aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/ItemObject.php2
-rw-r--r--include/attach.php4
-rw-r--r--include/config.php36
-rw-r--r--include/conversation.php2
-rw-r--r--include/enotify.php17
-rwxr-xr-xinclude/items.php185
-rw-r--r--include/message.php94
-rw-r--r--include/notifier.php5
-rw-r--r--include/photo/photo_imagick.php4
-rw-r--r--include/security.php82
-rwxr-xr-xinclude/text.php18
-rw-r--r--include/zot.php25
12 files changed, 179 insertions, 295 deletions
diff --git a/include/ItemObject.php b/include/ItemObject.php
index 8c8c0ee2a..b31e60cbc 100644
--- a/include/ItemObject.php
+++ b/include/ItemObject.php
@@ -262,7 +262,7 @@ class Item extends BaseObject {
}
}
- $result['private'] = $item['item_private'];
+ $result['private'] = $item['private'];
$result['toplevel'] = ($this->is_toplevel() ? 'toplevel_item' : '');
if($this->is_threaded()) {
diff --git a/include/attach.php b/include/attach.php
index 46d406f4b..38a011bcb 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -193,13 +193,13 @@ function attach_by_hash($hash,$rev = 0) {
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the attachment
-dbg(1);
+
$r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1",
dbesc($hash),
intval($r[0]['uid'])
);
-dbg(0);
+
if(! $r) {
$ret['message'] = t('Permission denied.');
return $ret;
diff --git a/include/config.php b/include/config.php
index 38840f5e4..1f7a4dbd7 100644
--- a/include/config.php
+++ b/include/config.php
@@ -130,12 +130,20 @@ function load_pconfig($uid,$family = '') {
if(! array_key_exists($uid,$a->config))
$a->config[$uid] = array();
+ if(($family) && (! array_key_exists($family,$a->config[$uid])))
+ $a->config[$uid][$family] = array();
- // family is no longer used - load entire user config
-
- $r = q("SELECT * FROM `pconfig` WHERE `uid` = %d",
- intval($uid)
- );
+ if($family) {
+ $r = q("SELECT * FROM `pconfig` WHERE `cat` = '%s' AND `uid` = %d",
+ dbesc($family),
+ intval($uid)
+ );
+ }
+ else {
+ $r = q("SELECT * FROM `pconfig` WHERE `uid` = %d",
+ intval($uid)
+ );
+ }
if($r) {
foreach($r as $rr) {
@@ -258,12 +266,20 @@ function load_xconfig($xchan,$family = '') {
if(! array_key_exists($xchan,$a->config))
$a->config[$xchan] = array();
+ if(($family) && (! array_key_exists($family,$a->config[$xchan])))
+ $a->config[$xchan][$family] = array();
- // family is no longer used. Entire config is loaded
-
- $r = q("SELECT * FROM `xconfig` WHERE `xchan` = '%s'",
- dbesc($xchan)
- );
+ if($family) {
+ $r = q("SELECT * FROM `xconfig` WHERE `cat` = '%s' AND `xchan` = '%s'",
+ dbesc($family),
+ dbesc($xchan)
+ );
+ }
+ else {
+ $r = q("SELECT * FROM `xconfig` WHERE `xchan` = '%s'",
+ dbesc($xchan)
+ );
+ }
if($r) {
foreach($r as $rr) {
diff --git a/include/conversation.php b/include/conversation.php
index 61b563a5d..1023c068d 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1128,8 +1128,6 @@ function conv_sort($arr,$order) {
usort($parents,'sort_thr_created');
elseif(stristr($order,'commented'))
usort($parents,'sort_thr_commented');
- elseif(stristr($order,'ascending'))
- usort($parents,'sort_thr_created_rev');
if(count($parents))
foreach($parents as $i=>$_x)
diff --git a/include/enotify.php b/include/enotify.php
index fc8eb6439..3b7a643ed 100644
--- a/include/enotify.php
+++ b/include/enotify.php
@@ -33,7 +33,7 @@ function notification($params) {
push_lang($recip['account_language']); // should probably have a channel language
- $banner = t('Red Matrix Notification');
+ $banner = t('Red Notification');
$product = RED_PLATFORM;
$siteurl = $a->get_baseurl(true);
$thanks = t('Thank You,');
@@ -89,7 +89,7 @@ function notification($params) {
intval($recip['channel_id'])
);
if($p) {
- logger('notification: comment already notified');
+ logger('notification comment already notified');
pop_lang();
return;
}
@@ -168,19 +168,6 @@ function notification($params) {
}
if($params['type'] == NOTIFY_TAGSELF) {
-
- $p = null;
- $p = q("select id from notify where link = '%s' and uid = %d limit 1",
- dbesc($params['link']),
- intval($recip['channel_id'])
- );
- if($p) {
- logger('enotify: tag: already notified about this post');
- pop_lang();
- return;
- }
-
-
$subject = sprintf( t('[Red:Notify] %s tagged you') , $sender['xchan_name']);
$preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename);
$epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') ,
