diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/api_zot.php | 118 | ||||
| -rw-r--r-- | include/attach.php | 6 | ||||
| -rw-r--r-- | include/bb2diaspora.php | 7 | ||||
| -rw-r--r-- | include/bbcode.php | 66 | ||||
| -rw-r--r-- | include/config.php | 24 | ||||
| -rw-r--r-- | include/conversation.php | 62 | ||||
| -rw-r--r-- | include/crypto.php | 119 | ||||
| -rwxr-xr-x | include/dba/dba_driver.php | 2 | ||||
| -rwxr-xr-x | include/dba/dba_pdo.php | 2 | ||||
| -rw-r--r-- | include/help.php | 5 | ||||
| -rwxr-xr-x | include/items.php | 74 | ||||
| -rw-r--r-- | include/message.php | 80 | ||||
| -rwxr-xr-x | include/oembed.php | 2 | ||||
| -rw-r--r-- | include/text.php | 57 | ||||
| -rw-r--r-- | include/widgets.php | 119 | ||||
| -rw-r--r-- | include/wiki.php | 154 | ||||
| -rw-r--r-- | include/zot.php | 336 |
17 files changed, 728 insertions, 505 deletions
diff --git a/include/api_zot.php b/include/api_zot.php index 60cb288af..d1979c3ae 100644 --- a/include/api_zot.php +++ b/include/api_zot.php @@ -28,11 +28,12 @@ api_register_func('api/z/1.0/group','api_group', true); api_register_func('api/red/xchan','api_red_xchan',true); api_register_func('api/z/1.0/xchan','api_red_xchan',true); - api_register_func('api/red/item/new','red_item_new', true); - api_register_func('api/z/1.0/item/new','red_item_new', true); + api_register_func('api/red/item/update','zot_item_update', true); + api_register_func('api/z/1.0/item/update','zot_item_update', true); api_register_func('api/red/item/full','red_item', true); api_register_func('api/z/1.0/item/full','red_item', true); + api_register_func('api/z/1.0/network/stream','api_network_stream', true); api_register_func('api/z/1.0/abook','api_zot_abook_xchan',true); api_register_func('api/z/1.0/abconfig','api_zot_abconfig',true); api_register_func('api/z/1.0/perm_allowed','api_zot_perm_allowed',true); @@ -55,29 +56,90 @@ } + function api_network_stream($type) { + if(api_user() === false) { + logger('api_channel_stream: no user'); + return false; + } + + $channel = channelx_by_n(api_user()); + if(! $channel) + return false; + + + if($_SERVER['REQUEST_METHOD'] == 'POST') { + // json_return_and_die(post_activity_item($_REQUEST)); + } + else { + $mindate = (($_REQUEST['mindate']) ? datetime_convert('UTC','UTC',$_REQUEST['mindate']) : ''); + if(! $mindate) + $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); + + $arr = $_REQUEST; + $ret = []; + $i = items_fetch($arr,App::get_channel(),get_observer_hash()); + if($i) { + foreach($i as $iv) { + $ret[] = encode_item($iv); + } + } + + json_return_and_die($ret); + } + } + + + + + + function api_channel_stream($type) { if(api_user() === false) { logger('api_channel_stream: no user'); return false; } + $channel = channelx_by_n(api_user()); + if(! $channel) + return false; + + if($_SERVER['REQUEST_METHOD'] == 'POST') { json_return_and_die(post_activity_item($_REQUEST)); } else { - // fetch stream + $mindate = (($_REQUEST['mindate']) ? datetime_convert('UTC','UTC',$_REQUEST['mindate']) : ''); + if(! $mindate) + $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); + json_return_and_die(zot_feed($channel['channel_id'],$channel['channel_hash'],[ 'mindate' => $mindate ])); } } function api_attach_list($type) { + if(api_user() === false) + return false; + logger('api_user: ' . api_user()); - json_return_and_die(attach_list_files(api_user(),get_observer_hash(),'','','','created asc')); + $hash = ((array_key_exists('filehash',$_REQUEST)) ? $_REQUEST['filehash'] : ''); + $filename = ((array_key_exists('filename',$_REQUEST)) ? $_REQUEST['filename'] : ''); + $filetype = ((array_key_exists('filetype',$_REQUEST)) ? $_REQUEST['filetype'] : ''); + $start = ((array_key_exists('start',$_REQUEST)) ? intval($_REQUEST['start']) : 0); + $records = ((array_key_exists('records',$_REQUEST)) ? intval($_REQUEST['records']) : 0); + + $x = attach_list_files(api_user(),get_observer_hash(),$hash,$filename,$filetype,'created asc',$start,$records); + if($start || $records) { + $x['start'] = $start; + $x['records'] = count($x['results']); + } + + json_return_and_die($x); } function api_file_meta($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['file_id']) return false; $r = q("select * from attach where uid = %d and hash = '%s' limit 1", intval(api_user()), @@ -94,14 +156,15 @@ function api_file_data($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['file_id']) return false; $start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0); $length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0); - $r = q("select * from attach where uid = %d and hash = '%s' limit 1", + $r = q("select * from attach where uid = %d and hash like '%s' limit 1", intval(api_user()), - dbesc($_REQUEST['file_id']) + dbesc($_REQUEST['file_id'] . '%') ); if($r) { $ptr = $r[0]; @@ -135,8 +198,10 @@ function api_file_export($type) { - if (api_user()===false) return false; - if(! $_REQUEST['file_id']) return false; + if(api_user() === false) + return false; + if(! $_REQUEST['file_id']) + return false; $ret = attach_export_data(api_user(),$_REQUEST['file_id']); if($ret) { @@ -147,7 +212,8 @@ function api_file_detail($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['file_id']) return false; $r = q("select * from attach where uid = %d and hash = '%s' limit 1", intval(api_user()), @@ -170,16 +236,21 @@ function api_albums($type) { + if(api_user() === false) + return false; json_return_and_die(photos_albums_list(App::get_channel(),App::get_observer())); } function api_photos($type) { + if(api_user() === false) + return false; $album = $_REQUEST['album']; json_return_and_die(photos_list_photos(App::get_channel(),App::get_observer(),$album)); } function api_photo_detail($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['photo_id']) return false; $scale = ((array_key_exists('scale',$_REQUEST)) ? intval($_REQUEST['scale']) : 0); $r = q("select * from photo where uid = %d and resource_id = '%s' and imgscale = %d limit 1", @@ -237,8 +308,8 @@ } if($r) { - $x = q("select * from group_member left join xchan on group_member.xchan = xchan.xchan_hash - left join abook on abook_xchan = xchan_hash where gid = %d", + $x = q("select * from group_member left join abook on abook_xchan = xchan and abook_channel = group_member.uid left join xchan on group_member.xchan = xchan.xchan_hash + where gid = %d", intval($r[0]['id']) ); json_return_and_die($x); @@ -258,15 +329,13 @@ function api_red_xchan($type) { - logger('api_xchan'); - if(api_user() === false) return false; logger('api_xchan'); require_once('include/hubloc.php'); if($_SERVER['REQUEST_METHOD'] === 'POST') { - $r = xchan_store($_REQUEST); + // $r = xchan_store($_REQUEST); } $r = xchan_fetch($_REQUEST); json_return_and_die($r); @@ -341,15 +410,15 @@ } - function red_item_new($type) { + function zot_item_update($type) { if (api_user() === false) { - logger('api_red_item_new: no user'); + logger('api_red_item_store: no user'); return false; } - logger('api_red_item_new: REQUEST ' . print_r($_REQUEST,true)); - logger('api_red_item_new: FILES ' . print_r($_FILES,true)); + logger('api_red_item_store: REQUEST ' . print_r($_REQUEST,true)); + logger('api_red_item_store: FILES ' . print_r($_FILES,true)); // set this so that the item_post() function is quiet and doesn't redirect or emit json @@ -360,11 +429,10 @@ if(x($_FILES,'media')) { $_FILES['userfile'] = $_FILES['media']; // upload the image if we have one - $_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo - $mod = new Zotlabs\Module\Wall_upload(); + $mod = new Zotlabs\Module\Wall_attach(); $media = $mod->post(); - if(strlen($media)>0) - $_REQUEST['body'] .= "\n\n".$media; + if($media) + $_REQUEST['body'] .= "\n\n" . $media; } $mod = new Zotlabs\Module\Item(); diff --git a/include/attach.php b/include/attach.php index ac0185f5d..ba2f60a90 100644 --- a/include/attach.php +++ b/include/attach.php @@ -197,13 +197,13 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ $sql_extra .= protect_sprintf(" and hash = '" . dbesc($hash) . "' "); if($filename) - $sql_extra .= protect_sprintf(" and filename like '@" . dbesc($filename) . "@' "); + $sql_extra .= protect_sprintf(" and filename like '%" . dbesc($filename) . "%' "); if($filetype) - $sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' "); + $sql_extra .= protect_sprintf(" and filetype like '%" . dbesc($filetype) . "%' "); if($entries) - $limit = " limit " . intval($start) . ", " . intval(entries) . " "; + $limit = " limit " . intval($start) . ", " . intval($entries) . " "; // Retrieve all columns except 'data' diff --git a/include/bb2diaspora.php b/include/bb2diaspora.php index e6c97a750..87a8551ae 100644 --- a/include/bb2diaspora.php +++ b/include/bb2diaspora.php @@ -130,6 +130,9 @@ function markdown_to_bb($s, $use_zrl = false) { $s = html_entity_decode($s,ENT_COMPAT,'UTF-8'); + // if empty link text replace with the url + $s = preg_replace("/\[\]\((.*?)\)/ism",'[$1]($1)',$s); + // first try plustags $s = preg_replace_callback('/\@\{(.+?)\; (.+?)\@(.+?)\}\+/','diaspora_mention_callback',$s); @@ -155,10 +158,10 @@ function markdown_to_bb($s, $use_zrl = false) { // Convert everything that looks like a link to a link if($use_zrl) { $s = str_replace(array('[img','/img]'),array('[zmg','/zmg]'),$s); - $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1[zrl=$2$3]$2$3[/zrl]',$s); + $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\(\)]+)/ism", '$1[zrl=$2$3]$2$3[/zrl]',$s); } else { - $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1[url=$2$3]$2$3[/url]',$s); + $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\(\)]+)/ism", '$1[url=$2$3]$2$3[/url]',$s); } // remove duplicate adjacent code tags diff --git a/include/bbcode.php b/include/bbcode.php index 21bc6de77..b315255f5 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -512,10 +512,10 @@ function bb_code($match) { } function bb_highlight($match) { - if(in_array(strtolower($match[1]),['php','css','mysql','sql','abap','diff','html','perl','ruby', + $lang = ((in_array(strtolower($match[1]),['php','css','mysql','sql','abap','diff','html','perl','ruby', 'vbscript','avrc','dtd','java','xml','cpp','python','javascript','js','json','sh'])) - return text_highlight($match[2],strtolower($match[1])); - return $match[0]; + ? strtolower($match[1]) : 'php' ); + return text_highlight($match[2],$lang); } function bb_fixtable_lf($match) { @@ -529,7 +529,49 @@ function bb_fixtable_lf($match) { } +function parseIdentityAwareHTML($Text) { + + // process [observer] tags before we do anything else because we might + // be stripping away stuff that then doesn't need to be worked on anymore + $observer = App::get_observer(); + + if ((strpos($Text,'[/observer]') !