diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/api.php | 7 | ||||
| -rw-r--r-- | include/bb2diaspora.php | 5 | ||||
| -rwxr-xr-x | include/items.php | 2 | ||||
| -rw-r--r-- | include/photo/photo_driver.php | 15 | ||||
| -rw-r--r-- | include/photos.php | 14 | ||||
| -rw-r--r-- | include/text.php | 11 |
6 files changed, 41 insertions, 13 deletions
diff --git a/include/api.php b/include/api.php index 16dbb569b..ad29625d8 100644 --- a/include/api.php +++ b/include/api.php @@ -75,8 +75,9 @@ require_once('include/attach.php'); try { $oauth = new FKOAuth1(); $req = OAuthRequest::from_request(); + list($consumer,$token) = $oauth->verify_request($req); -// list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); + if (!is_null($token)){ $oauth->loginUser($token->uid); @@ -826,6 +827,7 @@ require_once('include/attach.php'); require_once('include/html2bbcode.php'); $txt = requestdata('htmlstatus'); + if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) { $txt = html2bb_video($txt); @@ -837,9 +839,10 @@ require_once('include/attach.php'); $purifier = new HTMLPurifier($config); $txt = $purifier->purify($txt); - $_REQUEST['body'] = html2bbcode($txt); } + $_REQUEST['body'] = html2bbcode($txt); + } else $_REQUEST['body'] = requestdata('status'); diff --git a/include/bb2diaspora.php b/include/bb2diaspora.php index d10ed57eb..7cba40672 100644 --- a/include/bb2diaspora.php +++ b/include/bb2diaspora.php @@ -309,9 +309,8 @@ function bb2diaspora_itembody($item, $force_update = false) { $is_photo = (($item['obj_type'] == ACTIVITY_OBJ_PHOTO) ? true : false); if($is_photo) { $object = json_decode($item['object'],true); - if($object['link'][2]) { - $photo_bb = '[zrl=' . rawurldecode($object['id']) . ']' . '[zmg=' . $object['link'][2]['width'] . 'x' . $object['link'][2]['height'] . ']' . rawurldecode($object['link'][2]['href']) . '[/zmg]' . '[/zrl]'; - $item['body'] = (($item['body']) ? $photo_bb . $item['body'] : $photo_bb); + if($object['bbcode']) { + $item['body'] = (($item['body']) ? $object['bbcode'] . "\r\n" . $item['body'] : $object['bbcode']); } } diff --git a/include/items.php b/include/items.php index 08be981e7..ce8e2b9b0 100755 --- a/include/items.php +++ b/include/items.php @@ -4792,7 +4792,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C if($arr['mid']) $sql_options .= " and parent_mid = '" . dbesc($arr['mid']) . "' "; - $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options ) "; + $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options $item_normal ) "; if($arr['since_id']) $sql_extra .= " and item.id > " . $since_id . " "; diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 32b9bd302..e980a96e1 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -546,11 +546,18 @@ function guess_image_type($filename, $headers = '') { $ext = pathinfo($filename, PATHINFO_EXTENSION); $ph = photo_factory(''); $types = $ph->supportedTypes(); - $type = "image/jpeg"; foreach ($types as $m=>$e){ if ($ext==$e) $type = $m; } } + + if(is_null($type)) { + $size = getimagesize($filename); + $ph = photo_factory(''); + $types = $ph->supportedTypes(); + $type = ((array_key_exists($size['mime'], $types)) ? $size['mime'] : 'image/jpeg'); + } + } logger('Photo: guess_image_type: type='.$type, LOGGER_DEBUG); return $type; @@ -586,16 +593,12 @@ function import_xchan_photo($photo,$xchan,$thing = false) { if($photo) { $filename = basename($photo); - $type = guess_image_type($photo); - - if(! $type) - $type = 'image/jpeg'; - $result = z_fetch_url($photo,true); if($result['success']) { $img_str = $result['body']; + $type = guess_image_type($photo, $result['header']); $h = explode("\n",$result['header']); if($h) { diff --git a/include/photos.php b/include/photos.php index d62d5aeb8..c7360a956 100644 --- a/include/photos.php +++ b/include/photos.php @@ -379,6 +379,20 @@ function photo_upload($channel, $observer, $args) { $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; $arr['body'] = (($object) ? $args['body'] : $body . "\r\n" . $args['body']); + + // this one is tricky because the item and the photo have the same permissions, those of the photo. + // Use the channel read_stream permissions to get the correct public_policy for the item and recalculate the + // private flag accordingly. This may cause subtle bugs due to custom permissions roles. We want to use + // public policy when federating items to other sites, but should probably ignore them when accessing the item + // in the photos pages - using the photos permissions instead. We need the public policy to keep the photo + // linked item from leaking into the feed when somebody has a channel with read_stream restrictions. + + $arr['public_policy'] = map_scope($channel['channel_r_stream'],true); + if($arr['public_policy']) + $arr['item_private'] = 1; + + + $result = item_store($arr); $item_id = $result['item_id']; diff --git a/include/text.php b/include/text.php index c30be77b8..5df7bb4a1 100644 --- a/include/text.php +++ b/include/text.php @@ -912,8 +912,17 @@ function sslify($s) { if (strpos(z_root(),'https:') === false) return $s; + // By default we'll only sslify img tags because media files will probably choke. + // You can set sslify_everything if you want - but it will likely white-screen if it hits your php memory limit. + // The downside is that http: media files will likely be blocked by your browser + // Complain to your browser maker + + $allow = get_config('system','sslify_everything'); + + $pattern = (($allow) ? "/\<(.*?)src=\"(http\:.*?)\"(.*?)\>/" : "/\<img(.*?)src=\"(http\:.*?)\"(.*?)\>/" ); + $matches = null; - $cnt = preg_match_all("/\<(.*?)src=\"(http\:.*?)\"(.*?)\>/",$s,$matches,PREG_SET_ORDER); + $cnt = preg_match_all($pattern,$s,$matches,PREG_SET_ORDER); if ($cnt) { foreach ($matches as $match) { $filename = basename( parse_url($match[2], PHP_URL_PATH) ); |