diff --git a/include/items.php b/include/items.php
index bacb68909..863fa419b 100755
--- a/include/items.php
+++ b/include/items.php
@@ -491,6 +491,7 @@ function title_is_body($title, $body) {
function get_item_elements($x) {
$arr = array();
+
$arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : '');
$arr['created'] = datetime_convert('UTC','UTC',$x['created']);
@@ -505,11 +506,6 @@ function get_item_elements($x) {
$arr['edited'] = datetime_convert();
$arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : '');
-
- if(mb_strlen($arr['title']) > 255)
- $arr['title'] = mb_substr($arr['title'],0,255);
-
-
$arr['app'] = (($x['app']) ? htmlentities($x['app'], ENT_COMPAT,'UTF-8',false) : '');
$arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
$arr['parent_mid'] = (($x['message_top']) ? htmlentities($x['message_top'], ENT_COMPAT,'UTF-8',false) : '');
@@ -532,21 +528,6 @@ function get_item_elements($x) {
$arr['item_private'] = ((array_key_exists('flags',$x) && is_array($x['flags']) && in_array('private',$x['flags'])) ? 1 : 0);
- $arr['item_flags'] = 0;
-
- // if it's a private post, encrypt it in the DB.
- // We have to do that here because we need to cleanse the input and prevent bad stuff from getting in,
- // and we need plaintext to do that.
-
- if(intval($arr['item_private'])) {
- $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
- $key = get_config('system','pubkey');
- if($arr['title'])
- $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
- if($arr['body'])
- $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
- }
-
if(array_key_exists('flags',$x) && in_array('deleted',$x['flags']))
$arr['item_restrict'] = ITEM_DELETED;
@@ -618,14 +599,6 @@ function encode_item($item) {
$scope = map_scope($public_scope);
$c_scope = map_scope($comment_scope);
- if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
- $key = get_config('system','prvkey');
- if($item['title'])
- $item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key);
- if($item['body'])
- $item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key);
- }
-
if($item['item_restrict'] & ITEM_DELETED) {
$x['message_id'] = $item['mid'];
$x['created'] = $item['created'];
@@ -818,13 +791,7 @@ function encode_mail($item) {
$x = array();
$x['type'] = 'mail';
- if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) {
- $key = get_config('system','prvkey');
- if($item['title'])
- $item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key);
- if($item['body'])
- $item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key);
- }
+ logger('encode_mail: ' . print_r($item,true));
$x['message_id'] = $item['mid'];
$x['message_parent'] = $item['parent_mid'];
@@ -836,6 +803,9 @@ function encode_mail($item) {
$x['flags'] = array();
+ if($item['mail_flags'] & MAIL_OBSCURED)
+ $x['flags'][] = 'obscured';
+
if($item['mail_flags'] & MAIL_RECALLED) {
$x['flags'][] = 'recalled';
$x['title'] = '';
@@ -862,16 +832,18 @@ function get_mail_elements($x) {
if(in_array('recalled',$x['flags'])) {
$arr['mail_flags'] |= MAIL_RECALLED;
}
+ if(in_array('obscured',$x['flags'])) {
+
+ $arr['mail_flags'] |= MAIL_OBSCURED;
+ $arr['body'] = base64url_decode($arr['body']);
+ $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
+ $arr['body'] = base64url_encode($arr['body']);
+ $arr['title'] = base64url_decode($arr['title']);
+ $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
+ $arr['title'] = base64url_encode($arr['title']);
+ }
}
- $key = get_config('system','pubkey');
- $arr['mail_flags'] |= MAIL_OBSCURED;
- $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
- if($arr['body'])
- $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
- $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
- if($arr['title'])
- $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
if($arr['created'] > datetime_convert())
$arr['created'] = datetime_convert();
@@ -1356,56 +1328,24 @@ function item_store($arr,$force_parent = false) {
if(array_key_exists('parent',$arr))
unset($arr['parent']);
- $arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode');
- $arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : '');
- $arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : '');
-
- $arr['allow_cid'] = ((x($arr,'allow_cid')) ? trim($arr['allow_cid']) : '');
