diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/Contact.php | 6 | ||||
| -rw-r--r-- | include/Scrape.php | 74 | ||||
| -rw-r--r-- | include/html2bbcode.php | 4 | ||||
| -rw-r--r-- | include/items.php | 126 | ||||
| -rw-r--r-- | include/poller.php | 10 | ||||
| -rw-r--r-- | include/salmon.php | 14 |
6 files changed, 177 insertions, 57 deletions
diff --git a/include/Contact.php b/include/Contact.php index 98d3e7c0b..7cac3c0e0 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -6,6 +6,10 @@ // authorisation to do this. function user_remove($uid) { + if(! $uid) + return; + $a = get_app(); + logger('Removing user: ' . $uid); q("DELETE FROM `contact` WHERE `uid` = %d", intval($uid)); q("DELETE FROM `group` WHERE `uid` = %d", intval($uid)); q("DELETE FROM `group_member` WHERE `uid` = %d", intval($uid)); @@ -19,7 +23,7 @@ function user_remove($uid) { if($uid == local_user()) { unset($_SESSION['authenticated']); unset($_SESSION['uid']); - killme(); + goaway($a->get_baseurl()); } } diff --git a/include/Scrape.php b/include/Scrape.php index e4f7a0878..ff9899252 100644 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -5,12 +5,31 @@ require_once('library/HTML5/Parser.php'); if(! function_exists('scrape_dfrn')) { function scrape_dfrn($url) { + $a = get_app(); + $ret = array(); + + logger('scrape_dfrn: url=' . $url); + $s = fetch_url($url); if(! $s) return $ret; + $headers = $a->get_curl_headers(); + logger('scrape_dfrn: headers=' . $headers, LOGGER_DEBUG); + + + $lines = explode("\n",$headers); + if(count($lines)) { + foreach($lines as $line) { + // don't try and run feeds through the html5 parser + if(stristr($line,'content-type:') && ((stristr($line,'application/atom+xml')) || (stristr($line,'application/rss+xml')))) + return ret; + } + } + + $dom = HTML5_Parser::parse($s); if(! $dom) @@ -77,12 +96,31 @@ function validate_dfrn($a) { if(! function_exists('scrape_meta')) { function scrape_meta($url) { + $a = get_app(); + $ret = array(); + + logger('scrape_meta: url=' . $url); + $s = fetch_url($url); if(! $s) return $ret; + $headers = $a->get_curl_headers(); + logger('scrape_meta: headers=' . $headers, LOGGER_DEBUG); + + $lines = explode("\n",$headers); + if(count($lines)) { + foreach($lines as $line) { + // don't try and run feeds through the html5 parser + if(stristr($line,'content-type:') && ((stristr($line,'application/atom+xml')) || (stristr($line,'application/rss+xml')))) + return ret; + } + } + + + $dom = HTML5_Parser::parse($s); if(! $dom) @@ -105,12 +143,27 @@ function scrape_meta($url) { if(! function_exists('scrape_vcard')) { function scrape_vcard($url) { + $a = get_app(); + $ret = array(); + + logger('scrape_vcard: url=' . $url); + $s = fetch_url($url); if(! $s) return $ret; + $headers = $a->get_curl_headers(); + $lines = explode("\n",$headers); + if(count($lines)) { + foreach($lines as $line) { + // don't try and run feeds through the html5 parser + if(stristr($line,'content-type:') && ((stristr($line,'application/atom+xml')) || (stristr($line,'application/rss+xml')))) + return ret; + } + } + $dom = HTML5_Parser::parse($s); if(! $dom) @@ -142,12 +195,33 @@ function scrape_vcard($url) { if(! function_exists('scrape_feed')) { function scrape_feed($url) { + $a = get_app(); + $ret = array(); $s = fetch_url($url); if(! $s) return $ret; + $headers = $a->get_curl_headers(); + logger('scrape_feed: headers=' . $headers, LOGGER_DEBUG); + + $lines = explode("\n",$headers); + if(count($lines)) { + foreach($lines as $line) { + if(stristr($line,'content-type:')) { + if(stristr($line,'application/atom+xml') || stristr($s,'<feed')) { + $ret['feed_atom'] = $url; + return $ret; + } + if(stristr($line,'application/rss+xml') || stristr($s,'<rss')) { + $ret['feed_rss'] = $url; + return ret; + } + } + } + } + $dom = HTML5_Parser::parse($s); if(! $dom) diff --git a/include/html2bbcode.php b/include/html2bbcode.php index 65cbcec41..6af8df824 100644 --- a/include/html2bbcode.php +++ b/include/html2bbcode.php @@ -23,7 +23,7 @@ function html2bbcode($s) { '/\<div(.