diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/acl_selectors.php | 97 | ||||
| -rw-r--r-- | include/bbcode.php | 12 | ||||
| -rw-r--r-- | include/channel.php | 4 | ||||
| -rw-r--r-- | include/conversation.php | 2 | ||||
| -rw-r--r-- | include/crypto.php | 81 | ||||
| -rw-r--r-- | include/datetime.php | 97 | ||||
| -rwxr-xr-x | include/dba/dba_driver.php | 82 | ||||
| -rwxr-xr-x | include/dba/dba_mysql.php | 67 | ||||
| -rwxr-xr-x | include/dba/dba_mysqli.php | 86 | ||||
| -rwxr-xr-x | include/dba/dba_pdo.php | 43 | ||||
| -rw-r--r-- | include/dba/dba_postgres.php | 117 | ||||
| -rw-r--r-- | include/feedutils.php | 245 | ||||
| -rwxr-xr-x | include/items.php | 18 | ||||
| -rw-r--r-- | include/js_strings.php | 14 | ||||
| -rw-r--r-- | include/nav.php | 4 | ||||
| -rw-r--r-- | include/network.php | 4 | ||||
| -rwxr-xr-x | include/plugin.php | 72 | ||||
| -rw-r--r-- | include/queue_fn.php | 29 | ||||
| -rw-r--r-- | include/text.php | 55 | ||||
| -rw-r--r-- | include/zot.php | 199 |
20 files changed, 595 insertions, 733 deletions
diff --git a/include/acl_selectors.php b/include/acl_selectors.php index 4e203074b..bada3e528 100644 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -5,104 +5,9 @@ * @package acl_selectors */ -/** - * @brief - * - * @param string $selname - * @param string $selclass - * @param mixed $preselected - * @param number $size - * @return string - */ -function group_select($selname, $selclass, $preselected = false, $size = 4) { - - $o = ''; - - $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\">\r\n"; - - $r = q("SELECT * FROM groups WHERE deleted = 0 AND uid = %d ORDER BY gname ASC", - intval(local_channel()) - ); - - - $arr = array('group' => $r, 'entry' => $o); - - // e.g. 'network_pre_group_deny', 'profile_pre_group_allow' - - call_hooks(App::$module . '_pre_' . $selname, $arr); - - if($r) { - foreach($r as $rr) { - if((is_array($preselected)) && in_array($rr['id'], $preselected)) - $selected = " selected=\"selected\" "; - else - $selected = ''; - $trimmed = mb_substr($rr['gname'],0,12); - - $o .= "<option value=\"{$rr['id']}\" $selected title=\"{$rr['name']}\" >$trimmed</option>\r\n"; - } - - } - $o .= "</select>\r\n"; - - call_hooks(App::$module . '_post_' . $selname, $o); - - return $o; -} - -function contact_select($selname, $selclass, $preselected = false, $size = 4, $privmail = false, $celeb = false, $privatenet = false, $tabindex = null) { - - $o = ''; - - // When used for private messages, we limit correspondence to mutual DFRN/Friendica friends and the selector - // to one recipient. By default our selector allows multiple selects amongst all contacts. - - $sql_extra = ''; - - $tabindex = ($tabindex > 0 ? 'tabindex="$tabindex"' : ''); - - if($privmail) - $o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"$size\" $tabindex >\r\n"; - else - $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" $tabindex>\r\n"; - - $r = q("SELECT abook_id, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash - where abook_self = 0 and abook_channel = %d - $sql_extra - ORDER BY xchan_name ASC", - intval(local_channel()) - ); - - - $arr = array('contact' => $r, 'entry' => $o); - - // e.g. 'network_pre_contact_deny', 'profile_pre_contact_allow' - - call_hooks(App::$module . '_pre_' . $selname, $arr); - - if($r) { - foreach($r as $rr) { - if((is_array($preselected)) && in_array($rr['id'], $preselected)) - $selected = ' selected="selected" '; - else - $selected = ''; - - $trimmed = mb_substr($rr['xchan_name'], 0, 20); - - $o .= "<option value=\"{$rr['abook_id']}\" $selected title=\"{$rr['xchan_name']}|{$rr['xchan_url']}\" >$trimmed</option>\r\n"; - } - } - - $o .= "</select>\r\n"; - - call_hooks(App::$module . '_post_' . $selname, $o); - - return $o; -} - function fixacl(&$item) { - $item = str_replace(array('<', '>'), array('', ''), $item); + $item = str_replace( [ '<', '>' ], [ '', '' ], $item); } /** diff --git a/include/bbcode.php b/include/bbcode.php index 0c85a0a4e..03a46444b 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -438,7 +438,7 @@ function bb_summary($match) { $rnd3 = mt_rand(); $rnd4 = mt_rand(); - return $match[1] . '<div style="display: block;" id="opendiv-' . $rnd2 . '">' . $match[2] . '</div><div style="display: block;" id="opendiv-' . $rnd3 . '" onclick="openClose(\'opendiv-' . $rnd1 . '\'); openClose(\'opendiv-' . $rnd2 . '\'); openClose(\'opendiv-' . $rnd3 . '\'); openClose(\'opendiv-' . $rnd4 . '\'); return false;" class="fakelink">' . t('View article') . '</div><div style="display: none;" id="opendiv-' . $rnd4 . '" onclick="openClose(\'opendiv-' . $rnd1 . '\'); openClose(\'opendiv-' . $rnd2 . '\'); openClose(\'opendiv-' . $rnd3 . '\'); openClose(\'opendiv-' . $rnd4 . '\'); return false;" class="fakelink">' . t('View summary') . '</div><div id="opendiv-' . $rnd1 . '" style="display: none;">' . $match[3] . '</div>'; + return $match[1] . '<div style="display: block;" id="opendiv-' . $rnd2 . '">' . $match[2] . '</div><div style="display: block;" id="opendiv-' . $rnd3 . '" onclick="openClose(\'opendiv-' . $rnd1 . '\'); openClose(\'opendiv-' . $rnd2 . '\'); openClose(\'opendiv-' . $rnd3 . '\'); openClose(\'opendiv-' . $rnd4 . '\'); return false;" class="fakelink view-article">' . t('View article') . '</div><div style="display: none;" id="opendiv-' . $rnd4 . '" onclick="openClose(\'opendiv-' . $rnd1 . '\'); openClose(\'opendiv-' . $rnd2 . '\'); openClose(\'opendiv-' . $rnd3 . '\'); openClose(\'opendiv-' . $rnd4 . '\'); return false;" class="fakelink view-summary">' . t('View summary') . '</div><div id="opendiv-' . $rnd1 . '" style="display: none;">' . $match[3] . '</div>'; } @@ -628,7 +628,7 @@ function bb_code_unprotect_sub($match) { function bb_code($match) { if(strpos($match[0], "<br />")) - return '<code>' . bb_code_protect(trim($match[1])) . '</code>'; + return '<pre><code>' . bb_code_protect(trim($match[1])) . '</code></pre>'; else return '<code class="inline-code">' . bb_code_protect(trim($match[1])) . '</code>'; } @@ -636,15 +636,21 @@ function bb_code($match) { function bb_code_options($match) { if(strpos($match[0], "<br />")) { $class = ""; + $pre = true; } else { $class = "inline-code"; + $pre = false; } if(strpos($match[1], 'nowrap')) { $style = "overflow-x: auto; white-space: pre;"; } else { $style = ""; } - return '<code class="'. $class .'" style="'. $style .'">' . bb_code_protect(trim($match[2])) . '</code>'; + if($pre) { + return '<pre><code class="'. $class .'" style="'. $style .'">' . bb_code_protect(trim($match[2])) . '</code></pre>'; + } else { + return '<code class="'. $class .'" style="'. $style .'">' . bb_code_protect(trim($match[2])) . '</code>'; + } } function bb_highlight($match) { diff --git a/include/channel.php b/include/channel.php index b9adc588b..625ce16c8 100644 --- a/include/channel.php +++ b/include/channel.php @@ -2553,10 +2553,10 @@ function channel_remove($channel_id, $local = true, $unset_session = false) { q("DELETE FROM profile WHERE uid = %d", intval($channel_id)); q("DELETE FROM src WHERE src_channel_id = %d", intval($channel_id)); - $r = q("select resource_id FROM attach WHERE uid = %d", intval($channel_id)); + $r = q("select hash FROM attach WHERE uid = %d", intval($channel_id)); if($r) { foreach($r as $rv) { - attach_delete($channel_id,$rv['resource_id']); + attach_delete($channel_id,$rv['hash']); } } diff --git a/include/conversation.php b/include/conversation.php index 77694deb3..0bb9c769a 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -974,7 +974,7 @@ function author_is_pmable($xchan, $abook) { if($x['result'] !