access\PermissionLimits::Get($uid,$perm_name); + $channel_perm = intval(\Zotlabs\Access\PermissionLimits::Get($uid,$perm_name)); if(! $channel_checked) { $r = q("select * from channel where channel_id = %d limit 1", diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 6af753195..2e2f5a758 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -75,6 +75,7 @@ abstract class photo_driver { abstract function imageString(); + abstract function clearexif(); public function __construct($data, $type='') { $this->types = $this->supportedTypes(); @@ -273,7 +274,7 @@ abstract class photo_driver { } if($f) { - return @exif_read_data($f); + return @exif_read_data($f,null,true); } return false; @@ -289,12 +290,12 @@ abstract class photo_driver { return false; } - $ort = $exif['IFD0']['Orientation']; + $ort = ((array_key_exists('IFD0',$exif)) ? $exif['IFD0']['Orientation'] : $exif['Orientation']); if(! $ort) { return false; } - + switch($ort) { case 1: // nothing break; diff --git a/include/photo/photo_gd.php b/include/photo/photo_gd.php index 24bdc204f..e98ac2827 100644 --- a/include/photo/photo_gd.php +++ b/include/photo/photo_gd.php @@ -35,6 +35,11 @@ class photo_gd extends photo_driver { } + public function clearexif() { + return; + } + + public function destroy() { if($this->is_valid()) { imagedestroy($this->image); diff --git a/include/photo/photo_imagick.php b/include/photo/photo_imagick.php index 32bb61342..89577e71e 100644 --- a/include/photo/photo_imagick.php +++ b/include/photo/photo_imagick.php @@ -96,6 +96,19 @@ class photo_imagick extends photo_driver { } + public function clearexif() { + + $profiles = $this->image->getImageProfiles("icc", true); + + $this->image->stripImage(); + + if(!empty($profiles)) { + $this->image->profileImage("icc", $profiles['icc']); + } + } + + + public function getImage() { if(!$this->is_valid()) return FALSE; diff --git a/include/photos.php b/include/photos.php index b1391f284..9fb872700 100644 --- a/include/photos.php +++ b/include/photos.php @@ -84,10 +84,11 @@ function photo_upload($channel, $observer, $args) { // logger('imagick thumbnail command: ' . $cmd); for($x = 0; $x < 4; $x ++) { exec($cmd); - if(! file_exists($tmp_name)) { - logger('imagick scale failed. Retrying.'); - continue; + if(file_exists($tmp_name)) { + break; } + logger('imagick scale failed. Retrying.'); + continue; } if(! file_exists($tmp_name)) { logger('imagick scale failed. Abort.'); @@ -211,6 +212,10 @@ function photo_upload($channel, $observer, $args) { $ph->orient($exif); } + + $ph->clearexif(); + + @unlink($src); $max_length = get_config('system','max_image_length'); @@ -333,10 +338,17 @@ function photo_upload($channel, $observer, $args) { $lat = $lon = null; - if($exif && $exif['GPS']) { - if(feature_enabled($channel_id,'photo_location')) { - $lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']); - $lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']); + if($exif && feature_enabled($channel_id,'photo_location')) { + $gps = null; + if(array_key_exists('GPS',$exif)) { + $gps = $exif['GPS']; + } + elseif(array_key_exists('GPSLatitude',$exif)) { + $gps = $exif; + } + if($gps) { + $lat = getGps($gps['GPSLatitude'], $gps['GPSLatitudeRef']); + $lon = getGps($gps['GPSLongitude'], $gps['GPSLongitudeRef']); } } @@ -775,17 +787,31 @@ function photos_album_get_db_idstr($channel_id, $album, $remote_xchan = '') { ); } if ($r) { - $arr = array(); - foreach ($r as $rr) { - $arr[] = "'" . dbesc($rr['hash']) . "'" ; - } - $str = implode(',',$arr); - return $str; + return ids_to_querystr($r,'hash',true); + } + + return false; +} + +function photos_album_get_db_idstr_admin($channel_id, $album) { + + if(! is_site_admin()) + return false; + + $r = q("SELECT hash from attach where uid = %d and folder = '%s' ", + intval($channel_id), + dbesc($album) + ); + + if ($r) { + return ids_to_querystr($r,'hash',true); } return false; } + + /** * @brief Creates a new photo item. * @@ -985,3 +1011,23 @@ function profile_photo_set_profile_perms($uid, $profileid = 0) { } } } + +function fetch_image_from_url($url,&$mimetype) { + + $redirects = 0; + $x = z_fetch_url($url,true,$redirects,[ 'novalidate' => true ]); + if($x['success']) { + $hdrs = []; + $h = explode("\n",$x['header']); + foreach ($h as $l) { + list($k,$v) = array_map("trim", explode(":", trim($l), 2)); + $hdrs[strtolower($k)] = $v; + } + if (array_key_exists('content-type', $hdrs)) + $mimetype = $hdrs['content-type']; + + return $x['body']; + } + + return EMPTY_STR; +}
\ No newline at end of file diff --git a/include/plugin.php b/include/plugin.php index 62d443ab8..28d27619f 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -7,6 +7,27 @@ /** + * @brief Handle errors in plugin calls + * + * @param string $plugin name of the addon + * @param string $error_text text of error + * @param bool $uninstall uninstall plugin + */ +function handleerrors_plugin($plugin,$notice,$log,$uninstall=false){ + logger("Addons: [" . $plugin . "] Error: ".$log, LOGGER_ERROR); + if ($notice != '') { + notice("[" . $plugin . "] Error: ".$notice, LOGGER_ERROR); + } + + if ($uninstall) { + $idx = array_search($plugin, \App::$plugins); + unset(\App::$plugins[$idx]); + uninstall_plugin($plugin); + set_config("system","addon", implode(", ",\App::$plugins)); + } +} + +/** * @brief Unloads an addon. * * @param string $plugin name of the addon @@ -17,7 +38,11 @@ function unload_plugin($plugin){ @include_once('addon/' . $plugin . '/' . $plugin . '.php'); if(function_exists($plugin . '_unload')) { $func = $plugin . '_unload'; - $func(); + try { + $func(); + } catch (Exception $e) { + handleerrors_plugin($plugin,"Unable to unload.",$e->getMessage()); + } } } @@ -28,22 +53,32 @@ function unload_plugin($plugin){ * @return boolean */ function uninstall_plugin($plugin) { + unload_plugin($plugin); - if(! file_exists('addon/' . $plugin . '/' . $plugin . '.php')) + if(! file_exists('addon/' . $plugin . '/' . $plugin . '.php')) { + q("DELETE FROM addon WHERE aname = '%s' ", + dbesc($plugin) + ); return false; + } logger("Addons: uninstalling " . $plugin); //$t = @filemtime('addon/' . $plugin . '/' . $plugin . '.php'); @include_once('addon/' . $plugin . '/' . $plugin . '.php'); if(function_exists($plugin . '_uninstall')) { $func = $plugin . '_uninstall'; - $func(); + try { + $func(); + } catch (Exception $e) { + handleerrors_plugin($plugin,"Unable to uninstall.","Unable to run _uninstall : ".