diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/Contact.php | 46 | ||||
-rw-r--r-- | include/Import/Importer.php | 38 | ||||
-rw-r--r-- | include/Import/refimport.php | 2 | ||||
-rw-r--r-- | include/conversation.php | 4 | ||||
-rw-r--r-- | include/dir_fns.php | 17 | ||||
-rw-r--r-- | include/permissions.php | 166 | ||||
-rw-r--r-- | include/security.php | 117 | ||||
-rw-r--r-- | include/widgets.php | 161 | ||||
-rw-r--r-- | include/zot.php | 9 |
9 files changed, 327 insertions, 233 deletions
diff --git a/include/Contact.php b/include/Contact.php index f0c7cd737..4fd43db44 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -128,12 +128,14 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { function abook_toggle_flag($abook,$flag) { - $r = q("UPDATE abook set abook_flags = (abook_flags & ~%d) where abook_id = %d and abook_channel = %d", - intval($flag), - intval($abook['abook_id']), - intval($abook['abook_channel']) + $r = q("UPDATE abook set abook_flags = (abook_flags %s %d) where abook_id = %d and abook_channel = %d", + db_getfunc('^'), + intval($flag), + intval($abook['abook_id']), + intval($abook['abook_channel']) ); + // if unsetting the archive bit, update the timestamps so we'll try to connect for an additional 30 days. if(($flag === ABOOK_FLAG_ARCHIVED) && ($abook['abook_flags'] & ABOOK_FLAG_ARCHIVED)) { @@ -205,6 +207,7 @@ function account_remove($account_id,$local = true,$unset_session=true) { intval($account_id) ); + if ($unset_session) { unset($_SESSION['authenticated']); unset($_SESSION['uid']); @@ -214,6 +217,28 @@ function account_remove($account_id,$local = true,$unset_session=true) { return $r; } +// recursively delete a directory +function rrmdir($path) +{ + if (is_dir($path) === true) + { + $files = array_diff(scandir($path), array('.', '..')); + + foreach ($files as $file) + { + rrmdir(realpath($path) . '/' . $file); + } + + return rmdir($path); + } + + else if (is_file($path) === true) + { + return unlink($path); + } + + return false; +} function channel_remove($channel_id, $local = true, $unset_session=true) { @@ -309,6 +334,19 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { dbesc($channel['channel_hash']) ); } + + //remove from file system + $r = q("select channel_address from channel where channel_id = %d limit 1", + intval($channel_id) + ); + if($r) + $channel_address = $r[0]['channel_address'] ; + if ($channel_address !== '') { + $f = 'store/' . $channel_address.'/'; + logger ('delete '. $f); + if(is_dir($f)) + @rrmdir($f); + } proc_run('php','include/directory.php',$channel_id); diff --git a/include/Import/Importer.php b/include/Import/Importer.php index c42344236..5e684cd8e 100644 --- a/include/Import/Importer.php +++ b/include/Import/Importer.php @@ -1,26 +1,28 @@ <?php /** @file */ -namespace Redmatrix\Import; - +namespace RedMatrix\Import; +/** + * @brief Class Import + * + * @package RedMatrix\Import + */ class Import { - $credentials = null; - $itemlist = null; - $src_items = null; + private $credentials = null; - $items = null; + protected $itemlist = null; + protected $src_items = null; + protected $items = null; function get_credentials() { - + return $this->credentials; } function get_itemlist() { - - + return $this->itemlist; } - function get_item_ident($item) { } @@ -43,19 +45,17 @@ class Import { function convert_taxonomy($item_ident) { - } function convert_child($child) { } - function store($item,$update = false) { + function store($item, $update = false) { } function run() { - $this->credentials = $this->get_credentials(); $this->itemlist = $this->get_itemlist(); if($this->itemlist) { @@ -77,18 +77,6 @@ class Import { } $cnt ++; } - - - - } - - - - - - } - - }
\ No newline at end of file diff --git a/include/Import/refimport.php b/include/Import/refimport.php index 4f2572660..181b2b398 100644 --- a/include/Import/refimport.php +++ b/include/Import/refimport.php @@ -13,8 +13,6 @@ require_once('include/hubloc.php'); // with a browser until all the posts had been imported. - - define('REDMATRIX_IMPORTCHANNEL','mike'); define('REFLECT_EXPORTUSERNAME','mike'); define('REFLECT_BLOGNAME','Diary and Other Rantings'); diff --git a/include/conversation.php b/include/conversation.php index 425a655f7..6b3e278f0 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -915,8 +915,8 @@ function item_photo_menu($item){ if($contact) { $poke_link = $a->get_baseurl($ssl_state) . '/poke/?f=&c=' . $contact['abook_id']; - if (!($contact['abook_flags'] & ABOOK_FLAG_SELF)) - $contact_url = $a->get_baseurl($ssl_state) . '/connedit/' . $contact['abook_id']; + if (!($contact['abook_flags'] & ABOOK_FLAG_SELF)) + $contact_url = $a->get_baseurl($ssl_state) . '/connedit/' . $contact['abook_id']; $posts_link = $a->get_baseurl($ssl_state) . '/network/?cid=' . $contact['abook_id']; $clean_url = normalise_link($item['author-link']); diff --git a/include/dir_fns.php b/include/dir_fns.php index 909005bbb..8bec974fb 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -51,13 +51,30 @@ function check_upstream_directory() { } function dir_sort_links() { + // Build urls without order and pubforums so it's easy to tack on the changed value + // Probably there's an easier way to do this + $url = 'directory?'; + $tmp = $_REQUEST; + unset($tmp['order']); + $sorturl = $url . http_build_query($tmp); + $tmp = $_REQUEST; + + unset($tmp['pubforums']); + $forumsurl = $url . http_build_query($tmp); $o = replace_macros(get_markup_template('dir_sort_links.tpl'), array( '$header' => t('Directory Options'), '$normal' => t('Alphabetic'), '$reverse' => t('Reverse Alphabetic'), '$date' => t('Newest to Oldest'), + '$reversedate' => t('Oldest to Newest'), '$pubforums' => t('Public Forums Only'), + '$pubforumsonly' => x($_REQUEST,'pubforums') ? $_REQUEST['pubforums'] : '', + '$sort' => t('Sort'), + '$selected_sort' => x($_REQUEST,'order') ? $_REQUEST['order'] : 'normal', + '$sorturl' => $sorturl, + '$forumsurl' => $forumsurl, + )); return $o; } diff --git a/include/permissions.php b/include/permissions.php index b078de4d5..563d574db 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -1,6 +1,19 @@ -<?php /** @file */ - +<?php +/** + * @file incldue/permissions.php + * + * This file conntains functions to check and work with permissions. + */ +/** + * @brief Return an array with all available permissions. + * + * These are channel specific permissions. + * The list of available permissions can get manipulated by the <i>hook</i> + * <b>global_permissions</b>. + * + * @return array associative array containing all permissions + */ function get_perms() { // thinking about making element[2] a bitmask instead of boolean so that we can provide a list of applicable selections @@ -14,8 +27,8 @@ function get_perms() { 'view_profile' => array('channel_r_profile', intval(PERMS_R_PROFILE), true, t('Can view my default channel profile'), ''), 'view_photos' => array('channel_r_photos', intval(PERMS_R_PHOTOS), true, t('Can view my photo albums'), ''), 'view_contacts' => array('channel_r_abook', intval(PERMS_R_ABOOK), true, t('Can view my connections'), ''), - 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''), - 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''), + 'view_storage' => array('channel_r_storage', intval(PERMS_R_STORAGE), true, t('Can view my file storage'), ''), + 'view_pages' => array('channel_r_pages', intval(PERMS_R_PAGES), true, t('Can view my webpages'), ''), // Write permissions 'send_stream' => array('channel_w_stream', intval(PERMS_W_STREAM), false, t('Can send me their channel stream and posts'), ''), @@ -23,19 +36,20 @@ function get_perms() { 'post_comments' => array('channel_w_comment', intval(PERMS_W_COMMENT), false, t('Can comment on or like my posts'), ''), 'post_mail' => array('channel_w_mail', intval(PERMS_W_MAIL), false, t('Can send me private mail messages'), ''), 'post_photos' => array('channel_w_photos', intval(PERMS_W_PHOTOS), false, t('Can post photos to my photo albums'), ''), - 'post_like' => array('channel_w_like', intval(PERMS_W_LIKE), false, t('Can like/dislike stuff'), t('Profiles and things other than posts/comments')), + 'post_like' => array('channel_w_like', intval(PERMS_W_LIKE), false, t('Can like/dislike stuff'), t('Profiles and things other than posts/comments')), 'tag_deliver' => array('channel_w_tagwall', intval(PERMS_W_TAGWALL), false, t('Can forward to all my channel contacts via post @mentions'), t('Advanced - useful for creating group forum channels')), 'chat' => array('channel_w_chat', intval(PERMS_W_CHAT), false, t('Can chat with me (when available)'), t('')), - 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''), - 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''), + 'write_storage' => array('channel_w_storage', intval(PERMS_W_STORAGE), false, t('Can write to my file storage'), ''), + 'write_pages' => array('channel_w_pages', intval(PERMS_W_PAGES), false, t('Can edit my webpages'), ''), - 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')), + 'republish' => array('channel_a_republish', intval(PERMS_A_REPUBLISH), false, t('Can source my public posts in derived channels'), t('Somewhat advanced - very useful in open communities')), - 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')), + 'delegate' => array('channel_a_delegate', intval(PERMS_A_DELEGATE), false, t('Can administer my channel resources'), t('Extremely advanced. Leave this alone unless you know what you are doing')), ); $ret = array('global_permissions' => $global_perms); - call_hooks('global_permissions',$ret); + call_hooks('global_permissions', $ret); + return $ret['global_permissions']; } @@ -43,13 +57,13 @@ function get_perms() { /** * get_all_perms($uid,$observer_xchan) * - * @param $uid : The channel_id associated with the resource owner - * @param $observer_xchan: The xchan_hash representing the observer + * @param int $uid The channel_id associated with the resource owner + * @param string $observer_xchan The xchan_hash representing the observer + * @param bool $internal_use (default true) * - * @returns: array of all permissions, key is permission name, value is true or false + * @returns array of all permissions, key is permission name, value is true or false */ - -function get_all_perms($uid,$observer_xchan,$internal_use = true) { +function get_all_perms($uid, $observer_xchan, $internal_use = true) { $global_perms = get_perms(); @@ -85,7 +99,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { continue; } - // Next we're going to check for blocked or ignored contacts. // These take priority over all other settings. @@ -94,7 +107,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { $ret[$perm_name] = true; continue; } - + if(! $abook_checked) { $x = q("select abook_my_perms, abook_flags, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_xchan = '%s' and not ( abook_flags & %d )>0 limit 1", @@ -105,7 +118,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { if(! $x) { // not in address book, see if they've got an xchan $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) + dbesc($observer_xchan) ); } @@ -113,7 +126,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { } // If they're blocked - they can't read or write - + if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) { $ret[$perm_name] = false; continue; @@ -130,7 +143,7 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { // system is blocked to anybody who is not authenticated - if((! $observer_xchan) && intval(get_config('system','block_public'))) { + if((! $observer_xchan) && intval(get_config('system', 'block_public'))) { $ret[$perm_name] = false; continue; } @@ -177,14 +190,14 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { $onsite_checked = true; } - + if($c) $ret[$perm_name] = true; else $ret[$perm_name] = false; continue; - } + } // From here on we require that the observer be a connection and // handle whether we're allowing any, approved or specific ones @@ -226,7 +239,6 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { $ret[$perm_name] = false; continue; - } $arr = array( @@ -235,11 +247,23 @@ function get_all_perms($uid,$observer_xchan,$internal_use = true) { 'permissions' => $ret); call_hooks('get_all_perms',$arr); + return $arr['permissions']; } - -function perm_is_allowed($uid,$observer_xchan,$permission) { +/** + * @brief Checks if given permission is allowed for given observer on a channel. + * + * Checks if the given observer with the hash $observer_xchan has permission + * $permission on channel_id $uid. + * $permission is one defined in get_perms(); + * + * @param int $uid The channel_id associated with the resource owner + * @param string $observer_xchan The xchan_hash representing the observer + * @param string $permission + * @return bool true if permission is allowed for observer on channel + */ +function perm_is_allowed($uid, $observer_xchan, $permission) { $arr = array( 'channel_id' => $uid, @@ -247,7 +271,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { 'permission' => $permission, 'result' => false); - call_hooks('perm_is_allowed',$arr); + call_hooks('perm_is_allowed', $arr); if($arr['result']) return true; @@ -279,21 +303,21 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if(($x) && ($x[0]['abook_flags'] & ABOOK_FLAG_BLOCKED)) return false; - + if(($x) && (! $global_perms[$permission][2]) && ($x[0]['abook_flags'] & ABOOK_FLAG_IGNORED)) return false; if(! $x) { // not in address book, see if they've got an xchan $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) + dbesc($observer_xchan) ); } } // system is blocked to anybody who is not authenticated - if((! $observer_xchan) && intval(get_config('system','block_public'))) + if((! $observer_xchan) && intval(get_config('system', 'block_public'))) return false; // Check if this $uid is actually the $observer_xchan @@ -301,7 +325,6 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { if($r[0]['channel_hash'] === $observer_xchan) return true; - if($r[0][$channel_perm] & PERMS_PUBLIC) return true; @@ -326,6 +349,7 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { ); if($c) return true; + return false; } @@ -361,25 +385,32 @@ function perm_is_allowed($uid,$observer_xchan,$permission) { // No permissions allowed. - return false; + return false; } // Check a simple array of observers against a permissions // return a simple array of those with permission -function check_list_permissions($uid,$arr,$perm) { +function check_list_permissions($uid, $arr, $perm) { $result = array(); if($arr) foreach($arr as $x) - if(perm_is_allowed($uid,$x,$perm)) + if(perm_is_allowed($uid, $x, $perm)) $result[] = $x; + return($result); } - +/** + * @brief Sets site wide default permissions. + * + * @return array + */ function site_default_perms() { + $ret = array(); + $typical = array( 'view_stream' => PERMS_PUBLIC, 'view_profile' => PERMS_PUBLIC, @@ -401,14 +432,14 @@ function site_default_perms() { ); $global_perms = get_perms(); - $ret = array(); foreach($global_perms as $perm => $v) { - $x = get_config('default_perms',$perm); + $x = get_config('default_perms', $perm); if($x === false) $x = $typical[$perm]; $ret[$perm] = $x; } + return $ret; } @@ -449,7 +480,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -465,9 +496,8 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - - break; + break; case 'social_restricted': $ret['perms_auto'] = false; @@ -482,7 +512,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -498,9 +528,8 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_CONTACTS; - - break; + break; case 'social_private': $ret['perms_auto'] = false; @@ -515,7 +544,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_CONTACTS; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -531,7 +560,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_CONTACTS; - + break; case 'forum': @@ -547,7 +576,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE|PERMS_W_TAGWALL; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = 0; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -563,7 +592,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'forum_restricted': @@ -579,7 +608,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE|PERMS_W_TAGWALL; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = 0; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -595,9 +624,8 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_CONTACTS; - - break; + break; case 'forum_private': $ret['perms_auto'] = false; @@ -612,7 +640,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_CONTACTS; - $ret['channel_r_photos'] = PERMS_CONTACTS; + $ret['channel_r_photos'] = PERMS_CONTACTS; $ret['channel_r_abook'] = PERMS_CONTACTS; $ret['channel_w_stream'] = 0; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -628,7 +656,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_CONTACTS; - + break; case 'feed': @@ -644,7 +672,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -660,11 +688,10 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_NETWORK; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'feed_restricted': - $ret['perms_auto'] = false; $ret['default_collection'] = true; $ret['directory_publish'] = false; @@ -677,7 +704,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = PERMS_CONTACTS; $ret['channel_w_wall'] = PERMS_CONTACTS; @@ -693,7 +720,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'soapbox': @@ -707,7 +734,7 @@ function get_role_perms($role) { |PERMS_R_STORAGE|PERMS_R_PAGES|PERMS_A_REPUBLISH|PERMS_W_LIKE; $ret['channel_r_stream'] = PERMS_PUBLIC; $ret['channel_r_profile'] = PERMS_PUBLIC; - $ret['channel_r_photos'] = PERMS_PUBLIC; + $ret['channel_r_photos'] = PERMS_PUBLIC; $ret['channel_r_abook'] = PERMS_PUBLIC; $ret['channel_w_stream'] = 0; $ret['channel_w_wall'] = 0; @@ -723,7 +750,7 @@ function get_role_perms($role) { $ret['channel_w_pages'] = 0; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - + break; case 'repository': @@ -755,14 +782,11 @@ function get_role_perms($role) { $ret['channel_w_pages'] = PERMS_CONTACTS; $ret['channel_a_republish'] = PERMS_SPECIFIC; $ret['channel_w_like'] = PERMS_NETWORK; - - break; - + break; default: break; - } $x = get_config('system','role_perms'); @@ -775,7 +799,12 @@ function get_role_perms($role) { return $ret; } - +/** + * @brief Creates a HTML select field with all available roles. + * + * @param string $current The current role + * @return string Returns the complete HTML code for this privacy-role-select field. + */ function role_selector($current) { if(! $current) @@ -792,16 +821,17 @@ function role_selector($current) { array('soapbox' => t('Celebrity/Soapbox'), 'repository' => t('Group Repository'))), 'other' => array( t('Other'), array('custom' => t('Custom/Expert Mode')))); + $o = '<select name="permissions_role" id="privacy-role-select">'; foreach($roles as $k => $v) { - $o .= '<optgroup label="'. htmlspecialchars($v[0]) . '" >'; + $o .= '<optgroup label="'. htmlspecialchars($v[0]) . '">'; foreach($v[1] as $kk => $vv) { - $selected = (($kk === $current) ? ' selected="selected" ' : ''); - $o .= '<option value="' . $kk . '" ' . $selected . '>' . htmlspecialchars($vv) . '</option>'; + $selected = (($kk === $current) ? ' selected="selected"' : ''); + $o .= '<option value="' . $kk . '"' . $selected . '>' . htmlspecialchars($vv) . '</option>'; } $o .= '</optgroup>'; } $o .= '</select>'; - return $o; -} + return $o; +} diff --git a/include/security.php b/include/security.php index 8066a76f6..ca5411bde 100644 --- a/include/security.php +++ b/include/security.php @@ -1,12 +1,24 @@ -<?php /** @file */ - -function authenticate_success($user_record, $login_initial = false, $interactive = false,$return = false,$update_lastlog = false) { +<?php +/** + * @file include/security.php + * + * Some security related functions. + */ + +/** + * @param int $user_record The account_id + * @param bool $login_initial default false + * @param bool $interactive default false + * @param bool $return + * @param bool $update_lastlog + */ +function authenticate_success($user_record, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) { $a = get_app(); $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; - if(x($user_record,'account_id')) { + if(x($user_record, 'account_id')) { $a->account = $user_record; $_SESSION['account_id'] = $user_record['account_id']; $_SESSION['authenticated'] = 1; @@ -39,7 +51,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive // might want to log success here } - if($return || x($_SESSION,'workflow')) { + if($return || x($_SESSION, 'workflow')) { unset($_SESSION['workflow']); return; } @@ -70,7 +82,13 @@ function authenticate_success($user_record, $login_initial = false, $interactive /* else just return */ } - +/** + * @brief Change to another channel with current logged-in account. + * + * @param int $change_channel The channel_id of the channel you want to change to + * + * @return bool|array false or channel record of the new channel + */ function change_channel($change_channel) { $ret = false; @@ -83,17 +101,17 @@ function change_channel($change_channel) { ); // It's not there. Is this an administrator, and is this the sys channel? - if (is_developer()) { - if (! $r) { - if (is_site_admin()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1", - intval($change_channel), - intval(PAGE_SYSTEM), - intval(PAGE_REMOVED) - ); + if (is_developer()) { + if (! $r) { + if (is_site_admin()) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and ( channel_pageflags & %d) and not (channel_pageflags & %d )>0 limit 1", + intval($change_channel), + intval(PAGE_SYSTEM), + intval(PAGE_REMOVED) + ); + } } } - } if($r) { $hash = $r[0]['channel_hash']; @@ -109,23 +127,28 @@ function change_channel($change_channel) { ); if($x) { $_SESSION['my_url'] = $x[0]['xchan_url']; - $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(),strpos(get_app()->get_baseurl(),'://')+3); + $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(), strpos(get_app()->get_baseurl(), '://') + 3); get_app()->set_observer($x[0]); - get_app()->set_perms(get_all_perms(local_user(),$hash)); + get_app()->set_perms(get_all_perms(local_user(), $hash)); } if(! is_dir('store/' . $r[0]['channel_address'])) @os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS,true); - } return $ret; - } - - -function permissions_sql($owner_id,$remote_verified = false,$groups = null) { +/** + * @brief Creates an addiontal SQL where statement to check permissions. + * + * @param int $owner_id + * @param bool $remote_verified default false, not used at all + * @param string $groups this param is not used at all + * + * @return string additional SQL where statement + */ +function permissions_sql($owner_id, $remote_verified = false, $groups = null) { if(defined('STATUSNET_PRIVACY_COMPATIBILITY')) return ''; @@ -142,8 +165,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { $sql = " AND allow_cid = '' AND allow_gid = '' AND deny_cid = '' - AND deny_gid = '' - + AND deny_gid = '' "; /** @@ -162,7 +184,6 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { * done this and passed the groups into this function. */ - else { $observer = get_observer_hash(); if($observer) { @@ -191,7 +212,16 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) { return $sql; } -function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) { +/** + * @brief Creates an addiontal SQL where statement to check permissions for an item. + * + * @param int $owner_id + * @param bool $remote_verified default false, not used at all + * @param string $groups this param is not used at all + * + * @return string additional SQL where statement + */ +function item_permissions_sql($owner_id, $remote_verified = false, $groups = null) { if(defined('STATUSNET_PRIVACY_COMPATIBILITY')) return ''; @@ -206,7 +236,6 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) */ $sql = " AND item_private=0 "; - /** * Profile owner - everything is visible @@ -224,7 +253,6 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * done this and passed the groups into this function. */ - else { $observer = get_observer_hash(); @@ -250,12 +278,18 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) ); } } + return $sql; } +/** + * @param string $observer_hash + * + * @return string additional SQL where statement + */ function public_permissions_sql($observer_hash) { - $observer = get_app()->get_observer(); + //$observer = get_app()->get_observer(); $groups = init_groups_visitor($observer_hash); $gs = '<<>>'; // should be impossible to match @@ -263,7 +297,7 @@ function public_permissions_sql($observer_hash) { if(is_array($groups) && count($groups)) { foreach($groups as $g) $gs .= '|<' . $g . '>'; - } + } $sql = ''; if($observer_hash) { $regexop = db_getfunc('REGEXP'); @@ -341,11 +375,11 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f } } + // Returns an array of group id's this contact is a member of. // This array will only contain group id's related to the uid of this // DFRN contact. They are *not* neccessarily unique across the entire site. - if(! function_exists('init_groups_visitor')) { function init_groups_visitor($contact_id) { $groups = array(); @@ -361,8 +395,6 @@ function init_groups_visitor($contact_id) { - - // This is used to determine which uid have posts which are visible to the logged in user (from the API) for the // public_timeline, and we can use this in a community page by making // $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in. @@ -382,19 +414,22 @@ function stream_perms_api_uids($perms = NULL ) { intval($perms), intval(PAGE_CENSORED|PAGE_SYSTEM|PAGE_REMOVED) ); - if($r) + if($r) { foreach($r as $rr) - if(! in_array($rr['channel_id'],$ret)) + if(! in_array($rr['channel_id'], $ret)) $ret[] = $rr['channel_id']; + } $str = ''; - if($ret) + if($ret) { foreach($ret as $rr) { if($str) $str .= ','; $str .= intval($rr); } + } logger('stream_perms_api_uids: ' . $str, LOGGER_DEBUG); + return $str; } @@ -409,19 +444,21 @@ function stream_perms_xchans($perms = NULL ) { intval($perms), intval(PAGE_CENSORED|PAGE_SYETEM|PAGE_REMOVED) ); - if($r) + if($r) { foreach($r as $rr) - if(! in_array($rr['channel_hash'],$ret)) + if(! in_array($rr['channel_hash'], $ret)) $ret[] = $rr['channel_hash']; + } $str = ''; - if($ret) + if($ret) { foreach($ret as $rr) { if($str) $str .= ','; $str .