diff options
Diffstat (limited to 'include')
| -rwxr-xr-x | include/Photo.php | 6 | ||||
| -rwxr-xr-x | include/Scrape.php | 2 | ||||
| -rwxr-xr-x | include/auth.php | 34 | ||||
| -rwxr-xr-x | include/conversation.php | 5 | ||||
| -rwxr-xr-x | include/dba.php | 24 | ||||
| -rwxr-xr-x | include/delivery.php | 3 | ||||
| -rwxr-xr-x | include/email.php | 2 | ||||
| -rwxr-xr-x | include/items.php | 31 | ||||
| -rwxr-xr-x | include/nav.php | 2 | ||||
| -rwxr-xr-x | include/notifier.php | 4 | ||||
| -rwxr-xr-x | include/poller.php | 2 | ||||
| -rwxr-xr-x | include/security.php | 24 | ||||
| -rwxr-xr-x | include/socgraph.php | 2 | ||||
| -rw-r--r-- | include/text.php | 36 |
14 files changed, 92 insertions, 85 deletions
diff --git a/include/Photo.php b/include/Photo.php index 1450374ff..4d02b5c65 100755 --- a/include/Photo.php +++ b/include/Photo.php @@ -268,9 +268,9 @@ function import_profile_photo($photo,$uid,$cid) { $photo_failure = true; if($photo_failure) { - $photo = $a->get_baseurl() . '/images/default-profile.jpg'; - $thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg'; - $micro = $a->get_baseurl() . '/images/default-profile-mm.jpg'; + $photo = $a->get_baseurl() . '/images/person-175.jpg'; + $thumb = $a->get_baseurl() . '/images/person-80.jpg'; + $micro = $a->get_baseurl() . '/images/person-48.jpg'; } return(array($photo,$thumb,$micro)); diff --git a/include/Scrape.php b/include/Scrape.php index 8344aa737..9c237916b 100755 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -684,7 +684,7 @@ function probe_url($url, $mode = PROBE_NORMAL) { if(! x($vcard,'photo')) { $a = get_app(); - $vcard['photo'] = $a->get_baseurl() . '/images/default-profile.jpg' ; + $vcard['photo'] = $a->get_baseurl() . '/images/person-175.jpg' ; } if(! $profile) diff --git a/include/auth.php b/include/auth.php index fc52684e6..835616a82 100755 --- a/include/auth.php +++ b/include/auth.php @@ -24,7 +24,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) { // process logout request - + call_hooks("logging_out"); nuke_session(); info( t('Logged out.') . EOL); goaway(z_root()); @@ -77,7 +77,7 @@ else { $noid = get_config('system','no_openid'); - $openid_url = trim( (strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) ); + $openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) ); // validate_url alters the calling parameter @@ -99,32 +99,12 @@ else { $openid->identity = $openid_url; $_SESSION['openid'] = $openid_url; $a = get_app(); - $openid->returnUrl = $a->get_baseurl() . '/openid'; - - $r = q("SELECT `uid` FROM `user` WHERE `openid` = '%s' LIMIT 1", - dbesc($openid_url) - ); - if(count($r)) { - // existing account - goaway($openid->authUrl()); - // NOTREACHED - } - else { - if($a->config['register_policy'] == REGISTER_CLOSED) { - $a = get_app(); - notice( t('Login failed.') . EOL); - goaway(z_root()); - // NOTREACHED - } - // new account - $_SESSION['register'] = 1; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED - } + $openid->returnUrl = $a->get_baseurl(true) . '/openid'; + goaway($openid->authUrl()); + // NOTREACHED } } + if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') { $record = null; @@ -165,7 +145,7 @@ else { } if((! $record) || (! count($record))) { - logger('authenticate: failed login attempt: ' . notags(trim($_POST['username']))); + logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); notice( t('Login failed.') . EOL ); goaway(z_root()); } diff --git a/include/conversation.php b/include/conversation.php index 8ca484c9e..5de4fcb51 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -649,7 +649,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { // template to use to render item (wall, walltowall, search) 'template' => $template, - 'type' => implode("",array_slice(split("/",$item['verb']),-1)), + 'type' => implode("",array_slice(explode("/",$item['verb']),-1)), 'tags' => $tags, 'body' => template_escape($body), 'text' => strip_tags(template_escape($body)), @@ -897,8 +897,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { '$audurl' => t("Please enter an audio link/URL:"), '$term' => t('Tag