aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rwxr-xr-xinclude/conversation.php2
-rwxr-xr-xinclude/dba.php24
-rwxr-xr-xinclude/delivery.php3
-rwxr-xr-xinclude/email.php2
-rwxr-xr-xinclude/items.php31
-rwxr-xr-xinclude/network.php4
-rwxr-xr-xinclude/notifier.php4
-rwxr-xr-xinclude/poller.php2
-rwxr-xr-xinclude/queue.php11
-rwxr-xr-xinclude/security.php24
-rwxr-xr-xinclude/template_processor.php2
-rw-r--r--include/text.php2
12 files changed, 78 insertions, 33 deletions
diff --git a/include/conversation.php b/include/conversation.php
index 8ca484c9e..e9f024c27 100755
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -649,7 +649,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
// template to use to render item (wall, walltowall, search)
'template' => $template,
- 'type' => implode("",array_slice(split("/",$item['verb']),-1)),
+ 'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
'tags' => $tags,
'body' => template_escape($body),
'text' => strip_tags(template_escape($body)),
diff --git a/include/dba.php b/include/dba.php
index 7455b6b3e..5beea7a3a 100755
--- a/include/dba.php
+++ b/include/dba.php
@@ -1,5 +1,7 @@
<?php
+require_once('include/datetime.php');
+
/**
*
* MySQL database class
@@ -104,19 +106,17 @@ class dba {
logger('dba: ' . $str );
}
- else {
- /**
- * If dbfail.out exists, we will write any failed calls directly to it,
- * regardless of any logging that may or may nor be in effect.
- * These usually indicate SQL syntax errors that need to be resolved.
- */
+ /**
+ * If dbfail.out exists, we will write any failed calls directly to it,
+ * regardless of any logging that may or may nor be in effect.
+ * These usually indicate SQL syntax errors that need to be resolved.
+ */
- if($result === false) {
- logger('dba: ' . printable($sql) . ' returned false.');
- if(file_exists('dbfail.out'))
- file_put_contents('dbfail.out', printable($sql) . ' returned false' . "\n", FILE_APPEND);
- }
+ if($result === false) {
+ logger('dba: ' . printable($sql) . ' returned false.');
+ if(file_exists('dbfail.out'))
+ file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n", FILE_APPEND);
}
if(($result === true) || ($result === false))
@@ -140,7 +140,7 @@ class dba {
if($this->debug)
- logger('dba: ' . printable(print_r($r, true)), LOGGER_DATA);
+ logger('dba: ' . printable(print_r($r, true)));
return($r);
}
diff --git a/include/delivery.php b/include/delivery.php
index 44a482ca2..532dcd699 100755
--- a/include/delivery.php
+++ b/include/delivery.php
@@ -256,7 +256,8 @@ function delivery_run($argv, $argc){
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
- '$birthday' => $birthday
+ '$birthday' => $birthday,
+ '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
));
foreach($items as $item) {
diff --git a/include/email.php b/include/email.php
index a3449a424..8ea8145fb 100755
--- a/include/email.php
+++ b/include/email.php
@@ -56,7 +56,7 @@ function email_msg_headers($mbox,$uid) {
$raw_header = (($mbox && $uid) ? @imap_fetchheader($mbox,$uid,FT_UID) : '');
$raw_header = str_replace("\r",'',$raw_header);
$ret = array();
- $h = split("\n",$raw_header);
+ $h = explode("\n",$raw_header);
if(count($h))
foreach($h as $line ) {
if (preg_match("/^[a-zA-Z]/", $line)) {
diff --git a/include/items.php b/include/items.php
index 5e1fec557..5a297c83e 100755
--- a/include/items.php
+++ b/include/items.php
@@ -28,7 +28,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
- $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`
+ $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`
FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1",
dbesc($owner_nick)
@@ -156,7 +156,8 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
- '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '')
+ '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''),
+ '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
));
call_hooks('atom_feed', $atom);
@@ -1404,6 +1405,19 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
}
+ $community_page = 0;
+ $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
+ if($rawtags) {
+ $community_page = intval($rawtags[0]['data']);
+ }
+ if(is_array($contact) && intval($contact['forum']) != $community_page) {
+ q("update contact set forum = %d where id = %d limit 1",
+ intval($community_page),
+ intval($contact['id'])
+ );
+ $contact['forum'] = (string) $community_page;
+ }
+
// process any deleted entries
@@ -1987,6 +2001,19 @@ function local_delivery($importer,$data) {
// NOTREACHED
}
+
+ $community_page = 0;
+ $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
+ if($rawtags) {
+ $community_page = intval($rawtags[0]['data']);
+ }
+ if(intval($importer['forum']) != $community_page) {
+ q("update contact set forum = %d where id = %d limit 1",
+ intval($community_page),
+ intval($importer['id'])
+ );
+ $importer['forum'] = (string) $community_page;
+ }
logger('local_delivery: feed item count = ' . $feed->get_item_quantity());
diff --git a/include/network.php b/include/network.php
index c72919dd8..22157ff18 100755
--- a/include/network.php
+++ b/include/network.php
@@ -303,7 +303,7 @@ function webfinger_dfrn($s,&$hcard) {
