diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/api.php | 18 | ||||
| -rw-r--r-- | include/bbcode.php | 9 | ||||
| -rw-r--r-- | include/cache.php | 47 | ||||
| -rw-r--r-- | include/enotify.php | 2 | ||||
| -rw-r--r-- | include/hubloc.php | 33 | ||||
| -rwxr-xr-x | include/items.php | 28 | ||||
| -rw-r--r-- | include/notifier.php | 5 | ||||
| -rwxr-xr-x | include/oembed.php | 2 | ||||
| -rw-r--r-- | include/photos.php | 6 | ||||
| -rw-r--r-- | include/poller.php | 17 | ||||
| -rw-r--r-- | include/reddav.php | 12 | ||||
| -rwxr-xr-x | include/text.php | 5 | ||||
| -rw-r--r-- | include/zot.php | 67 |
13 files changed, 157 insertions, 94 deletions
diff --git a/include/api.php b/include/api.php index f39039332..57551a3b0 100644 --- a/include/api.php +++ b/include/api.php @@ -533,12 +533,6 @@ require_once('include/items.php'); api_register_func('api/red/channel/export/basic','api_export_basic', true); - - - - - - function api_channel_stream(&$a, $type) { if(api_user() === false) { logger('api_channel_stream: no user'); @@ -700,12 +694,12 @@ require_once('include/items.php'); function red_item_new(&$a, $type) { if (api_user() === false) { - logger('api_statuses_update: no user'); + logger('api_red_item_new: no user'); return false; } - logger('api_statuses_update: REQUEST ' . print_r($_REQUEST,true)); - logger('api_statuses_update: FILES ' . print_r($_FILES,true)); + logger('api_red_item_new: REQUEST ' . print_r($_REQUEST,true)); + logger('api_red_item_new: FILES ' . print_r($_FILES,true)); // set this so that the item_post() function is quiet and doesn't redirect or emit json @@ -1552,8 +1546,8 @@ require_once('include/items.php'); 'geo' => '', 'favorited' => (($item['item_flags'] & ITEM_STARRED) ? true : false), 'user' => $status_user , - //'statusnet_html' => trim(prepare_text($item['body']),$item['mimetype']), - 'statusnet_html' => trim(prepare_text($item['body'])), + 'statusnet_html' => trim(prepare_text($item['body'],$item['mimetype'])), + 'statusnet_conversation_id' => $item['parent'], ); @@ -1698,7 +1692,7 @@ require_once('include/items.php'); 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false', 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, 'shorturllength' => '30', - 'friendica' => array( + 'redmatrix' => array( 'RED_PLATFORM' => RED_PLATFORM, 'RED_VERSION' => RED_VERSION, 'ZOT_REVISION' => ZOT_REVISION, diff --git a/include/bbcode.php b/include/bbcode.php index cd0bf527e..c8d1ab425 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -229,9 +229,12 @@ function bb_location($match) { function bbiframe($match) { $a = get_app(); - if(strpos($match[1],get_app()->get_hostname())) - return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; - return '<iframe src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; + + // use sandbox mode to prevent malicious goings on rather than host restriction + // if(strpos($match[1],get_app()->get_hostname())) + // return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; + + return '<iframe sandbox="allow-same-origin allow-top-navigation" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; } function bb_ShareAttributesSimple($match) { diff --git a/include/cache.php b/include/cache.php index b546cd0e9..a70650b5e 100644 --- a/include/cache.php +++ b/include/cache.php @@ -6,52 +6,37 @@ class Cache { public static function get($key){ - $r = q("SELECT `v` FROM `cache` WHERE `k`='%s' limit 1", + $r = q("SELECT v FROM cache WHERE k = '%s' limit 1", dbesc($key) ); - if (count($r)) return $r[0]['v']; + if ($r) + return $r[0]['v']; return null; } public static function set($key,$value) { - q("REPLACE INTO `cache` (`k`,`v`,`updated`) VALUES ('%s','%s','%s')", + $r = q("SELECT * FROM cache WHERE k = '%s' limit 1", + dbesc($key) + ); + if($r) { + q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s' limit 1", + dbesc($value), + dbesc(datetime_convert()), + dbesc($key)); + } + else { + q("INSERT INTO cache ( k, v, updated) VALUES ('%s','%s','%s')", dbesc($key), dbesc($value), dbesc(datetime_convert())); + } } -/* - * - * Leaving this legacy code temporaily to see how REPLACE fares - * as opposed to non-atomic checks when faced with fast moving key duplication. - * As a MySQL extension it isn't portable, but we're not yet very portable. - */ - -/* - * $r = q("SELECT * FROM `cache` WHERE `k`='%s' limit 1", - * dbesc($key) - * ); - * if(count($r)) { - * q("UPDATE `cache` SET `v` = '%s', `updated = '%s' WHERE `k` = '%s' limit 1", - * dbesc($value), - * dbesc(datetime_convert()), - * dbesc($key)); - * } - * else { - * q("INSERT INTO `cache` (`k`,`v`,`updated`) VALUES ('%s','%s','%s')", - * dbesc($key), - * dbesc($value), - * dbesc(datetime_convert())); - * } - * } - */ - - public static function clear(){ - q("DELETE FROM `cache` WHERE `updated` < '%s'", + q("DELETE FROM cache WHERE updated < '%s'", dbesc(datetime_convert('UTC','UTC',"now - 30 days"))); } diff --git a/include/enotify.php b/include/enotify.php index 036d5275e..5a55aee09 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -88,7 +88,7 @@ function notification($params) { $sitelink = t('Please visit %s to view and/or reply to your private messages.'); $tsitelink = sprintf( $sitelink, $siteurl . '/mail/' . $params['item']['id'] ); $hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '/mail/' . $params['item']['id'] . '">' . $sitename . '</a>'); - $itemlink = $siteurl . '/message/' . $params['item']['id']; + $itemlink = $siteurl . '/mail/' . $params['item']['id']; } if($params['type'] == NOTIFY_COMMENT) { diff --git a/include/hubloc.php b/include/hubloc.php new file mode 100644 index 000000000..35d9dbeb1 --- /dev/null +++ b/include/hubloc.php @@ -0,0 +1,33 @@ +<?php /** @file */ + + + +function prune_hub_reinstalls() { + + $r = q("select site_url from site where true"); + if($r) { + foreach($r as $rr) { + $x = q("select count(*) as t, hubloc_sitekey, max(hubloc_connected) as c from hubloc where hubloc_url = '%s' group by hubloc_sitekey order by c", + dbesc($rr['site_url']) + ); + + // see if this url has more than one sitekey, indicating it has been re-installed. + + if(count($x) > 1) { + + $d1 = datetime_convert('UTC','UTC',$x[0]['c']); + $d2 = datetime_convert('UTC','UTC','now - 3 days'); + + // allow some slop period, say 3 days - just in case this is a glitch or transient occurrence + // Then remove any hublocs pointing to the oldest entry. + + if($d1 < $d2) { + logger('prune_hub_reinstalls: removing dead hublocs at ' . $rr['site_url']); + $y = q("delete from hubloc where hubloc_sitekey = '%s'", + dbesc($x[0]['hubloc_sitekey']) + ); + } + } + } + } +}
\ No newline at end of file diff --git a/include/items.php b/include/items.php index 70e098415..6788ac3da 100755 --- a/include/items.php +++ b/include/items.php @@ -3931,23 +3931,25 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C if(isset($arr['start']) && isset($arr['records'])) $pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records'])); - if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { + if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) { + if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { - // Not everybody who shows up in the network stream will be in your address book. - // By default those that aren't are assumed to have closeness = 99; but this isn't - // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in - // the stream with a NULL address book entry. + // Not everybody who shows up in the network stream will be in your address book. + // By default those that aren't are assumed to have closeness = 99; but this isn't + // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in + // the stream with a NULL address book entry. - $sql_nets .= " AND "; + $sql_nets .= " AND "; - if($arr['cmax'] == 99) - $sql_nets .= " ( "; + if($arr['cmax'] == 99) + $sql_nets .= " ( "; - $sql_nets .= "( abook.abook_closeness >= " . intval($arr['cmin']) . " "; - $sql_nets .= " AND abook.abook_closeness <= " . intval($arr['cmax']) . " ) "; - if($cmax == 99) - $sql_nets .= " OR abook.abook_closeness IS NULL ) "; - } + $sql_nets .= "( abook.abook_closeness >= " . intval($arr['cmin']) . " "; + $sql_nets .= " AND abook.abook_closeness <= " . intval($arr['cmax']) . " ) "; + if($cmax == 99) + $sql_nets .= " OR abook.abook_closeness IS NULL ) "; + } + } $simple_update = (($client_mode & CLIENT_MODE_UPDATE) ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : ''); if($client_mode & CLIENT_MODE_LOAD) diff --git a/include/notifier.php b/include/notifier.php index 81f971107..a4a9051c3 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -288,6 +288,11 @@ function notifier_run($argv, $argc){ if($s) $channel = $s[0]; + if($channel['channel_hash'] !== $target_item['author_xchan'] && $channel['channel_hash'] !== $target_item['owner_xchan']) { + logger("notifier: Sending channel {$channel['channel_hash']} is not owner {$target_item['owner_xchan']} or author {$target_item['author_xchan']}"); + return; + } + if($target_item['id'] == $target_item['parent']) { $parent_item = $target_item; diff --git a/include/oembed.php b/include/oembed.php index 57631b051..46b1d72c4 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -165,7 +165,7 @@ function oembed_iframe($src,$width,$height) { $a = get_app(); $s = $a->get_baseurl()."