== false) || (strpos($Text,'[/rpost]') !== false)) { + if ($observer) { + $Text = preg_replace("/\[observer\=1\](.*?)\[\/observer\]/ism", '$1', $Text); + $Text = preg_replace("/\[observer\=0\].*?\[\/observer\]/ism", '', $Text); + $Text = preg_replace_callback("/\[rpost(=(.*?))?\](.*?)\[\/rpost\]/ism", 'rpost_callback', $Text); + } else { + $Text = preg_replace("/\[observer\=1\].*?\[\/observer\]/ism", '', $Text); + $Text = preg_replace("/\[observer\=0\](.*?)\[\/observer\]/ism", '$1', $Text); + $Text = preg_replace("/\[rpost(=.*?)?\](.*?)\[\/rpost\]/ism", '', $Text); + } + } + // replace [observer.baseurl] + if ($observer) { + $s1 = '<span class="bb_observer" title="' . t('Different viewers will see this text differently') . '">'; + $s2 = '</span>'; + $obsBaseURL = $observer['xchan_connurl']; + $obsBaseURL = preg_replace("/\/poco\/.*$/", '', $obsBaseURL); + $Text = str_replace('[observer.baseurl]', $obsBaseURL, $Text); + $Text = str_replace('[observer.url]',$observer['xchan_url'], $Text); + $Text = str_replace('[observer.name]',$s1 . $observer['xchan_name'] . $s2, $Text); + $Text = str_replace('[observer.address]',$s1 . $observer['xchan_addr'] . $s2, $Text); + $Text = str_replace('[observer.webname]', substr($observer['xchan_addr'],0,strpos($observer['xchan_addr'],'@')), $Text); + $Text = str_replace('[observer.photo]',$s1 . '[zmg]'.$observer['xchan_photo_l'].'[/zmg]' . $s2, $Text); + } else { + $Text = str_replace('[observer.baseurl]', '', $Text); + $Text = str_replace('[observer.url]','', $Text); + $Text = str_replace('[observer.name]','', $Text); + $Text = str_replace('[observer.address]','', $Text); + $Text = str_replace('[observer.webname]','',$Text); + $Text = str_replace('[observer.photo]','', $Text); + } + + $Text = str_replace(array('[baseurl]','[sitename]'),array(z_root(),get_config('system','sitename')),$Text); + + return $Text; +} // BBcode 2 HTML was written by WAY2WEB.net // extended to work with Mistpark/Friendica/Redmatrix/Hubzilla - Mike Macgirvin @@ -661,7 +703,7 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) // Perform URL Search - $urlchars = '[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,\@]'; + $urlchars = '[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,\@\(\)]'; if (strpos($Text,'http') !== false) { if($tryoembed) { @@ -745,6 +787,12 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) if (strpos($Text,'[/color]') !== false) { $Text = preg_replace("(\[color=(.*?)\](.*?)\[\/color\])ism", "<span style=\"color: $1;\">$2</span>", $Text); } + // Check for colored text + if (strpos($Text,'[/hl]') !== false) { + $Text = preg_replace("(\[hl\](.*?)\[\/hl\])ism", "<span style=\"background-color: yellow;\">$1</span>", $Text); + $Text = preg_replace("(\[hl=(.*?)\](.*?)\[\/hl\])ism", "<span style=\"background-color: $1;\">$2</span>", $Text); + } + // Check for sized text // [size=50] --> font-size: 50px (with the unit). if (strpos($Text,'[/size]') !== false) { @@ -776,12 +824,14 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $Text = preg_replace("(\[h6\](.*?)\[\/h6\])ism",'<h6>$1</h6>',$Text); } // Check for table of content without params - if (strpos($Text,'[toc]') !== false) { - $Text = preg_replace("/\[toc\]/ism",'<ul id="toc"></ul>',$Text); + while(strpos($Text,'[toc]') !== false) { + $toc_id = 'toc-' . random_string(10); + $Text = preg_replace("/\[toc\]/ism", '<ul id="' . $toc_id . '" class="toc" data-toc=".section-content-wrapper"></ul><script>$("#' . $toc_id . '").toc();</script>', $Text, 1); } // Check for table of content with params - if (strpos($Text,'[toc') !== false) { - $Text = preg_replace("/\[toc([^\]]+?)\]/ism",'<ul$1></ul>',$Text); + while(strpos($Text,'[toc') !== false) { + $toc_id = 'toc-' . random_string(10); + $Text = preg_replace("/\[toc([^\]]+?)\]/ism", '<ul id="' . $toc_id . '" class="toc"$1></ul><script>$("#' . $toc_id . '").toc();</script>', $Text, 1); } // Check for centered text if (strpos($Text,'[/center]') !== false) { diff --git a/include/config.php b/include/config.php index 44ef29614..0b0e639ab 100644 --- a/include/config.php +++ b/include/config.php @@ -35,8 +35,8 @@ function load_config($family) { Zlib\Config::Load($family); } -function get_config($family, $key) { - return Zlib\Config::Get($family,$key); +function get_config($family, $key, $default = false) { + return Zlib\Config::Get($family,$key,$default); } function set_config($family, $key, $value) { @@ -51,8 +51,8 @@ function load_pconfig($uid) { Zlib\PConfig::Load($uid); } -function get_pconfig($uid, $family, $key, $instore = false) { - return Zlib\PConfig::Get($uid,$family,$key,$instore = false); +function get_pconfig($uid, $family, $key, $default = false) { + return Zlib\PConfig::Get($uid,$family,$key,$default); } function set_pconfig($uid, $family, $key, $value) { @@ -67,8 +67,8 @@ function load_xconfig($xchan) { Zlib\XConfig::Load($xchan); } -function get_xconfig($xchan, $family, $key) { - return Zlib\XConfig::Get($xchan,$family,$key); +function get_xconfig($xchan, $family, $key, $default = false) { + return Zlib\XConfig::Get($xchan,$family,$key, $default); } function set_xconfig($xchan, $family, $key, $value) { @@ -83,8 +83,8 @@ function load_aconfig($account_id) { Zlib\AConfig::Load($account_id); } -function get_aconfig($account_id, $family, $key) { - return Zlib\AConfig::Get($account_id, $family, $key); +function get_aconfig($account_id, $family, $key, $default = false) { + return Zlib\AConfig::Get($account_id, $family, $key, $default); } function set_aconfig($account_id, $family, $key, $value) { @@ -99,8 +99,8 @@ function load_abconfig($chan, $xhash, $family = '') { return Zlib\AbConfig::Load($chan,$xhash,$family); } -function get_abconfig($chan,$xhash,$family,$key) { - return Zlib\AbConfig::Get($chan,$xhash,$family,$key); +function get_abconfig($chan,$xhash,$family,$key, $default = false) { + return Zlib\AbConfig::Get($chan,$xhash,$family,$key, $default); } function set_abconfig($chan,$xhash,$family,$key,$value) { @@ -115,8 +115,8 @@ function load_iconfig(&$item) { Zlib\IConfig::Load($item); } -function get_iconfig(&$item, $family, $key) { - return Zlib\IConfig::Get($item, $family, $key); +function get_iconfig(&$item, $family, $key, $default = false) { + return Zlib\IConfig::Get($item, $family, $key, $default); } function set_iconfig(&$item, $family, $key, $value, $sharing = false) { diff --git a/include/conversation.php b/include/conversation.php index 16eacd73e..d367c27a6 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -363,7 +363,7 @@ function localize_item(&$item){ if(intval($item['item_obscured']) && strlen($item['body']) && (! strpos($item['body'],'data'))) { - $item['body'] = json_encode(crypto_encapsulate($item['body'],get_config('system','pubkey'), CRYPTO_ALGORITHM)); + $item['body'] = z_obscure($item['body']); } } @@ -473,22 +473,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ if (local_channel()) load_pconfig(local_channel(),''); - $arr_blocked = null; - - if (local_channel()) - $str_blocked = get_pconfig(local_channel(),'system','blocked'); - if (! local_channel() && ($mode == 'network')) { - $sys = get_sys_channel(); - $id = $sys['channel_id']; - $str_blocked = get_pconfig($id,'system','blocked'); - } - - if ($str_blocked) { - $arr_blocked = explode(',',$str_blocked); - for ($x = 0; $x < count($arr_blocked); $x ++) - $arr_blocked[$x] = trim($arr_blocked[$x]); - } - $profile_owner = 0; $page_writeable = false; $live_update_div = ''; @@ -615,17 +599,13 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ foreach($items as $item) { - if($arr_blocked) { - $blocked = false; - foreach($arr_blocked as $b) { - if(($b) && (($item['author_xchan'] == $b) || ($item['owner_xchan'] == $b))) { - $blocked = true; - break; - } - } - if($blocked) - continue; - } + $x = [ 'mode' => $mode, 'item' => $item ]; + call_hooks('stream_item',$x); + + if($x['item']['blocked']) + continue; + + $item = $x['item']; $threadsid++; @@ -787,28 +767,14 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ // Check for any blocked authors - if($arr_blocked) { - $blocked = false; - foreach($arr_blocked as $b) { - if(($b) && ($item['author_xchan'] == $b)) { - $blocked = true; - break; - } - } - if($blocked) - continue; - } - // Check all the kids too + $x = [ 'mode' => $mode, 'item' => $item ]; + call_hooks('stream_item',$x); + + if($x['item']['blocked']) + continue; - if($arr_blocked && $item['children']) { - for($d = 0; $d < count($item['children']); $d ++) { - foreach($arr_blocked as $b) { - if(($b) && ($item['children'][$d]['author_xchan'] == $b)) - $item['children'][$d]['author_blocked'] = true; - } - } - } + $item = $x['item']; builtin_activity_puller($item, $conv_responses); diff --git a/include/crypto.php b/include/crypto.php index c67c4a1ef..f75390985 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -48,27 +48,122 @@ function pkcs5_unpad($text) function AES256CBC_encrypt($data,$key,$iv) { return openssl_encrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); - } function AES256CBC_decrypt($data,$key,$iv) { return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + +function AES128CBC_encrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,16); + return openssl_encrypt($data,'aes-128-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + +function AES128CBC_decrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,16); + return openssl_decrypt($data,'aes-128-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + +function STD_encrypt($data,$key,$iv) { + $key = substr($key,0,32); + $iv = substr($iv,0,16); + return openssl_encrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + +function STD_decrypt($data,$key,$iv) { + $key = substr($key,0,32); + $iv = substr($iv,0,16); + return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} +function CAST5CBC_encrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,8); + return openssl_encrypt($data,'cast5-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); +} + +function CAST5CBC_decrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,8); + return openssl_decrypt($data,'cast5-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); } function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { + $fn = strtoupper($alg) . '_encrypt'; + if($alg === 'aes256cbc') return aes_encapsulate($data,$pubkey); + return other_encapsulate($data,$pubkey,$alg); + +} + +function other_encapsulate($data,$pubkey,$alg) { + if(! $pubkey) + logger('no key. data: ' . $data); + + $fn = strtoupper($alg) . '_encrypt'; + if(function_exists($fn)) { + + // A bit hesitant to use openssl_random_pseudo_bytes() as we know + // it has been historically targeted by US agencies for 'weakening'. + // It is still arguably better than trying to come up with an + // alternative cryptographically secure random generator. + // There is little point in using the optional second arg to flag the + // assurance of security since it is meaningless if the source algorithms + // have been compromised. Also none of this matters if RSA has been + // compromised by state actors and evidence is mounting that this has + // already happened. + + $key = openssl_random_pseudo_bytes(256); + $iv = openssl_random_pseudo_bytes(256); + $result['data'] = base64url_encode($fn($data,$key,$iv),true); + // log the offending call so we can track it down + if(! openssl_public_encrypt($key,$k,$pubkey)) { + $x = debug_backtrace(); + logger('RSA failed. ' . print_r($x[0],true)); + } + + $result['alg'] = $alg; + $result['key'] = base64url_encode($k,true); + openssl_public_encrypt($iv,$i,$pubkey); + $result['iv'] = base64url_encode($i,true); + return $result; + } + else { + $x = [ 'data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data ]; + call_hooks('other_encapsulate', $x); + return $x['result']; + } +} + +function crypto_methods() { + + if(\Zotlabs\Lib\System::get_server_role() !== 'pro') + return [ 'aes256cbc' ]; + + // 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. + // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. + // other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a + // particular implementation or choice of underlying implementations based on the key/iv length. + // The actual methods are responsible for deriving the actual key/iv from the provided parameters; + // possibly by truncation or segmentation - though many other methods could be used. + + $r = [ 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; + call_hooks('crypto_methods',$r); + return $r; + } function aes_encapsulate($data,$pubkey) { if(! $pubkey) logger('aes_encapsulate: no key. data: ' . $data); - $key = random_string(32,RANDOM_STRING_TEXT); - $iv = random_string(16,RANDOM_STRING_TEXT); + $key = openssl_random_pseudo_bytes(32); + $iv = openssl_random_pseudo_bytes(16); $result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true); // log the offending call so we can track it down if(! openssl_public_encrypt($key,$k,$pubkey)) { @@ -89,6 +184,22 @@ function crypto_unencapsulate($data,$prvkey) { if($alg === 'aes256cbc') return aes_unencapsulate($data,$prvkey); + return other_unencapsulate($data,$prvkey,$alg); + +} + +function other_unencapsulate($data,$prvkey,$alg) { + $fn = strtoupper($alg) . '_decrypt'; + if(function_exists($fn)) { + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); + return $fn(base64url_decode($data['data']),$k,$i); + } + else { + $x = [ 'data' => $data, 'prvkey' => $prvkey, 'alg' => $alg, 'result' => $data ]; + call_hooks('other_unencapsulate',$x); + return $x['result']; + } } @@ -315,7 +426,7 @@ function convert_salmon_key($key) { function z_obscure($s) { - return json_encode(crypto_encapsulate($s,get_config('system','pubkey'),CRYPTO_ALGORITHM)); + return json_encode(crypto_encapsulate($s,get_config('system','pubkey'))); } function z_unobscure($s) { diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index 0b5f085af..81a3bd590 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -98,7 +98,7 @@ class DBA { abstract class dba_driver { // legacy behavior - protected $db; + public $db; protected $pdo = array(); public $debug = 0; diff --git a/include/dba/dba_pdo.php b/include/dba/dba_pdo.php index e235c467b..f76e6cdd7 100755 --- a/include/dba/dba_pdo.php +++ b/include/dba/dba_pdo.php @@ -133,7 +133,7 @@ class dba_pdo extends dba_driver { } function unescapebin($str) { - if($this->driver_dbtype === 'pgsql') { + if($this->driver_dbtype === 'pgsql' && (! is_null($str))) { $x = ''; while(! feof($str)) { $x .= fread($str,8192); diff --git a/include/help.php b/include/help.php index f7fffc4d4..03d01d1a1 100644 --- a/include/help.php +++ b/include/help.php @@ -15,7 +15,7 @@ function get_help_content($tocpath = false) { $text = ''; $path = (($tocpath !== false) ? $tocpath : ''); - + if($tocpath === false && argc() > 1) { $path = ''; for($x = 1; $x < argc(); $x ++) { @@ -55,6 +55,7 @@ function get_help_content($tocpath = false) { if(! $text) { $doctype = 'bbcode'; $text = load_doc_file('doc/main.bb'); + goaway('/help/about/about_hubzilla'); \App::$page['title'] = t('Help'); } @@ -68,7 +69,7 @@ function get_help_content($tocpath = false) { } if($doctype === 'html') - $content = $text; + $content = parseIdentityAwareHTML($text); if($doctype === 'markdown') { require_once('library/markdown.php'); # escape #include tags diff --git a/include/items.php b/include/items.php index 4ac4d6049..9bd256d58 100755 --- a/include/items.php +++ b/include/items.php @@ -1463,6 +1463,11 @@ function item_store($arr, $allow_exec = false, $deliver = true) { $ret = array('success' => false, 'item_id' => 0); + if(array_key_exists('cancel',$arr) && $arr['cancel']) { + logger('cancelled by plugin'); + return $ret; + } + if(! $arr['uid']) { logger('item_store: no uid'); $ret['message'] = 'No uid.'; @@ -1808,6 +1813,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) { $x = q("update item set parent = id where id = %d", intval($r[0]['id']) ); + $arr['parent'] = $r[0]['id']; } @@ -1841,18 +1847,22 @@ function item_store($arr, $allow_exec = false, $deliver = true) { call_hooks('post_remote_end',$arr); - // update the commented timestamp on the parent + // update the commented timestamp on the parent - unless this is potentially a clone of an older item + // which we don't wish to bring to the surface. As the queue only holds deliveries for 3 days, it's + // suspected of being an older cloned item if the creation time is older than that. - $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", - dbesc($arr['parent_mid']), - intval($arr['uid']) - ); + if($arr['created'] > datetime_convert('','','now - 4 days')) { + $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", + dbesc($arr['parent_mid']), + intval($arr['uid']) + ); - q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", - dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), - dbesc(datetime_convert()), - intval($parent_id) - ); + q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", + dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), + dbesc(datetime_convert()), + intval($parent_id) + ); + } // If _creating_ a deleted item, don't propagate it further or send out notifications. @@ -1881,6 +1891,12 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { $allow_exec = $d['allow_exec']; $ret = array('success' => false, 'item_id' => 0); + + if(array_key_exists('cancel',$arr) && $arr['cancel']) { + logger('cancelled by plugin'); + return $ret; + } + if(! intval($arr['uid'])) { logger('item_store_update: no uid'); $ret['message'] = 'no uid.'; @@ -1987,20 +2003,8 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { $arr['commented'] = $orig[0]['commented']; - if($deliver) { - $arr['received'] = datetime_convert(); - $arr['changed'] = datetime_convert(); - } - else { - - // When deliver flag is false, we are *probably* performing an import or bulk migration. - // If one updates the changed timestamp it will be made available to zotfeed and delivery - // will still take place through backdoor methods. Since these fields are rarely used - // otherwise, just preserve the original timestamp. - - $arr['received'] = $orig[0]['received']; - $arr['changed'] = $orig[0]['changed']; - } + $arr['received'] = $orig[0]['received']; + $arr['changed'] = $orig[0]['changed']; $arr['route'] = ((array_key_exists('route',$arr)) ? trim($arr['route']) : $orig[0]['route']); $arr['diaspora_meta'] = ((x($arr,'diaspora_meta')) ? $arr['diaspora_meta'] : $orig[0]['diaspora_meta']); @@ -3968,8 +3972,8 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $sql_nets .= "( abook.abook_closeness >= " . intval($arr['cmin']) . " "; $sql_nets .= " AND abook.abook_closeness <= " . intval($arr['cmax']) . " ) "; - /** @fixme dead code, $cmax is undefined */ - if ($cmax == 99) + + if ($arr['cmax'] == 99) $sql_nets .