== 'unset') return $x['result']; - if($xchan['xchan_network'] === 'zot') + if($xchan['xchan_network'] === 'zot' && get_observer_hash()) return true; return false; diff --git a/include/crypto.php b/include/crypto.php index b990b18d9..ab33ba096 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -31,19 +31,6 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') { return (($verify > 0) ? true : false); } -function pkcs5_pad ($text, $blocksize) -{ - $pad = $blocksize - (strlen($text) % $blocksize); - return $text . str_repeat(chr($pad), $pad); -} - -function pkcs5_unpad($text) -{ - $pad = ord($text{strlen($text)-1}); - if ($pad > strlen($text)) return false; - if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; - return substr($text, 0, -1 * $pad); -} function AES256CBC_encrypt($data,$key,$iv) { @@ -135,7 +122,18 @@ function other_encapsulate($data,$pubkey,$alg) { if(! $pubkey) logger('no key. data: ' . $data); - $fn = strtoupper($alg) . '_encrypt'; + $oaep = false; + + if(strpos($alg,'.oaep')) { + $oaep = true; + $subalg = substr($alg,0,-5); + } + else { + $subalg = $alg; + } + + + $fn = strtoupper($subalg) . '_encrypt'; if(function_exists($fn)) { // A bit hesitant to use openssl_random_pseudo_bytes() as we know @@ -153,14 +151,14 @@ function other_encapsulate($data,$pubkey,$alg) { $iv = openssl_random_pseudo_bytes(256); $result['data'] = base64url_encode($fn($data,$key,$iv),true); // log the offending call so we can track it down - if(! openssl_public_encrypt($key,$k,$pubkey)) { + if(! openssl_public_encrypt($key,$k,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING))) { $x = debug_backtrace(); logger('RSA failed. ' . print_r($x[0],true)); } $result['alg'] = $alg; $result['key'] = base64url_encode($k,true); - openssl_public_encrypt($iv,$i,$pubkey); + openssl_public_encrypt($iv,$i,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); $result['iv'] = base64url_encode($i,true); return $result; } @@ -179,7 +177,7 @@ function crypto_methods() { // The actual methods are responsible for deriving the actual key/iv from the provided parameters; // possibly by truncation or segmentation - though many other methods could be used. - $r = [ 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; + $r = [ 'aes256ctr.oaep', 'camellia256cfb.oaep', 'cast5cfb.oaep', 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; call_hooks('crypto_methods',$r); return $r; @@ -220,6 +218,7 @@ function aes_encapsulate($data,$pubkey) { function crypto_unencapsulate($data,$prvkey) { if(! $data) return; + $alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc'); if($alg === 'aes256cbc') return aes_unencapsulate($data,$prvkey); @@ -229,10 +228,21 @@ function crypto_unencapsulate($data,$prvkey) { } function other_unencapsulate($data,$prvkey,$alg) { - $fn = strtoupper($alg) . '_decrypt'; + + $oaep = false; + + if(strpos($alg,'.oaep')) { + $oaep = true; + $subalg = substr($alg,0,-5); + } + else { + $subalg = $alg; + } + + $fn = strtoupper($subalg) . '_decrypt'; if(function_exists($fn)) { - openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); - openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); return $fn(base64url_decode($data['data']),$k,$i); } else { @@ -282,37 +292,6 @@ function new_keypair($bits) { } -function pkcs1to8($oldkey,$len) { - - if($len == 4096) - $c = 'g'; - if($len == 2048) - $c = 'Q'; - - if(strstr($oldkey,'BEGIN PUBLIC')) - return $oldkey; - - $oldkey = str_replace('-----BEGIN RSA PUBLIC KEY-----', '', $oldkey); - $oldkey = trim(str_replace('-----END RSA PUBLIC KEY-----', '', $oldkey)); - $key = 'MIICIjANBgkqhkiG9w0BAQEFAAOCA' . $c . '8A' . str_replace("\n", '', $oldkey); - $key = "-----BEGIN PUBLIC KEY-----\n" . wordwrap($key, 64, "\n", true) . "\n-----END PUBLIC KEY-----"; - return $key; -} - -function pkcs8to1($oldkey,$len) { - - if(strstr($oldkey,'BEGIN RSA')) - return $oldkey; - - $oldkey = str_replace('-----BEGIN PUBLIC KEY-----', '', $oldkey); - $oldkey = trim(str_replace('-----END PUBLIC KEY-----', '', $oldkey)); - $key = str_replace("\n",'',$oldkey); - $key = substr($key,32); - $key = "-----BEGIN RSA PUBLIC KEY-----\n" . wordwrap($key, 64, "\n", true) . "\n-----END RSA PUBLIC KEY-----"; - return $key; -} - - function DerToPem($Der, $Private=false) { //Encode: diff --git a/include/datetime.php b/include/datetime.php index 0fcd957be..1e9a1fa51 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -93,16 +93,6 @@ function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d return $d->format($fmt); } - // Slight hackish adjustment so that 'zero' datetime actually returns what is intended - // otherwise we end up with -0001-11-30 ... - // add 32 days so that we at least get year 00, and then hack around the fact that - // months and days always start with 1. - -// if(substr($s,0,10) == '0000-00-00') { -// $d = new DateTime($s . ' + 32 days', new DateTimeZone('UTC')); -// return str_replace('1', '0', $d->format($fmt)); -// } - try { $from_obj = new DateTimeZone($from); } catch(Exception $e) { @@ -135,70 +125,20 @@ function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d */ function dob($dob) { - list($year, $month, $day) = sscanf($dob, '%4d-%2d-%2d'); - $f = get_config('system', 'birthday_input_format'); - if (! $f) - $f = 'ymd'; - if ($dob === '0000-00-00') $value = ''; else $value = (($year) ? datetime_convert('UTC','UTC',$dob,'Y-m-d') : datetime_convert('UTC','UTC',$dob,'m-d')); - $o = replace_macros(get_markup_template("field_input.tpl"), array('$field' => array( - 'dob', - t('Birthday'), - $value, - ((intval($value)) ? t('Age: ') . age($value,App::$user['timezone'],App::$user['timezone']) : ''), - '', - 'placeholder="' . t('YYYY-MM-DD or MM-DD') .'"' - ))); - + $o = replace_macros(get_markup_template("field_input.tpl"), [ + '$field' => [ 'dob', t('Birthday'), $value, ((intval($value)) ? t('Age: ') . age($value,App::$user['timezone'],App::$user['timezone']) : ''), '', 'placeholder="' . t('YYYY-MM-DD or MM-DD') .'"' ] + ]); -// if ($dob && $dob != '0000-00-00') -// $o = datesel($f,mktime(0,0,0,0,0,1900),mktime(),mktime(0,0,0,$month,$day,$year),'dob'); -// else -// $o = datesel($f,mktime(0,0,0,0,0,1900),mktime(),false,'dob'); return $o; } /** - * @brief Returns a date selector. - * - * @see datetimesel() - * @param string $format - * format string, e.g. 