diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/ItemObject.php | 4 | ||||
| -rw-r--r-- | include/api.php | 4 | ||||
| -rw-r--r-- | include/attach.php | 23 | ||||
| -rw-r--r-- | include/bbcode.php | 1 | ||||
| -rw-r--r-- | include/conversation.php | 2 | ||||
| -rwxr-xr-x | include/diaspora.php | 52 | ||||
| -rw-r--r-- | include/taxonomy.php | 9 | ||||
| -rw-r--r-- | include/widgets.php | 7 | ||||
| -rw-r--r-- | include/zot.php | 11 |
9 files changed, 82 insertions, 31 deletions
diff --git a/include/ItemObject.php b/include/ItemObject.php index 136e08eb7..1785d55e7 100644 --- a/include/ItemObject.php +++ b/include/ItemObject.php @@ -168,10 +168,6 @@ class Item extends BaseObject { $responses = get_responses($conv_responses,$response_verbs,$this,$item); - - - $like_button_label = tt('Like','Likes',$like_count,'noun'); - $like_count = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid']] : ''); $like_list = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid'] . '-l'] : ''); if (count($like_list) > MAX_LIKERS) { diff --git a/include/api.php b/include/api.php index d5c2a429c..d0c4ed0aa 100644 --- a/include/api.php +++ b/include/api.php @@ -808,8 +808,8 @@ require_once('include/items.php'); require_once('include/security.php'); - $lastwall = q("SELECT * from item where 1 - and item_private = 0 and item_restrict = 0 + $lastwall = q("SELECT * from item where + item_private = 0 and item_restrict = 0 and author_xchan = '%s' and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = '' and verb = '%s' diff --git a/include/attach.php b/include/attach.php index f973102e8..43b56e4f6 100644 --- a/include/attach.php +++ b/include/attach.php @@ -974,6 +974,11 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, if(!$object) return; + //filter out receivers which do not have permission to view filestorage + $arr_allow_cid = expand_acl($allow_cid); + $arr_allow_cid = check_list_permissions($channel_id, $arr_allow_cid, 'view_storage'); + $allow_cid = perms2str($arr_allow_cid); + $is_dir = (($object['flags'] & ATTACH_FLAG_DIR) ? true : false); //do not send activity for folders for now @@ -987,6 +992,9 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $r_perms = recursive_activity_recipients($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash); + //filter out receivers which do not have permission to view filestorage + $r_perms['allow_cid'] = check_list_permissions($channel_id, $r_perms['allow_cid'], 'view_storage'); + $allow_cid = perms2str($r_perms['allow_cid']); $allow_gid = perms2str($r_perms['allow_gid']); $deny_cid = perms2str($r_perms['deny_cid']); @@ -999,7 +1007,6 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $objtype = ACTIVITY_OBJ_FILE; $item_flags = ITEM_WALL|ITEM_ORIGIN; -; $private = (($allow_cid || $allow_gid || $deny_cid || $deny_gid) ? 1 : 0); @@ -1157,6 +1164,13 @@ function recursive_activity_recipients($allow_cid, $allow_gid, $deny_cid, $deny_ $arr_allow_cid = expand_acl($allow_cid); $arr_allow_gid = expand_acl($allow_gid); + + //turn allow_gid into allow_cid's + foreach($arr_allow_gid as $gid) { + $in_group = in_group($gid); + $arr_allow_cid = array_unique(array_merge($arr_allow_cid, $in_group)); + } + $arr_deny_cid = expand_acl($deny_cid); $arr_deny_gid = expand_acl($deny_gid); @@ -1261,10 +1275,15 @@ function recursive_activity_recipients($allow_cid, $allow_gid, $deny_cid, $deny_ } function in_group($group_id) { - $r = q("SELECT xchan FROM group_member left join groups on group_member.gid = group.id WHERE hash = '%s' ", + //TODO: make these two queries one with a join. + $x = q("SELECT id FROM groups WHERE hash = '%s'", dbesc($group_id) ); + $r = q("SELECT xchan FROM group_member WHERE gid = %d", + intval($x[0]['id']) + ); + foreach($r as $ig) { $group_members[] = $ig['xchan']; } diff --git a/include/bbcode.php b/include/bbcode.php index 82d0bd1d1..9a607c80d 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -630,6 +630,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { $Text = preg_replace("/\[table border=1\](.*?)\[\/table\]/sm", '<table border="1" >$1</table>' ,$Text); $Text = preg_replace("/\[table border=0\](.*?)\[\/table\]/sm", '<table border="0" >$1</table>' ,$Text); } + $Text = str_replace('</tr><br /><tr>',"</tr>\n<tr>",$Text); $Text = str_replace('[hr]','<hr />', $Text); // This is actually executed in prepare_body() diff --git a/include/conversation.php b/include/conversation.php index 17822d0d5..8bc42b34b 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1664,7 +1664,7 @@ function get_responses($conv_responses,$response_verbs,$ob,$item) { if(count($ret[$v]['list']) > MAX_LIKERS) { $ret[$v]['list_part'] = array_slice($ret[$v]['list'], 0, MAX_LIKERS); array_push($ret[$v]['list_part'], '<a href="#" data-toggle="modal" data-target="#' . $v . 