diff options
Diffstat (limited to 'include')
-rwxr-xr-x | include/api.php | 2 | ||||
-rwxr-xr-x | include/auth.php | 6 | ||||
-rwxr-xr-x | include/contact_widgets.php | 4 | ||||
-rwxr-xr-x | include/conversation.php | 63 | ||||
-rwxr-xr-x | include/dba.php | 5 | ||||
-rwxr-xr-x | include/items.php | 14 | ||||
-rwxr-xr-x | include/message.php | 85 | ||||
-rwxr-xr-x | include/nav.php | 4 | ||||
-rwxr-xr-x | include/network.php | 3 | ||||
-rwxr-xr-x | include/security.php | 1 | ||||
-rw-r--r-- | include/text.php | 12 |
11 files changed, 161 insertions, 38 deletions
diff --git a/include/api.php b/include/api.php index 64772d657..065f14cff 100755 --- a/include/api.php +++ b/include/api.php @@ -83,7 +83,7 @@ $record = $r[0]; } else { logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Friendika"'); + header('WWW-Authenticate: Basic realm="Friendica"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } diff --git a/include/auth.php b/include/auth.php index 835616a82..1341f3bb8 100755 --- a/include/auth.php +++ b/include/auth.php @@ -94,13 +94,17 @@ else { // Otherwise it's probably an openid. + try { require_once('library/openid.php'); $openid = new LightOpenID; $openid->identity = $openid_url; $_SESSION['openid'] = $openid_url; $a = get_app(); $openid->returnUrl = $a->get_baseurl(true) . '/openid'; - goaway($openid->authUrl()); + goaway($openid->authUrl()); + } catch (Exception $e) { + notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage()); + } // NOTREACHED } } diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 9d7085d20..7346b95af 100755 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -87,13 +87,13 @@ function fileas_widget($baseurl,$selected = '') { $cnt = preg_match_all('/\[(.*?)\]/',$saved,$matches,PREG_SET_ORDER); if($cnt) { foreach($matches as $mtch) { - $unescaped = file_tag_decode($mtch[1]); + $unescaped = xmlify(file_tag_decode($mtch[1])); $terms[] = array('name' => $unescaped,'selected' => (($selected == $unescaped) ? 'selected' : '')); } } return replace_macros(get_markup_template('fileas_widget.tpl'),array( - '$title' => t('File Selections'), + '$title' => t('Saved Folders'), '$desc' => '', '$sel_all' => (($selected == '') ? 'selected' : ''), '$all' => t('Everything'), diff --git a/include/conversation.php b/include/conversation.php index 5de4fcb51..5a922b2b5 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -94,9 +94,9 @@ function localize_item(&$item){ } - $A = '[url=' . $Alink . ']' . $Aname . '[/url]'; - $B = '[url=' . $Blink . ']' . $Bname . '[/url]'; - if ($Bphoto!="") $Bphoto = '[url=' . $Blink . '][img]' . $Bphoto . '[/img][/url]'; + $A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]'; + $B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]'; + if ($Bphoto!="") $Bphoto = '[url=' . zrl($Blink) . '][img]' . $Bphoto . '[/img][/url]'; $item['body'] = sprintf( t('%1$s is now friends with %2$s'), $A, $B)."\n\n\n".$Bphoto; @@ -108,8 +108,8 @@ function localize_item(&$item){ if(count($r)==0) return; $obj=$r[0]; - $author = '[url=' . $item['author-link'] . ']' . $item['author-name'] . '[/url]'; - $objauthor = '[url=' . $obj['author-link'] . ']' . $obj['author-name'] . '[/url]'; + $author = '[url=' . zrl($item['author-link']) . ']' . $item['author-name'] . '[/url]'; + $objauthor = '[url=' . zrl($obj['author-link']) . ']' . $obj['author-name'] . '[/url]'; switch($obj['verb']){ case ACTIVITY_POST: @@ -158,14 +158,21 @@ function localize_item(&$item){ $target = $r[0]; $Bname = $target['author-name']; $Blink = $target['author-link']; - $A = '[url=' . $Alink . ']' . $Aname . '[/url]'; - $B = '[url=' . $Blink . ']' . $Bname . '[/url]'; + $A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]'; + $B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]'; $P = '[url=' . $target['plink'] . ']' . t('post/item') . '[/url]'; $item['body'] = sprintf( t('%1$s marked %2$s\'s %3$s as favorite'), $A, $B, $P)."