'ymd' or 'mdy'. Not currently supported - * @param DateTime $min - * unix timestamp of minimum date - * @param DateTime $max - * unix timestap of maximum date - * @param DateTime $default - * unix timestamp of default date - * @param string $id - * id and name of datetimepicker (defaults to "datetimepicker") - */ -function datesel($format, $min, $max, $default, $id = 'datepicker') { - return datetimesel($format, $min, $max, $default, '', $id, true, false, '', ''); -} - -/** - * @brief Returns a time selector. - * - * @param string $format - * format string, e.g. 'ymd' or 'mdy'. Not currently supported - * @param string $h - * already selected hour - * @param string $m - * already selected minute - * @param string $id - * id and name of datetimepicker (defaults to "timepicker") - */ -function timesel($format, $h, $m, $id='timepicker') { - return datetimesel($format, new DateTime(), new DateTime(), new DateTime("$h:$m"), '', $id, false, true); -} - -/** * @brief Returns a datetime selector. * * @param string $format @@ -449,12 +389,7 @@ function cal($y = 0, $m = 0, $links = false, $class='') { // month table - start at 1 to match human usage. - $mtab = array(' ', - 'January','February','March', - 'April','May','June', - 'July','August','September', - 'October','November','December' - ); + $mtab = [ ' ', 'January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December' ]; $thisyear = datetime_convert('UTC',date_default_timezone_get(),'now','Y'); $thismonth = datetime_convert('UTC',date_default_timezone_get(),'now','m'); @@ -463,7 +398,7 @@ function cal($y = 0, $m = 0, $links = false, $class='') { if (! $m) $m = intval($thismonth); - $dn = array('Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'); + $dn = [ 'Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday' ]; $f = get_first_dim($y, $m); $l = get_dim($y, $m); $d = 1; @@ -569,17 +504,17 @@ function update_birthdays() { if (! perm_is_allowed($rr['abook_channel'], $rr['xchan_hash'], 'send_stream')) continue; - $ev = array(); - $ev['uid'] = $rr['abook_channel']; - $ev['account'] = $rr['abook_account']; - $ev['event_xchan'] = $rr['xchan_hash']; - $ev['dtstart'] = datetime_convert('UTC', 'UTC', $rr['abook_dob']); - $ev['dtend'] = datetime_convert('UTC', 'UTC', $rr['abook_dob'] . ' + 1 day '); - $ev['adjust'] = intval(feature_enabled($rr['abook_channel'],'smart_birthdays')); - $ev['summary'] = sprintf( t('%1$s\'s birthday'), $rr['xchan_name']); - $ev['description'] = sprintf( t('Happy Birthday %1$s'), - '[zrl=' . $rr['xchan_url'] . ']' . $rr['xchan_name'] . '[/zrl]') ; - $ev['etype'] = 'birthday'; + $ev = [ + 'uid' => $rr['abook_channel'], + 'account' => $rr['abook_account'], + 'event_xchan' => $rr['xchan_hash'], + 'dtstart' => datetime_convert('UTC', 'UTC', $rr['abook_dob']), + 'dtend' => datetime_convert('UTC', 'UTC', $rr['abook_dob'] . ' + 1 day '), + 'adjust' => intval(feature_enabled($rr['abook_channel'],'smart_birthdays')), + 'summary' => sprintf( t('%1$s\'s birthday'), $rr['xchan_name']), + 'description' => sprintf( t('Happy Birthday %1$s'), '[zrl=' . $rr['xchan_url'] . ']' . $rr['xchan_name'] . '[/zrl]'), + 'etype' => 'birthday', + ]; $z = event_store_event($ev); if ($z) { diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index deec9adfd..b3298b673 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -1,15 +1,20 @@ <?php +/** + * @file dba_driver.php + * @brief Some database related functions and database classes. + * + * This file contains the abstract database driver class dba_driver, the + * database class DBA and some functions for working with databases. + */ +/** + * @brief Database classs with database factory method. + * + * The factory will return a database driver which is an implementation of the + * abstract dba_driver class. + */ class DBA { - /** - * @file dba_driver.php - * @brief some database related functions and abstract driver class. - * - * This file contains the abstract database driver class dba_driver and some - * functions for working with databases. - */ - static public $dba = null; static public $dbtype = null; static public $scheme = 'mysql'; @@ -21,7 +26,6 @@ class DBA { static public $tquot = "`"; - /** * @brief Returns the database driver object. * @@ -34,14 +38,11 @@ class DBA { * @param bool $install Defaults to false * @return null|dba_driver A database driver object (dba_pdo) or null if no driver found. */ - static public function dba_factory($server,$port,$user,$pass,$db,$dbtype,$install = false) { self::$dba = null; - self::$dbtype = intval($dbtype); - if(self::$dbtype == DBTYPE_POSTGRES) { if(!($port)) $port = 5432; @@ -50,7 +51,6 @@ class DBA { self::$utc_now = "now() at time zone 'UTC'"; self::$tquot = '"'; self::$scheme = 'pgsql'; - } else { @@ -66,40 +66,27 @@ class DBA { require_once('include/dba/dba_pdo.php'); self::$dba = new dba_pdo($server,self::$scheme,$port,$user,$pass,$db,$install); - - if(is_object(self::$dba) && self::$dba->connected) { - - if(strpbrk($server,':;')) { - $dsn = $server; - } - else { - $dsn = self::$scheme . ':host=' . $server . (intval($port) ? '' : ';port=' . $port); - } - $dsn .