- $arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : '');
- $arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : '');
- $arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : '');
- $arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : 0 );
- $arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
-
- // this is a bit messy - we really need an input filter chain that temporarily undoes obscuring
-
- if($arr['mimetype'] != 'text/html') {
- if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
- $arr['body'] = escape_tags($arr['body']);
- if((strpos($arr['title'],'<') !== false) || (strpos($arr['title'],'>') !== false))
- $arr['title'] = escape_tags($arr['title']);
- }
-
- // only detect language if we have text content, and if the post is private but not yet
- // obscured, make it so.
-
- if(! ($arr['item_flags'] & ITEM_OBSCURED)) {
- $arr['lang'] = detect_language($arr['body']);
+ $arr['lang'] = detect_language($arr['body']);
- $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
+ $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
- if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
- $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
- call_hooks('item_translate', $translate);
- if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
- logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
- return;
- }
- $arr = $translate['item'];
- }
- if($arr['item_private']) {
- $key = get_config('system','pubkey');
- $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
- if($arr['title'])
- $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
- if($arr['body'])
- $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
+ if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
+ $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
+ call_hooks('item_translate', $translate);
+ if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
+ logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
+ return;
}
-
+ $arr = $translate['item'];
}
+ // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin.
-
+ if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
+ $arr['body'] = escape_tags($arr['body']);
if((x($arr,'object')) && is_array($arr['object'])) {
activity_sanitise($arr['object']);
@@ -1432,6 +1372,8 @@ function item_store($arr,$force_parent = false) {
$arr['commented'] = datetime_convert();
$arr['received'] = datetime_convert();
$arr['changed'] = datetime_convert();
+ $arr['mimetype'] = ((x($arr,'mimetype')) ? notags(trim($arr['mimetype'])) : 'text/bbcode');
+ $arr['title'] = ((x($arr,'title')) ? notags(trim($arr['title'])) : '');
$arr['location'] = ((x($arr,'location')) ? notags(trim($arr['location'])) : '');
$arr['coord'] = ((x($arr,'coord')) ? notags(trim($arr['coord'])) : '');
$arr['parent_mid'] = ((x($arr,'parent_mid')) ? notags(trim($arr['parent_mid'])) : '');
@@ -1442,12 +1384,19 @@ function item_store($arr,$force_parent = false) {
$arr['tgt_type'] = ((x($arr,'tgt_type')) ? notags(trim($arr['tgt_type'])) : '');
$arr['target'] = ((x($arr,'target')) ? trim($arr['target']) : '');
$arr['plink'] = ((x($arr,'plink')) ? notags(trim($arr['plink'])) : '');
+ $arr['allow_cid'] = ((x($arr,'allow_cid')) ? trim($arr['allow_cid']) : '');
+ $arr['allow_gid'] = ((x($arr,'allow_gid')) ? trim($arr['allow_gid']) : '');
+ $arr['deny_cid'] = ((x($arr,'deny_cid')) ? trim($arr['deny_cid']) : '');
+ $arr['deny_gid'] = ((x($arr,'deny_gid')) ? trim($arr['deny_gid']) : '');
+ $arr['item_private'] = ((x($arr,'item_private')) ? intval($arr['item_private']) : 0 );
+ $arr['body'] = ((x($arr,'body')) ? trim($arr['body']) : '');
$arr['attach'] = ((x($arr,'attach')) ? notags(trim($arr['attach'])) : '');
$arr['app'] = ((x($arr,'app')) ? notags(trim($arr['app'])) : '');
$arr['item_restrict'] = ((x($arr,'item_restrict')) ? intval($arr['item_restrict']) : 0 );
$arr['comment_policy'] = ((x($arr,'comment_policy')) ? notags(trim($arr['comment_policy'])) : 'contacts' );
+ $arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
$arr['item_flags'] = $arr['item_flags'] | ITEM_UNSEEN;
@@ -1604,7 +1553,7 @@ function item_store($arr,$force_parent = false) {
if(strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid))
$private = 1;
else
- $private = $arr['item_private'];
+ $private = $arr['private'];
// Set parent id - and also make sure to inherit the parent's ACL's.