*?)\>(.*?)\<\/div\>/is', '/\<br(.*?)\>/is', '/\<strong\>(.*?)\<\/strong\>/is', - '/\<a href=\"(.*?)\"(.*?)\>(.*?)\<\/a\>/is', + '/\<a (.*?)href=\"(.*?)\"(.*?)\>(.*?)\<\/a\>/is', '/\<code\>(.*?)\<\/code\>/is', '/\<span style=\"color:(.*?)\"\>(.*?)\<\/span\>/is', '/\<blockquote\>(.*?)\<\/blockquote\>/is', @@ -48,7 +48,7 @@ function html2bbcode($s) { '$2', "\n", '[b]$1[/b]', - '[url=$1]$3[/url]', + '[url=$2]$4[/url]', '[code]$1[/code]', '[color="$1"]$2[/color]', '[quote]$1[/quote]', diff --git a/include/items.php b/include/items.php index f204745bb..45d8b62c0 100644 --- a/include/items.php +++ b/include/items.php @@ -2,6 +2,7 @@ require_once('bbcode.php'); require_once('oembed.php'); +require_once('include/salmon.php'); function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) { @@ -376,6 +377,21 @@ function get_atom_elements($feed,$item) { } + /** + * If there's a copy of the body content which is guaranteed to have survived mangling in transit, use it. + */ + + $have_real_body = false; + + $rawenv = $item->get_item_tags(NAMESPACE_DFRN, 'env'); + if($rawenv) { + $have_real_body = true; + $res['body'] = $rawenv[0]['data']; + $res['body'] = str_replace(array(' ',"\t","\r","\n"), array('','','',''),$res['body']); + // make sure nobody is trying to sneak some html tags by us + $res['body'] = notags(base64url_decode($res['body'])); + } + $maxlen = get_max_import_size(); if($maxlen && (strlen($res['body']) > $maxlen)) $res['body'] = substr($res['body'],0, $maxlen); @@ -391,7 +407,7 @@ function get_atom_elements($feed,$item) { // html. - if((strpos($res['body'],'<')) || (strpos($res['body'],'>'))) { + if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) { $res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', '[youtube]$1[/youtube]', $res['body']); @@ -410,10 +426,7 @@ function get_atom_elements($feed,$item) { $res['body'] = html2bbcode($res['body']); } - else - $res['body'] = escape_tags($res['body']); - $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) $res['last-child'] = 1; @@ -439,14 +452,16 @@ function get_atom_elements($feed,$item) { $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'updated'); if($rawedited) - $res['edited'] = unxmlify($rawcreated[0]['data']); + $res['edited'] = unxmlify($rawedited[0]['data']); + if((x($res,'edited')) && (! (x($res,'created')))) + $res['created'] = $res['edited']; if(! $res['created']) - $res['created'] = $item->get_date(); + $res['created'] = $item->get_date('c'); if(! $res['edited']) - $res['edited'] = $item->get_date(); + $res['edited'] = $item->get_date('c'); $rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner'); @@ -510,7 +525,7 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events $res['object'] .= '<orig>' . xmlify($body) . '</orig>' . "\n"; - if((strpos($body,'<')) || (strpos($body,'>'))) { + if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) { $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', '[youtube]$1[/youtube]', $body); @@ -522,8 +537,6 @@ function get_atom_elements($feed,$item) { $body = $purifier->purify($body); $body = html2bbcode($body); } - else - $body = escape_tags($body); $res['object'] .= '<content>' . $body . '</content>' . "\n"; } @@ -551,7 +564,7 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events $res['object'] .= '<orig>' . xmlify($body) . '</orig>' . "\n"; - if((strpos($body,'<')) || (strpos($body,'>'))) { + if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) { $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', '[youtube]$1[/youtube]', $body); @@ -563,8 +576,6 @@ function get_atom_elements($feed,$item) { $body = $purifier->purify($body); $body = html2bbcode($body); } - else - $body = escape_tags($body); $res['target'] .