= ';dbname=' . $db; - - - self::$dba->pdo_set(array($dsn,$user,$pass)); - } define('NULL_DATE', self::$null_date); define('ACTIVE_DBTYPE', self::$dbtype); define('TQUOT', self::$tquot); + return self::$dba; } } /** - * @brief abstract database driver class. + * @brief Abstract database driver class. * - * This class gets extended by the real database driver classes, e.g. dba_mysql, - * dba_mysqli. + * This class gets extended by the real database driver class. We used to have + * dba_mysql, dba_mysqli or dba_postgres, but we moved to PDO and the only + * implemented driver is dba_pdo. */ abstract class dba_driver { // legacy behavior public $db; - protected $pdo = array(); public $debug = 0; public $connected = false; @@ -111,6 +98,7 @@ abstract class dba_driver { * This abstract function needs to be implemented in the real driver. * * @param string $server DB server name + * @param string $scheme DB scheme * @param string $port DB port * @param string $user DB username * @param string $pass DB password @@ -166,6 +154,7 @@ abstract class dba_driver { $platform_name = \Zotlabs\Lib\System::get_platform_name(); if(file_exists('install/' . $platform_name . '/' . \DBA::$install_script)) return 'install/' . $platform_name . '/' . \DBA::$install_script; + return 'install/' . \DBA::$install_script; } @@ -173,7 +162,6 @@ abstract class dba_driver { return \DBA::$tquot; } - function utcnow() { return \DBA::$utc_now; } @@ -232,19 +220,12 @@ abstract class dba_driver { return $str; } - function pdo_set($x) { - $this->pdo = $x; - } - - function pdo_get() { - return $this->pdo; - } - } // end abstract dba_driver class - +// // Procedural functions +// function printable($s) { $s = preg_replace("~([\x01-\x08\x0E-\x0F\x10-\x1F\x7F-\xFF])~",".", $s); @@ -275,7 +256,7 @@ function dbg($state) { * wrapping with intval(). * * @param string $str A string to pass to a DB query - * @return Return an escaped string of the value to pass to a DB query. + * @return string Return an escaped string of the value to pass to a DB query. */ function dbesc($str) { @@ -298,6 +279,7 @@ function dbunescbin($str) { function dbescdate($date) { if(is_null_date($date)) return \DBA::$dba->escape(NULL_DATE); + return \DBA::$dba->escape($date); } @@ -330,17 +312,17 @@ function db_use_index($str) { * * printf style arguments %s and %d are replaced with variable arguments, which * should each be appropriately dbesc() or intval(). + * * SELECT queries return an array of results or false if SQL or DB error. Other * queries return true if the command was successful or false if it wasn't. * * Example: - * $r = q("SELECT * FROM %s WHERE `uid` = %d", - * 'user', 1); + * @code{.php}$r = q("SELECT * FROM %s WHERE `uid` = %d", + * 'user', 1);@endcode * * @param string $sql The SQL query to execute * @return bool|array */ - function q($sql) { $args = func_get_args(); @@ -359,8 +341,8 @@ function q($sql) { } /* - * This will happen occasionally trying to store the - * session data after abnormal program termination + * This will happen occasionally trying to store the + * session data after abnormal program termination */ db_logger('dba: no database: ' . print_r($args,true),LOGGER_NORMAL,LOG_CRIT); @@ -389,8 +371,8 @@ function dbq($sql) { // Caller is responsible for ensuring that any integer arguments to // dbesc_array are actually integers and not malformed strings containing -// SQL injection vectors. All integer array elements should be specifically -// cast to int to avoid trouble. +// SQL injection vectors. All integer array elements should be specifically +// cast to int to avoid trouble. function dbesc_array_cb(&$item, $key) { if(is_string($item)) { @@ -423,7 +405,7 @@ function dbesc_array(&$arr) { function db_getfunc($f) { $lookup = array( 'rand'=>array( - DBTYPE_MYSQL=>'RAND()', + DBTYPE_MYSQL=>'RAND()', DBTYPE_POSTGRES=>'RANDOM()' ), 'utc_timestamp'=>array( diff --git a/include/dba/dba_mysql.php b/include/dba/dba_mysql.php deleted file mode 100755 index 8b51cf578..000000000 --- a/include/dba/dba_mysql.php +++ /dev/null @@ -1,67 +0,0 @@ -<?php - -require_once('include/dba/dba_driver.php'); - - -class dba_mysql extends dba_driver { - - function connect($server, $scheme, $port, $user,$pass,$db) { - $this->db = mysql_connect($server.":".$port,$user,$pass); - if($this->db && mysql_select_db($db,$this->db)) { - $this->connected = true; - } - if($this->connected) { - return true; - } - return false; - } - - - function q($sql) { - if((! $this->db) || (! $this->connected)) - return false; - - $this->error = ''; - $result = @mysql_query($sql,$this->db); - - - if(mysql_errno($this->db)) - $this->error = mysql_error($this->db); - - if($result === false || $this->error) { - logger('dba_mysql: ' . printable($sql) . ' returned false.' . "\n" . $this->error); - if(file_exists('dbfail.out')) - file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n" . $this->error . "\n", FILE_APPEND); - } - - if(($result === true) || ($result === false)) - return $result; - - $r = array(); - if(mysql_num_rows($result)) { - while($x = mysql_fetch_array($result,MYSQL_ASSOC)) - $r[] = $x; - mysql_free_result($result); - if($this->debug) - logger('dba_mysql: ' . printable(print_r($r,true))); - } - return $r; - } - - function escape($str) { - if($this->db && $this->connected) { - return @mysql_real_escape_string($str,$this->db); - } - } - - function close() { - if($this->db) - mysql_close($this->db); - $this->connected = false; - } - - function getdriver() { - return 'mysql'; - } - -} diff --git a/include/dba/dba_mysqli.php b/include/dba/dba_mysqli.php deleted file mode 100755 index 165c8e969..000000000 --- a/include/dba/dba_mysqli.php +++ /dev/null @@ -1,86 +0,0 @@ -<?php /** @file */ - -require_once('include/dba/dba_driver.php'); - -class dba_mysqli extends dba_driver { - - function connect($server,$scheme,$port,$user,$pass,$db) { - if($port) - $this->db = new mysqli($server,$user,$pass,$db, $port); - else - $this->db = new mysqli($server,$user,$pass,$db); - - if($this->db->connect_error) { - $this->connected = false; - $this->error = $this->db->connect_error; - - if(file_exists('dbfail.out')) { - file_put_contents('dbfail.out', datetime_convert() . "\nConnect: " . $this->error . "\n", FILE_APPEND); - } - - return false; - } - else { - $this->connected = true; - return true; - } - } - - function q($sql) { - if((! $this->db) || (! $this->connected)) - return false; - - $this->error = ''; - $result = $this->db->query($sql); - - if($this->db->errno) - $this->error = $this->db->error; - - - if($this->error) { - db_logger('dba_mysqli: ERROR: ' . printable($sql) . "\n" . $this->error, LOGGER_NORMAL, LOG_ERR); - if(file_exists('dbfail.out')) { - file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . "\n" . $this->error . "\n", FILE_APPEND); - } - } - - if(($result === true) || ($result === false)) { - if($this->debug) { - db_logger('dba_mysqli: DEBUG: ' . printable($sql) . ' returns ' . (($result) ? 'true' : 'false'), LOGGER_NORMAL,(($result) ? LOG_INFO : LOG_ERR)); - } - return $result; - } - - if($this->debug) { - db_logger('dba_mysqli: DEBUG: ' . printable($sql) . ' returned ' . $result->num_rows . ' results.', LOGGER_NORMAL, LOG_INFO); - } - - $r = array(); - if($result->num_rows) { - while($x = $result->fetch_array(MYSQLI_ASSOC)) - $r[] = $x; - $result->free_result(); - if($this->debug) { - db_logger('dba_mysqli: ' . printable(print_r($r,true)), LOGGER_NORMAL, LOG_INFO); - } - } - return $r; - } - - function escape($str) { - if($this->db && $this->connected) { - return @$this->db->real_escape_string($str); - } - } - - function close() { - if($this->db) - $this->db->close(); - $this->connected = false; - } - - function getdriver() { - return 'mysqli'; - } - -}