@@ -1625,7 +1574,7 @@ function item_store($arr,$force_parent = false) {
$arr['allow_gid'] = $allow_gid;
$arr['deny_cid'] = $deny_cid;
$arr['deny_gid'] = $deny_gid;
- $arr['item_private'] = $private;
+ $arr['private'] = $private;
// Store taxonomy
@@ -2101,17 +2050,10 @@ function tgroup_check($uid,$item) {
$mention = false;
// check that the message originated elsewhere and is a top-level post
- // or is a followup and we have already accepted the top level post
- if($item['mid'] != $item['parent_mid']) {
- $r = q("select id from item where mid = '%s' and uid = %d limit 1",
- dbesc($item['parent_mid']),
- intval($uid)
- );
- if($r)
- return true;
+ if($arr['mid'] != $arr['parent_mid'])
return false;
- }
+
if(! perm_is_allowed($uid,$item['author_xchan'],'tag_deliver'))
return false;
@@ -4770,52 +4712,39 @@ function zot_feed($uid,$observer_xchan,$mindate) {
if(! $mindate)
$mindate = '0000-00-00 00:00:00';
- $mindate = dbesc($mindate);
-
if(! perm_is_allowed($uid,$observer_xchan,'view_stream')) {
return $result;
}
- $sql_extra = item_permissions_sql($uid);
+// FIXME
+ $sql_extra = item_permissions_sql($uid,$remote_contact,$groups);
- if($mindate != '0000-00-00 00:00:00') {
+ if($mindate != '0000-00-00 00:00:00')
$sql_extra .= " and created > '$mindate' ";
- $limit = "";
- }
- else
- $limit = " limit 0, 50 ";
- $items = array();
- $r = q("SELECT item.*, item.id as item_id from item
- WHERE uid = %d AND item_restrict = 0 and id = parent
+// FIXME
+ // We probably should use two queries and pick up total conversations.
+ // For now get a chunk of raw posts in ascending created order so that
+ // hopefully the parent is imported before we see the kids.
+ // This will fail if there are more than $limit kids and you didn't
+ // receive the parent via direct delivery
+
+ $limit = 200;
+
+ $items = q("SELECT item.* from item
+ WHERE uid = %d AND item_restrict = 0
AND (item_flags & %d)
- $sql_extra ORDER BY created ASC $limit",
+ $sql_extra ORDER BY created ASC limit 0, $limit",
intval($uid),
intval(ITEM_WALL)
);
- if($r) {
-
- $parents_str = ids_to_querystr($r,'id');
-
- $items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item`
- WHERE `item`.`uid` = %d AND `item`.`item_restrict` = 0
- AND `item`.`parent` IN ( %s ) ",
- intval($uid),
- dbesc($parents_str)
- );
-
- }
-
if($items) {
xchan_query($items);
$items = fetch_post_tags($items);
- require_once('include/conversation.php');
- $items = conv_sort($items,'ascending');
-
- }
- else
+ } else {
$items = array();
+ }
foreach($items as $item)
$result[] = encode_item($item);
diff --git a/include/message.php b/include/message.php
index d6294cdba..6c44a54f3 100644
--- a/include/message.php
+++ b/include/message.php
@@ -2,7 +2,6 @@
/* Private Message backend API */
-require_once('include/crypto.php');
// send a private message
@@ -57,28 +56,6 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
$replyto = $mid;
}
- /**
- *
- * When a photo was uploaded into the message using the (profile wall) ajax
- * uploader, The permissions are initially set to disallow anybody but the
- * owner from seeing it. This is because the permissions may not yet have been
- * set for the post. If it's private, the photo permissions should be set
- * appropriately. But we didn't know the final permissions on the post until
- * now. So now we'll look for links of uploaded messages that are in the
- * post and set them to the same permissions as the post itself.