/oembed/".base64url_encode($src); - return '<iframe height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; + return '<iframe sandbox="allow-same-origin allow-top-navigation" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; } diff --git a/include/photos.php b/include/photos.php index 82af4aaeb..c0243cc15 100644 --- a/include/photos.php +++ b/include/photos.php @@ -164,6 +164,7 @@ function photo_upload($channel, $observer, $args) { $p['scale'] = 1; $r2 = $ph->save($p); $smallest = 1; + $width_x_height = $ph->getWidth() . 'x' . $ph->getHeight(); if(! $r2) $errors = true; } @@ -173,6 +174,7 @@ function photo_upload($channel, $observer, $args) { $p['scale'] = 2; $r3 = $ph->save($p); $smallest = 2; + $width_x_height = $ph->getWidth() . 'x' . $ph->getHeight(); if(! $r3) $errors = true; } @@ -221,7 +223,7 @@ function photo_upload($channel, $observer, $args) { $arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' - . '[zmg]' . z_root() . "/photo/{$photo_hash}-{$smallest}.".$ph->getExt() . '[/zmg]' + . '[zmg=' . $width_x_height. ']' . z_root() . "/photo/{$photo_hash}-{$smallest}.".$ph->getExt() . '[/zmg]' . '[/zrl]'; $result = item_store($arr); @@ -426,4 +428,4 @@ function photos_create_item($channel, $creator_hash, $photo, $visible = false) { $item_id = $result['item_id']; return $item_id; -}
\ No newline at end of file +} diff --git a/include/poller.php b/include/poller.php index 423ee46c1..bae39dd2e 100644 --- a/include/poller.php +++ b/include/poller.php @@ -105,6 +105,23 @@ function poller_run($argv, $argc){ if($d2 != intval($d1)) { + $d3 = intval(datetime_convert('UTC','UTC','now','N')); + if($d3 == 7) { + + /** + * Cron Weekly + * + * Actions in the following block are executed once per day only on Sunday (once per week). + * + */ + + require_once('include/hubloc.php'); + prune_hub_reinstalls(); + + + } + + // expire any read notifications over a month old q("delete from notify where seen = 1 and date < UTC_TIMESTAMP() - INTERVAL 30 DAY"); diff --git a/include/reddav.php b/include/reddav.php index 2a26ac42a..b7bb94fa0 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -276,7 +276,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { for($x = 1; $x < count($path_arr); $x ++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), @@ -581,17 +581,19 @@ function RedCollectionData($file,&$auth) { for($x = 1; $x < count($path_arr); $x ++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d) $perms limit 1", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) $perms limit 1", dbesc($folder), dbesc($path_arr[$x]), + intval($channel_id), intval(ATTACH_FLAG_DIR) ); if(! $r) { // path wasn't found. Try without permissions to see if it was the result of permissions. $errors = true; - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and (flags & %d) limit 1", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d) limit 1", dbesc($folder), basename($path_arr[$x]), + intval($channel_id), intval(ATTACH_FLAG_DIR) ); if($r) { @@ -708,7 +710,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); @@ -719,7 +721,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); if($r) diff --git a/include/text.php b/include/text.php index 53b92c05f..e3b1f1c4e 100755 --- a/include/text.php +++ b/include/text.php @@ -278,6 +278,11 @@ function hex2bin($s) { if(! (is_string($s) && strlen($s))) return ''; + if(strlen($s) & 1) { + logger('hex2bin: illegal hex string: ' . $s); + return $s; + } + if(! ctype_xdigit($s)) { return($s); } diff --git a/include/zot.php b/include/zot.php index 934348d2d..35b322b54 100644 --- a/include/zot.php +++ b/include/zot.php @@ -872,21 +872,28 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED) { } // get rid of any hubs we have for this channel which weren't reported. + // This was needed at one time to resolve complicated cross-site inconsistencies, but can cause sync conflict. + // currently disabled. + +// if($xisting) { +// foreach($xisting as $x) { +// if(! array_key_exists('updated',$x)) { +// logger('import_xchan: removing unreferenced hub location ' . $x['hubloc_url']); +// $r = q("delete from hubloc where hubloc_id = %d limit 1", +// intval($x['hubloc_id']) +// ); +// $what .