term:'), '$fileas' => t('File as:'), - '$whereareu' => t('Where are you right now?'), - '$title' => t('Enter a title for this item') + '$whereareu' => t('Where are you right now?') )); diff --git a/include/dba.php b/include/dba.php index 7455b6b3e..5beea7a3a 100755 --- a/include/dba.php +++ b/include/dba.php @@ -1,5 +1,7 @@ <?php +require_once('include/datetime.php'); + /** * * MySQL database class @@ -104,19 +106,17 @@ class dba { logger('dba: ' . $str ); } - else { - /** - * If dbfail.out exists, we will write any failed calls directly to it, - * regardless of any logging that may or may nor be in effect. - * These usually indicate SQL syntax errors that need to be resolved. - */ + /** + * If dbfail.out exists, we will write any failed calls directly to it, + * regardless of any logging that may or may nor be in effect. + * These usually indicate SQL syntax errors that need to be resolved. + */ - if($result === false) { - logger('dba: ' . printable($sql) . ' returned false.'); - if(file_exists('dbfail.out')) - file_put_contents('dbfail.out', printable($sql) . ' returned false' . "\n", FILE_APPEND); - } + if($result === false) { + logger('dba: ' . printable($sql) . ' returned false.'); + if(file_exists('dbfail.out')) + file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n", FILE_APPEND); } if(($result === true) || ($result === false)) @@ -140,7 +140,7 @@ class dba { if($this->debug) - logger('dba: ' . printable(print_r($r, true)), LOGGER_DATA); + logger('dba: ' . printable(print_r($r, true))); return($r); } diff --git a/include/delivery.php b/include/delivery.php index 44a482ca2..532dcd699 100755 --- a/include/delivery.php +++ b/include/delivery.php @@ -256,7 +256,8 @@ function delivery_run($argv, $argc){ '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => $birthday + '$birthday' => $birthday, + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') )); foreach($items as $item) { diff --git a/include/email.php b/include/email.php index a3449a424..8ea8145fb 100755 --- a/include/email.php +++ b/include/email.php @@ -56,7 +56,7 @@ function email_msg_headers($mbox,$uid) { $raw_header = (($mbox && $uid) ? @imap_fetchheader($mbox,$uid,FT_UID) : ''); $raw_header = str_replace("\r",'',$raw_header); $ret = array(); - $h = split("\n",$raw_header); + $h = explode("\n",$raw_header); if(count($h)) foreach($h as $line ) { if (preg_match("/^[a-zA-Z]/", $line)) { diff --git a/include/items.php b/include/items.php index 5e1fec557..5a297c83e 100755 --- a/include/items.php +++ b/include/items.php @@ -28,7 +28,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone` + $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick) @@ -156,7 +156,8 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '') + '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''), + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') )); call_hooks('atom_feed', $atom); @@ -1404,6 +1405,19 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) } + $community_page = 0; + $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community'); + if($rawtags) { + $community_page = intval($rawtags[0]['data']); + } + if(is_array($contact) && intval($contact['forum']) != $community_page) { + q("update contact set forum = %d where id = %d limit 1", + intval($community_page), + intval($contact['id']) + ); + $contact['forum'] = (string) $community_page; + } + // process any deleted entries @@ -1987,6 +2001,19 @@ function local_delivery($importer,$data) { // NOTREACHED } + + $community_page = 0; + $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community'); + if($rawtags) { + $community_page = intval($rawtags[0]['data']); + } + if(intval($importer['forum']) != $community_page) { + q("update contact set forum = %d where id = %d limit 1", + intval($community_page), + intval($importer['id']) + ); + $importer['forum'] = (string) $community_page; + } logger('local_delivery: feed item count = ' . $feed->get_item_quantity()); diff --git a/include/nav.php b/include/nav.php index e28081839..f40e92dbc 100755 --- a/include/nav.php +++ b/include/nav.php @@ -55,7 +55,7 @@ function nav(&$a) { // user info $r = q("SELECT micro FROM contact WHERE uid=%d AND self=1", intval($a->user['uid'])); $userinfo = array( - 'icon' => (count($r) ? $r[0]['micro']: $a->get_baseurl($ssl_state)."