- *
- */
-
- $match = null;
- $images = null;
- if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match))
- $images = $match[1];
-
- $key = get_config('system','pubkey');
- if($subject)
- $subject = json_encode(aes_encapsulate($subject,$key));
- if($body)
- $body = json_encode(aes_encapsulate($body,$key));
$r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created )
VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
@@ -87,8 +64,8 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
intval($channel['channel_id']),
dbesc($channel['channel_hash']),
dbesc($recipient),
- dbesc($subject),
- dbesc($body),
+ dbesc(base64url_encode($subject)),
+ dbesc(base64url_encode($body)),
dbesc($mid),
dbesc($replyto),
dbesc(datetime_convert())
@@ -107,18 +84,35 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
return $ret;
}
- if(count($images)) {
- foreach($images as $image) {
- if(! stristr($image,$a->get_baseurl() . '/photo/'))
- continue;
- $image_uri = substr($image,strrpos($image,'/') + 1);
- $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
- $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'",
- dbesc('<' . $recipient . '>'),
- dbesc($image_uri),
- intval($channel['channel_id']),
- dbesc('<' . $channel['channel_hash'] . '>')
- );
+ /**
+ *
+ * When a photo was uploaded into the message using the (profile wall) ajax
+ * uploader, The permissions are initially set to disallow anybody but the
+ * owner from seeing it. This is because the permissions may not yet have been
+ * set for the post. If it's private, the photo permissions should be set
+ * appropriately. But we didn't know the final permissions on the post until
+ * now. So now we'll look for links of uploaded messages that are in the
+ * post and set them to the same permissions as the post itself.
+ *
+ */
+
+ $match = null;
+
+ if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) {
+ $images = $match[1];
+ if(count($images)) {
+ foreach($images as $image) {
+ if(! stristr($image,$a->get_baseurl() . '/photo/'))
+ continue;
+ $image_uri = substr($image,strrpos($image,'/') + 1);
+ $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
+ $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'",
+ dbesc('<' . $recipient . '>'),
+ dbesc($image_uri),
+ intval($channel['channel_id']),
+ dbesc('<' . $channel['channel_hash'] . '>')
+ );
+ }
}
}
@@ -177,14 +171,11 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
$r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c);
$r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0);
if($r[$k]['mail_flags'] & MAIL_OBSCURED) {
- logger('unencrypting');
- $key = get_config('system','prvkey');
-
- if($r[$k]['title'])
- $r[$k]['title'] = aes_unencapsulate(json_decode($r[$k]['title'],true),$key);
- if($r[$k]['body'])
- $r[$k]['body'] = aes_unencapsulate(json_decode($r[$k]['body'],true),$key);
+ $r[$k]['title'] = base64url_decode($r[$k]['title']);
+ $r[$k]['body'] = base64url_decode($r[$k]['body']);
}
+
+
}
return $r;
@@ -218,11 +209,8 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
- $key = get_config('system','prvkey');
- if($messages[$k]['title'])
- $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key);
- if($messages[$k]['body'])
- $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key);
+ $messages[$k]['title'] = base64url_decode($messages[$k]['title']);
+ $messages[$k]['body'] = base64url_decode($messages[$k]['body']);
}
}
@@ -306,12 +294,10 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
- $key = get_config('system','prvkey');
- if($messages[$k]['title'])
- $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key);
- if($messages[$k]['body'])
- $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key);
+ $messages[$k]['title'] = base64url_decode($messages[$k]['title']);
+ $messages[$k]['body'] = base64url_decode($messages[$k]['body']);
}
+
}
diff --git a/include/notifier.php b/include/notifier.php
index dea9d6072..9a8866223 100644
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -328,10 +328,7 @@ function notifier_run($argv, $argc){