\ No newline at end of file diff --git a/include/dba/dba_pdo.php b/include/dba/dba_pdo.php index a9d824a50..f24c5381a 100755 --- a/include/dba/dba_pdo.php +++ b/include/dba/dba_pdo.php @@ -1,14 +1,21 @@ -<?php /** @file */ +<?php -require_once('include/dba/dba_driver.php'); +require_once 'include/dba/dba_driver.php'; +/** + * @brief PDO based database driver. + * + */ class dba_pdo extends dba_driver { - public $driver_dbtype = null; - function connect($server,$scheme,$port,$user,$pass,$db) { - + /** + * {@inheritDoc} + * @see dba_driver::connect() + */ + function connect($server, $scheme, $port, $user, $pass, $db) { + $this->driver_dbtype = $scheme; if(strpbrk($server,':;')) { @@ -17,7 +24,7 @@ class dba_pdo extends dba_driver { else { $dsn = $this->driver_dbtype . ':host=' . $server . (intval($port) ? ';port=' . $port : ''); } - + $dsn .= ';dbname=' . $db; try { @@ -36,10 +43,19 @@ class dba_pdo extends dba_driver { $this->q("SET standard_conforming_strings = 'off'; SET backslash_quote = 'on';"); $this->connected = true; - return true; + return true; } + /** + * {@inheritDoc} + * @see dba_driver::q() + * + * @return bool|array|PDOStatement + * - \b false if not connected or PDOException occured on query + * - \b array with results on a SELECT query + * - \b PDOStatement on a non SELECT SQL query + */ function q($sql) { if((! $this->db) || (! $this->connected)) return false; @@ -50,14 +66,15 @@ class dba_pdo extends dba_driver { } } + $result = null; $this->error = ''; - $select = ((stripos($sql,'select') === 0) ? true : false); + $select = ((stripos($sql, 'select') === 0) ? true : false); try { $result = $this->db->query($sql, PDO::FETCH_ASSOC); } catch(PDOException $e) { - + $this->error = $e->getMessage(); if($this->error) { db_logger('dba_pdo: ERROR: ' . printable($sql) . "\n" . $this->error, LOGGER_NORMAL, LOG_ERR); @@ -82,11 +99,10 @@ class dba_pdo extends dba_driver { } if($this->debug) { - db_logger('dba_pdo: DEBUG: ' . printable($sql) . ' returned ' . count($r) . ' results.', LOGGER_NORMAL, LOG_INFO); + db_logger('dba_pdo: DEBUG: ' . printable($sql) . ' returned ' . count($r) . ' results.', LOGGER_NORMAL, LOG_INFO); db_logger('dba_pdo: ' . printable(print_r($r,true)), LOGGER_NORMAL, LOG_INFO); } - return (($this->error) ? false : $r); } @@ -99,9 +115,10 @@ class dba_pdo extends dba_driver { function close() { if($this->db) $this->db = null; + $this->connected = false; } - + function concat($fld,$sep) { if($this->driver_dbtype === 'pgsql') { return 'string_agg(' . $fld . ',\'' . $sep . '\')'; @@ -140,7 +157,7 @@ class dba_pdo extends dba_driver { return $this->escape($str); } } - + function unescapebin($str) { if($this->driver_dbtype === 'pgsql' && (! is_null($str))) { $x = ''; diff --git a/include/dba/dba_postgres.php b/include/dba/dba_postgres.php deleted file mode 100644 index 560d8da60..000000000 --- a/include/dba/dba_postgres.php +++ /dev/null @@ -1,117 +0,0 @@ -<?php - -require_once('include/dba/dba_driver.php'); - - -class dba_postgres extends dba_driver { - const INSTALL_SCRIPT='install/schema_postgres.sql'; - const NULL_DATE = '0001-01-01 00:00:00'; - const UTC_NOW = "now() at time zone 'UTC'"; - const TQUOT = '"'; - - function connect($server,$scheme,$port,$user,$pass,$db) { - if(!$port) $port = 5432; - $connstr = 'host=' . $server . ' port='.$port . ' user=' . $user . ' password=' . $pass . ' dbname='. $db; - $this->db = pg_connect($connstr); - if($this->db !== false) { - $this->connected = true; - } else { - $this->connected = false; - } - $this->q("SET standard_conforming_strings = 'off'; SET backslash_quote = 'on';"); // emulate mysql string escaping to prevent massive code-clobber - return $this->connected; - } - - function q($sql) { - if((! $this->db) || (! $this->connected)) - return false; - - if(!strpos($sql, ';')) - $sql .= ';'; - - if(strpos($sql, '`')) // this is a hack. quoted identifiers should be replaced everywhere in the code with dbesc_identifier(), remove this once it is - $sql = str_replace('`', '"', $sql); - - $this->error = ''; - $result = @pg_query($this->db, $sql); - if(file_exists('db-allqueries.out')) { - $bt = debug_backtrace(); - $trace = array(); - foreach($bt as $frame) { - if(!empty($frame['file']) && @strstr($frame['file'], $_SERVER['DOCUMENT_ROOT'])) - $frame['file'] = substr($frame['file'], strlen($_SERVER['DOCUMENT_ROOT'])+1); - - $trace[] = $frame['file'] . ':' . $frame['function'] . '():' . $frame['line'] ; - } - $compact = join(', ', $trace); - file_put_contents('db-allqueries.out', datetime_convert() . ": " . $sql . ' is_resource: '.var_export(is_resource($result), true).', backtrace: '.$compact."\n\n", FILE_APPEND); - } - - if($result === false) - $this->error = pg_last_error($this->db); - - if($result === false || $this->error) { - //db_logger('dba_postgres: ' . printable($sql) . ' returned false.' . "\n" . $this->error); - if(file_exists('dbfail.out')) - file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n" . $this->error . "\n", FILE_APPEND); - } - - if(($result === true) || ($result === false)) - return $result; - - if(pg_result_status($result) == PGSQL_COMMAND_OK) - return true; - - $r = array(); - if(pg_num_rows($result)) { - while($x = pg_fetch_array($result, null, PGSQL_ASSOC)) - $r[] = $x; - pg_free_result($result); - if($this->debug) - db_logger('dba_postgres: ' . printable(print_r($r,true))); - } - return $r; - } - - function escape($str) { - if($this->db && $this->connected) { - $x = @pg_escape_string($this->db, $str); - return $x; - } - } - - function escapebin($str) { - return pg_escape_bytea($str); - } - - function unescapebin($str) { - return pg_unescape_bytea($str); - } - - function close() { - if($this->db) - pg_close($this->db); - $this->connected = false; - } - - function quote_interval($txt) { - return "'$txt'"; - } - - function escape_identifier($str) { - return pg_escape_identifier($this->db, $str); - } - - function optimize_table($table) { - // perhaps do some equivalent thing here, vacuum, etc? I think this is the DBA's domain anyway. Applications should not need to muss with this. - // for now do nothing without a compelling reason. function overrides default legacy mysql. - } - - function concat($fld, $sep) { - return 'string_agg(' . $fld . ',\'' . $sep . '\')'; - } - - function getdriver() { - return 'pgsql'; - } -}