= "'" . dbesc($rr) . "'"; } + } logger('stream_perms_xchans: ' . $str, LOGGER_DEBUG); + return $str; } - diff --git a/include/widgets.php b/include/widgets.php index f7b8a20bd..b13be4922 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -1,4 +1,9 @@ -<?php /** @file */ +<?php +/** + * @file include/widgets.php + * + * @brief This file contains the widgets. + */ require_once('include/dir_fns.php'); require_once('include/contact_widgets.php'); @@ -6,7 +11,7 @@ require_once('include/contact_widgets.php'); function widget_profile($args) { $a = get_app(); - $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false); + $block = (((get_config('system', 'block_public')) && (! local_user()) && (! remote_user())) ? true : false); return profile_sidebar($a->profile, $block, true); } @@ -16,14 +21,15 @@ function widget_profile($args) { function widget_tagcloud($args) { $o = ''; - $tab = 0; + //$tab = 0; $a = get_app(); $uid = $a->profile_uid; $count = ((x($args,'count')) ? intval($args['count']) : 24); $flags = 0; $type = TERM_CATEGORY; - $r = tagadelic($uid,$count,$authors,$flags,ITEM_WEBPAGE,$type); + // FIXME there exists no $authors variable + $r = tagadelic($uid, $count, $authors, $flags, ITEM_WEBPAGE, $type); if($r) { $o = '<div class="tagblock widget"><h3>' . t('Categories') . '</h3><div class="tags" align="center">'; @@ -75,9 +81,8 @@ function widget_collections($args) { return ''; break; } - - return group_side($every, $each, $edit, $current, $abook_id, $wmode); + return group_side($every, $each, $edit, $current, $abook_id, $wmode); } @@ -93,7 +98,6 @@ function widget_appselect($arr) { } - function widget_suggestions($arr) { if((! local_user()) || (! feature_enabled(local_user(),'suggest'))) @@ -114,16 +118,13 @@ function widget_suggestions($arr) { // This will throw some entropy intot he situation so you won't // be looking at the same two mug shots every time the widget runs - $index = ((count($r) > 2) ? mt_rand(0,count($r) - 2) : 0); - for($x = $index; $x <= ($index+1); $x ++) { - $rr = $r[$x]; if(! $rr['xchan_url']) break; - + $connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr']; $arr[] = array( @@ -138,7 +139,6 @@ function widget_suggestions($arr) { ); } - $o = replace_macros(get_markup_template('suggest_widget.tpl'),array( '$title' => t('Suggestions'), '$more' => t('See more...'), @@ -146,13 +146,13 @@ function widget_suggestions($arr) { )); return $o; - } function widget_follow($args) { if(! local_user()) return ''; + $a = get_app(); $uid =$a->channel['channel_id']; $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d)>0 ", @@ -163,10 +163,10 @@ function widget_follow($args) { $total_channels = $r[0]['total']; $limit = service_class_fetch($uid,'total_channels'); if($limit !== false) { - $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit); + $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total_channels, $limit); } else { - $abook_usage_message = ''; + $abook_usage_message = ''; } return replace_macros(get_markup_template('follow.tpl'),array( '$connect' => t('Add New Connection'), @@ -175,7 +175,6 @@ function widget_follow($args) { '$follow' => t('Connect'), '$abook_usage_message' => $abook_usage_message )); - } @@ -192,6 +191,7 @@ function widget_notes($arr) { '$text' => $text, '$save' => t('Save'), )); + return $o; } @@ -228,8 +228,6 @@ function widget_savedsearch($arr) { $search = ''; } - - $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/searchsave\=[^\&].*?(\&|$)/is','',$srchurl),'&'); @@ -240,7 +238,7 @@ function widget_savedsearch($arr) { $srchurl = rtrim(preg_replace('/search\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); $hasq = ((strpos($srchurl,'?') !== false) ? true : false); - + $o = ''; $r = q("select `tid`,`term` from `term` WHERE `uid` = %d and `type` = %d ", @@ -252,31 +250,28 @@ function widget_savedsearch($arr) { if(count($r)) { foreach($r as $rr) { - $saved[] = array( 'id' => $rr['tid'], - 'term' => $rr['term'], + 'term' => $rr['term'], 'dellink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&searchremove=1&search=' . urlencode($rr['term']), 'srchlink' => z_root() . '/' . $srchurl . (($hasq) ? '' : '?f=') . '&search=' . urlencode($rr['term']), 'displayterm' => htmlspecialchars($rr['term'], ENT_COMPAT,'UTF-8'), - 'encodedterm' => urlencode($rr['term']), - 'delete' => t('Remove term'), - 'selected' => ($search==$rr['term']), + 'encodedterm' => urlencode($rr['term']), + 'delete' => t('Remove term'), + 'selected' => ($search==$rr['term']), ); } - } + } - $tpl = get_markup_template("saved_searches.tpl"); $o = replace_macros($tpl, array( '$title' => t('Saved Searches'), '$add' => t('add'), - '$searchbox' => searchbox($search,'netsearch-box',$srchurl . (($hasq) ? '' : '?f='),true), + '$searchbox' => searchbox($search, 'netsearch-box', $srchurl . (($hasq) ? '' : '?f='), true), '$saved' => $saved, )); return $o; - } @@ -306,7 +301,6 @@ function widget_filer($arr) { '$all' => t('Everything'), '$terms' => $terms, '$base' => z_root() . '/' . $a->cmd - )); } @@ -327,7 +321,6 @@ function widget_archive($arr) { if(! perm_is_allowed($uid,get_observer_hash(),'view_stream')) return ''; - $wall = ((array_key_exists('wall', $arr)) ? intval($arr['wall']) : 0); $style = ((array_key_exists('style', $arr)) ? $arr['style'] : 'select'); $showend = ((get_pconfig($uid,'system','archive_show_end_date')) ? true : false); @@ -336,10 +329,8 @@ function widget_archive($arr) { if(! $visible_years) $visible_years = 5; - $url = z_root() . '/' . $a->cmd; - $ret = list_post_dates($uid,$wall,$mindate); if(! count($ret)) @@ -367,7 +358,7 @@ function widget_fullprofile($arr) { if(! $a->profile['profile_uid']) return; - $block = (((get_config('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false); + $block = (((get_config('system', 'block_public')) && (! local_user()) && (! remote_user())) ? true : false); return profile_sidebar($a->profile, $block); } @@ -375,41 +366,43 @@ function widget_fullprofile($arr) { function widget_categories($arr) { $a = get_app(); - if($a->profile['profile_uid'] && (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream'))) return ''; - $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); $srchurl = $a->query_string; $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); - return categories_widget($srchurl,$cat); + return categories_widget($srchurl, $cat); } function widget_tagcloud_wall($arr) { $a = get_app(); + if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash'])) return ''; - if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')) + if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream')) return ''; - $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50); - if(feature_enabled($a->profile['profile_uid'],'tagadelic')) - return tagblock('search',$a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL); + $limit = ((array_key_exists('limit', $arr)) ? intval($arr['limit']) : 50); + if(feature_enabled($a->profile['profile_uid'], 'tagadelic')) + return tagblock('search', $a->profile['profile_uid'], $limit, $a->profile['channel_hash'], ITEM_WALL); + return ''; } + function widget_catcloud_wall($arr) { $a = get_app(); + if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash'])) return ''; - if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')) + if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream')) return ''; $limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50); - return catblock($a->profile['profile_uid'],$limit,$a->profile['channel_hash'],ITEM_WALL); - return ''; + + return catblock($a->profile['profile_uid'], $limit, $a->profile['channel_hash'], ITEM_WALL); } @@ -438,6 +431,7 @@ function widget_affinity($arr) { call_hooks('main_slider',$arr); return $arr['html']; } + return ''; } @@ -463,20 +457,19 @@ function widget_settings_menu($arr) { if($abk) $abook_self_id = $abk[0]['abook_id']; - $tabs = array( array( 'label' => t('Account settings'), 'url' => $a->get_baseurl(true).'/settings/account', 'selected' => ((argv(1) === 'account') ? 'active' : ''), ), - + array( 'label' => t('Channel settings'), 'url' => $a->get_baseurl(true).'/settings/channel', 'selected' => ((argv(1) === 'channel') ? 'active' : ''), ), - + array( 'label' => t('Additional features'), 'url' => $a->get_baseurl(true).'/settings/features', @@ -494,7 +487,7 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true).'/settings/display', 'selected' => ((argv(1) === 'display') ? 'active' : ''), ), - + array( 'label' => t('Connected apps'), 'url' => $a->get_baseurl(true) . '/settings/oauth', @@ -512,7 +505,6 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true) . '/uexport/complete', 'selected' => '' ), - ); if($role === false || $role === 'custom') { @@ -529,7 +521,6 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true) . '/connect/' . $channel['channel_address'], 'selected' => '' ); - } if(feature_enabled(local_user(),'channel_sources')) { @@ -538,18 +529,14 @@ function widget_settings_menu($arr) { 'url' => $a->get_baseurl(true) . '/sources', 'selected' => '' ); - } - - $tabtpl = get_markup_template("generic_links_widget.tpl"); return replace_macros($tabtpl, array( '$title' => t('Settings'), '$class' => 'settings-widget', '$items' => $tabs, )); - } @@ -560,9 +547,7 @@ function widget_mailmenu($arr) { $a = get_app(); return replace_macros(get_markup_template('message_side.tpl'), array( '$title' => t('Messages'), - '$tabs'=> array(), - '$check'=>array( 'label' => t('Check Mail'), 'url' => $a->get_baseurl(true) . '/message', @@ -573,9 +558,7 @@ function widget_mailmenu($arr) { 'url' => $a->get_baseurl(true) . '/mail/new', 'sel'=> (argv(1) == 'new'), ) - )); - } function widget_design_tools($arr) { @@ -586,7 +569,7 @@ function widget_design_tools($arr) { if($a->profile['profile_uid']) if(($a->profile['profile_uid'] != local_user()) && (! $a->is_sys)) - return ''; + return ''; if(! local_user()) return ''; @@ -601,23 +584,25 @@ function widget_findpeople($arr) { function widget_photo_albums($arr) { $a = get_app(); + if(! $a->profile['profile_uid']) return ''; $channelx = channelx_by_n($a->profile['profile_uid']); - if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_photos'))) + if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_photos'))) return ''; - return photos_album_widget($channelx,$a->get_observer()); + require_once('include/photos.php'); + return photos_album_widget($channelx, $a->get_observer()); } function widget_vcard($arr) { require_once ('include/Contact.php'); - return vcard_from_xchan('',get_app()->get_observer()); + return vcard_from_xchan('', get_app()->get_observer()); } -/** +/* * The following directory widgets are only useful on the directory page */ @@ -630,21 +615,23 @@ function widget_dirsort($arr) { } function widget_dirtags($arr) { - return dir_tagblock(z_root() . '/directory',null); + return dir_tagblock(z_root() . '/directory', null); } function widget_menu_preview($arr) { if(! get_app()->data['menu_item']) return; require_once('include/menu.php'); + return menu_render(get_app()->data['menu_item']); } function widget_chatroom_list($arr) { $a = get_app(); + require_once("include/chat.php"); $r = chatroom_list($a->profile['profile_uid']); - return replace_macros(get_markup_template('chatroomlist.tpl'),array( + return replace_macros(get_markup_template('chatroomlist.tpl'), array( '$header' => t('Chat Rooms'), '$baseurl' => z_root(), '$nickname' => $a->profile['channel_address'], @@ -657,7 +644,7 @@ function widget_bookmarkedchats($arr) { if(! $h) return; $r = q("select * from xchat where xchat_xchan = '%s' group by xchat_url order by xchat_desc", - dbesc($h) + dbesc($h) ); if($r) { for($x = 0; $x < count($r); $x ++) { @@ -691,17 +678,17 @@ function widget_suggestedchats($arr) { } function widget_item($arr) { + // FIXME there is no $a here $uid = $a->profile['profile_uid']; if((! $uid) || (! $arr['mid'])) return ''; - if(! perm_is_allowed($uid,get_observer_hash(),'view_pages')) + if(! perm_is_allowed($uid, get_observer_hash(), 'view_pages')) return ''; require_once('include/security.php'); $sql_extra = item_permissions_sql($uid); - $r = q("select * from item where mid = '%s' and uid = %d and item_restrict = " . intval(ITEM_WEBPAGE) . " $sql_extra limit 1", dbesc($arr['mid']), intval($uid) @@ -711,11 +698,10 @@ function widget_item($arr) { return ''; xchan_query($r); - $r = fetch_post_tags($r,true); + $r = fetch_post_tags($r, true); - $o .