$e->getMessage()); + } } q("DELETE FROM addon WHERE aname = '%s' ", dbesc($plugin) ); + } /** @@ -64,7 +99,12 @@ function install_plugin($plugin) { @include_once('addon/' . $plugin . '/' . $plugin . '.php'); if(function_exists($plugin . '_install')) { $func = $plugin . '_install'; - $func(); + try { + $func(); + } catch (Exception $e) { + handleerrors_plugin($plugin,"Install failed.","Install failed : ".$e->getMessage()); + return; + } } $plugin_admin = (function_exists($plugin . '_plugin_admin') ? 1 : 0); @@ -94,7 +134,12 @@ function load_plugin($plugin) { @include_once('addon/' . $plugin . '/' . $plugin . '.php'); if(function_exists($plugin . '_load')) { $func = $plugin . '_load'; - $func(); + try { + $func(); + } catch (Exception $e) { + handleerrors_plugin($plugin,"Unable to load.","FAILED loading : ".$e->getMessage(),true); + return; + } // we can add the following with the previous SQL // once most site tables have been updated. @@ -108,7 +153,7 @@ function load_plugin($plugin) { return true; } else { - logger("Addons: FAILED loading " . $plugin); + logger("Addons: FAILED loading " . $plugin . " (missing _load function)"); return false; } } @@ -160,11 +205,21 @@ function reload_plugins() { if(function_exists($pl . '_unload')) { $func = $pl . '_unload'; - $func(); + try { + $func(); + } catch (Exception $e) { + handleerrors_plugin($plugin,"","UNLOAD FAILED (uninstalling) : ".$e->getMessage(),true); + continue; + } } if(function_exists($pl . '_load')) { $func = $pl . '_load'; - $func(); + try { + $func(); + } catch (Exception $e) { + handleerrors_plugin($plugin,"","LOAD FAILED (uninstalling): ".$e->getMessage(),true); + continue; + } } q("UPDATE addon SET tstamp = %d WHERE id = %d", intval($t), diff --git a/include/queue_fn.php b/include/queue_fn.php index 798ac36db..f05bac5b0 100644 --- a/include/queue_fn.php +++ b/include/queue_fn.php @@ -95,6 +95,12 @@ function queue_set_delivered($id,$channel = 0) { function queue_insert($arr) { + // do not queue anything with no destination + + if(! (array_key_exists('posturl',$arr) && trim($arr['posturl']))) { + return false; + } + $x = q("insert into outq ( outq_hash, outq_account, outq_channel, outq_driver, outq_posturl, outq_async, outq_priority, outq_created, outq_updated, outq_scheduled, outq_notify, outq_msg ) values ( '%s', %d, %d, '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s' )", diff --git a/include/security.php b/include/security.php index 8b7e7d076..88988a7c0 100644 --- a/include/security.php +++ b/include/security.php @@ -118,10 +118,10 @@ function atoken_xchan($atoken) { 'xchan_network' => 'unknown', 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'], 'xchan_hidden' => 1, - 'xchan_photo_mimetype' => 'image/jpeg', - 'xchan_photo_l' => get_default_profile_photo(300), - 'xchan_photo_m' => get_default_profile_photo(80), - 'xchan_photo_s' => get_default_profile_photo(48) + 'xchan_photo_mimetype' => 'image/png', + 'xchan_photo_l' => z_root() . '/' . get_default_profile_photo(300), + 'xchan_photo_m' => z_root() . '/' . get_default_profile_photo(80), + 'xchan_photo_s' => z_root() . '/' . get_default_profile_photo(48) ]; } @@ -266,6 +266,15 @@ function change_channel($change_channel) { $_SESSION['mobile_theme'] = get_pconfig(local_channel(),'system', 'mobile_theme'); $_SESSION['cloud_tiles'] = get_pconfig(local_channel(),'system', 'cloud_tiles'); date_default_timezone_set($r[0]['channel_timezone']); + + // Update the active timestamp at most once a day + + if(substr($r[0]['channel_active'],0,10) !== substr(datetime_convert(),0,10)) { + $z = q("UPDATE channel SET channel_active = '%s' WHERE channel_id = %d", + dbesc(datetime_convert()), + intval($r[0]['channel_id']) + ); + } $ret = $r[0]; } $x = q("select * from xchan where xchan_hash = '%s' limit 1", diff --git a/include/socgraph.php b/include/socgraph.php index 87a880202..6cddbbaac 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -52,7 +52,7 @@ function poco_load($xchan = '', $url = null) { elseif($s['return_code'] == 404) logger('poco_load: nothing found'); else - logger('poco_load: returns ' . print_r($s,true)); + logger('poco_load: returns ' . print_r($s,true), LOGGER_DATA); return; } @@ -288,11 +288,14 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) { function update_suggestions() { - $dirmode = get_config('system', 'directory_mode'); - if($dirmode === false) - $dirmode = DIRECTORY_MODE_NORMAL; + $dirmode = get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL); - if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { + if($dirmode == DIRECTORY_MODE_STANDALONE) { + poco_load('', z_root() . '/poco'); + return; + } + + if($dirmode == DIRECTORY_MODE_PRIMARY) { $url = z_root() . '/sitelist'; } else { diff --git a/include/statistics_fns.php b/include/statistics_fns.php index d213485bf..98b0efd41 100644 --- a/include/statistics_fns.php +++ b/include/statistics_fns.php @@ -17,23 +17,10 @@ function update_channels_active_halfyear_stat() { db_utcnow(), db_quoteinterval('6 MONTH') ); if($r) { - $s = ''; - foreach($r as $rr) { - if($s) - $s .= ','; - $s .