= '<content>' . $body . '</content>' . "\n"; } @@ -600,7 +611,7 @@ function encode_rel_links($links) { return xmlify($o); } -function item_store($arr) { +function item_store($arr,$force_parent = false) { if($arr['gravity']) $arr['gravity'] = intval($arr['gravity']); @@ -613,6 +624,13 @@ function item_store($arr) { if(! x($arr,'type')) $arr['type'] = 'remote'; + + // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin. + + if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) + $arr['body'] = strip_tags($arr['body']); + + $arr['wall'] = ((x($arr,'wall')) ? intval($arr['wall']) : 0); $arr['uri'] = ((x($arr,'uri')) ? notags(trim($arr['uri'])) : random_string()); $arr['author-name'] = ((x($arr,'author-name')) ? notags(trim($arr['author-name'])) : ''); @@ -641,20 +659,7 @@ function item_store($arr) { $arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : ''); $arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : ''); $arr['private'] = ((x($arr,'private')) ? intval($arr['private']) : 0 ); - $arr['body'] = ((x($arr,'body')) ? escape_tags(trim($arr['body'])) : ''); - - // The content body has been through a lot of filtering and transport escaping by now. - // We don't want to skip any filters, however a side effect of all this filtering - // is that ampersands and <> may have been double encoded, depending on which filter chain - // they came through. - - $arr['body'] = str_replace( - array('&amp;', '&gt;', '&lt;', '&quot;'), - array('&' , '>' , '<', '"'), - $arr['body'] - ); - - + $arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : ''); if($arr['parent-uri'] === $arr['uri']) { $parent_id = 0; @@ -690,8 +695,20 @@ function item_store($arr) { $deny_gid = $r[0]['deny_gid']; } else { - logger('item_store: item parent was not found - ignoring item'); - return 0; + + // Allow one to see reply tweets from status.net even when + // we don't have or can't see the original post. + + if($force_parent) { + logger('item_store: $force_parent=true, reply converted to top-level post.'); + $parent_id = 0; + $arr['thr-parent'] = $arr['parent-uri']; + $arr['parent-uri'] = $arr['uri']; + } + else { + logger('item_store: item parent was not found - ignoring item'); + return 0; + } } } @@ -763,7 +780,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $a = get_app(); - if((! strlen($contact['dfrn-id'])) && (! $contact['duplex']) && (! ($owner['page-flags'] == PAGE_COMMUNITY))) + if((! strlen($contact['issued-id'])) && (! $contact['duplex']) && (! ($owner['page-flags'] == PAGE_COMMUNITY))) return 3; $idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']); @@ -795,6 +812,12 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { if(! $xml) return 3; + if(strpos($xml,'<?xml') === false) { + logger('dfrn_deliver: no valid XML returned'); + logger('dfrn_deliver: returned XML: ' . $xml, LOGGER_DATA); + return 3; + } + $res = simplexml_load_string($xml); if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id))) @@ -803,19 +826,20 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars = array(); $sent_dfrn_id = hex2bin((string) $res->dfrn_id); $challenge = hex2bin((string) $res->challenge); + $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0); $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); $final_dfrn_id = ''; - if(($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { - openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']); - openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']); - } - else { + if(($contact['duplex'] && strlen($contact['pubkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); openssl_public_decrypt($challenge,$postvars['challenge'],$contact['pubkey']); } + else { + openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']); + openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']); + } $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); @@ -849,11 +873,22 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars['data'] = $data; logger('rino: sent key = ' . $key); - if(($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { - openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']); + + if($dfrn_version >= 2.1) { + if(($contact['duplex'] && strlen($contact['pubkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { + openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']); + } + else { + openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']); + } } else { - openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']); + if(($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) { + openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']); + } + else { + openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']); + } } logger('md5 rawkey ' . md5($postvars['key'])); @@ -871,6 +906,13 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { if((! $curl_stat) || (! strlen($xml))) return(-1); // timed out + + if(strpos($xml,'<?xml') === false) { + logger('dfrn_deliver: phase 2: no valid XML returned'); + logger('dfrn_deliver: phase 2: returned XML: ' . $xml, LOGGER_DATA); + return 3; + } + $res = simplexml_load_string($xml); return $res->status; @@ -1164,8 +1206,9 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0) { continue; } $datarray = get_atom_elements($feed,$item); - + $force_parent = false; if($contact['network'] === 'stat') { + $force_parent = true; if(strlen($datarray['title'])) unset($datarray['title']); $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", @@ -1188,7 +1231,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0) { $datarray['gravity'] = GRAVITY_LIKE; } - $r = item_store($datarray); + $r = item_store($datarray,$force_parent); continue; } @@ -1421,6 +1464,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { $o .= '<title>' . xmlify($item['title']) . '</title>' . "\r\n"; $o .= '<published>' . xmlify(datetime_convert('UTC','UTC',$item['created'] . '+00:00',ATOM_TIME)) . '</published>' . "\r\n"; $o .= '<updated>' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '</updated>' . "\r\n"; + $o .= '<dfrn:env>' . base64url_encode($item['body'], true) . '</dfrn:env>' . "\r\n"; $o .= '<content type="' . $type . '" >' . xmlify(($type === 'html') ? bbcode($item['body']) : $item['body']) . '</content>' . "\r\n"; $o .= '<link rel="alternate" href="' . xmlify($a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id']) . '" />' . "\r\n"; if($comment) diff --git a/include/poller.php b/include/poller.php index 2ba285b7b..20c84990e 100644 --- a/include/poller.php +++ b/include/poller.php @@ -35,16 +35,16 @@ function poller_run($argv, $argc){ q("DELETE FROM `cache` WHERE `updated`<'%s'", dbesc(datetime_convert('UTC','UTC',"now - 30 days"))); - + $manual_id = 0; $hub_update = false; - $force = false; + $force = false; if(($argc > 1) && ($argv[1] == 'force')) $force = true; if(($argc > 1) && intval($argv[1])) { $manual_id = intval($argv[1]); - $force = true; + $force = true; } $sql_extra = (($manual_id) ? " AND `id` = $manual_id " : ""); @@ -62,8 +62,8 @@ function poller_run($argv, $argc){ foreach($contacts as $contact) { - if($manual_id) - $contact['last-update'] = '0000-00-00 00:00:00'; + if($manual_id) + $contact['last-update'] = '0000-00-00 00:00:00'; if($contact['priority'] || $contact['subhub']) { diff --git a/include/salmon.php b/include/salmon.php index 49384efea..8a56882ad 100644 --- a/include/salmon.php +++ b/include/salmon.php @@ -18,15 +18,13 @@ function salmon_key($pubkey) { } -function base64url_encode($s) { +function base64url_encode($s, $strip_padding = false) { + $s = strtr(base64_encode($s),'+/','-_'); -/* - * // placeholder for un-padded base64url_encode - * // per latest salmon rev - * - * $s = str_replace('=','',$s); - * - */ + + if($strip_padding) + $s = str_replace('=','',$s); + return $s; } |