// Generic delivery section, we have an encoded item and recipients
// Now start the delivery process
- $x = $encoded_item;
- $x['title'] = 'private';
- $x['body'] = 'private';
- logger('notifier: encoded item: ' . print_r($x,true), LOGGER_DATA);
+ logger('notifier: encoded item: ' . print_r($encoded_item,true));
stringify_array_elms($recipients);
if(! $recipients)
diff --git a/include/photo/photo_imagick.php b/include/photo/photo_imagick.php
index 3f84fd06c..2737c8f69 100644
--- a/include/photo/photo_imagick.php
+++ b/include/photo/photo_imagick.php
@@ -153,14 +153,14 @@ class photo_imagick extends photo_driver {
do {
$this->image->cropImage($w, $h, $x, $y);
/**
- * We need to remove the canvas,
+ * We need to remove the canva,
* or the image is not resized to the crop:
* http://php.net/manual/en/imagick.cropimage.php#97232
*/
$this->image->setImagePage(0, 0, 0, 0);
} while ($this->image->nextImage());
- $this->doScaleImage($max,$max);
+ $this->doScaleImage($max);
}
public function imageString() {
diff --git a/include/security.php b/include/security.php
index ef4d5a313..29a0fc0bc 100644
--- a/include/security.php
+++ b/include/security.php
@@ -205,29 +205,26 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
else {
- $observer = get_observer_hash();
- if($observer) {
- $groups = init_groups_visitor($observer);
-
- $gs = '<<>>'; // should be impossible to match
-
- if(is_array($groups) && count($groups)) {
- foreach($groups as $g)
- $gs .= '|<' . $g . '>';
- }
- $sql = sprintf(
- " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
- AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
- )
- ",
- dbesc(protect_sprintf( '%<' . $observer . '>%')),
- dbesc($gs),
- dbesc(protect_sprintf( '%<' . $observer . '>%')),
- dbesc($gs)
- );
- }
+ $observer = get_app()->get_observer();
+ $groups = init_groups_visitor($remote_user);
+
+ $gs = '<<>>'; // should be impossible to match
+
+ if(is_array($groups) && count($groups)) {
+ foreach($groups as $g)
+ $gs .= '|<' . $g . '>';
+ }
+ $sql = sprintf(
+ " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+ AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+ )
+ ",
+ dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
+ dbesc($gs),
+ dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
+ dbesc($gs)
+ );
}
-
return $sql;
}
@@ -263,28 +260,25 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
else {
- $observer = get_observer_hash();
-
- if($observer) {
- $groups = init_groups_visitor($observer);
-
- $gs = '<<>>'; // should be impossible to match
-
- if(is_array($groups) && count($groups)) {
- foreach($groups as $g)
- $gs .= '|<' . $g . '>';
- }
- $sql = sprintf(
- " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
- AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
- )
- ",
- dbesc(protect_sprintf( '%<' . $observer . '>%')),
- dbesc($gs),
- dbesc(protect_sprintf( '%<' . $observer . '>%')),
- dbesc($gs)
- );
- }
+ $observer = get_app()->get_observer();
+ $groups = init_groups_visitor($remote_user);
+
+ $gs = '<<>>'; // should be impossible to match
+
+ if(is_array($groups) && count($groups)) {
+ foreach($groups as $g)
+ $gs .= '|<' . $g . '>';
+ }
+ $sql = sprintf(
+ " AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')
+ AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
+ )
+ ",
+ dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
+ dbesc($gs),
+ dbesc(protect_sprintf( '%<' . $remote_user . '>%')),
+ dbesc($gs)
+ );
}
return $sql;
}
diff --git a/include/text.php b/include/text.php
index 814c564a3..2d29dff31 100755
--- a/include/text.php
+++ b/include/text.php
@@ -887,7 +887,7 @@ function smilies($s, $sample = false) {
'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />',
'<img class="smiley" src="' . $a->get_baseurl() . '/images/like.gif" alt=":like" />',
'<img class="smiley" src="' . $a->get_baseurl() . '/images/dislike.gif" alt=":dislike" />',
- '<a href="http://getzot.com"><img class="smiley" src="' . $a->get_baseurl() . '/images/rhash-16.png" alt="red#" /> the Red Matrix</a>',