= intval($rr['channel_id']); - } - $x = q("select uid from item where uid in ( $s ) and item_wall = 1 and created > %s - INTERVAL %s group by uid", - db_utcnow(), db_quoteinterval('6 MONTH') - ); - if($x) { - $channels_active_halfyear_stat = count($x); - set_config('system','channels_active_halfyear_stat',$channels_active_halfyear_stat); - } else { - set_config('system','channels_active_halfyear_stat',0); - } - } else { - set_config('system','channels_active_halfyear_stat',0); + set_config('system','channels_active_halfyear_stat',count($r)); + } + else { + set_config('system','channels_active_halfyear_stat','0'); } } @@ -43,28 +30,15 @@ function update_channels_active_monthly_stat() { db_utcnow(), db_quoteinterval('1 MONTH') ); if($r) { - $s = ''; - foreach($r as $rr) { - if($s) - $s .= ','; - $s .= intval($rr['channel_id']); - } - $x = q("select uid from item where uid in ( $s ) and item_wall = 1 and created > %s - INTERVAL %s group by uid", - db_utcnow(), db_quoteinterval('1 MONTH') - ); - if($x) { - $channels_active_monthly_stat = count($x); - set_config('system','channels_active_monthly_stat',$channels_active_monthly_stat); - } else { - set_config('system','channels_active_monthly_stat',0); - } - } else { - set_config('system','channels_active_monthly_stat',0); + set_config('system','channels_active_monthly_stat',count($r)); + } + else { + set_config('system','channels_active_monthly_stat','0'); } } function update_local_posts_stat() { - $posts = q("SELECT COUNT(*) AS local_posts FROM item WHERE item_wall = 1 "); + $posts = q("SELECT COUNT(*) AS local_posts FROM item WHERE item_wall = 1 and id = parent"); if (is_array($posts)) { $local_posts_stat = intval($posts[0]["local_posts"]); set_config('system','local_posts_stat',$local_posts_stat); diff --git a/include/taxonomy.php b/include/taxonomy.php index 393b8718e..46d95458c 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -174,19 +174,17 @@ function tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0, $re if(! is_array($authors)) $authors = array($authors); - stringify_array_elms($authors,true); - $sql_options .= " and author_xchan in (" . implode(',',$authors) . ") "; + $sql_options .= " and author_xchan in (" . stringify_array($authors,true) . ") "; } if($owner) { $sql_options .= " and owner_xchan = '" . dbesc($owner) . "' "; } - // Fetch tags $r = q("select term, count(term) as total from term left join item on term.oid = item.id where term.uid = %d and term.ttype = %d - and otype = %d and item_type = %d and item_private = 0 + and otype = %d and item_type = %d $sql_options $item_normal group by term order by total desc %s", intval($uid), @@ -196,6 +194,7 @@ function tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0, $re ((intval($count)) ? "limit $count" : '') ); + if(! $r) return array(); @@ -212,8 +211,9 @@ function card_tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0 if(! perm_is_allowed($uid,get_observer_hash(),'view_pages')) return array(); + $item_normal = " and item.item_hidden = 0 and item.item_deleted = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 + and item.item_blocked = 0 and item.obj_type != 'http://purl.org/zot/activity/file' "; - $item_normal = item_normal(); $sql_options = item_permissions_sql($uid); $count = intval($count); @@ -226,8 +226,7 @@ function card_tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0 if(! is_array($authors)) $authors = array($authors); - stringify_array_elms($authors,true); - $sql_options .= " and author_xchan in (" . implode(',',$authors) . ") "; + $sql_options .= " and author_xchan in (" . stringify_array($authors,true) . ") "; } if($owner) { @@ -236,15 +235,16 @@ function card_tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0 // Fetch tags + $r = q("select term, count(term) as total from term left join item on term.oid = item.id where term.uid = %d and term.ttype = %d - and otype = %d and item_type = %d and item_private = 0 + and otype = %d and item_type = %d $sql_options $item_normal group by term order by total desc %s", intval($uid), intval($type), intval(TERM_OBJ_POST), - intval($restrict), + intval(ITEM_TYPE_CARD), ((intval($count)) ? "limit $count" : '') ); @@ -263,7 +263,9 @@ function article_tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags return array(); - $item_normal = item_normal(); + $item_normal = " and item.item_hidden = 0 and item.item_deleted = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 + and item.item_blocked = 0 and item.obj_type != 'http://purl.org/zot/activity/file' "; + $sql_options = item_permissions_sql($uid); $count = intval($count); @@ -276,8 +278,7 @@ function article_tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags if(! is_array($authors)) $authors = array($authors); - stringify_array_elms($authors,true); - $sql_options .= " and author_xchan in (" . implode(',',$authors) . ") "; + $sql_options .= " and author_xchan in (" . stringify_array($authors,true) . ") "; } if($owner) { @@ -288,13 +289,13 @@ function article_tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags // Fetch tags $r = q("select term, count(term) as total from term left join item on term.oid = item.id where term.uid = %d and term.ttype = %d - and otype = %d and item_type = %d and item_private = 0 + and otype = %d and item_type = %d $sql_options $item_normal group by term order by total desc %s", intval($uid), intval($type), intval(TERM_OBJ_POST), - intval($restrict), + intval(ITEM_TYPE_ARTICLE), ((intval($count)) ? "limit $count" : '') ); @@ -308,6 +309,70 @@ function article_tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags +function pubtagblock($net,$site,$limit,$recent = 0,$safemode = 1, $type = TERM_HASHTAG) { + $o = ''; + + $r = pub_tagadelic($net,$site,$limit,$recent,$safemode,$type); + + $link = z_root() . '/pubstream'; + + if($r) { + $o = '<div class="tagblock widget"><h3>' . (($recent) ? t('Trending') : t('Tags')) . '</h3><div class="tags" align="center">'; + foreach($r as $rr) { + $o .= '<span class="tag'.$rr[2].'">#</span><a href="'.$link .'