\n"; } } } + $matches = null; + if(preg_match_all('/@\[url=(.*?)\]/is',$item['body'],$matches,PREG_SET_ORDER)) { + foreach($matches as $mtch) { + if(! strpos($mtch[1],'zrl=')) + $item['body'] = str_replace($mtch[0],'@[url=' . zrl($mtch[1]). ']',$item['body']); + } + } } @@ -243,7 +250,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $threads = array(); $threadsid = -1; - if(count($items)) { + if($items && count($items)) { if($mode === 'network-new' || $mode === 'search' || $mode === 'community') { @@ -276,13 +283,16 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { if($item['author-link'] && (! $item['author-name'])) $profile_name = $item['author-link']; + + $sp = false; $profile_link = best_link_url($item,$sp); - if($sp) - $sparkle = ' sparkle'; if($profile_link === 'mailbox') $profile_link = ''; - + if($sp) + $sparkle = ' sparkle'; + else + $profile_link = zrl($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); if(($normalised != 'mailbox') && (x($a->contacts[$normalised]))) @@ -484,7 +494,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { // This will have been stored in $a->page_contact by our calling page. // Put this person on the left of the wall-to-wall notice. - $owner_url = $a->page_contact['url']; + $owner_url = zrl($a->page_contact['url']); $owner_photo = $a->page_contact['thumb']; $owner_name = $a->page_contact['name']; $template = $wallwall; @@ -501,10 +511,12 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $commentww = 'ww'; // If it is our contact, use a friendly redirect link if((link_compare($item['owner-link'],$item['url'])) - && ($item['network'] === 'dfrn')) { + && ($item['network'] === NETWORK_DFRN)) { $owner_url = $redirect_url; $osparkle = ' sparkle'; } + else + $owner_url = zrl($owner_url); } } @@ -520,9 +532,12 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { if ($shareable) $likebuttons['share'] = array( t('Share this'), t('share')); } + $qc = $qcomment = null; - $qc = ((local_user()) ? get_pconfig(local_user(),'qcomment','words') : null); - $qcomment = (($qc) ? explode("\n",$qc) : null); + if(in_array('qcomment',$a->plugins)) { + $qc = ((local_user()) ? get_pconfig(local_user(),'qcomment','words') : null); + $qcomment = (($qc) ? explode("\n",$qc) : null); + } if(($show_comment_box) || (($show_comment_box == false) && ($override_comment_box == false) && ($item['last-child']))) { $comment = replace_macros($cmnt_tpl,array( @@ -580,7 +595,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { 'classtagger' => "", ); } - $filer = t("file as"); + $filer = t("save to folder"); } @@ -596,14 +611,14 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { if($item['author-link'] && (! $item['author-name'])) $profile_name = $item['author-link']; - $sp = false; $profile_link = best_link_url($item,$sp); - if($sp) - $sparkle = ' sparkle'; - if($profile_link === 'mailbox') $profile_link = ''; + if($sp) + $sparkle = ' sparkle'; + else + $profile_link = zrl($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); if(($normalised != 'mailbox') && (x($a->contacts,$normalised))) @@ -767,8 +782,10 @@ function item_photo_menu($item){ $photos_link = $profile_link . "?url=photos"; $profile_link = $profile_link . "?url=profile"; $pm_url = $a->get_baseurl($ssl_state) . '/message/new/' . $cid; + $zurl = ''; } else { + $profile_link = zrl($profile_link); if(local_user() && local_user() == $item['uid'] && link_compare($item['url'],$item['author-link'])) { $cid = $item['contact-id']; } @@ -795,7 +812,7 @@ function item_photo_menu($item){ $menu = Array( t("View status") => $status_link, t("View profile") => $profile_link, - t("View photos") => $photos_link, + t("View photos") => $photos_link, t("View recent") => $posts_link, t("Edit contact") => $contact_url, t("Send PM") => $pm_url, @@ -828,6 +845,8 @@ function like_puller($a,$item,&$arr,$mode) { $url = $a->get_baseurl(true) . '/redir/' . $item['contact-id']; $sparkle = ' class="sparkle" '; } + else + $url = zrl($url); if(! ((isset($arr[$item['parent'] . '-l'])) && (is_array($arr[$item['parent'] . '-l'])))) $arr[$item['parent'] . '-l'] = array(); if(! isset($arr[$item['parent']])) @@ -896,7 +915,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { '$vidurl' => t("Please enter a video link/URL:"), '$audurl' => t("Please enter an audio link/URL:"), '$term' => t('Tag term:'), - '$fileas' => t('File as:'), + '$fileas' => t('Save to Folder:'), '$whereareu' => t('Where are you right now?') )); diff --git a/include/dba.php b/include/dba.php index 138e82b58..76cc0bc7b 100755 --- a/include/dba.php +++ b/include/dba.php @@ -209,9 +209,8 @@ function q($sql) { if($db && $db->connected) { $stmt = vsprintf($sql,$args); if($stmt === false) - logger('dba: vsprintf error: ' . print_r(debug_bracktrace(),true)); - $ret = $db->q($stmt); - return $ret; + logger('dba: vsprintf error: ' . print_r(debug_backtrace(),true)); + return $db->q($stmt); } /** diff --git a/include/items.php b/include/items.php index 9f7eb84d9..ee6960534 100755 --- a/include/items.php +++ b/include/items.php @@ -416,7 +416,7 @@ function get_atom_elements($feed,$item) { // the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining // html. - if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) { + if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) { $res['body'] = reltoabs($res['body'],$base_url); @@ -429,13 +429,21 @@ function get_atom_elements($feed,$item) { // we shouldn't need a whitelist, because the bbcode converter // will strip out any unsupported tags. - // $config->set('HTML.Allowed', 'p,b,a[href],i'); $purifier = new HTMLPurifier($config); $res['body'] = $purifier->purify($res['body']); - $res['body'] = html2bbcode($res['body']); + $res['body'] = @html2bbcode($res['body']); } + elseif(! $have_real_body) { + + // it's not one of our messages and it has no tags + // so it's probably just text. We'll escape it just to be safe. + + $res['body'] = escape_tags($res['body']); + } + + // this tag is obsolete but we keep it for really old sites $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) diff --git a/include/message.php b/include/message.php index 7ad80ae9c..377d7c715 100755 --- a/include/message.php +++ b/include/message.php @@ -1,4 +1,5 @@ <?php + // send a private message @@ -155,3 +156,87 @@ function send_message($recipient=0, $body='', $subject='', $replyto=''){ } } + + + + + +function send_wallmessage($recipient='', $body='', $subject='', $replyto=''){ + + $a = get_app(); + + if(! $recipient) return -1; + + if(! strlen($subject)) + $subject = t('[no subject]'); + + $hash = random_string(); + $uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':' . local_user() . ':' . $hash ; + + $convid = 0; + $reply = false; + + require_once('include/Scrape.php'); + + $me = probe_url($replyto); + + if(! $me['name']) + return -2; + + $conv_guid = get_guid(); + + $recip_handle = $recipient['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + + $sender_nick = basename($replyto); + $sender_host = substr($replyto,strpos($replyto,'://')+3); + $sender_host = substr($sender_host,0,strpos($sender_host,'/')); + $sender_handle = $sender_nick . '@' . $sender_host; + + $handles = $recip_handle . ';' . $sender_handle; + + $r = q("insert into conv (uid,guid,creator,created,updated,subject,recips) values(%d, '%s', '%s', '%s', '%s', '%s', '%s') ", + intval(local_user()), + dbesc($conv_guid), + dbesc($sender_handle), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc($subject), + dbesc($handles) + ); + + $r = q("select * from conv where guid = '%s' and uid = %d limit 1", + dbesc($conv_guid), + intval($recipient['uid']) + ); + if(count($r)) + $convid = $r[0]['id']; + + if(! $convid) { + logger('send message: conversation not found.'); + return -4; + } + + $r = q("INSERT INTO `mail` ( `uid`, `guid`, `convid`, `from-name`, `from-photo`, `from-url`, + `contact-id`, `title`, `body`, `seen`, `reply`, `replied`, `uri`, `parent-uri`, `created`, `unknown`) + VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', '%s', '%s', %d )", + intval($recipient['uid']), + dbesc(get_guid()), + intval($convid), + dbesc($me['name']), + dbesc($me['photo']), + dbesc($me['url']), + 0, + dbesc($subject), + dbesc($body), + 0, + 0, + 0, + dbesc($uri), + dbesc($replyto), + datetime_convert(), + 1 + ); + + return 0; + +} diff --git a/include/nav.php b/include/nav.php index f40e92dbc..2c9c643a9 100755 --- a/include/nav.php +++ b/include/nav.php @@ -69,7 +69,9 @@ function nav(&$a) { * "Home" should also take you home from an authenticated remote profile connection */ - $homelink = ((x($_SESSION,'visitor_home')) ? $_SESSION['visitor_home'] : ''); + $homelink = get_my_url(); + if(! $homelink) + $homelink = ((x($_SESSION,'visitor_home')) ? $_SESSION['visitor_home'] : ''); if(($a->module != 'home') && (! (local_user()))) $nav['home'] = array($homelink, t('Home'), "", t('Home Page')); diff --git a/include/network.php b/include/network.php index 22157ff18..9e1ed2091 100755 --- a/include/network.php +++ b/include/network.php @@ -364,6 +364,9 @@ function lrdd($uri, $debug = false) { logger('lrdd: host_meta: ' . $xml, LOGGER_DATA); + if(! stristr($xml,'<xrd')) + return array(); + $h = parse_xml_string($xml); if(! $h) return array(); diff --git a/include/security.php b/include/security.php index 19e91eb63..66622fd33 100755 --- a/include/security.php +++ b/include/security.php @@ -9,6 +9,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive $_SESSION['authenticated'] = 1; $_SESSION['page_flags'] = $user_record['page-flags']; $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $user_record['nickname']; + $_SESSION['my_address'] = $user_record['nickname'] . '@' . substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3); $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; $a->user = $user_record; diff --git a/include/text.php b/include/text.php index 6d557ed84..191f4fca8 100644 --- a/include/text.php +++ b/include/text.php @@ -205,7 +205,6 @@ function hex2bin($s) { return ''; if(! ctype_xdigit($s)) { - logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true)); return($s); } @@ -610,6 +609,8 @@ function micropro($contact, $redirect = false, $class = '', $textmode = false) { $url = $redirect_url; $sparkle = ' sparkle'; } + else + $url = zrl($url); } $click = ((x($contact,'click')) ? ' onclick="' . $contact['click'] . '" ' : ''); if($click) @@ -919,7 +920,7 @@ function prepare_body($item,$attach = false) { foreach($matches as $mtch) { if(strlen($x)) $x .= ','; - $x .= file_tag_decode($mtch[1]); + $x .= xmlify(file_tag_decode($mtch[1])); } if(strlen($x)) $s .= '<div class="categorytags"><span>' . t('Categories:') . ' </span>' . $x . '</div>'; @@ -934,7 +935,7 @@ function prepare_body($item,$attach = false) { foreach($matches as $mtch) { if(strlen($x)) $x .= ' '; - $x .= file_tag_decode($mtch[1]). ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . file_tag_decode($mtch[1]) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>'; + $x .= xmlify(file_tag_decode($mtch[1])) . ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . xmlify(file_tag_decode($mtch[1])) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>'; } if(strlen($x) && (local_user() == $item['uid'])) $s .= '<div class="filesavetags"><span>' . t('Filed under:') . ' </span>' . $x . '</div>'; @@ -1305,10 +1306,11 @@ function file_tag_decode($s) { } function file_tag_file_query($table,$s,$type = 'file') { + if($type == 'file') - $str = preg_quote( '[' . file_tag_encode($s) . ']' ); + $str = preg_quote( '[' . str_replace('%','%%',file_tag_encode($s)) . ']' ); else - $str = preg_quote( '<' . file_tag_encode($s) . '>' ); + $str = preg_quote( '<' . str_replace('%','%%',file_tag_encode($s)) . '>' ); return " AND " . (($table) ? dbesc($table) . '.' : '') . "file regexp '" . dbesc($str) . "' "; } |