= " OR abook.abook_closeness IS NULL ) "; } } @@ -4104,25 +4108,21 @@ function webpage_to_namespace($webpage) { function update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid) { - $page_type = ''; - if(! $post_id) return; - if($webpage == ITEM_TYPE_WEBPAGE) - $page_type = 'WEBPAGE'; - elseif($webpage == ITEM_TYPE_BLOCK) - $page_type = 'BUILDBLOCK'; - elseif($webpage == ITEM_TYPE_PDL) - $page_type = 'PDL'; - elseif($webpage == ITEM_TYPE_DOC) - $page_type = 'docfile'; - elseif($namespace && $remote_id) { + $page_type = webpage_to_namespace($webpage); + + if($page_type == 'unknown' && $namespace && $remote_id) { $page_type = $namespace; $pagetitle = $remote_id; } + else { + $page_type = ''; + } if($page_type) { + // store page info as an alternate message_id so we can access it via // https://sitename/page/$channelname/$pagetitle // if no pagetitle was given or it couldn't be transliterated into a url, use the first diff --git a/include/message.php b/include/message.php index 7cbea3c6b..bde07afd8 100644 --- a/include/message.php +++ b/include/message.php @@ -8,7 +8,7 @@ require_once('include/attach.php'); // send a private message -function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='',$expires = ''){ +function send_message($uid = 0, $recipient = '', $body = '', $subject = '', $replyto = '', $expires = NULL_DATE) { $ret = array('success' => false); $is_reply = false; @@ -16,19 +16,6 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $a = get_app(); $observer_hash = get_observer_hash(); - if(! $recipient) { - $ret['message'] = t('No recipient provided.'); - return $ret; - } - - if(! strlen($subject)) - $subject = t('[no subject]'); - -// if(! $expires) -// $expires = NULL_DATE; -// else -// $expires = datetime_convert(date_default_timezone_get(),'UTC',$expires); - if($uid) { $r = q("select * from channel where channel_id = %d limit 1", @@ -47,6 +34,46 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' } + $body = cleanup_bbcode($body); + $results = linkify_tags($a, $body, $uid); + + + if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$match)) + $attaches = $match[1]; + + $attachments = ''; + + if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { + $attachments = array(); + foreach($match[2] as $mtch) { + $hash = substr($mtch,0,strpos($mtch,',')); + $rev = intval(substr($mtch,strpos($mtch,','))); + $r = attach_by_hash_nodata($hash,get_observer_hash(),$rev); + if($r['success']) { + $attachments[] = array( + 'href' => z_root() . '/attach/' . $r['data']['hash'], + 'length' => $r['data']['filesize'], + 'type' => $r['data']['filetype'], + 'title' => urlencode($r['data']['filename']), + 'revision' => $r['data']['revision'] + ); + } + $body = trim(str_replace($match[1],'',$body)); + } + } + + $jattach = (($attachments) ? json_encode($attachments) : ''); + + + if(! $recipient) { + $ret['message'] = t('No recipient provided.'); + return $ret; + } + + if(! strlen($subject)) + $subject = t('[no subject]'); + + // look for any existing conversation structure $conv_guid = ''; @@ -156,31 +183,6 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $match = false; - if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$match)) - $attaches = $match[1]; - - $attachments = ''; - - if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { - $attachments = array(); - foreach($match[2] as $mtch) { - $hash = substr($mtch,0,strpos($mtch,',')); - $rev = intval(substr($mtch,strpos($mtch,','))); - $r = attach_by_hash_nodata($hash,get_observer_hash(),$rev); - if($r['success']) { - $attachments[] = array( - 'href' => z_root() . '/attach/' . $r['data']['hash'], - 'length' => $r['data']['filesize'], - 'type' => $r['data']['filetype'], - 'title' => urlencode($r['data']['filename']), - 'revision' => $r['data']['revision'] - ); - } - $body = trim(str_replace($match[1],'',$body)); - } - } - - $jattach = (($attachments) ? json_encode($attachments) : ''); if($subject) $subject = str_rot47(base64url_encode($subject)); diff --git a/include/oembed.php b/include/oembed.php index 52fb04058..eb7b76437 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -338,7 +338,7 @@ function oembed_iframe($src,$width,$height) { // Make sure any children are sandboxed within their own iframe. - return '<iframe ' . $scroll . 'height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' + return '<iframe ' . $scroll . 'height="' . $height . '" width="' . $width . '" src="' . $s . '" allowfullscreen frameborder="no" >' . t('Embedded content') . '</iframe>'; } diff --git a/include/text.php b/include/text.php index 12b37222b..593822bc7 100644 --- a/include/text.php +++ b/include/text.php @@ -2049,7 +2049,7 @@ function ids_to_array($arr,$idx = 'id') { $t = array(); if($arr) { foreach($arr as $x) { - if(array_key_exists($idx,$x) && strlen($x[$idx]) && (! in_array($x[$idx],$t))) { + if(array_key_exists($idx,$x) && strlen($x[$idx]) && (! in_array($x[$idx],$t))) { $t[] = $x[$idx]; } } @@ -2060,12 +2060,15 @@ function ids_to_array($arr,$idx = 'id') { -function ids_to_querystr($arr,$idx = 'id') { +function ids_to_querystr($arr,$idx = 'id',$quote = false) { $t = array(); if($arr) { foreach($arr as $x) { if(! in_array($x[$idx],$t)) { - $t[] = $x[$idx]; + if($quote) + $t[] = "'" . dbesc($x[$idx]) . "'"; + else + $t[] = $x[$idx]; } } } @@ -3058,4 +3061,50 @@ function create_table_from_array($table, $arr) { } return $r; -}
\ No newline at end of file +} + + + +function cleanup_bbcode($body) { + + + /** + * fix naked links by passing through a callback to see if this is a hubzilla site + * (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both. + * First protect any url inside certain bbcode tags so we don't double link it. + */ + + $body = preg_replace_callback('/\[code(.*?)\[\/(code)\]/ism','\red_escape_codeblock',$body); + $body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','\red_escape_codeblock',$body); + $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body); + + + $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ ++\,\(\)]+)/ism", '\nakedoembed', $body); + $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ ++\,\(\)]+)/ism", '\red_zrl_callback', $body); + + $body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body); + $body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body); + $body = preg_replace_callback('/\[\$b64code(.*?)\[\/(code)\]/ism','\red_unescape_codeblock',$body); + + + // fix any img tags that should be zmg + + $body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','\red_zrlify_img_callback',$body); + + + $body = bb_translate_video($body); + + /** + * Fold multi-line [code] sequences + */ + + $body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body); + + $body = scale_external_images($body,false); + + + return $body; + +} diff --git a/include/widgets.php b/include/widgets.php index c9194c2a3..919ea58a0 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -898,87 +898,17 @@ function widget_chatroom_members() { } function widget_wiki_list($arr) { - - require_once("include/wiki.php"); - $channel = null; - if (argc() < 2 && local_channel()) { - // This should not occur because /wiki should redirect to /wiki/channel ... - $channel = \App::get_channel(); - } else { - $channel = channelx_by_nick(argv(1)); // Channel being viewed by observer - } - if (!$channel) { - return ''; - } - // init() should have forced the URL to redirect to /wiki/channel so assume argc() > 1 - $nick = argv(1); - $owner = channelx_by_nick($nick); // The channel who owns the wikis being viewed - // Determine if the observer is the channel owner so the ACL dialog can be populated - if (local_channel() === intval($owner['channel_id'])) { - - // Obtain the default permission settings of the channel - $owner_acl = array( - 'allow_cid' => $owner['channel_allow_cid'], - 'allow_gid' => $owner['channel_allow_gid'], - 'deny_cid' => $owner['channel_deny_cid'], - 'deny_gid' => $owner['channel_deny_gid'] - ); - // Initialize the ACL to the channel default permissions - $x = array( - 'lockstate' => (( $owner['channel_allow_cid'] || - $owner['channel_allow_gid'] || - $owner['channel_deny_cid'] || - $owner['channel_deny_gid']) ? 'lock' : 'unlock' - ), - 'acl' => populate_acl($owner_acl), - 'allow_cid' => acl2json($owner_acl['allow_cid']), - 'allow_gid' => acl2json($owner_acl['allow_gid']), - 'deny_cid' => acl2json($owner_acl['deny_cid']), - 'deny_gid' => acl2json($owner_acl['deny_gid']), - 'bang' => '' - ); - } else { - // Not the channel owner - $owner_acl = $x = array(); - } - if(argc()>1) { - $activeWikiURLname = argv(2); - } else { - $activeWikiURLname = ''; - } - logger($activeWikiURLname, LOGGER_DEBUG); - $wikis = wiki_list($channel, get_observer_hash()); - foreach($wikis['wikis'] as &$w) { - if($w['urlName'] === $activeWikiURLname) { - $w['active'] = true; - } else { - $w['active'] = false; - } - } - if ($wikis) { - return replace_macros(get_markup_template('wikilist_widget.tpl'), array( - '$header' => t('Wiki List'), - '$channel' => $channel['channel_address'], - '$wikis' => $wikis['wikis'], - // If the observer is the local channel owner, show the wiki controls - '$owner' => ((local_channel() && local_channel() === intval(\App::$profile['uid'])) ? true : false), - '$edit' => t('Edit'), - '$download' => t('Download'), - '$view' => t('View'), - '$addnew' => t('Create new wiki'), - '$create' => t('Create'), - '$wikiName' => array('wikiName', t('Wiki name')), - '$lockstate' => $x['lockstate'], - '$acl' => $x['acl'], - '$allow_cid' => $x['allow_cid'], - '$allow_gid' => $x['allow_gid'], - '$deny_cid' => $x['deny_cid'], - '$deny_gid' => $x['deny_gid'], - '$bang' => $x['bang'], - '$notify' => array('postVisible', t('Send notification'), '', '', array(t('No'), t('Yes'))) - )); - } - return ''; + require_once("include/wiki.php"); + $channel = channelx_by_n(App::$profile_uid); + $wikis = wiki_list($channel, get_observer_hash()); + if($wikis) { + return replace_macros(get_markup_template('wikilist_widget.tpl'), array( + '$header' => t('Wiki List'), + '$channel' => $channel['channel_address'], + '$wikis' => $wikis['wikis'] + )); + } + return ''; } function widget_wiki_pages($arr) { @@ -1028,7 +958,8 @@ function widget_wiki_page_history($arr) { $pageHistory = wiki_page_history(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); return replace_macros(get_markup_template('wiki_page_history.tpl'), array( - '$pageHistory' => $pageHistory['history'] + '$pageHistory' => $pageHistory['history'], + '$permsWrite' => $arr['permsWrite'] )); } @@ -1473,14 +1404,23 @@ function widget_forums($arr) { $perms_sql = item_permissions_sql(local_channel()) . item_normal(); - /** - * We used to try and find public forums with custom permissions by checking to see if - * send_stream was false and tag_deliver was true. However with the newer extensible - * permissions infrastructure this makes for a very complicated query. Now we're only - * checking channels that report themselves specifically as pubforums - */ + $xf = false; + + $x1 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'send_stream' and v = 0", + intval(local_channel()) + ); + if($x1) { + $xc = ids_to_querystr($x1,'xchan',true); + $x2 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'tag_deliver' and v = 1 and xchan in (" . $xc . ") ", + intval(local_channel()) + ); + if($x2) + $xf = ids_to_querystr($x2,'xchan',true); + } + + $sql_extra = (($xf) ? " and ( xchan_hash in (" . $xf . ") or xchan_pubforum = 1 ) " : " and xchan_pubforum = 1 "); - $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_pubforum = 1 and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ", + $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_deleted = 0 and abook_channel = %d $sql_extra order by xchan_name $limit ", intval(local_channel()) ); if(! $r1) @@ -1564,7 +1504,6 @@ function widget_tasklist($arr) { function widget_helpindex($arr) { $o .