/' . '?f=&tag=' . urlencode($rr[0]).'" class="tag'.$rr[2].'">'.$rr[0].'</a> ' . "\r\n"; + } + $o .= '</div></div>'; + } + + return $o; +} + +function pub_tagadelic($net,$site,$limit,$recent,$safemode,$type) { + + + $item_normal = item_normal(); + $count = intval($limit); + + if($site) { + $uids = " and item.uid in ( " . stream_perms_api_uids(PERMS_PUBLIC) . " ) and item_private = 0 and item_wall = 1 "; + } + else { + $sys = get_sys_channel(); + $uids = " and item.uid = " . intval($sys['channel_id']) . " "; + $sql_extra = " and item_private = 0 "; + } + + if($recent) + $sql_extra .= " and item.created > '" . datetime_convert('UTC','UTC', 'now - ' . intval($recent) . ' days ') . "' "; + + + if($safemode) { + $unsafetags = get_config('system','unsafepubtags', [ 'boobs', 'bot', 'rss', 'girl','girls', 'nsfw', 'sexy', 'nude' ]); + if($unsafetags) { + $sql_extra .= " and not term.term in ( " . stringify_array($unsafetags,true) . ") "; + } + } + + + // Fetch tags + $r = q("select term, count(term) as total from term left join item on term.oid = item.id + where term.ttype = %d + and otype = %d and item_type = %d + $sql_extra $uids $item_normal + group by term order by total desc %s", + intval($type), + intval(TERM_OBJ_POST), + intval(ITEM_TYPE_POST), + ((intval($count)) ? "limit $count" : '') + ); + + if(! $r) + return array(); + + return Zotlabs\Text\Tagadelic::calc($r); + +} + function dir_tagadelic($count = 0, $hub = '') { @@ -553,9 +618,8 @@ function get_things($profile_hash,$uid) { if(! in_array($rr['obj_obj'],$profile_hashes)) $profile_hashes[] = $rr['obj_obj']; } - stringify_array_elms($profile_hashes); if(! $profile_hash) { - $exp = explode(',',$profile_hashes); + $exp = stringify_array($profile_hashes,true); $p = q("select profile_guid as hash, profile_name as name from profile where profile_guid in ( $exp ) "); if($p) { foreach($r as $rr) { diff --git a/include/text.php b/include/text.php index c82fad517..aafba2168 100644 --- a/include/text.php +++ b/include/text.php @@ -531,7 +531,7 @@ function paginate(&$a) { } -function alt_pager(&$a, $i, $more = '', $less = '') { +function alt_pager($i, $more = '', $less = '') { if(! $more) $more = t('older'); @@ -816,41 +816,36 @@ function get_tags($s) { // match any double quoted tags - if(preg_match_all('/([@#!]\"\;.*?\"\;)/',$s,$match)) { + if(preg_match_all('/([@#\!]\"\;.*?\"\;)/',$s,$match)) { foreach($match[1] as $mtch) { $ret[] = $mtch; } } - // Match full names against @tags including the space between first and last - // We will look these up afterward to see if they are full names or not recognisable. + // match bracket mentions - // The lookbehind is used to prevent a match in the middle of a word - // '=' needs to be avoided because when the replacement is made (in handle_tag()) it has to be ignored there - // Feel free to allow '=' if the issue with '=' is solved in handle_tag() - // added / ? and [ to avoid issues with hashchars in url paths - - // added ; to single word tags to allow emojis and other unicode character constructs in bbcode - // (this would actually be &#xnnnnn; but the ampersand will have been escaped to & by the time we see it.) - - if(preg_match_all('/(?<![a-zA-Z0-9=\pL\/\?])(@[^ \x0D\x0A,:?\[]+ [^ \x0D\x0A@,:?\[]+)/u',$s,$match)) { + if(preg_match_all('/([@!]\!?\{.*?\})/',$s,$match)) { foreach($match[1] as $mtch) { - if(substr($mtch,-1,1) === '.') - $ret[] = substr($mtch,0,-1); - else - $ret[] = $mtch; + $ret[] = $mtch; } } - // Otherwise pull out single word tags. These can be @nickname, @first_last + // Pull out single word tags. These can be @nickname, @first_last // and #hash tags. - if(preg_match_all('/(?<![a-zA-Z0-9=\pL\/\?\;])([@#\!][^ \x0D\x0A,;:?\[]+)/u',$s,$match)) { + if(preg_match_all('/(?<![a-zA-Z0-9=\pL\/\?\;])([@#\!]\!?[^ \x0D\x0A,;:\?\[\{\&]+)/u',$s,$match)) { foreach($match[1] as $mtch) { + + // Cleanup/ignore false positives + + // Just ignore these rather than try and adjust the regex to deal with them + if(in_array($mtch,[ '@!', '!!' ])) + continue; + // likewise for trailing period. Strip it off rather than complicate the regex further. if(substr($mtch,-1,1) === '.') $mtch = substr($mtch,0,-1); // ignore strictly numeric tags like #1 or #^ bookmarks or ## double hash - if((strpos($mtch,'#') === 0) && ( ctype_digit(substr($mtch,1)) || substr($mtch,1,1) === '^') || substr($mtch,1,1) === '#') + if((strpos($mtch,'#') === 0) && ( ctype_digit(substr($mtch,1)) || in_array(substr($mtch,1,1), [ '^', '#' ]))) continue; // or quote remnants from the quoted strings we already picked out earlier if(strpos($mtch,'"')) @@ -875,7 +870,7 @@ function get_tags($s) { usort($ret,'tag_sort_length'); -// logger('get_tags: ' . print_r($ret,true)); + // logger('get_tags: ' . print_r($ret,true)); return $ret; } @@ -1420,15 +1415,21 @@ function unobscure_mail(&$item) { function theme_attachments(&$item) { $arr = json_decode($item['attach'],true); + if(is_array($arr) && count($arr)) { $attaches = array(); foreach($arr as $r) { $icon = getIconFromType($r['type']); - $label = (($r['title']) ? urldecode(htmlspecialchars($r['title'], ENT_COMPAT, 'UTF-8')) : t('Unknown Attachment')); + + if($r['title']) + $label = urldecode(htmlspecialchars($r['title'], ENT_COMPAT, 'UTF-8')); + + if(! $label && $r['href']) + $label = basename($r['href']); //some feeds provide an attachment where title an empty space - if($label == ' ') + if(! $label || $label == ' ') $label = t('Unknown Attachment'); $title = t('Size') . ' ' . (($r['length']) ? userReadableSize($r['length']) : t('unknown')); @@ -1491,7 +1492,7 @@ function format_hashtags(&$item) { $term = htmlspecialchars($t['term'], ENT_COMPAT, 'UTF-8', false) ; if(! trim($term)) continue; - if(strpos($item['body'], $t['url'])) + if($t['url'] && strpos($item['body'], $t['url'])) continue; if($s) $s .