\ No newline at end of file diff --git a/include/feedutils.php b/include/feedutils.php index 5ef45a6cd..369193fce 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -253,19 +253,18 @@ function construct_activity_target($item) { return ''; } + /** - * @brief Return an array with a parsed atom item. + * @brief Return an array with a parsed atom author. * * @param SimplePie $feed - * @param array $item - * @param[out] array $author - * @return array Associative array with the parsed item data + * @param SimplePie $item + * @return array $author */ -function get_atom_elements($feed, $item, &$author) { - require_once('include/html2bbcode.php'); +function get_atom_author($feed, $item) { - $res = array(); + $author = []; $found_author = $item->get_author(); if($found_author) { @@ -290,52 +289,6 @@ function get_atom_elements($feed, $item, &$author) { if(substr($author['author_link'],-1,1) == '/') $author['author_link'] = substr($author['author_link'],0,-1); - $res['mid'] = normalise_id(unxmlify($item->get_id())); - $res['title'] = unxmlify($item->get_title()); - $res['body'] = unxmlify($item->get_content()); - $res['plink'] = unxmlify($item->get_link(0)); - $res['item_rss'] = 1; - - - $summary = unxmlify($item->get_description(true)); - - // removing the content of the title if its identically to the body - // This helps with auto generated titles e.g. from tumblr - - if (title_is_body($res['title'], $res['body'])) - $res['title'] = ""; - - if($res['plink']) - $base_url = implode('/', array_slice(explode('/',$res['plink']),0,3)); - else - $base_url = ''; - - - $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10, 'published'); - if($rawcreated) - $res['created'] = unxmlify($rawcreated[0]['data']); - - $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10, 'updated'); - if($rawedited) - $res['edited'] = unxmlify($rawedited[0]['data']); - - if((x($res,'edited')) && (! (x($res,'created')))) - $res['created'] = $res['edited']; - - if(! $res['created']) - $res['created'] = $item->get_date('c'); - - if(! $res['edited']) - $res['edited'] = $item->get_date('c'); - - $rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb'); - - // select between supported verbs - - if($rawverb) { - $res['verb'] = unxmlify($rawverb[0]['data']); - } - // look for a photo. We should check media size and find the best one, // but for now let's just find any author photo @@ -414,6 +367,122 @@ function get_atom_elements($feed, $item, &$author) { } } + $rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner'); + if(! $rawowner) + $rawowner = $item->get_item_tags(NAMESPACE_ZOT, 'owner'); + + if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']) + $author['owner_name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']); + elseif($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']) + $author['owner_name'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']); + if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']) + $author['owner_link'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']); + elseif($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']) + $author['owner_link'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']); + + if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) { + $base = $rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']; + + foreach($base as $link) { + if(!x($author, 'owner_photo') || ! $author['owner_photo']) { + if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar') + $author['owner_photo'] = unxmlify($link['attribs']['']['href']); + } + } + } + + // build array to pass to hook + $arr = [ + 'feed' => $feed, + 'item' => $item, + 'author' => $author + ]; + /** + * @hooks parse_atom + * * \e SimplePie \b feed - The original SimplePie feed + * * \e SimplePie \b item + * * \e array \b result - the result array that will also get returned + */ + call_hooks('parse_atom_author', $arr); + + logger('author: ' . print_r($arr['author'], true), LOGGER_DATA); + + return $arr['author']; +} + + +/** + * @brief Return an array with a parsed atom item. + * + * @param SimplePie $feed + * @param SimplePie $item + * @param[out] array $author + * @return array Associative array with the parsed item data + */ + +function get_atom_elements($feed, $item) { + + require_once('include/html2bbcode.php'); + + $res = array(); + + + $res['mid'] = normalise_id(unxmlify($item->get_id())); + $res['title'] = unxmlify($item->get_title()); + $res['body'] = unxmlify($item->get_content()); + $res['plink'] = unxmlify($item->get_link(0)); + $res['item_rss'] = 1; + + + $summary = unxmlify($item->get_description(true)); + + if($summary === $res['body']) + $summary = ''; + + if(($summary) && ((strpos($summary,'<') !== false) || (strpos($summary,'>') !== false))) { + $summary = purify_html($summary); + $summary = html2bbcode($summary); + } + + + + // removing the content of the title if its identically to the body + // This helps with auto generated titles e.g. from tumblr + + if (title_is_body($res['title'], $res['body'])) + $res['title'] = ""; + + if($res['plink']) + $base_url = implode('/', array_slice(explode('/',$res['plink']),0,3)); + else + $base_url = ''; + + + $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10, 'published'); + if($rawcreated) + $res['created'] = unxmlify($rawcreated[0]['data']); + + $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10, 'updated'); + if($rawedited) + $res['edited'] = unxmlify($rawedited[0]['data']); + + if((x($res,'edited')) && (! (x($res,'created')))) + $res['created'] = $res['edited']; + + if(! $res['created']) + $res['created'] = $item->get_date('c'); + + if(! $res['edited']) + $res['edited'] = $item->get_date('c'); + + $rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb'); + + // select between supported verbs + + if($rawverb) { + $res['verb'] = unxmlify($rawverb[0]['data']); + } + $rawcnv = $item->get_item_tags(NAMESPACE_OSTATUS, 'conversation'); if($rawcnv) { // new style @@ -428,7 +497,7 @@ function get_atom_elements($feed, $item, &$author) { } } - $ostatus_protocol = (($ostatus_conversation) ? true : false); + $ostatus_protocol = (($ostatus_conversation || $res['verb']) ? true : false); $mastodon = (($item->get_item_tags('http://mastodon.social/schema/1.0','scope')) ? true : false); if($mastodon) { @@ -437,6 +506,8 @@ function get_atom_elements($feed, $item, &$author) { $res['item_private'] = 1; } + logger('ostatus_protocol: ' . intval($ostatus_protocol), LOGGER_DEBUG); + $apps = $item->get_item_tags(NAMESPACE_STATUSNET, 'notice_info'); if($apps && $apps[0]['attribs']['']['source']) { $res['app'] = strip_tags(unxmlify($apps[0]['attribs']['']['source'])); @@ -540,9 +611,8 @@ function get_atom_elements($feed, $item, &$author) { ); } - // turn Mastodon content warning into a #nsfw hashtag - if($mastodon && $summary) { - $res['body'] = $summary . "\n\n" . $res['body'] . "\n\n#ContentWarning\n"; + if($summary && $res['body']) { + $res['body'] = '[summary]' . $summary . '[/summary]' . $res['body']; } @@ -571,29 +641,6 @@ function get_atom_elements($feed, $item, &$author) { $res['created'] = datetime_convert('UTC','UTC',$res['created']); $res['edited'] = datetime_convert('UTC','UTC',$res['edited']); - $rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner'); - if(! $rawowner) - $rawowner = $item->get_item_tags(NAMESPACE_ZOT, 'owner'); - - if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']) - $author['owner_name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']); - elseif($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']) - $author['owner_name'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']); - if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']) - $author['owner_link'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']); - elseif($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']) - $author['owner_link'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']); - - if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) { - $base = $rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']; - - foreach($base as $link) { - if(!x($author, 'owner_photo') || ! $author['owner_photo']) { - if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar') - $author['owner_photo'] = unxmlify($link['attribs']['']['href']); - } - } - } $rawgeo = $item->get_item_tags(NAMESPACE_GEORSS, 'point'); if($rawgeo) @@ -756,20 +803,17 @@ function get_atom_elements($feed, $item, &$author) { $arr = [ 'feed' => $feed, 'item' => $item, - 'author' => $author, 'result' => $res ]; /** * @hooks parse_atom * * \e SimplePie \b feed - The original SimplePie feed - * * \e array \b item - * * \e array \b author + * * \e SimplePie \b item * * \e array \b result - the result array that will also get returned */ call_hooks('parse_atom', $arr); - logger('author: ' .print_r($arr['author'], true), LOGGER_DATA); - logger('result: ' .print_r($arr['result'], true), LOGGER_DATA); + logger('result: ' . print_r($arr['result'], true), LOGGER_DATA); return $arr['result']; } @@ -968,9 +1012,9 @@ function process_feed_tombstones($feed,$importer,$contact,$pass) { * @param string $xml * The (atom) feed to consume - RSS isn't as fully supported but may work for simple feeds. * @param array $importer - * The contact_record (joined to user_record) of the local user who owns this + * The channel record of the local user who owns this * relationship. It is this person's stuff that is going to be updated. - * @param[in,out] array $contact + * @param[in,out] array $contact (abook record joined to xchan record) * The person who is sending us stuff. If not set, we MAY be processing a "follow" activity * from an external network and MAY create an appropriate contact record. Otherwise, we MUST * have a contact record. @@ -1057,8 +1101,8 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { // Have we seen it? If not, import it. - $author = array(); - $datarray = get_atom_elements($feed,$item,$author); + $author = get_atom_author($feed,$item); + $datarray = get_atom_elements($feed,$item); if(! $datarray['mid']) continue; @@ -1310,8 +1354,8 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { // Head post of a conversation. Have we seen it? If not, import it. - $author = array(); - $datarray = get_atom_elements($feed,$item,$author); + $author = get_atom_author($feed,$item); + $datarray = get_atom_elements($feed,$item); if(! $datarray['mid']) continue; @@ -1513,11 +1557,11 @@ function normalise_id($id) { */ function process_salmon_feed($xml, $importer) { - $ret = array(); + $ret = []; if(! strlen($xml)) { logger('process_feed: empty input'); - return; + return $ret; } $feed = new SimplePie(); @@ -1531,8 +1575,10 @@ function process_salmon_feed($xml, $importer) { $feed->init(); - if($feed->error()) + if($feed->error()) { logger('Error parsing XML: ' . $feed->error()); + return $ret; + } $permalink = $feed->get_permalink(); @@ -1559,16 +1605,13 @@ function process_salmon_feed($xml, $importer) { if($is_reply) $ret['parent_mid'] = $parent_mid; - $ret['author'] = array(); - - $datarray = get_atom_elements($feed, $item, $ret['author']); + $ret['author'] = get_atom_author($feed,$item); + $ret['item'] = get_atom_elements($feed,$item); // reset policies which are restricted by default for RSS connections // This item is likely coming from GNU-social via salmon and allows public interaction - $datarray['public_policy'] = ''; - $datarray['comment_policy'] = 'authenticated'; - - $ret['item'] = $datarray; + $ret['item']['public_policy'] = ''; + $ret['item']['comment_policy'] = 'authenticated'; } } diff --git a/include/items.php b/include/items.php index c7206458e..68fa4c3b2 100755 --- a/include/items.php +++ b/include/items.php @@ -2327,6 +2327,16 @@ function send_status_notifications($post_id,$item) { $parent = 0; + if(array_key_exists('verb',$item) && (activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE))) { + + $r = q("select id from item where mid = '%s' and uid = %d limit 1", + dbesc($item['thr_parent']), + intval($item['uid']) + ); + + $thr_parent_id = $r[0]['id']; + } + $r = q("select channel_hash from channel where channel_id = %d limit 1", intval($item['uid']) ); @@ -2392,10 +2402,10 @@ function send_status_notifications($post_id,$item) { 'to_xchan' => $r[0]['channel_hash'], 'item' => $item, 'link' => $link, - 'verb' => ACTIVITY_POST, + 'verb' => $item['verb'], 'otype' => 'item', - 'parent' => $parent, - 'parent_mid' => $item['parent_mid'] + 'parent' => $thr_parent_id ? $thr_parent_id : $parent, + 'parent_mid' => $thr_parent_id ? $item['thr_parent'] : $item['parent_mid'] )); } @@ -3653,7 +3663,7 @@ function delete_item_lowlevel($item, $stage = DROPITEM_NORMAL, $force = false) { $linked_item = (($item['resource_id']) ? true : false); - logger('item: ' . $item . ' stage: ' . $stage . ' force: ' . $force, LOGGER_DATA); + logger('item: ' . $item['id'] . ' stage: ' . $stage . ' force: ' . $force, LOGGER_DATA); switch($stage) { case DROPITEM_PHASE2: diff --git a/include/js_strings.php b/include/js_strings.php index 1b4668061..936594291 100644 --- a/include/js_strings.php +++ b/include/js_strings.php @@ -24,10 +24,16 @@ function js_strings() { '$leavethispage' => t('Unsaved changes. Are you sure you wish to leave this page?'), '$location' => t('Location'), - '$t01' => ((t('timeago.prefixAgo') != 'timeago.prefixAgo') ? t('timeago.prefixAgo') : ''), - '$t02' => ((t('timeago.prefixFromNow') != 'timeago.prefixFromNow') ? t('timeago.prefixFromNow') : ''), - '$t03' => t('ago'), - '$t04' => t('from now'), + // translatable prefix and suffix strings for jquery.timeago - + // using the defaults set below if left untranslated, empty strings if + // translated to "NONE" and the corresponding language strings + // if translated to anything else + '$t01' => ((t('timeago.prefixAgo') == 'timeago.prefixAgo') ? '' : ((t('timeago.prefixAgo') == 'NONE') ? '' : t('timeago.prefixAgo'))), + '$t02' => ((t('timeago.prefixFromNow') == 'timeago.prefixFromNow') ? '' : ((t('timeago.prefixFromNow') == 'NONE') ? '' : t('timeago.prefixFromNow'))), + '$t03' => ((t('timeago.suffixAgo') == 'timeago.suffixAgo') ? 