= 'removed_hub'; +// $changed = true; +// } +// } +// } - if($xisting) { - foreach($xisting as $x) { - if(! array_key_exists('updated',$x)) { - logger('import_xchan: removing unreferenced hub location ' . $x['hubloc_url']); - $r = q("delete from hubloc where hubloc_id = %d limit 1", - intval($x['hubloc_id']) - ); - $what .= 'removed_hub'; - $changed = true; - } - } - } } + + + + // Are we a directory server of some kind? if($dirmode != DIRECTORY_MODE_NORMAL) { @@ -1353,7 +1360,7 @@ function process_delivery($sender,$arr,$deliveries,$relay) { // We've validated the sender. Now make sure that the sender is the owner or author if($sender['hash'] != $arr['owner_xchan'] && $sender['hash'] != $arr['author_xchan']) { - logger('process_delivery: sender is not owner or author'); + logger("process_delivery: sender {$sender['hash']} is not owner {$arr['owner_xchan']} or author {$arr['author_xchan']} - mid {$arr['mid']}"); return; } @@ -1571,7 +1578,16 @@ function delete_imported_item($sender,$item,$uid) { } require_once('include/items.php'); - drop_item($r[0]['id'],false); + + // FIXME issue #230 is related + // Chicken/egg problem because we have to drop_item, but this removes information that tag_deliver may need to do its stuff. + // We can't reverse the order because drop_item refuses to run if the item already has the deleted flag set and we need to + // set that flag prior to calling tag_deliver. + + // One possibility would be to set the deleted flag, call both tag_deliver and the notifier to notify downstream channels + // and then clean up after ourselves with a cron job after a day or two to do the delete_item_lowlevel(). + + drop_item($r[0]['uid'],false); tag_deliver($uid,$r[0]['id']); @@ -1669,20 +1685,19 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_ $arr = array(); $arr['xprof_hash'] = $hash; - $arr['xprof_desc'] = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : ''); $arr['xprof_dob'] = datetime_convert('','',$profile['birthday'],'Y-m-d'); // !!!! check this for 0000 year - $arr['xprof_age'] = (($profile['age']) ? intval($profile['age']) : 0); - $arr['xprof_gender'] = (($profile['gender']) ? htmlspecialchars($profile['gender'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_marital'] = (($profile['marital']) ? htmlspecialchars($profile['marital'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_sexual'] = (($profile['sexual']) ? htmlspecialchars($profile['sexual'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_locale'] = (($profile['locale']) ? htmlspecialchars($profile['locale'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_region'] = (($profile['region']) ? htmlspecialchars($profile['region'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_age'] = (($profile['age']) ? intval($profile['age']) : 0); + $arr['xprof_desc'] = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_gender'] = (($profile['gender']) ? htmlspecialchars($profile['gender'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_marital'] = (($profile['marital']) ? htmlspecialchars($profile['marital'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_sexual'] = (($profile['sexual']) ? htmlspecialchars($profile['sexual'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_locale'] = (($profile['locale']) ? htmlspecialchars($profile['locale'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_region'] = (($profile['region']) ? htmlspecialchars($profile['region'], ENT_COMPAT,'UTF-8',false) : ''); $arr['xprof_postcode'] = (($profile['postcode']) ? htmlspecialchars($profile['postcode'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_country'] = (($profile['country']) ? htmlspecialchars($profile['country'], ENT_COMPAT,'UTF-8',false) : ''); - - $arr['xprof_about'] = (($profile['about']) ? htmlspecialchars($profile['about'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_homepage'] = (($profile['homepage']) ? htmlspecialchars($profile['homepage'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_hometown'] = (($profile['hometown']) ? htmlspecialchars($profile['hometown'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_country'] = (($profile['country']) ? htmlspecialchars($profile['country'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_about'] = (($profile['about']) ? htmlspecialchars($profile['about'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_homepage'] = (($profile['homepage']) ? htmlspecialchars($profile['homepage'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_hometown'] = (($profile['hometown']) ? htmlspecialchars($profile['hometown'], ENT_COMPAT,'UTF-8',false) : ''); $clean = array(); if(array_key_exists('keywords',$profile) and is_array($profile['keywords'])) { |