= ' '; @@ -1588,7 +1589,7 @@ function generate_named_map($location) { } -function prepare_body(&$item,$attach = false) { +function prepare_body(&$item,$attach = false,$opts = false) { call_hooks('prepare_body_init', $item); @@ -1616,7 +1617,7 @@ function prepare_body(&$item,$attach = false) { $s .= prepare_binary($item); } else { - $s .= prepare_text($item['body'],$item['mimetype'], false); + $s .= prepare_text($item['body'],$item['mimetype'], $opts); } $event = (($item['obj_type'] === ACTIVITY_OBJ_EVENT) ? format_event_obj($item['obj']) : false); @@ -1698,7 +1699,8 @@ function prepare_binary($item) { * * @return string */ -function prepare_text($text, $content_type = 'text/bbcode', $cache = false) { +function prepare_text($text, $content_type = 'text/bbcode', $opts = false) { + switch($content_type) { case 'text/plain': @@ -1742,7 +1744,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) { if(stristr($text,'[nosmile]')) $s = bbcode($text, [ 'cache' => $cache ]); else - $s = smilies(bbcode($text, [ 'cache' => $cache ])); + $s = smilies(bbcode($text, ((is_array($opts)) ? $opts : [] ))); $s = zidify_links($s); @@ -2024,22 +2026,40 @@ function item_post_type($item) { function undo_post_tagging($s) { $matches = null; + $x = null; // undo tags and mentions $cnt = preg_match_all('/([@#])(\!*)\[zrl=(.*?)\](.*?)\[\/zrl\]/ism',$s,$matches,PREG_SET_ORDER); if($cnt) { foreach($matches as $mtch) { - $s = str_replace($mtch[0], $mtch[1] . $mtch[2] . quote_tag($mtch[4]),$s); + if($mtch[1] === '@') { + $x = q("select xchan_addr, xchan_url from xchan where xchan_url = '%s' limit 1", + dbesc($mtch[3]) + ); + } + if($x) { + $s = str_replace($mtch[0], $mtch[1] . $mtch[2] . '{' . (($x[0]['xchan_addr']) ? $x[0]['xchan_addr'] : $x[0]['xchan_url']) . '}', $s); + } + else { + $s = str_replace($mtch[0], $mtch[1] . $mtch[2] . quote_tag($mtch[4]),$s); + } } } // undo forum tags $cnt = preg_match_all('/\!\[zrl=(.*?)\](.*?)\[\/zrl\]/ism',$s,$matches,PREG_SET_ORDER); if($cnt) { foreach($matches as $mtch) { - $s = str_replace($mtch[0], '!' . quote_tag($mtch[2]),$s); + $x = q("select xchan_addr, xchan_url from xchan where xchan_url = '%s' limit 1", + dbesc($mtch[1]) + ); + if($x) { + $s = str_replace($mtch[0], '!' . '{' . (($x[0]['xchan_addr']) ? $x[0]['xchan_addr'] : $x[0]['xchan_url']) . '}', $s); + } + else { + $s = str_replace($mtch[0], '!' . quote_tag($mtch[2]),$s); + } } } - return $s; } @@ -2186,16 +2206,17 @@ function ids_to_querystr($arr,$idx = 'id',$quote = false) { * @param $arr array * @param $elm array key to extract from sub-array * @param $delim string default ',' + * @param $each filter function to apply to each element before evaluation, default is 'trim'. * @returns string */ -function array_elm_to_str($arr,$elm,$delim = ',') { +function array_elm_to_str($arr,$elm,$delim = ',',$each = 'trim') { $tmp = []; if($arr && is_array($arr)) { foreach($arr as $x) { if(is_array($x) && array_key_exists($elm,$x)) { - $z = trim($x[$elm]); + $z = $each($x[$elm]); if(($z) && (! in_array($z,$tmp))) { $tmp[] = $z; } @@ -2205,7 +2226,9 @@ function array_elm_to_str($arr,$elm,$delim = ',') { return implode($delim,$tmp); } - +function trim_and_unpunify($s) { + return unpunify(trim($s)); +} /** @@ -2248,7 +2271,7 @@ function xchan_query(&$items, $abook = true, $effective_uid = 0) { $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash where xchan_hash in (" . protect_sprintf(implode(',', $arr)) . ") and hubloc_primary = 1"); } - $xchans = q("select * from xchan where xchan_hash in (" . protect_sprintf(implode(',',$arr)) . ") and xchan_network in ('rss','unknown')"); + $xchans = q("select * from xchan where xchan_hash in (" . protect_sprintf(implode(',',$arr)) . ") and xchan_network in ('rss','unknown', 'anon')"); if(! $chans) $chans = $xchans; else @@ -2321,6 +2344,23 @@ function stringify_array_elms(&$arr, $escape = false) { $arr[$x] = "'" . (($escape) ? dbesc($arr[$x]) : $arr[$x]) . "'"; } + +/** + * @brief Similar to stringify_array_elms but returns a string. If $escape is true, dbesc() each element before adding quotes. + * + * @param array $arr + * @param boolean $escape (optional) default false + * @return string + */ +function stringify_array($arr, $escape = false) { + if($arr) { + stringify_array_elms($arr); + return(implode(',',$arr)); + } + return EMPTY_STR; +} + + /** * @brief Indents a flat JSON string to make it more human-readable. * @@ -2384,7 +2424,7 @@ function jindent($json) { */ function design_tools() { - $channel = App::get_channel(); + $channel = channelx_by_n(App::$profile['profile_uid']); $sys = false; if(App::$is_sys && is_site_admin()) { @@ -2496,10 +2536,10 @@ function extra_query_args() { * @param[in,out] string &$str_tags string to add the tag to * @param int $profile_uid * @param string $tag the tag to replace - * @param boolean $diaspora default false + * @param boolean $in_network default true * @return boolean true if replaced, false if not replaced */ -function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $diaspora = false) { +function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $in_network = true) { $replaced = false; $r = null; @@ -2510,9 +2550,10 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d $termtype = ((strpos($tag,'!') === 0) ? TERM_FORUM : $termtype); $termtype = ((strpos($tag,'#^[') === 0) ? TERM_BOOKMARK : $termtype); - //is it a hash tag? - if(strpos($tag,'#') === 0) { - if(strpos($tag,'#^[') === 0) { + // Is it a hashtag of some kind? + + if ( in_array($termtype, [ TERM_HASHTAG, TERM_BOOKMARK ] )) { + if($termtype === TERM_BOOKMARK) { if(preg_match('/#\^\[(url|zrl)(.*?)\](.*?)