= '<div class="widget">'; - $o .= '<h3>' . t('Documentation') . '</h3>'; $level_0 = get_help_content('sitetoc'); if(! $level_0) diff --git a/include/wiki.php b/include/wiki.php index d2cb51bd3..332d4efe0 100644 --- a/include/wiki.php +++ b/include/wiki.php @@ -14,11 +14,13 @@ function wiki_list($channel, $observer_hash) { intval($channel['channel_id']) ); if($wikis) { - foreach($wikis as &$w) { + foreach($wikis as &$w) { $w['rawName'] = get_iconfig($w, 'wiki', 'rawName'); $w['htmlName'] = get_iconfig($w, 'wiki', 'htmlName'); $w['urlName'] = get_iconfig($w, 'wiki', 'urlName'); $w['path'] = get_iconfig($w, 'wiki', 'path'); + $w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType'); + $w['lock'] = (($w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? true : false); } } // TODO: query db for wikis the observer can access. Return with two lists, for read and write access @@ -31,16 +33,29 @@ function wiki_page_list($resource_id) { if (!$w['path']) { return array('pages' => null, 'wiki' => null); } - $pages = array(); - $pages[] = array('title' => 'Home', 'url' => 'Home'); + + $pages[] = [ + 'resource_id' => '', + 'title' => 'Home', + 'url' => 'Home', + 'link_id' => 'id_wiki_home_0' + ]; + if (is_dir($w['path']) === true) { $files = array_diff(scandir($w['path']), array('.', '..', '.git')); // TODO: Check that the files are all text files - + $i = 1; foreach($files as $file) { - // strip the .md file extension and unwrap URL encoding to leave HTML encoded name - if( urldecode(substr($file, 0, -3)) !== 'Home') { - $pages[] = array('title' => urldecode(substr($file, 0, -3)), 'url' => urlencode(substr($file, 0, -3))); + // strip the file extension and unwrap URL encoding to leave HTML encoded name + $title = substr($file, 0, strrpos($file,'.')); + if(urldecode($title) !== 'Home') { + $pages[] = [ + 'resource_id' => $resource_id, + 'title' => urldecode($title), + 'url' => $title, + 'link_id' => 'id_' . substr($resource_id, 0, 10) . '_' . $i + ]; + $i++; } } } @@ -78,7 +93,7 @@ function wiki_create_wiki($channel, $observer_hash, $wiki, $acl) { $resource_id = random_string(); $r = q("SELECT mid FROM item WHERE resource_id = '%s' AND resource_type = '%s' AND uid = %d LIMIT 1", dbesc($resource_id), - dbesc(WIKI_ITEM_RESOURCE_TYPE), + dbesc(WIKI_ITEM_RESOURCE_TYPE), intval($channel['channel_id']) ); if (count($r)) @@ -126,11 +141,14 @@ function wiki_create_wiki($channel, $observer_hash, $wiki, $acl) { if (!set_iconfig($arr, 'wiki', 'urlName', $wiki['urlName'], true)) { return array('item' => null, 'success' => false); } + if (!set_iconfig($arr, 'wiki', 'mimeType', $wiki['mimeType'], true)) { + return array('item' => null, 'success' => false); + } $post = item_store($arr); $item_id = $post['item_id']; if ($item_id) { - \Zotlabs\Daemon\Master::Summon(array('Notifier', 'activity', $item_id)); + \Zotlabs\Daemon\Master::Summon(array('Notifier', 'activity', $item_id)); return array('item' => $post['item'], 'success' => true); } else { return array('item' => null, 'success' => false); @@ -155,8 +173,8 @@ function wiki_delete_wiki($resource_id) { function wiki_get_wiki($resource_id) { $item = q("SELECT * FROM item WHERE resource_type = '%s' AND resource_id = '%s' AND item_deleted = 0 limit 1", - dbesc(WIKI_ITEM_RESOURCE_TYPE), - dbesc($resource_id) + dbesc(WIKI_ITEM_RESOURCE_TYPE), + dbesc($resource_id) ); if (!$item) { return array('wiki' => null, 'path' => null); @@ -166,17 +184,21 @@ function wiki_get_wiki($resource_id) { $rawName = get_iconfig($w, 'wiki', 'rawName'); $htmlName = get_iconfig($w, 'wiki', 'htmlName'); $urlName = get_iconfig($w, 'wiki', 'urlName'); + $mimeType = get_iconfig($w, 'wiki', 'mimeType'); + $path = get_iconfig($w, 'wiki', 'path'); if (!realpath(__DIR__ . '/../' . $path)) { return array('wiki' => null, 'path' => null); } // Path to wiki exists $abs_path = realpath(__DIR__ . '/../' . $path); - return array( 'wiki' => $w, - 'path' => $abs_path, - 'rawName' => $rawName, - 'htmlName' => $htmlName, - 'urlName' => $urlName + return array( + 'wiki' => $w, + 'path' => $abs_path, + 'rawName' => $rawName, + 'htmlName' => $htmlName, + 'urlName' => $urlName, + 'mimeType' => $mimeType ); } } @@ -205,8 +227,8 @@ function wiki_get_permissions($resource_id, $owner_id, $observer_hash) { $r = q("SELECT * FROM item WHERE uid = %d and resource_type = '%s' AND resource_id = '%s' $sql_extra LIMIT 1", intval($owner_id), dbesc(WIKI_ITEM_RESOURCE_TYPE), - dbesc($resource_id) - ); + dbesc($resource_id) + ); if (!$r) { return array('read' => false, 'write' => false, 'success' => true); @@ -223,7 +245,8 @@ function wiki_create_page($name, $resource_id) { if (!$w['path']) { return array('page' => null, 'wiki' => null, 'message' => 'Wiki not found.', 'success' => false); } - $page = array('rawName' => $name, 'htmlName' => escape_tags($name), 'urlName' => urlencode(escape_tags($name)), 'fileName' => urlencode(escape_tags($name)).'.md'); + + $page = array('rawName' => $name, 'htmlName' => escape_tags($name), 'urlName' => urlencode(escape_tags($name)), 'fileName' => urlencode(escape_tags($name)) . wiki_get_file_ext($w)); $page_path = $w['path'] . '/' . $page['fileName']; if (is_file($page_path)) { return array('page' => null, 'wiki' => null, 'message' => 'Page already exists.', 'success' => false); @@ -245,11 +268,11 @@ function wiki_rename_page($arr) { if (!$w['path']) { return array('message' => 'Wiki not found.', 'success' => false); } - $page_path_old = $w['path'].'/'.$pageUrlName.'.md'; + $page_path_old = $w['path'] . '/' . $pageUrlName . wiki_get_file_ext($w); if (!is_readable($page_path_old) === true) { return array('message' => 'Cannot read wiki page: ' . $page_path_old, 'success' => false); } - $page = array('rawName' => $pageNewName, 'htmlName' => escape_tags($pageNewName), 'urlName' => urlencode(escape_tags($pageNewName)), 'fileName' => urlencode(escape_tags($pageNewName)).'.md'); + $page = array('rawName' => $pageNewName, 'htmlName' => escape_tags($pageNewName), 'urlName' => urlencode(escape_tags($pageNewName)), 'fileName' => urlencode(escape_tags($pageNewName)) . wiki_get_file_ext($w)); $page_path_new = $w['path'] . '/' . $page['fileName'] ; if (is_file($page_path_new)) { return array('message' => 'Page already exists.', 'success' => false); @@ -270,7 +293,7 @@ function wiki_get_page_content($arr) { if (!$w['path']) { return array('content' => null, 'message' => 'Error reading wiki', 'success' => false); } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; + $page_path = $w['path'] . '/' . $pageUrlName . wiki_get_file_ext($w); if (is_readable($page_path) === true) { if(filesize($page_path) === 0) { $content = ''; @@ -281,7 +304,7 @@ function wiki_get_page_content($arr) { } } // TODO: Check that the files are all text files - return array('content' => json_encode($content), 'message' => '', 'success' => true); + return array('content' => json_encode($content), 'mimeType' => $w['mimeType'], 'message' => '', 'success' => true); } } @@ -292,7 +315,7 @@ function wiki_page_history($arr) { if (!$w['path']) { return array('history' => null, 'message' => 'Error reading wiki', 'success' => false); } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; + $page_path = $w['path'] . '/' . $pageUrlName . wiki_get_file_ext($w); if (!is_readable($page_path) === true) { return array('history' => null, 'message' => 'Cannot read wiki page: ' . $page_path, 'success' => false); } @@ -317,12 +340,14 @@ function wiki_save_page($arr) { if (!$w['path']) { return array('message' => 'Error reading wiki', 'success' => false); } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; + + $fileName = $pageUrlName . wiki_get_file_ext($w); + $page_path = $w['path'] . '/' . $fileName; if (is_writable($page_path) === true) { if(!file_put_contents($page_path, $content)) { return array('message' => 'Error writing to page file', 'success' => false); } - return array('message' => '', 'success' => true); + return array('message' => '', 'filename' => $filename, 'success' => true); } else { return array('message' => 'Page file not writable', 'success' => false); } @@ -335,7 +360,7 @@ function wiki_delete_page($arr) { if (!$w['path']) { return array('message' => 'Error reading wiki', 'success' => false); } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; + $page_path = $w['path'] . '/' . $pageUrlName . wiki_get_file_ext($w); if (is_writable($page_path) === true) { if(!unlink($page_path)) { return array('message' => 'Error deleting page file', 'success' => false); @@ -357,7 +382,7 @@ function wiki_revert_page($arr) { if (!$w['path']) { return array('content' => $content, 'message' => 'Error reading wiki', 'success' => false); } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; + $page_path = $w['path'] . '/' . $pageUrlName . wiki_get_file_ext($w); if (is_writable($page_path) === true) { $reponame = ((array_key_exists('title', $w['wiki'])) ? urlencode($w['wiki']['title']) : 'repo'); @@ -369,7 +394,7 @@ function wiki_revert_page($arr) { try { $git->setIdentity($observer['xchan_name'], $observer['xchan_addr']); foreach ($git->git->tree($commitHash) as $object) { - if ($object['type'] == 'blob' && $object['file'] === $pageUrlName.'