diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/Contact.php | 13 | ||||
| -rw-r--r-- | include/bbcode.php | 12 | ||||
| -rw-r--r-- | include/conversation.php | 2 | ||||
| -rwxr-xr-x | include/items.php | 14 | ||||
| -rw-r--r-- | include/permissions.php | 40 | ||||
| -rw-r--r-- | include/photos.php | 12 | ||||
| -rw-r--r-- | include/security.php | 21 | ||||
| -rw-r--r-- | include/zot.php | 26 |
8 files changed, 89 insertions, 51 deletions
diff --git a/include/Contact.php b/include/Contact.php index ffee5096a..787612c83 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -133,6 +133,19 @@ function abook_toggle_flag($abook,$flag) { intval($abook['abook_id']), intval($abook['abook_channel']) ); + + // if unsetting the archive bit, update the timestamps so we'll try to connect for an additional 30 days. + + if(($flag === ABOOK_FLAG_ARCHIVED) && ($abook['abook_flags'] & ABOOK_FLAG_ARCHIVED)) { + $r = q("update abook set abook_connected = '%s', abook_updated = '%s' + where abook_id = %d and abook_channel = %d limit 1", + dbesc(datetime_convert()), + dbesc(datetime_convert()), + intval($abook['abook_id']), + intval($abook['abook_channel']) + ); + } + $a = get_app(); if($a->data['abook']) $a->data['abook']['abook_flags'] = $a->data['abook']['abook_flags'] ^ $flag; diff --git a/include/bbcode.php b/include/bbcode.php index 674b5f45a..60463fc00 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -344,9 +344,15 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { $a = get_app(); - // Move all spaces out of the tags - $Text = preg_replace("/\[(\w*)\](\s*)/ism", '$2[$1]', $Text); - $Text = preg_replace("/(\s*)\[\/(\w*)\]/ism", '[/$2]$1', $Text); + // Move all spaces out of the tags + // ....Uhm why? + // This is basically doing a trim() on the stuff in between tags, but it messes up + // carefully crafted bbcode and especially other pre-formatted code. + // Commenting out until we come up with a use case where it's needed. Then let's try and + // special case rather than a heavy-handed approach like this. + +// $Text = preg_replace("/\[(\w*)\](\s*)/ism", '$2[$1]', $Text); +// $Text = preg_replace("/(\s*)\[\/(\w*)\]/ism", '[/$2]$1', $Text); // Hide all [noparse] contained bbtags by spacefying them if (strpos($Text,'[noparse]') !== false) { diff --git a/include/conversation.php b/include/conversation.php index 5c3933788..a2cca1c77 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -909,7 +909,7 @@ function item_photo_menu($item){ } if((local_user()) && local_user() == $item['uid']) { - $vsrc_link = $a->get_baseurl() . '/viewsrc/' . $item['id']; + $vsrc_link = 'javascript:viewsrc(' . $item['id'] . '); return false;'; if($item['parent'] == $item['id'] && $channel && ($channel_hash != $item['author_xchan'])) { $sub_link = 'javascript:dosubthread(' . $item['id'] . '); return false;'; } diff --git a/include/items.php b/include/items.php index f71ebd503..c35a442b2 100755 --- a/include/items.php +++ b/include/items.php @@ -943,6 +943,8 @@ function map_scope($scope) { return 'network: red'; case PERMS_SITE: return 'site: ' . get_app()->get_hostname(); + case PERMS_PENDING: + return 'any connections'; case PERMS_CONTACTS: default: return 'contacts'; @@ -4085,7 +4087,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C } if(! array_key_exists('nouveau',$arr)) { - $sql_extra2 = " AND item.parent = item.id "; + $sql_extra2 = " AND item.parent = item.id "; $sql_extra3 = ''; } @@ -4126,12 +4128,12 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $pager_sql = sprintf(" LIMIT %d, %d ",intval($arr['start']), intval($arr['records'])); if(array_key_exists('cmin',$arr) || array_key_exists('cmax',$arr)) { - if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { + if(($arr['cmin'] != 0) || ($arr['cmax'] != 99)) { - // Not everybody who shows up in the network stream will be in your address book. - // By default those that aren't are assumed to have closeness = 99; but this isn't - // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in - // the stream with a NULL address book entry. + // Not everybody who shows up in the network stream will be in your address book. + // By default those that aren't are assumed to have closeness = 99; but this isn't + // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in + // the stream with a NULL address book entry. $sql_nets .