\[\/(url|zrl)\]/',$tag,$match)) { $basetag = $match[3]; $url = ((substr($match[2],0,1) === '=') ? substr($match[2],1) : $match[3]); @@ -2521,33 +2562,35 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d } // if the tag is already replaced... elseif((strpos($tag,'[zrl=')) || (strpos($tag,'[url='))) { - //...do nothing + // ...do nothing return $replaced; } + if(! $replaced) { - // base tag has the tags name only + // double-quoted hashtags: base tag has the htmlentity name only if((substr($tag,0,7) === '#"') && (substr($tag,-6,6) === '"')) { $basetag = substr($tag,7); $basetag = substr($basetag,0,-6); } else - $basetag = str_replace('_',' ',substr($tag,1)); + $basetag = substr($tag,1); + + // create text for link - //create text for link $url = z_root() . '/search?tag=' . rawurlencode($basetag); $newtag = '#[zrl=' . z_root() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/zrl]'; - //replace tag by the link. Make sure to not replace something in the middle of a word - // The '=' is needed to not replace color codes if the code is also used as a tag - // Much better would be to somehow completely avoiding things in e.g. [color]-tags. - // This would allow writing things like "my favourite tag=#foobar". + + // replace tag by the link. Make sure to not replace something in the middle of a word + $body = preg_replace('/(?<![a-zA-Z0-9=])'.preg_quote($tag,'/').'/', $newtag, $body); $replaced = true; } - //is the link already in str_tags? + + // is the link already in str_tags? if(! stristr($str_tags,$newtag)) { - //append or set str_tags + // append or set str_tags if(strlen($str_tags)) $str_tags .= ','; @@ -2558,145 +2601,97 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d 'termtype' => $termtype, 'term' => $basetag, 'url' => $url, - 'contact' => $r[0] + 'contact' => [] ]; + } - //is it a person tag? + // END hashtags - $grouptag = false; + // BEGIN mentions - if(strpos($tag,'!') === 0) { - $grouptag = true; - } - if(strpos($tag,'@') === 0 || $grouptag) { + if ( in_array($termtype, [ TERM_MENTION, TERM_FORUM ] )) { + + // The @! tag and !! tag will alter permissions + + // $in_network is set to false to avoid false positives on posts originating + // on a network which does not implement privacy tags or implements them differently. - // The @! tag will alter permissions - $exclusive = (((! $grouptag) && (strpos($tag,'!') === 1) && (! $diaspora)) ? true : false); + $exclusive = (((strpos(substr($tag,1), '!') === 0) && $in_network) ? true : false); //is it already replaced? - if(strpos($tag,'[zrl=')) + if(strpos($tag,'[zrl=') || strpos($tag,'[url=')) return $replaced; - //get the person's name + // get the channel name + // First extract the name or name fragment we are going to replace - $name = substr($tag,(($exclusive) ? 2 : 1)); // The name or name fragment we are going to replace - $newname = $name; // a copy that we can mess with + $name = substr($tag,(($exclusive) ? 2 : 1)); + $newname = $name; // make a copy that we can mess with $tagcid = 0; $r = null; - // is it some generated name? + // is it some generated (autocompleted) name? - $forum = false; - $trailing_plus_name = false; - - // @channel+ is a forum or network delivery tag - - if(substr($newname,-1,1) === '+') { - $forum = true; + if(substr($name,0,1) === '{' && substr($name,-1,1) === '}') { + $newname = substr($name,1); $newname = substr($newname,0,-1); - } - - // Here we're looking for an address book entry as provided by the auto-completer - // of the form something+nnn where nnn is an abook_id or the first chars of xchan_hash - - - // If there's a +nnn in the string make sure there isn't a space preceding it - $t1 = strpos($newname,' '); - $t2 = strrpos($newname,'+'); - - if($t1 && $t2 && $t1 < $t2) - $t2 = 0; - - if(($t2) && (! $diaspora)) { - //get the id - - $tagcid = urldecode(substr($newname,$t2 + 1)); - - if(strrpos($tagcid,' ')) - $tagcid = substr($tagcid,0,strrpos($tagcid,' ')); - - if(strlen($tagcid) < 16) - $abook_id = intval($tagcid); - //remove the next word from tag's name - if(strpos($name,' ')) { - $name = substr($name,0,strpos($name,' ')); - } - - if($abook_id) { // if there was an id - // select channel with that id from the logged in user's address book - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash - WHERE abook_id = %d AND abook_channel = %d LIMIT 1", - intval($abook_id), - intval($profile_uid) - ); - } - else { - $r = q("SELECT * FROM xchan - WHERE xchan_hash like '%s%%' LIMIT 1", - dbesc($tagcid) - ); - } + $r = q("select * from xchan where xchan_addr = '%s' or xchan_url = '%s' limit 1", + dbesc($newname), + dbesc($newname) + ); } if(! $r) { // look for matching names in the address book - // Two ways to deal with spaces - double quote the name or use underscores - // we see this after input filtering so quotes have been html entity encoded + // Double quote the entire mentioned term to include special characters + // such as spaces and some punctuation. + + // We see this after input filtering so quotes have been html entity encoded if((substr($name,0,6) === '"') && (substr($name,-6,6) === '"')) { $newname = substr($name,6); $newname = substr($newname,0,-6); } - else - $newname = str_replace('_',' ',$name); - // do this bit over since we started over with $name + // select someone from this user's contacts by name - if(substr($newname,-1,1) === '+') { - $forum = true; - $newname = substr($newname,0,-1); - } - - //select someone from this user's contacts by name $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname), intval($profile_uid) ); - if(! $r) { - //select someone by attag or nick and the name passed in - $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash - WHERE xchan_addr like ('%s') AND abook_channel = %d LIMIT 1", - dbesc(((strpos($newname,'@')) ? $newname : $newname . '@%')), - intval($profile_uid) + // select anybody by full hubloc_addr + + if((! $r) && strpos($newname,'@')) { + $r = q("SELECT * FROM xchan left join hubloc on xchan_hash = hubloc_hash + WHERE hubloc_addr = '%s' LIMIT 1", + dbesc($newname) ); } - if(! $r) { - // it's possible somebody has a name ending with '+', which we stripped off as a forum indicator - // This is very rare but we want to get it right. + // select someone by attag or nick and the name passed in + if(! $r) { $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash - WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", - dbesc($newname . '+'), + WHERE xchan_addr like ('%s') AND abook_channel = %d LIMIT 1", + dbesc(((strpos($newname,'@')) ? $newname : $newname . '@%')), intval($profile_uid) ); - if($r) - $trailing_plus_name = true; } + } // $r is set if we found something $channel = App::get_channel(); - + if($r) { $profile = $r[0]['xchan_url']; $newname = $r[0]['xchan_name']; @@ -2734,27 +2729,24 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d } } - if(($exclusive) && (! $access_tag)) { - $access_tag .