.md' ) { + if ($object['type'] == 'blob' && $object['file'] === $pageUrlName . wiki_get_file_ext($w)) { $content = $git->git->cat->blob($object['hash']); } } @@ -394,7 +419,7 @@ function wiki_compare_page($arr) { if (!$w['path']) { return array('message' => 'Error reading wiki', 'success' => false); } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; + $page_path = $w['path'] . '/' . $pageUrlName . wiki_get_file_ext($w); if (is_readable($page_path) === true) { $reponame = ((array_key_exists('title', $w['wiki'])) ? urlencode($w['wiki']['title']) : 'repo'); if($reponame === '') { @@ -404,12 +429,12 @@ function wiki_compare_page($arr) { $compareContent = $currentContent = ''; try { foreach ($git->git->tree($currentCommit) as $object) { - if ($object['type'] == 'blob' && $object['file'] === $pageUrlName.'.md' ) { + if ($object['type'] == 'blob' && $object['file'] === $pageUrlName . wiki_get_file_ext($w)) { $currentContent = $git->git->cat->blob($object['hash']); } } foreach ($git->git->tree($compareCommit) as $object) { - if ($object['type'] == 'blob' && $object['file'] === $pageUrlName.'.md' ) { + if ($object['type'] == 'blob' && $object['file'] === $pageUrlName . wiki_get_file_ext($w)) { $compareContent = $git->git->cat->blob($object['hash']); } } @@ -472,15 +497,6 @@ function wiki_git_commit($arr) { } } -function wiki_generate_page_filename($name) { - $file = urlencode(escape_tags($name)); - if( $file === '') { - return null; - } else { - return $file . '.md'; - } -} - function wiki_convert_links($s, $wikiURL) { if (strpos($s,'[[') !== false) { @@ -508,7 +524,6 @@ function wiki_convert_links($s, $wikiURL) { * @return string */ function wiki_generate_toc($s) { - if (strpos($s,'[toc]') !== false) { //$toc_md = wiki_toc($s); // Generate Markdown-formatted list prior to HTML render $toc_md = '<ul id="wiki-toc"></ul>'; // use the available jQuery plugin http://ndabas.github.io/toc/ @@ -550,6 +565,13 @@ function wiki_bbcode($s) { return $s; } +function wiki_get_file_ext($arr) { + if($arr['mimeType'] == 'text/bbcode') + return '.bb'; + else + return '.md'; +} + // This function is derived from // http://stackoverflow.com/questions/32068537/generate-table-of-contents-from-markdown-in-php function wiki_toc($content) { @@ -558,36 +580,36 @@ function wiki_toc($content) { // look for markdown TOC items preg_match_all( - '/^(?:=|-|#).*$/m', - $source, - $matches, - PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE + '/^(?:=|-|#).*$/m', + $source, + $matches, + PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE ); // preprocess: iterate matched lines to create an array of items // where each item is an array(level, text) $file_size = strlen($source); foreach ($matches[0] as $item) { - $found_mark = substr($item[0], 0, 1); - if ($found_mark == '#') { - // text is the found item - $item_text = $item[0]; - $item_level = strrpos($item_text, '#') + 1; - $item_text = substr($item_text, $item_level); - } else { - // text is the previous line (empty if <hr>) - $item_offset = $item[1]; - $prev_line_offset = strrpos($source, "\n", -($file_size - $item_offset + 2)); - $item_text = - substr($source, $prev_line_offset, $item_offset - $prev_line_offset - 1); - $item_text = trim($item_text); - $item_level = $found_mark == '=' ? 1 : 2; - } - if (!trim($item_text) OR strpos($item_text, '|') !== FALSE) { - // item is an horizontal separator or a table header, don't mind - continue; - } - $raw_toc[] = ['level' => $item_level, 'text' => trim($item_text)]; + $found_mark = substr($item[0], 0, 1); + if ($found_mark == '#') { + // text is the found item + $item_text = $item[0]; + $item_level = strrpos($item_text, '#') + 1; + $item_text = substr($item_text, $item_level); + } else { + // text is the previous line (empty if <hr>) + $item_offset = $item[1]; + $prev_line_offset = strrpos($source, "\n", -($file_size - $item_offset + 2)); + $item_text = + substr($source, $prev_line_offset, $item_offset - $prev_line_offset - 1); + $item_text = trim($item_text); + $item_level = $found_mark == '=' ? 1 : 2; + } + if (!trim($item_text) OR strpos($item_text, '|') !== FALSE) { + // item is an horizontal separator or a table header, don't mind + continue; + } + $raw_toc[] = ['level' => $item_level, 'text' => trim($item_text)]; } $o = ''; foreach($raw_toc as $t) { diff --git a/include/zot.php b/include/zot.php index 2cd60e815..853c8eb9e 100644 --- a/include/zot.php +++ b/include/zot.php @@ -110,20 +110,21 @@ function zot_get_hublocs($hash) { * @param string $extra * @returns string json encoded zot packet */ -function zot_build_packet($channel, $type = 'notify', $recipients = null, $remote_key = null, $secret = null, $extra = null) { +function zot_build_packet($channel, $type = 'notify', $recipients = null, $remote_key = null, $methods = '', $secret = null, $extra = null) { - $data = array( + $data = [ 'type' => $type, - 'sender' => array( + 'sender' => [ 'guid' => $channel['channel_guid'], 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'])), 'url' => z_root(), 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), 'sitekey' => get_config('system','pubkey') - ), + ], 'callback' => '/post', - 'version' => ZOT_REVISION - ); + 'version' => ZOT_REVISION, + 'encryption' => crypto_methods() + ]; if ($recipients) { for ($x = 0; $x < count($recipients); $x ++) @@ -146,14 +147,54 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot // Hush-hush ultra top-secret mode - if ($remote_key) { - $data = crypto_encapsulate(json_encode($data),$remote_key, CRYPTO_ALGORITHM); + if($remote_key) { + $algorithm = zot_best_algorithm($methods); + $data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm); } return json_encode($data); } /** + * @brief choose best encryption function from those available on both sites + * + * @param string $methods + * comma separated list of encryption methods + * @return string first match from our site method preferences crypto_methods() array + * of a method which is common to both sites; or 'aes256cbc' if no matches are found. + */ + +function zot_best_algorithm($methods) { + + if(\Zotlabs\Lib\System::get_server_role() !== 'pro') + return 'aes256cbc'; + + $x = [ 'methods' => $methods, 'result' => '' ]; + call_hooks('zot_best_algorithm',$x); + if($x['result']) + return $x['result']; + + if($methods) { + $x = explode(',',$methods); + if($x) { + $y = crypto_methods(); + if($y) { + foreach($y as $yv) { + $yv = trim($yv); + if(in_array($yv,$x)) { + return($yv); + } + } + } + } + } + + return 'aes256cbc'; +} + + + +/** * @brief * * @see z_post_url() @@ -167,101 +208,11 @@ function zot_zot($url, $data) { } /** - * @brief Look up information about channel. - * - * @param string $webbie - * does not have to be host qualified e.g. 'foo' is treated as 'foo\@thishub' - * @param array $channel - * (optional), if supplied permissions will be enumerated specifically for $channel - * @param boolean $autofallback - * fallback/failover to http if https connection cannot be established. Default is true. - * - * @return array see z_post_url() and \ref Zotlabs::Zot::Finger "\\Zotlabs\\Zot\\Finger" - */ -function zot_finger($webbie, $channel = null, $autofallback = true) { - - if (strpos($webbie,'@') === false) { - $address = $webbie; - $host = App::get_hostname(); - } else { - $address = substr($webbie,0,strpos($webbie,'@')); - $host = substr($webbie,strpos($webbie,'@')+1); - if(strpos($host,'/')) - $host = substr($host,0,strpos($host,'/')); - } - - $xchan_addr = $address . '@' . $host; - - if ((! $address) || (! $xchan_addr)) { - logger('zot_finger: no address :' . $webbie); - return array('success' => false); - } - logger('using xchan_addr: ' . $xchan_addr, LOGGER_DATA, LOG_DEBUG); - - // potential issue here; the xchan_addr points to the primary hub. - // The webbie we were called with may not, so it might not be found - // unless we query for hubloc_addr instead of xchan_addr - - $r = q("select xchan.*, hubloc.* from xchan - left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and hubloc_primary = 1 limit 1", - dbesc($xchan_addr) - ); - - if ($r) { - $url = $r[0]['hubloc_url']; - - if ($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') { - logger('zot_finger: alternate network: ' . $webbie); - logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG); - return array('success' => false); - } - } else { - $url = 'https://' . $host; - } - - $rhs = '/.well-known/zot-info'; - $https = ((strpos($url,'https://') === 0) ? true : false); - - logger('zot_finger: ' . $address . ' at ' . $url, LOGGER_DEBUG); - - if ($channel) { - $postvars = array( - 'address' => $address, - 'target' => $channel['channel_guid'], - 'target_sig' => $channel['channel_guid_sig'], - 'key' => $channel['channel_pubkey'] - ); - - $result = z_post_url($url . $rhs,$postvars); - - if ((! $result['success']) && ($autofallback)) { - if ($https) { - logger('zot_finger: https failed. falling back to http'); - $result = z_post_url('http://' . $host . $rhs,$postvars); - } - } - } else { - $rhs .= '?f=&address=' . urlencode($address); - - $result = z_fetch_url($url . $rhs); - if ((! $result['success']) && ($autofallback)) { - if ($https) { - logger('zot_finger: https failed. falling back to http'); - $result = z_fetch_url('http://' . $host . $rhs); - } - } - } - - if (! $result['success']) - logger('zot_finger: no results'); - - return $result; -} - -/** * @brief Refreshes after permission changed or friending, etc. * + * The top half of this function is similar to \Zotlabs\Zot\Finger::run() and could potentially be + * consolidated. + * * zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified * to fetch new permissions via a finger/discovery operation. This may result in a new connection * (abook entry) being added to a local channel and it may result in auto-permissions being granted. @@ -283,6 +234,7 @@ function zot_finger($webbie, $channel = null, $autofallback = true) { * * @returns boolean true if successful, else false */ + function zot_refresh($them, $channel = null, $force = false) { if (array_key_exists('xchan_network', $them) && ($them['xchan_network'] !