= " AND "; diff --git a/include/permissions.php b/include/permissions.php index 029bc1288..a3ec13925 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -177,32 +177,36 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { continue; } - // If PERMS_CONTACTS or PERMS_SPECIFIC, they need to be in your address book - // $x is a valid address book entry + // From here on we require that the observer be a connection and + // handle whether we're allowing any, approved or specific ones if(! $x) { $ret[$perm_name] = false; continue; } - + // They are in your address book, but haven't been approved + if($r[0][$channel_perm] & PERMS_PENDING) { + $ret[$perm_name] = true; + continue; + } + if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) { $ret[$perm_name] = false; continue; } - if(($r) && ($r[0][$channel_perm] & PERMS_CONTACTS)) { - - // They're a contact, so they have permission + // They're a contact, so they have permission + if($r[0][$channel_perm] & PERMS_CONTACTS) { $ret[$perm_name] = true; continue; } // Permission granted to certain channels. Let's see if the observer is one of them - if(($r) && ($r[0][$channel_perm] & PERMS_SPECIFIC)) { + if($r[0][$channel_perm] & PERMS_SPECIFIC) { if(($x[0]['abook_my_perms'] & $global_perms[$perm_name][1])) { $ret[$perm_name] = true; continue; @@ -216,7 +220,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { } - $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -229,7 +232,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { function perm_is_allowed($uid,$observer_xchan,$permission) { - $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -280,7 +282,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { } } - // Check if this $uid is actually the $observer_xchan if($r[0]['channel_hash'] === $observer_xchan) @@ -312,16 +313,27 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if($c) return true; return false; - } + } + + // From here on we require that the observer be a connection and + // handle whether we're allowing any, approved or specific ones if(! $x) { return false; } + // They are in your address book, but haven't been approved + + if($r[0][$channel_perm] & PERMS_PENDING) { + return true; + } + if($x[0]['abook_flags'] & ABOOK_FLAG_PENDING) { return false; } + // They're a contact, so they have permission + if($r[0][$channel_perm] & PERMS_CONTACTS) { return true; } @@ -333,13 +345,9 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { return true; } - - - // No permissions allowed. return false; - } @@ -356,7 +364,6 @@ function check_list_permissions($uid,$arr,$perm) { } - function site_default_perms() { $typical = array( @@ -378,7 +385,6 @@ function site_default_perms() { 'delegate' => 0, ); - $global_perms = get_perms(); $ret = array(); diff --git a/include/photos.php b/include/photos.php index 65532e6c2..9819c7ef2 100644 --- a/include/photos.php +++ b/include/photos.php @@ -264,7 +264,7 @@ function photos_albums_list($channel,$observer) { $sql_extra = permissions_sql($channel_id); - $albums = q("SELECT distinct album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra order by created desc", + $albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and ( photo_flags = %d or photo_flags = %d ) $sql_extra group by album order by created desc", intval($channel_id), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE) @@ -277,13 +277,15 @@ function photos_albums_list($channel,$observer) { if($albums) { $ret['success'] = true; + $ret['albums'] = array(); foreach($albums as $k => $album) { $entry = array( - 'text' => $album['album'], + 'text' => $album['album'], + 'total' => $album['total'], 'url' => z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album['album']), 'urlencode' => urlencode($album['album']), 'bin2hex' => bin2hex($album['album'])); - $ret[] = $entry; + $ret['albums'][] = $entry; } } return $ret; @@ -305,11 +307,11 @@ function photos_album_widget($channelx,$observer,$albums = null) { $albums = photos_albums_list($channelx,$observer); } - if($albums) { + if($albums['success']) { $o = replace_macros(get_markup_template('photo_albums.tpl'),array( '$nick' => $channelx['channel_address'], '$title' => t('Photo Albums'), - '$albums' => $albums, + '$albums' => $albums['albums'], '$baseurl' => z_root(), '$upload' => ((perm_is_allowed($channelx['channel_id'],(($observer) ? $observer['xchan_hash'] : ''),'post_photos')) ? t('Upload New Photos') : '') diff --git a/include/security.php b/include/security.php index 285c4a231..aaf4eb050 100644 --- a/include/security.php +++ b/include/security.php @@ -311,7 +311,7 @@ function check_form_security_token_redirectOnErr($err_redirect, $typename = '', } function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') { if (!check_form_security_token($typename, $formname)) { - $a = get_app(); + $a = get_app(); logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); header('HTTP/1.1 403 Forbidden'); @@ -342,19 +342,22 @@ function init_groups_visitor($contact_id) { // This is used to determine which uid have posts which are visible to the logged in user (from the API) for the -// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in. +// public_timeline, and