= 'cid:' . $channel['channel_hash']; - } - - // if there is an url for this channel + // if there is a url for this channel if(isset($profile)) { $replaced = true; //create profile link $profile = str_replace(',','%2c',$profile); $url = $profile; - if($grouptag) { - $newtag = '!' . '[zrl=' . $profile . ']' . $newname . '[/zrl]'; - $body = str_replace('!' . $name, $newtag, $body); + if($termtype === TERM_FORUM) { + $newtag = '!' . (($exclusive) ? '!' : '') . '[zrl=' . $profile . ']' . $newname . '[/zrl]'; + $body = str_replace('!' . (($exclusive) ? '!' : '') . $name, $newtag, $body); } else { - $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . $profile . ']' . $newname . (($forum && ! $trailing_plus_name) ? '+' : '') . '[/zrl]'; + // ( $termtype === TERM_MENTION ) + $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . $profile . ']' . $newname . '[/zrl]'; $body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body); } - //append tag to str_tags + // append tag to str_tags if(! stristr($str_tags,$newtag)) { if(strlen($str_tags)) $str_tags .= ','; @@ -2768,14 +2760,14 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d 'termtype' => $termtype, 'term' => $newname, 'url' => $url, - 'contact' => $r[0] + 'contact' => (($r) ? $r[0] : []) ]; } -function linkify_tags($a, &$body, $uid, $diaspora = false) { - $str_tags = ''; - $tagged = array(); - $results = array(); +function linkify_tags($a, &$body, $uid, $in_network = true) { + $str_tags = EMPTY_STR; + $tagged = []; + $results = []; $tags = get_tags($body); @@ -2783,20 +2775,8 @@ function linkify_tags($a, &$body, $uid, $diaspora = false) { foreach($tags as $tag) { $access_tag = ''; - // If we already tagged 'Robert Johnson', don't try and tag 'Robert'. - // Robert Johnson should be first in the $tags array + $success = handle_tag($a, $body, $access_tag, $str_tags, ($uid) ? $uid : App::$profile_uid , $tag, $in_network); - $fullnametagged = false; - for($x = 0; $x < count($tagged); $x ++) { - if(stristr($tagged[$x],$tag . ' ')) { - $fullnametagged = true; - break; - } - } - if($fullnametagged) - continue; - - $success = handle_tag($a, $body, $access_tag, $str_tags, ($uid) ? $uid : App::$profile_uid , $tag, $diaspora); $results[] = array('success' => $success, 'access_tag' => $access_tag); if($success['replaced']) $tagged[] = $tag; } @@ -3243,14 +3223,15 @@ function cleanup_bbcode($body) { * First protect any url inside certain bbcode tags so we don't double link it. */ + $body = preg_replace_callback('/\[code(.*?)\[\/(code)\]/ism','\red_escape_codeblock',$body); $body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','\red_escape_codeblock',$body); $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body); - $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ + $body = preg_replace_callback("/([^\]\='".'"'."\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ +\,\(\)]+)/ismu", '\nakedoembed', $body); - $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ + $body = preg_replace_callback("/([^\]\='".'"'."\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ +\,\(\)]+)/ismu", '\red_zrl_callback', $body); $body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body); @@ -3272,7 +3253,6 @@ function cleanup_bbcode($body) { $body = scale_external_images($body,false); - return $body; } @@ -3311,4 +3291,46 @@ function purify_filename($s) { return $s; } +// callback for sorting the settings/featured entries. + +function featured_sort($a,$b) { + $s1 = substr($a,strpos($a,'id='),20); + $s2 = substr($b,strpos($b,'id='),20); + return(strcmp($s1,$s2)); +} + + +// Be aware that punify will convert domain names and pathnames + + +function punify($s) { + require_once('vendor/simplepie/simplepie/idn/idna_convert.class.php'); + $x = new idna_convert(['encoding' => 'utf8']); + return $x->encode($s); + +} + +// Be aware that unpunify will only convert domain names and not pathnames + +function unpunify($s) { + require_once('vendor/simplepie/simplepie/idn/idna_convert.class.php'); + $x = new idna_convert(['encoding' => 'utf8']); + return $x->decode($s); + +} + +function unique_multidim_array($array, $key) { + $temp_array = array(); + $i = 0; + $key_array = array(); + + foreach($array as $val) { + if (!in_array($val[$key], $key_array)) { + $key_array[$i] = $val[$key]; + $temp_array[$i] = $val; + } + $i++; + } + return $temp_array; +} diff --git a/include/zid.php b/include/zid.php index 67c1d9f6c..fe06948ba 100644 --- a/include/zid.php +++ b/include/zid.php @@ -53,14 +53,14 @@ function zid($s, $address = '') { $mine = get_my_url(); $myaddr = (($address) ? $address : get_my_address()); - /** - * @FIXME checking against our own channel url is no longer reliable. We may have a lot - * of urls attached to our channel. Should probably match against our site, since we - * will not need to remote authenticate on our own site anyway. - */ + $mine_parsed = parse_url($mine); + $s_parsed = parse_url($s); + + if($mine_parsed['host'] === $s_parsed['host']) + $url_match = true; - if ($mine && $myaddr && (! link_compare($mine,$s))) - $zurl = $s . (($num_slashes >= 3) ? '' : '/') . $achar . 