== 'zot')) { @@ -298,7 +250,8 @@ function zot_refresh($them, $channel = null, $force = false) { if ($them['hubloc_url']) { $url = $them['hubloc_url']; - } else { + } + else { $r = null; // if they re-installed the server we could end up with the wrong record - pointing to the old install. @@ -334,7 +287,7 @@ function zot_refresh($them, $channel = null, $force = false) { $token = random_string(); - $postvars = array(); + $postvars = []; $postvars['token'] = $token; @@ -395,11 +348,13 @@ function zot_refresh($them, $channel = null, $force = false) { if($channel) { if($j['permissions']['data']) { - $permissions = crypto_unencapsulate(array( + $permissions = crypto_unencapsulate( + [ 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv'], - 'alg' => $j['permissions']['alg']), + 'alg' => $j['permissions']['alg'] + ], $channel['channel_prvkey']); if($permissions) $permissions = json_decode($permissions,true); @@ -425,6 +380,10 @@ function zot_refresh($them, $channel = null, $force = false) { $next_birthday = NULL_DATE; } + + // Keep original perms to check if we need to notify them + $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); + $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc($x['hash']), intval($channel['channel_id']) @@ -488,10 +447,6 @@ function zot_refresh($them, $channel = null, $force = false) { } } - // Keep original perms to check if we need to notify them - $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); - - $closeness = get_pconfig($channel['channel_id'],'system','new_abook_closeness'); if($closeness === false) $closeness = 80; @@ -521,12 +476,14 @@ function zot_refresh($them, $channel = null, $force = false) { if($new_connection) { if(! \Zotlabs\Access\Permissions::PermsCompare($new_perms,$previous_perms)) Zotlabs\Daemon\Master::Summon(array('Notifier','permission_create',$new_connection[0]['abook_id'])); - Zotlabs\Lib\Enotify::submit(array( + Zotlabs\Lib\Enotify::submit( + [ 'type' => NOTIFY_INTRO, 'from_xchan' => $x['hash'], 'to_xchan' => $channel['channel_hash'], - 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'], - )); + 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'] + ] + ); if(intval($permissions['view_stream'])) { if(intval(get_pconfig($channel['channel_id'],'perm_limits','send_stream') & PERMS_PENDING) @@ -536,6 +493,7 @@ function zot_refresh($them, $channel = null, $force = false) { /** If there is a default group for this channel, add this connection to it */ + $default_group = $channel['channel_default_group']; if($default_group) { require_once('include/group.php'); @@ -581,6 +539,7 @@ function zot_refresh($them, $channel = null, $force = false) { * @returns array|null null if site is blacklisted or not found, otherwise an * array with an hubloc record */ + function zot_gethub($arr, $multiple = false) { if($arr['guid'] && $arr['guid_sig'] && $arr['url'] && $arr['url_sig']) { @@ -593,7 +552,7 @@ function zot_gethub($arr, $multiple = false) { $limit = (($multiple) ? '' : ' limit 1 '); $sitekey = ((array_key_exists('sitekey',$arr) && $arr['sitekey']) ? " and hubloc_sitekey = '" . protect_sprintf($arr['sitekey']) . "' " : ''); - $r = q("select * from hubloc + $r = q("select hubloc.*, site.site_crypto from hubloc left join site on hubloc_url = site_url where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_url = '%s' and hubloc_url_sig = '%s' $sitekey $limit", @@ -630,9 +589,10 @@ function zot_gethub($arr, $multiple = false) { * * \b success boolean true or false * * \b message (optional) error string only if success is false */ + function zot_register_hub($arr) { - $result = array('success' => false); + $result = [ 'success' => false ]; if($arr['url'] && $arr['url_sig'] && $arr['guid'] && $arr['guid_sig']) { @@ -691,6 +651,7 @@ function zot_register_hub($arr) { * * \e boolean \b success boolean true or false * * \e string \b message (optional) error string only if success is false */ + function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { call_hooks('import_xchan', $arr); @@ -789,7 +750,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $what .= 'xchan '; $changed = true; } - } else { + } + else { $import_photos = true; if((($arr['site']['directory_mode'] === 'standalone') @@ -825,7 +787,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $changed = true; } - if ($import_photos) { + if($import_photos) { require_once('include/photo/photo_driver.php'); @@ -834,9 +796,9 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $local = q("select channel_account_id, channel_id from channel where channel_hash = '%s' limit 1", dbesc($xchan_hash) ); - if ($local) { + if($local) { $ph = z_fetch_url($arr['photo'], true); - if ($ph['success']) { + if($ph['success']) { $hash = import_channel_photo($ph['body'], $arr['photo_mimetype'], $local[0]['channel_account_id'], $local[0]['channel_id']); @@ -874,11 +836,12 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { false ); } - } else { + } + else { $photos = import_xchan_photo($arr['photo'], $xchan_hash); } - if ($photos) { - if ($photos[4]) { + if($photos) { + if($photos[4]) { // importing the photo failed somehow. Leave the photo_date alone so we can try again at a later date. // This often happens when somebody joins the matrix with a bad cert. $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' @@ -889,7 +852,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { dbesc($photos[3]), dbesc($xchan_hash) ); - } else { + } + else { $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])), @@ -946,7 +910,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $what .= 'profile '; $changed = true; } - } else { + } + else { logger('import_xchan: profile not available - hiding'); // they may have made it private $r = q("delete from xprof where xprof_hash = '%s'", @@ -999,16 +964,17 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { * @param array $arr - output of z_post_url() * @param array $outq - The queue structure attached to this request */ + function zot_process_response($hub, $arr, $outq) { - if (! $arr['success']) { + if(! $arr['success']) { logger('zot_process_response: failed: ' . $hub); return; } $x = json_decode($arr['body'], true); - if (! $x) { + if(! $x) { logger('zot_process_response: No json from ' . $hub); logger('zot_process_response: headers: ' . print_r($arr['header'],true), LOGGER_DATA, LOG_DEBUG); } @@ -1066,6 +1032,7 @@ function zot_process_response($hub, $arr, $outq) { * decrypted and json decoded notify packet from remote site * @return array from zot_import() */ + function zot_fetch($arr) { logger('zot_fetch: ' . print_r($arr,true), LOGGER_DATA, LOG_DEBUG); @@ -1083,16 +1050,18 @@ function zot_fetch($arr) { } foreach($ret_hubs as $ret_hub) { - $data = array( - 'type' => 'pickup', - 'url' => z_root(), - 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post',get_config('system','prvkey'))), - 'callback' => z_root() . '/post', - 'secret' => $arr['secret'], - 'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey'))) - ); - $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'], CRYPTO_ALGORITHM)); + $data = [ + 'type' => 'pickup', + 'url' => z_root(), + 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), + 'callback' => z_root() . '/post', + 'secret' => $arr['secret'], + 'secret_sig' => base64url_encode(rsa_sign($arr['secret'], get_config('system','prvkey'))) + ]; + + $algorithm = zot_best_algorithm($ret_hub['site_crypto']); + $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'], $algorithm)); $fetch = zot_zot($url,$datatosend); @@ -1143,6 +1112,11 @@ function zot_import($arr, $sender_url) { $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true); } + if(! is_array($data)) { + logger('decode error'); + return array(); + } + if(! $data['success']) { if($data['message']) logger('remote pickup failed: ' . $data['message']); @@ -1168,6 +1142,12 @@ function zot_import($arr, $sender_url) { logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA, LOG_DEBUG); + if(! is_array($i['notify'])) { + logger('decode error'); + continue; + } + + $hub = zot_gethub($i['notify']['sender']); if((! $hub) || ($hub['hubloc_url'] != $sender_url)) { logger('zot_import: potential forgery: wrong site for sender: ' . $sender_url . ' != ' . print_r($i['notify'],true)); @@ -1358,6 +1338,7 @@ function zot_import($arr, $sender_url) { * @param array $msg * @return NULL|array */ + function public_recips($msg) { require_once('include/channel.php'); @@ -1567,6 +1548,7 @@ function allowed_public_recips($msg) { * @param boolean $request (optional) default false * @return array */ + function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $request = false) { $result = array(); @@ -1876,6 +1858,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ * * \e int \b mid * @param int $uid */ + function remove_community_tag($sender, $arr, $uid) { if(! (activity_match($arr['verb'], ACTIVITY_TAG) && ($arr['obj_type'] == ACTIVITY_OBJ_TAGTERM))) @@ -1946,6 +1929,7 @@ function remove_community_tag($sender, $arr, $uid) { * @param array $orig * @param int $uid */ + function update_imported_item($sender, $item, $orig, $uid) { // If this is a comment being updated, remove any privacy information @@ -1986,6 +1970,7 @@ function update_imported_item($sender, $item, $orig, $uid) { * @param boolean $relay * @return boolean|int post_id */ + function delete_imported_item($sender, $item, $uid, $relay) { logger('delete_imported_item invoked', LOGGER_DEBUG); @@ -2003,13 +1988,14 @@ function delete_imported_item($sender, $item, $uid, $relay) { intval($uid) ); - if ($r) { - if ($r[0]['author_xchan'] === $sender['hash'] || $r[0]['owner_xchan'] === $sender['hash'] || $r[0]['source_xchan'] === $sender['hash']) + if($r) { + if($r[0]['author_xchan'] === $sender['hash'] || $r[0]['owner_xchan'] === $sender['hash'] || $r[0]['source_xchan'] === $sender['hash']) $ownership_valid = true; $post_id = $r[0]['id']; $item_found = true; - } else { + } + else { // perhaps the item is still in transit and the delete notification got here before the actual item did. Store it with the