we can use this in a community page by making +// $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in. // Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility) // We always include yourself if logged in because you can always see your own posts // resolving granular permissions for the observer against every person and every post on the site // will likely be too expensive. // Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query -function stream_perms_api_uids($perms_min = PERMS_SITE) { +function stream_perms_api_uids($perms = NULL ) { + $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms; + $ret = array(); if(local_user()) $ret[] = local_user(); - $r = q("select channel_id from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", - intval($perms_min), + $r = q("select channel_id from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + intval($perms), intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); if($r) @@ -373,13 +376,15 @@ function stream_perms_api_uids($perms_min = PERMS_SITE) { return $str; } -function stream_perms_xchans($perms_min = PERMS_SITE) { +function stream_perms_xchans($perms = NULL ) { + $perms = is_null($perms) ? (PERMS_SITE|PERMS_NETWORK|PERMS_PUBLIC) : $perms; + $ret = array(); if(local_user()) $ret[] = get_observer_hash(); - $r = q("select channel_hash from channel where channel_r_stream > 0 and channel_r_stream <= %d and not (channel_pageflags & %d)", - intval($perms_min), + $r = q("select channel_hash from channel where channel_r_stream > 0 and (channel_r_stream & %d) and not (channel_pageflags & %d)", + intval($perms), intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) ); if($r) diff --git a/include/zot.php b/include/zot.php index 2137a6b52..4f42ea2b4 100644 --- a/include/zot.php +++ b/include/zot.php @@ -314,11 +314,8 @@ function zot_refresh($them,$channel = null, $force = false) { if(! $x['success']) return false; - $xchan_hash = $x['hash']; - $their_perms = 0; - if($channel) { $global_perms = get_perms(); if($j['permissions']['data']) { @@ -417,6 +414,9 @@ function zot_refresh($them,$channel = null, $force = false) { if($z) $default_perms = intval($z[0]['abook_my_perms']); + // Keep original perms to check if we need to notify them + $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); + $y = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_flags ) values ( %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), @@ -431,8 +431,9 @@ function zot_refresh($them,$channel = null, $force = false) { if($y) { logger("New introduction received for {$channel['channel_name']}"); - if($default_perms) { - // send back a permissions update for auto-friend/auto-permissions + $new_perms = get_all_perms($channel['channel_id'],$x['hash']); + if($new_perms != $previous_perms) { + // Send back a permissions update if permissions have changed $z = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) limit 1", dbesc($x['hash']), intval($channel['channel_id']), @@ -455,8 +456,11 @@ function zot_refresh($them,$channel = null, $force = false) { )); } - if($new_connection && (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) && ($their_perms & PERMS_R_STREAM)) + if($new_connection && ($their_perms & PERMS_R_STREAM)) { + if(($channel['channel_w_stream'] & PERMS_PENDING) + || (! ($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) ) proc_run('php','include/onepoll.php',$new_connection[0]['abook_id']); + } } } @@ -1135,7 +1139,7 @@ function zot_import($arr, $sender_url) { if(array_key_exists('iv',$data)) { $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true); - } + } $incoming = $data['pickup']; @@ -1147,7 +1151,7 @@ function zot_import($arr, $sender_url) { if(array_key_exists('iv',$i['notify'])) { $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true); - } + } logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA); @@ -1329,7 +1333,7 @@ function public_recips($msg) { if(! $r) $r = array(); - $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_CONTACTS . " ) ", + $x = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & " . PAGE_REMOVED . " ) and (( " . $col . " & " . PERMS_SPECIFIC . " ) and ( abook_my_perms & " . $field . " )) OR ( " . $col . " & " . PERMS_PENDING . " ) OR (( " . $col . " & " . PERMS_CONTACTS . " ) and not ( abook_flags & " . ABOOK_FLAG_PENDING . " )) ", dbesc($msg['notify']['sender']['hash']) ); @@ -2044,12 +2048,12 @@ function build_sync_packet($uid = 0, $packet = null) { if(! $uid) return; - $r = q("select * from channel where channel_id = %d limit 1", + $r = q("select * from channel where channel_id = %d limit 1", intval($uid) ); if(! $r) return; - + $channel = $r[0]; $h = q("select * from hubloc where hubloc_hash = '%s'", |