'zid=' . urlencode($myaddr); + if ($mine && $myaddr && (! $url_match)) + $zurl = $s . (($num_slashes >= 3) ? '' : '/') . (($achar === '?') ? '?f=&' : '&') . 'zid=' . urlencode($myaddr); else $zurl = $s; @@ -103,12 +103,17 @@ function strip_zats($s) { return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s); } +function strip_escaped_zids($s) { + $x = preg_replace('/&\;zid=(.*?)(&|$)/ism','$2',$s); + return strip_query_param($x,'f'); +} function clean_query_string($s = '') { $x = strip_zids(($s) ? $s : \App::$query_string); $x = strip_owt($x); $x = strip_zats($x); + $x = strip_query_param($x,'sort'); return strip_query_param($x,'f'); } @@ -346,4 +351,4 @@ function owt_init($token) { info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name'])); logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); -}
\ No newline at end of file +} diff --git a/include/zot.php b/include/zot.php index 25e30ccbc..14c9f6ae5 100644 --- a/include/zot.php +++ b/include/zot.php @@ -589,13 +589,16 @@ function zot_refresh($them, $channel = null, $force = false) { // If there is a default group for this channel, add this connection to it - - $default_group = $channel['channel_default_group']; - if($default_group) { - require_once('include/group.php'); - $g = group_rec_byhash($channel['channel_id'],$default_group); - if($g) - group_add_member($channel['channel_id'],'',$x['hash'],$g['id']); + // for pending connections this will happens at acceptance time. + + if(! intval($new_connection[0]['abook_pending'])) { + $default_group = $channel['channel_default_group']; + if($default_group) { + require_once('include/group.php'); + $g = group_rec_byhash($channel['channel_id'],$default_group); + if($g) + group_add_member($channel['channel_id'],'',$x['hash'],$g['id']); + } } unset($new_connection[0]['abook_id']); @@ -1784,6 +1787,10 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $local_public = false; continue; } + if(! \Zotlabs\Lib\MessageFilter::evaluate($arr,get_config('system','pubstream_incl'),get_config('system','pubstream_excl'))) { + $local_public = false; + continue; + } } $tag_delivery = tgroup_check($channel['channel_id'],$arr); @@ -1920,6 +1927,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ continue; } + $r = q("select * from item where mid = '%s' and uid = %d limit 1", dbesc($arr['mid']), intval($channel['channel_id']) @@ -2282,13 +2290,31 @@ function process_mail_delivery($sender, $arr, $deliveries) { continue; } + if(! perm_is_allowed($channel['channel_id'],$sender['hash'],'post_mail')) { - logger("permission denied for mail delivery {$channel['channel_id']}"); - $DR->update('permission denied'); - $result[] = $DR->get(); - continue; + + /* + * Always allow somebody to reply if you initiated the conversation. It's anti-social + * and a bit rude to send a private message to somebody and block their ability to respond. + * If you are being harrassed and want to put an end to it, delete the conversation. + */ + + $return = false; + if($arr['parent_mid']) { + $return = q("select * from mail where mid = '%s' and channel_id = %d limit 1", + dbesc($arr['parent_mid']), + intval($channel['channel_id']) + ); + } + if(! $return) { + logger("permission denied for mail delivery {$channel['channel_id']}"); + $DR->update('permission denied'); + $result[] = $DR->get(); + continue; + } } + $r = q("select id from mail where mid = '%s' and channel_id = %d limit 1", dbesc($arr['mid']), intval($channel['channel_id']) @@ -3187,6 +3213,9 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { $channel = $r[0]; + // don't provide these in the export + + unset($channel['channel_active']); unset($channel['channel_password']); unset($channel['channel_salt']); @@ -3453,6 +3482,14 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { continue; } + // if the clone is active, so are we + + if(substr($channel['channel_active'],0,10) !== substr(datetime_convert(),0,10)) { + q("UPDATE channel set channel_active = '%s' where channel_id = %d", + dbesc(datetime_convert()), + intval($channel['channel_id']) + ); + } if(array_key_exists('config',$arr) && is_array($arr['config']) && count($arr['config'])) { foreach($arr['config'] as $cat => $k) { @@ -3779,25 +3816,27 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { foreach($x as $y) { // for each group, loop on members list we just received - foreach($members[$y['hash']] as $member) { - $found = false; - $z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", - intval($y['id']), - intval($channel['channel_id']), - dbesc($member) - ); - if($z) - $found = true; - - // if somebody is in the group that wasn't before - add them - - if(! $found) { - q("INSERT INTO group_member (uid, gid, xchan) - VALUES( %d, %d, '%s' ) ", - intval($channel['channel_id']), + if(isset($y['hash']) && isset($members[$y['hash']])) { + foreach($members[$y['hash']] as $member) { + $found = false; + $z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", intval($y['id']), + intval($channel['channel_id']), dbesc($member) ); + if($z) + $found = true; + + // if somebody is in the group that wasn't before - add them + + if(! $found) { + q("INSERT INTO group_member (uid, gid, xchan) + VALUES( %d, %d, '%s' ) ", + intval($channel['channel_id']), + intval($y['id']), + dbesc($member) + ); + } } } @@ -3834,11 +3873,14 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { intval($channel['channel_id']) ); if(! $x) { - q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", - dbesc($profile['profile_guid']), - intval($channel['channel_account_id']), - intval($channel['channel_id']) + profile_store_lowlevel( + [ + 'aid' => $channel['channel_account_id'], + 'uid' => $channel['channel_id'], + 'profile_guid' => $profile['profile_guid'], + ] ); + $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']) |