+ '<img class="smiley" src="' . $a->get_baseurl() . '/images/rhash-16.png" alt="red#" /></a>',
'<a href="http://friendica.com">~friendica <img class="smiley" src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>'
);
@@ -977,22 +977,11 @@ function link_compare($a,$b) {
-function prepare_body(&$item,$attach = false) {
+function prepare_body($item,$attach = false) {
$a = get_app();
-
-
-
call_hooks('prepare_body_init', $item);
- if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
- $key = get_config('system','prvkey');
- if($item['title'])
- $item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key);
- if($item['body'])
- $item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key);
- }
-
$s = prepare_text($item['body'],$item['mimetype']);
$prep_arr = array('item' => $item, 'html' => $s);
@@ -1003,7 +992,6 @@ function prepare_body(&$item,$attach = false) {
return $s;
}
-
$arr = json_decode($item['attach'],true);
if(count($arr)) {
$s .= '<div class="body-attach">';
@@ -1258,7 +1246,7 @@ function feed_salmonlinks($nick) {
function get_plink($item) {
$a = get_app();
- if (x($item,'plink') && ($item['item_private'] != 1)) {
+ if (x($item,'plink') && ($item['private'] != 1)) {
return array(
'href' => $item['plink'],
'title' => t('link to source'),
diff --git a/include/zot.php b/include/zot.php
index 437ec0c86..7369de80a 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -770,6 +770,8 @@ function zot_fetch($arr) {
function zot_import($arr) {
+// logger('zot_import: ' . print_r($arr,true), LOGGER_DATA);
+
$data = json_decode($arr['body'],true);
if(! $data) {
@@ -781,6 +783,8 @@ function zot_import($arr) {
$data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true);
}
+ logger('zot_import: data' . print_r($data,true), LOGGER_DATA);
+
$incoming = $data['pickup'];
$return = array();
@@ -833,12 +837,10 @@ function zot_import($arr) {
if($i['message']) {
if($i['message']['type'] === 'activity') {
$arr = get_item_elements($i['message']);
-
if(! array_key_exists('created',$arr)) {
logger('Activity rejected: probable failure to lookup author/owner. ' . print_r($i['message'],true));
continue;
}
-
logger('Activity received: ' . print_r($arr,true), LOGGER_DATA);
logger('Activity recipients: ' . print_r($deliveries,true), LOGGER_DATA);
@@ -1020,18 +1022,6 @@ function process_delivery($sender,$arr,$deliveries,$relay) {
$perm = (($arr['mid'] == $arr['parent_mid']) ? 'send_stream' : 'post_comments');
- // This is our own post, possibly coming from a channel clone
-
- if($arr['owner_xchan'] == $d['hash']) {
- $arr['item_flags'] = $arr['item_flags'] | ITEM_WALL;
- }
- else {
- // clear the wall flag if it is set
- if($arr['item_flags'] & ITEM_WALL) {
- $arr['item_flags'] = ($arr['item_flags'] ^ ITEM_WALL);
- }
- }
-
if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery)) {
logger("permission denied for delivery {$channel['channel_id']}");
$result[] = array($d['hash'],'permission denied',$channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
@@ -1575,7 +1565,7 @@ function build_sync_packet($uid = 0, $packet = null) {
// don't pass these elements, they should not be synchronised
- $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address');
+ $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey');
if(in_array($k,$disallowed))
continue;
@@ -1615,8 +1605,7 @@ function build_sync_packet($uid = 0, $packet = null) {
function process_channel_sync_delivery($sender,$arr,$deliveries) {
-// FIXME - this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic.
-// TODO: missing group membership changes
+// FIXME - this will sync red structures. Eventually we need to make this application agnostic.
$result = array();
@@ -1646,7 +1635,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
}
if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) {
- $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey', 'channel_address');
+ $disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey');
$clean = array();
foreach($arr['channel'] as $k => $v) {