if(! function_exists('webfinger')) {
-function webfinger($s) {
+function webfinger($s, $debug = false) {
$host = '';
if(strstr($s,'@')) {
$host = substr($s,strpos($s,'@') + 1);
@@ -328,7 +328,7 @@ function webfinger($s) {
}}
if(! function_exists('lrdd')) {
-function lrdd($uri) {
+function lrdd($uri, $debug = false) {
$a = get_app();
diff --git a/include/notifier.php b/include/notifier.php
index 07edc7046..d63ad7ae7 100755
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -337,7 +337,9 @@ function notifier_run($argv, $argc){
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
- '$birthday' => $birthday
+ '$birthday' => $birthday,
+ '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
+
));
if($mail) {
diff --git a/include/poller.php b/include/poller.php
index 3bc98e36f..8262c1d60 100755
--- a/include/poller.php
+++ b/include/poller.php
@@ -232,7 +232,7 @@ function poller_run($argv, $argc){
$importer_uid = $contact['uid'];
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
+ $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `contact`.`uid` = `user`.`uid` WHERE `user`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1",
intval($importer_uid)
);
if(! count($r))
diff --git a/include/queue.php b/include/queue.php
index d312b50f5..7e92705be 100755
--- a/include/queue.php
+++ b/include/queue.php
@@ -61,13 +61,18 @@ function queue_run($argv, $argc){
q("DELETE FROM `queue` WHERE `created` < UTC_TIMESTAMP() - INTERVAL 3 DAY");
}
- if($queue_id)
+ if($queue_id) {
$r = q("SELECT `id` FROM `queue` WHERE `id` = %d LIMIT 1",
intval($queue_id)
);
- else
- $r = q("SELECT `id` FROM `queue` WHERE `last` < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ");
+ }
+ else {
+ // For the first 12 hours we'll try to deliver every 15 minutes
+ // After that, we'll only attempt delivery once per hour.
+
+ $r = q("SELECT `id` FROM `queue` WHERE (( `created` > UTC_TIMESTAMP() - INTERVAL 12 HOUR && `last` < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ) OR ( `last` < UTC_TIMESTAMP() - INTERVAL 1 HOUR ))");
+ }
if(! count($r)){
return;
}
diff --git a/include/security.php b/include/security.php
index 6ea515bff..19e91eb63 100755
--- a/include/security.php
+++ b/include/security.php
@@ -299,16 +299,16 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
* Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are,
* so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
*/
-function get_form_security_token($typename = "") {
+function get_form_security_token($typename = '') {
$a = get_app();
$timestamp = time();
- $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $timestamp . $typename);
+ $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $timestamp . $typename);
- return $timestamp . "." . $sec_hash;
+ return $timestamp . '.' . $sec_hash;
}
-function check_form_security_token($typename = "", $formname = 'form_security_token') {
+function check_form_security_token($typename = '', $formname = 'form_security_token') {
if (!x($_REQUEST, $formname)) return false;
$hash = $_REQUEST[$formname];
@@ -316,10 +316,10 @@ function check_form_security_token($typename = "", $formname = 'form_security_to
$a = get_app();
- $x = explode(".", $hash);
+ $x = explode('.', $hash);
if (time() > (IntVal($x[0]) + $max_livetime)) return false;
- $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $x[0] . $typename);
+ $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename);
return ($sec_hash == $x[1]);
}
@@ -327,10 +327,20 @@ function check_form_security_token($typename = "", $formname = 'form_security_to
function check_form_security_std_err_msg() {
return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before subitting it.') . EOL;
}
-function check_form_security_token_redirectOnErr($err_redirect, $typename = "", $formname = 'form_security_token') {
+function check_form_security_token_redirectOnErr($err_redirect, $typename = '', $formname = 'form_security_token') {
if (!check_form_security_token($typename, $formname)) {
$a = get_app();
+ logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
+ logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
notice( check_form_security_std_err_msg() );
goaway($a->get_baseurl() . $err_redirect );
}
}
+function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') {
+ if (!check_form_security_token($typename, $formname)) {
+ logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
+ logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
+ header('HTTP/1.1 403 Forbidden');
+ killme();
+ }
+} \ No newline at end of file
diff --git a/include/template_processor.php b/include/template_processor.php
index 93bf391c5..4c317efe1 100755
--- a/include/template_processor.php
+++ b/include/template_processor.php
@@ -203,7 +203,7 @@
$os=$s; $count++;
$s = $this->var_replace($s);
}
- return template_unescape($s);
+ return $s;
}
}
diff --git a/include/text.php b/include/text.php
index cdf82ca87..89acbf9fa 100644
--- a/include/text.php
+++ b/include/text.php
@@ -20,7 +20,7 @@ function replace_macros($s,$r) {
//$a = get_app();
//$a->page['debug'] .= "$tt <br>\n";
- return $r;
+ return template_unescape($r);
}}