/images/default-profile-mm.jpg"), + 'icon' => (count($r) ? $r[0]['micro']: $a->get_baseurl($ssl_state)."/images/person-48.jpg"), 'name' => $a->user['username'], ); diff --git a/include/notifier.php b/include/notifier.php index 07edc7046..d63ad7ae7 100755 --- a/include/notifier.php +++ b/include/notifier.php @@ -337,7 +337,9 @@ function notifier_run($argv, $argc){ '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => $birthday + '$birthday' => $birthday, + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') + )); if($mail) { diff --git a/include/poller.php b/include/poller.php index 3bc98e36f..8262c1d60 100755 --- a/include/poller.php +++ b/include/poller.php @@ -232,7 +232,7 @@ function poller_run($argv, $argc){ $importer_uid = $contact['uid']; - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `contact`.`uid` = `user`.`uid` WHERE `user`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1", intval($importer_uid) ); if(! count($r)) diff --git a/include/security.php b/include/security.php index 6ea515bff..19e91eb63 100755 --- a/include/security.php +++ b/include/security.php @@ -299,16 +299,16 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are, * so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types). */ -function get_form_security_token($typename = "") { +function get_form_security_token($typename = '') { $a = get_app(); $timestamp = time(); - $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $timestamp . $typename); + $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $timestamp . $typename); - return $timestamp . "." . $sec_hash; + return $timestamp . '.' . $sec_hash; } -function check_form_security_token($typename = "", $formname = 'form_security_token') { +function check_form_security_token($typename = '', $formname = 'form_security_token') { if (!x($_REQUEST, $formname)) return false; $hash = $_REQUEST[$formname]; @@ -316,10 +316,10 @@ function check_form_security_token($typename = "", $formname = 'form_security_to $a = get_app(); - $x = explode(".", $hash); + $x = explode('.', $hash); if (time() > (IntVal($x[0]) + $max_livetime)) return false; - $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $x[0] . $typename); + $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename); return ($sec_hash == $x[1]); } @@ -327,10 +327,20 @@ function check_form_security_token($typename = "", $formname = 'form_security_to function check_form_security_std_err_msg() { return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before subitting it.') . EOL; } -function check_form_security_token_redirectOnErr($err_redirect, $typename = "", $formname = 'form_security_token') { +function check_form_security_token_redirectOnErr($err_redirect, $typename = '', $formname = 'form_security_token') { if (!check_form_security_token($typename, $formname)) { $a = get_app(); + logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); + logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); notice( check_form_security_std_err_msg() ); goaway($a->get_baseurl() . $err_redirect ); } } +function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') { + if (!check_form_security_token($typename, $formname)) { + logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); + logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); + header('HTTP/1.1 403 Forbidden'); + killme(); + } +}