= prepare_page($r[0]); + $o = prepare_page($r[0]); return $o; - } function widget_clock($arr) { @@ -785,18 +771,17 @@ return $o; * URL must be an http or https URL */ - function widget_photo($arr) { $style = $zrl = false; - $params = ''; - if(array_key_exists('src',$arr) && isset($arr['src'])) + + if(array_key_exists('src', $arr) && isset($arr['src'])) $url = $arr['src']; if(strpos($url,'http') !== 0) return ''; - if(array_key_exists('style',$arr) && isset($arr['style'])) + if(array_key_exists('style', $arr) && isset($arr['style'])) $style = $arr['style']; // ensure they can't sneak in an eval(js) function @@ -804,7 +789,7 @@ function widget_photo($arr) { if(strpos($style,'(') !== false) return ''; - if(array_key_exists('zrl',$arr) && isset($arr['zrl'])) + if(array_key_exists('zrl', $arr) && isset($arr['zrl'])) $zrl = (($arr['zrl']) ? true : false); if($zrl) @@ -814,7 +799,7 @@ function widget_photo($arr) { $o .= '<img ' . (($zrl) ? ' class="zrl" ' : '') . (($style) ? ' style="' . $style . '"' : '') - . ' src="' . $url . '" alt="' . t('photo/image') . '" />'; + . ' src="' . $url . '" alt="' . t('photo/image') . '">'; $o .= '</div>'; @@ -825,15 +810,15 @@ function widget_photo($arr) { function widget_photo_rand($arr) { require_once('include/photos.php'); - $style = $zrl = false; - $params = ''; - if(array_key_exists('album',$arr) && isset($arr['album'])) + $style = false; + + if(array_key_exists('album', $arr) && isset($arr['album'])) $album = $arr['album']; else $album = ''; $channel_id = 0; - if(array_key_exists('channel_id',$arr) && intval($arr['channel_id'])) + if(array_key_exists('channel_id', $arr) && intval($arr['channel_id'])) $channel_id = intval($arr['channel_id']); if(! $channel_id) $channel_id = get_app()->profile_uid; @@ -843,7 +828,7 @@ function widget_photo_rand($arr) { $scale = ((array_key_exists('scale',$arr)) ? intval($arr['scale']) : 0); $ret = photos_list_photos(array('channel_id' => $channel_id),get_app()->get_observer(),$album); - + $filtered = array(); if($ret['success'] && $ret['photos']) foreach($ret['photos'] as $p) @@ -851,14 +836,14 @@ function widget_photo_rand($arr) { $filtered[] = $p['src']; if($filtered) { - $e = mt_rand(0,count($filtered)-1); + $e = mt_rand(0, count($filtered) - 1); $url = $filtered[$e]; } - if(strpos($url,'http') !== 0) + if(strpos($url, 'http') !== 0) return ''; - if(array_key_exists('style',$arr) && isset($arr['style'])) + if(array_key_exists('style', $arr) && isset($arr['style'])) $style = $arr['style']; // ensure they can't sneak in an eval(js) function @@ -872,7 +857,7 @@ function widget_photo_rand($arr) { $o .= '<img class="zrl" ' . (($style) ? ' style="' . $style . '"' : '') - . ' src="' . $url . '" alt="' . t('photo/image') . '" />'; + . ' src="' . $url . '" alt="' . t('photo/image') . '">'; $o .= '</div>'; @@ -912,10 +897,10 @@ function widget_random_block($arr) { $o = '<div class="widget bblock">'; if($r[0]['title']) $o .= '<h3>' . $r[0]['title'] . '</h3>'; + $o .= prepare_text($r[0]['body'],$r[0]['mimetype']); $o .= '</div>'; - } - return $o; -}
\ No newline at end of file + return $o; +} diff --git a/include/zot.php b/include/zot.php index 3b8584509..44c36ebb4 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1417,8 +1417,9 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque return; } } - + foreach($deliveries as $d) { + $local_public = $public; $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) ); @@ -1433,7 +1434,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque // allow public postings to the sys channel regardless of permissions if(($channel['channel_pageflags'] & PAGE_SYSTEM) && (! $arr['item_private'])) - $public = true; + $local_public = true; $tag_delivery = tgroup_check($channel['channel_id'],$arr); @@ -1452,7 +1453,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque } } - if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $public)) { + if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $local_public)) { logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}"); $result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>',$arr['mid']); continue; @@ -1487,7 +1488,7 @@ function process_delivery($sender,$arr,$deliveries,$relay,$public = false,$reque // the top level post is unlikely to be imported and // this is just an exercise in futility. - if((! $relay) && (! $request) && (! $public) + if((! $relay) && (! $request) && (! $local_public) && perm_is_allowed($channel['channel_id'],$sender['hash'],'send_stream')) { proc_run('php', 'include/notifier.php', 'request', $channel['channel_id'], $sender['hash'], $arr['parent_mid']); } |