deleted flag set. // item_store() won't try to deliver any notifications or start delivery chains if this flag is set. @@ -2018,25 +2004,24 @@ function delete_imported_item($sender, $item, $uid, $relay) { logger('delete received for non-existent item - storing item data.'); - /** @BUG $arr is undefined here, so this is dead code */ - if ($arr['author_xchan'] === $sender['hash'] || $arr['owner_xchan'] === $sender['hash'] || $arr['source_xchan'] === $sender['hash']) { + if($item['author_xchan'] === $sender['hash'] || $item['owner_xchan'] === $sender['hash'] || $item['source_xchan'] === $sender['hash']) { $ownership_valid = true; - $item_result = item_store($arr); + $item_result = item_store($item); $post_id = $item_result['item_id']; } } - if ($ownership_valid === false) { + if($ownership_valid === false) { logger('delete_imported_item: failed: ownership issue'); return false; } require_once('include/items.php'); - if ($item_found) { - if (intval($r[0]['item_deleted'])) { + if($item_found) { + if(intval($r[0]['item_deleted'])) { logger('delete_imported_item: item was already deleted'); - if (! $relay) + if(! $relay) return false; // This is a bit hackish, but may have to suffice until the notification/delivery loop is optimised @@ -2147,6 +2132,7 @@ function process_mail_delivery($sender, $arr, $deliveries) { * * \e string \b hash a xchan_hash * @param array $arr */ + function process_rating_delivery($sender, $arr) { logger('process_rating_delivery: ' . print_r($arr,true)); @@ -2206,6 +2192,7 @@ function process_rating_delivery($sender, $arr) { * @param array $arr * @param array $deliveries (unused) */ + function process_profile_delivery($sender, $arr, $deliveries) { logger('process_profile_delivery', LOGGER_DEBUG); @@ -2302,6 +2289,7 @@ function check_location_move($sender_hash,$locations) { * @param boolean $absolute (optional) default false * @return array */ + function sync_locations($sender, $arr, $absolute = false) { $ret = array(); @@ -2549,7 +2537,7 @@ function zot_encode_locations($channel) { if(intval($channel['channel_removed']) && $hub['hubloc_url'] === z_root()) $hub['hubloc_deleted'] = 1; - $ret[] = array( + $ret[] = [ 'host' => $hub['hubloc_host'], 'address' => $hub['hubloc_addr'], 'primary' => (intval($hub['hubloc_primary']) ? true : false), @@ -2558,7 +2546,7 @@ function zot_encode_locations($channel) { 'callback' => $hub['hubloc_callback'], 'sitekey' => $hub['hubloc_sitekey'], 'deleted' => (intval($hub['hubloc_deleted']) ? true : false) - ); + ]; } } @@ -2575,6 +2563,7 @@ function zot_encode_locations($channel) { * @param number $suppress_update default 0 * @return boolean $updated if something changed */ + function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLAGS_UPDATED, $suppress_update = 0) { logger('import_directory_profile', LOGGER_DEBUG); @@ -2709,6 +2698,7 @@ function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLA * @param string $hash * @param array $keywords */ + function import_directory_keywords($hash, $keywords) { $existing = array(); @@ -2753,6 +2743,7 @@ function import_directory_keywords($hash, $keywords) { * @param string $addr * @param int $flags (optional) default 0 */ + function update_modtime($hash, $guid, $addr, $flags = 0) { $dirmode = intval(get_config('system', 'directory_mode')); @@ -2785,6 +2776,7 @@ function update_modtime($hash, $guid, $addr, $flags = 0) { * @param string $pubkey * @return boolean true if updated or inserted */ + function import_site($arr, $pubkey) { if( (! is_array($arr)) || (! $arr['url']) || (! $arr['url_sig'])) return false; @@ -2852,7 +2844,7 @@ function import_site($arr, $pubkey) { $site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false); $site_realm = htmlspecialchars($arr['realm'],ENT_COMPAT,'UTF-8',false); $site_project = htmlspecialchars($arr['project'],ENT_COMPAT,'UTF-8',false); - $site_crypto = ((array_key_exists('encryption',$arr)) ? implode(',', htmlspecialchars($arr['encryption'],ENT_COMPAT,'UTF-8',false)) : ''); + $site_crypto = ((array_key_exists('encryption',$arr) && is_array($arr['encryption'])) ? htmlspecialchars(implode(',',$arr['encryption']),ENT_COMPAT,'UTF-8',false) : ''); $site_version = ((array_key_exists('version',$arr)) ? htmlspecialchars($arr['version'],ENT_COMPAT,'UTF-8',false) : ''); // You can have one and only one primary directory per realm. @@ -2947,6 +2939,7 @@ function import_site($arr, $pubkey) { * @param array $packet (optional) default null * @param boolean $groups_changed (optional) default false */ + function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { if(get_config('system','server_role') === 'basic') @@ -2982,7 +2975,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { if(intval($channel['channel_removed'])) return; - $h = q("select * from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", + $h = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash = '%s' and hubloc_deleted = 0", dbesc($channel['channel_hash']) ); @@ -3069,7 +3062,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { foreach($synchubs as $hub) { $hash = random_string(); - $n = zot_build_packet($channel,'notify',$env_recips,$hub['hubloc_sitekey'],$hash); + $n = zot_build_packet($channel,'notify',$env_recips,$hub['hubloc_sitekey'],$hub['site_crypto'],$hash); queue_insert(array( 'hash' => $hash, 'account_id' => $channel['channel_account_id'], @@ -3095,6 +3088,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { * @param array $deliveries * @return array */ + function process_channel_sync_delivery($sender, $arr, $deliveries) { if(get_config('system','server_role') === 'basic') @@ -3569,6 +3563,7 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { * * \e string \b xchan_url * @return string */ + function get_rpost_path($observer) { if(! $observer) return ''; @@ -3584,6 +3579,7 @@ function get_rpost_path($observer) { * @param array $x * @return boolean|string return false or a hash */ + function import_author_zot($x) { $hash = make_xchan_hash($x['guid'],$x['guid_sig']); @@ -3623,6 +3619,7 @@ function import_author_zot($x) { * @param array $data * @return array */ + function zot_reply_message_request($data) { $ret = array('success' => false); @@ -3659,7 +3656,7 @@ function zot_reply_message_request($data) { if ($messages) { $env_recips = null; - $r = q("select * from hubloc where hubloc_hash = '%s' and hubloc_error = 0 and hubloc_deleted = 0", + $r = q("select hubloc.*, site.site_crypto from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s' and hubloc_error = 0 and hubloc_deleted = 0", dbesc($sender_hash) ); if (! $r) { @@ -3681,7 +3678,7 @@ function zot_reply_message_request($data) { * create a notify packet and drop the actual message packet in the queue for pickup */ - $n = zot_build_packet($c[0],'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null),$hash,array('message_id' => $data['message_id'])); + $n = zot_build_packet($c[0],'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null),$hub['site_crypto'],$hash,array('message_id' => $data['message_id'])); queue_insert(array( 'hash' => $hash, @@ -3918,7 +3915,12 @@ function zotinfo($arr) { $permissions['connected'] = true; } - $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey, CRYPTO_ALGORITHM) : $permissions); + // encrypt this with the default aes256cbc since we cannot be sure at this point which + // algorithms are preferred for communications with the remote site; notably + // because ztarget refers to an xchan and we don't necessarily know the origination + // location. + + $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey) : $permissions); if($permissions['view_profile']) $ret['profile'] = $profile; @@ -3948,6 +3950,8 @@ function zotinfo($arr) { $ret['site']['directory_url'] = z_root() . '/dirsearch'; + $ret['site']['encryption'] = crypto_methods(); + // hide detailed site information if you're off the grid if($dirmode != DIRECTORY_MODE_STANDALONE) { @@ -3988,14 +3992,14 @@ function zotinfo($arr) { $visible_plugins[] = $rr['aname']; } - $ret['site']['plugins'] = $visible_plugins; - $ret['site']['sitehash'] = get_config('system','location_hash'); - $ret['site']['sitename'] = get_config('system','sitename'); - $ret['site']['sellpage'] = get_config('system','sellpage'); - $ret['site']['location'] = get_config('system','site_location'); - $ret['site']['realm'] = get_directory_realm(); - $ret['site']['project'] = Zotlabs\Lib\System::get_platform_name() . ' ' . Zotlabs\Lib\System::get_server_role(); - $ret['site']['version'] = Zotlabs\Lib\System::get_project_version(); + $ret['site']['plugins'] = $visible_plugins; + $ret['site']['sitehash'] = get_config('system','location_hash'); + $ret['site']['sitename'] = get_config('system','sitename'); + $ret['site']['sellpage'] = get_config('system','sellpage'); + $ret['site']['location'] = get_config('system','site_location'); + $ret['site']['realm'] = get_directory_realm(); + $ret['site']['project'] = Zotlabs\Lib\System::get_platform_name() . ' ' . Zotlabs\Lib\System::get_server_role(); + $ret['site']['version'] = Zotlabs\Lib\System::get_project_version(); } @@ -4180,7 +4184,7 @@ function update_hub_connected($hub,$sitekey = '') { dbesc($sitekey) ); if(intval($hub['hubloc_orphancheck'])) { - q("update hubloc set hubloc_orhpancheck = 0 where hubloc_id = %d and hubloc_sitekey = '%s' ", + q("update hubloc set hubloc_orphancheck = 0 where hubloc_id = %d and hubloc_sitekey = '%s' ", intval($hub['hubloc_id']), dbesc($sitekey) ); @@ -4322,7 +4326,15 @@ function zot_reply_pickup($data) { } } - $encrypted = crypto_encapsulate(json_encode($ret),$sitekey, CRYPTO_ALGORITHM); + // this is a bit of a hack because we don't have the hubloc_url here, only the callback url. + // worst case is we'll end up using aes256cbc if they've got a different post endpoint + + $x = q("select site_crypto from site where site_url = '%s' limit 1", + dbesc(str_replace('/post','',$data['callback'])) + ); + $algorithm = zot_best_algorithm(($x) ? $x[0]['site_crypto'] : ''); + + $encrypted = crypto_encapsulate(json_encode($ret),$sitekey,$algorithm); json_return_and_die($encrypted); /* pickup: end */ |