'Modal-' - . $ob->get_id() . '"><b>' . t('View all') . '</b></a>'); + . (($ob) ? $ob->get_id() : $item['id']) . '"><b>' . t('View all') . '</b></a>'); } else { $ret[$v]['list_part'] = ''; diff --git a/include/diaspora.php b/include/diaspora.php index 559a9d14d..d2e27aafe 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1271,31 +1271,21 @@ function diaspora_comment($importer,$xml,$msg) { return; } - if((! $importer['system']) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'post_comments'))) { - logger('diaspora_comment: Ignoring this author.'); - return 202; - } - // Friendica is currently truncating guids at 64 chars + + $pubcomment = get_pconfig($importer['channel_id'],'system','diaspora_public_comments'); - $search_guid = $guid; - if(strlen($guid) == 64) - $search_guid = $guid . '%'; + // by default comments on public posts are allowed from anybody on Diaspora. That is their policy. + // Once this setting is set to something we'll track your preference and it will over-ride the default. - $r = q("SELECT * FROM item WHERE uid = %d AND mid like '%s' LIMIT 1", - intval($importer['channel_id']), - dbesc($search_guid) - ); - if($r) { - logger('diaspora_comment: our comment just got relayed back to us (or there was a guid collision) : ' . $guid); - return; - } + if($pubcomment === false) + $pubcomment = 1; + // Friendica is currently truncating guids at 64 chars $search_guid = $parent_guid; if(strlen($parent_guid) == 64) $search_guid = $parent_guid . '%'; - $r = q("SELECT * FROM item WHERE uid = %d AND mid LIKE '%s' LIMIT 1", intval($importer['channel_id']), dbesc($search_guid) @@ -1304,8 +1294,36 @@ function diaspora_comment($importer,$xml,$msg) { logger('diaspora_comment: parent item not found: parent: ' . $parent_guid . ' item: ' . $guid); return; } + $parent_item = $r[0]; + if(intval($parent_item['item_private'])) + $pubcomment = 0; + + // So basically if something arrives at the sys channel it's by definition public and we allow it. + // If $pubcomment and the parent was public, we allow it. + // In all other cases, honour the permissions for this Diaspora connection + + if((! $importer['system']) && (! $pubcomment) && (! perm_is_allowed($importer['channel_id'],$contact['xchan_hash'],'post_comments'))) { + logger('diaspora_comment: Ignoring this author.'); + return 202; + } + + $search_guid = $guid; + if(strlen($guid) == 64) + $search_guid = $guid . '%'; + + + $r = q("SELECT * FROM item WHERE uid = %d AND mid like '%s' LIMIT 1", + intval($importer['channel_id']), + dbesc($search_guid) + ); + if($r) { + logger('diaspora_comment: our comment just got relayed back to us (or there was a guid collision) : ' . $guid); + return; + } + + /* How Diaspora performs comment signature checking: diff --git a/include/taxonomy.php b/include/taxonomy.php index be80008df..d36c05db2 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -98,7 +98,12 @@ function format_term_for_display($term) { function tagadelic($uid, $count = 0, $authors = '', $flags = 0, $restrict = 0, $type = TERM_HASHTAG) { - $sql_options = ''; + require_once('include/security.php'); + + if(! perm_is_allowed($uid,get_observer_hash(),'view_stream')) + return array(); + + $sql_options = item_permissions_sql($uid); $count = intval($count); if($flags) @@ -114,7 +119,7 @@ function tagadelic($uid, $count = 0, $authors = '', $flags = 0, $restrict = 0, $ // Fetch tags $r = q("select term, count(term) as total from term left join item on term.oid = item.id where term.uid = %d and term.type = %d - and otype = %d and item_restrict = %d and item_private = 0 + and otype = %d and item_restrict = %d $sql_options group by term order by total desc %s", intval($uid), diff --git a/include/widgets.php b/include/widgets.php index d457db07d..fbbc74224 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -962,4 +962,11 @@ function widget_rating($arr) { return $o; +} + +// used by site ratings pages to provide a return link +function widget_pubsites() { + if(get_app()->poi) + return; + return '<div class="widget"><ul class="nav nav-pills"><li><a href="pubsites">' . t('Public Hubs') . '</a></li></ul></div>'; }
\ No newline at end of file diff --git a/include/zot.php b/include/zot.php index da6ca16c3..852376c4b 100644 --- a/include/zot.php +++ b/include/zot.php @@ -2243,6 +2243,11 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_ $r = q("select * from xprof where xprof_hash = '%s' limit 1", dbesc($hash) ); + + $age = intval($arr['xprof_age']); + if($age > 150) + $age = 150; + if($r) { $update = false; foreach($r[0] as $k => $v) { @@ -2271,7 +2276,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_ where xprof_hash = '%s'", dbesc($arr['xprof_desc']), dbesc($arr['xprof_dob']), - intval($arr['xprof_age']), + $age, dbesc($arr['xprof_gender']), dbesc($arr['xprof_marital']), dbesc($arr['xprof_sexual']), @@ -2294,7 +2299,7 @@ function import_directory_profile($hash,$profile,$addr,$ud_flags = UPDATE_FLAGS_ dbesc($arr['xprof_hash']), dbesc($arr['xprof_desc']), dbesc($arr['xprof_dob']), - intval($arr['xprof_age']), + $age, dbesc($arr['xprof_gender']), dbesc($arr['xprof_marital']), dbesc($arr['xprof_sexual']), @@ -2442,7 +2447,7 @@ function import_site($arr,$pubkey) { } $directory_url = htmlspecialchars($arr['directory_url'],ENT_COMPAT,'UTF-8',false); - $url = htmlspecialchars($arr['url'],ENT_COMPAT,'UTF-8',false); + $url = htmlspecialchars(strtolower($arr['url']),ENT_COMPAT,'UTF-8',false); $sellpage = htmlspecialchars($arr['sellpage'],ENT_COMPAT,'UTF-8',false); $site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false); $site_realm = htmlspecialchars($arr['realm'],ENT_COMPAT,'UTF-8',false); |