\ No newline at end of file diff --git a/include/socgraph.php b/include/socgraph.php index 79d7340a4..b2f545509 100755 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -230,7 +230,7 @@ function all_friends($uid,$cid,$start = 0, $limit = 80) { -function suggestion_query($uid, $start = 0, $limit = 40) { +function suggestion_query($uid, $start = 0, $limit = 80) { if(! $uid) return array(); diff --git a/include/text.php b/include/text.php index 89acbf9fa..92a74eb49 100644 --- a/include/text.php +++ b/include/text.php @@ -694,8 +694,13 @@ function linkify($s) { if(! function_exists('smilies')) { function smilies($s, $sample = false) { + $a = get_app(); + if(intval(get_config('system','no_smilies')) + || (local_user() && intval(get_pconfig(local_user(),'system','no_smilies')))) + return $s; + $s = preg_replace_callback('/<pre>(.*?)<\/pre>/ism','smile_encode',$s); $s = preg_replace_callback('/<code>(.*?)<\/code>/ism','smile_encode',$s); @@ -704,27 +709,21 @@ function smilies($s, $sample = false) { '</3', '<\\3', ':-)', -// ':)', ';-)', -// ';)', ':-(', -// ':(', ':-P', -// ':P', + ':-p', ':-"', ':-"', ':-x', ':-X', ':-D', -// ':D', '8-|', '8-O', ':-O', '\\o/', 'o.O', 'O.o', - '\\.../', - '\\ooo/', ":'(", ":-!", ":-/", @@ -734,12 +733,8 @@ function smilies($s, $sample = false) { ':homebrew', ':coffee', ':facepalm', - ':headdesk', '~friendika', - '~friendica', -// 'Diaspora*' - ':beard', - ':whitebeard' + '~friendica' ); @@ -748,27 +743,21 @@ function smilies($s, $sample = false) { '<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="</3" />', '<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="<\\3" />', '<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":-)" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":)" />', '<img src="' . $a->get_baseurl() . '/images/smiley-wink.gif" alt=";-)" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-wink.gif" alt=";)"/>', '<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":-(" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":(" />', '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":-P" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":P" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":-p" />', '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-\"" />', '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-\"" />', '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-x" />', '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-X" />', '<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":-D" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":D"/>', '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-|" />', '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />', '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt=":-O" />', '<img src="' . $a->get_baseurl() . '/images/smiley-thumbsup.gif" alt="\\o/" />', '<img src="' . $a->get_baseurl() . '/images/smiley-Oo.gif" alt="o.O" />', '<img src="' . $a->get_baseurl() . '/images/smiley-Oo.gif" alt="O.o" />', - '<img src="' . $a->get_baseurl() . '/images/smiley-shaka.gif" alt="\\.../" />', - '<img src="' . $a->get_baseurl() . '/images/smiley-shaka.gif" alt="\\ooo/" />', '<img src="' . $a->get_baseurl() . '/images/smiley-cry.gif" alt=":\'(" />', '<img src="' . $a->get_baseurl() . '/images/smiley-foot-in-mouth.gif" alt=":-!" />', '<img src="' . $a->get_baseurl() . '/images/smiley-undecided.gif" alt=":-/" />', @@ -778,12 +767,8 @@ function smilies($s, $sample = false) { '<img src="' . $a->get_baseurl() . '/images/beer_mug.gif" alt=":homebrew" />', '<img src="' . $a->get_baseurl() . '/images/coffee.gif" alt=":coffee" />', '<img src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />', - '<img src="' . $a->get_baseurl() . '/images/smiley-bangheaddesk.gif" alt=":headdesk" />', '<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>', - '<a href="http://friendica.com">~friendica <img src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>', -// '<a href="http://diasporafoundation.org">Diaspora<img src="' . $a->get_baseurl() . '/images/diaspora.png" alt="Diaspora*" /></a>', - '<img src="' . $a->get_baseurl() . '/images/smiley-beard.png" alt=":beard" />', - '<img src="' . $a->get_baseurl() . '/images/smiley-whitebeard.png" alt=":whitebeard" />' + '<a href="http://friendica.com">~friendica <img src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>' ); $params = array('texts' => $texts, 'icons' => $icons, 'string' => $s); @@ -1350,3 +1335,6 @@ function file_tag_unsave_file($uid,$item,$file) { return true; } +function normalise_openid($s) { + return trim(str_replace(array('http://','https://'),array('',''),$s),'/'); +} |