'ago' : ((t('timeago.suffixAgo') == 'NONE') ? '' : t('timeago.suffixAgo'))), + '$t04' => ((t('timeago.suffixFromNow') == 'timeago.suffixFromNow') ? 'from now' : ((t('timeago.suffixFromNow') == 'NONE') ? '' : t('timeago.suffixFromNow'))), + + // translatable main strings for jquery.timeago '$t05' => t('less than a minute'), '$t06' => t('about a minute'), '$t07' => t('%d minutes'), diff --git a/include/nav.php b/include/nav.php index 9c88541d1..df58ee96f 100644 --- a/include/nav.php +++ b/include/nav.php @@ -73,9 +73,7 @@ EOT; // nav links: array of array('href', 'text', 'extra css classes', 'title') $nav = []; - $disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false; - - if(! $disable_discover_tab) + if(can_view_public_stream()) $nav['pubs'] = true; /** diff --git a/include/network.php b/include/network.php index 2ac430e82..0824183f7 100644 --- a/include/network.php +++ b/include/network.php @@ -1605,10 +1605,10 @@ function get_site_info() { 'commit' => $commit, 'plugins' => $visible_plugins, 'register_policy' => $register_policy[get_config('system','register_policy')], - 'invitation_only' => intval(get_config('system','invitation_only')), + 'invitation_only' => (bool) intval(get_config('system','invitation_only')), 'directory_mode' => $directory_mode[get_config('system','directory_mode')], 'language' => get_config('system','language'), - 'rss_connections' => intval(get_config('system','feed_contacts')), + 'rss_connections' => (bool) intval(get_config('system','feed_contacts')), 'expiration' => $site_expire, 'default_service_restrictions' => $service_class, 'locked_features' => $locked_features, diff --git a/include/plugin.php b/include/plugin.php index 67157dee7..62d443ab8 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -179,14 +179,84 @@ function reload_plugins() { } +function plugins_installed_list() { + + $r = q("select * from addon where installed = 1 order by aname asc"); + return(($r) ? ids_to_array($r,'aname') : []); +} + + +function plugins_sync() { + + /** + * + * Synchronise plugins: + * + * App::$config['system']['addon'] contains a comma-separated list of names + * of plugins/addons which are used on this system. + * Go through the database list of already installed addons, and if we have + * an entry, but it isn't in the config list, call the unload procedure + * and mark it uninstalled in the database (for now we'll remove it). + * Then go through the config list and if we have a plugin that isn't installed, + * call the install procedure and add it to the database. + * + */ + + $installed = plugins_installed_list(); + + $plugins = get_config('system', 'addon', ''); + + $plugins_arr = explode(',', $plugins); + + // array_trim is in include/text.php + + if(! array_walk($plugins_arr,'array_trim')) + return; + + App::$plugins = $plugins_arr; + + $installed_arr = []; + + if(count($installed)) { + foreach($installed as $i) { + if(! in_array($i, $plugins_arr)) { + unload_plugin($i); + } + else { + $installed_arr[] = $i; + } + } + } + + if(count($plugins_arr)) { + foreach($plugins_arr as $p) { + if(! in_array($p, $installed_arr)) { + load_plugin($p); + } + } + } + +} + + /** * @brief Get a list of non hidden addons. * * @return array */ function visible_plugin_list() { + $r = q("select * from addon where hidden = 0 order by aname asc"); - return(($r) ? ids_to_array($r,'aname') : array()); + $x = (($r) ? ids_to_array($r,'aname') : array()); + $y = []; + if($x) { + foreach($x as $xv) { + if(is_dir('addon/' . $xv)) { + $y[] = $xv; + } + } + } + return $y; } diff --git a/include/queue_fn.php b/include/queue_fn.php index 5fb0d5f1e..798ac36db 100644 --- a/include/queue_fn.php +++ b/include/queue_fn.php @@ -121,7 +121,7 @@ function queue_deliver($outq, $immediate = false) { $base = null; $h = parse_url($outq['outq_posturl']); - if($h) + if($h !== false) $base = $h['scheme'] . '://' . $h['host'] . (($h['port']) ? ':' . $h['port'] : ''); if(($base) && ($base !== z_root()) && ($immediate)) { @@ -160,6 +160,9 @@ function queue_deliver($outq, $immediate = false) { + + + $arr = array('outq' => $outq, 'base' => $base, 'handled' => false, 'immediate' => $immediate); call_hooks('queue_deliver',$arr); if($arr['handled']) @@ -216,7 +219,29 @@ function queue_deliver($outq, $immediate = false) { // normal zot delivery logger('deliver: dest: ' . $outq['outq_posturl'], LOGGER_DEBUG); - $result = zot_zot($outq['outq_posturl'],$outq['outq_notify']); + + $channel = null; + + if($outq['outq_msg'] && $outq['outq_channel']) { + $channel = channelx_by_n($outq['outq_channel']); + } + + $host_crypto = null; + + if($channel && $base) { + $h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' order by hubloc_id desc limit 1", + dbesc($base) + ); + if($h) { + $host_crypto = $h[0]; + } + } + + $msg = $outq['outq_notify']; + + $result = zot_zot($outq['outq_posturl'],$msg,$channel,$host_crypto); + + if($result['success']) { logger('deliver: remote zot delivery succeeded to ' . $outq['outq_posturl']); zot_process_response($outq['outq_posturl'],$result, $outq); diff --git a/include/text.php b/include/text.php index 10bbc751a..35a367d43 100644 --- a/include/text.php +++ b/include/text.php @@ -2160,6 +2160,35 @@ function ids_to_querystr($arr,$idx = 'id',$quote = false) { } /** + * @brief array_elm_to_str($arr,$elm,$delim = ',') extract unique individual elements from an array of arrays and return them as a string separated by a delimiter + * similar to ids_to_querystr, but allows a different delimiter instead of a db-quote option + * empty elements (evaluated after trim()) are ignored. + * @param $arr array + * @param $elm array key to extract from sub-array + * @param $delim string default ',' + * @returns string + */ + +function array_elm_to_str($arr,$elm,$delim = ',') { + + $tmp = []; + if($arr && is_array($arr)) { + foreach($arr as $x) { + if(is_array($x) && array_key_exists($elm,$x)) { + $z = trim($x[$elm]); + if(($z) && (! in_array($z,$tmp))) { + $tmp[] = $z; + } + } + } + } + return implode($delim,$tmp); +} + + + + +/** * @brief Fetches xchan and hubloc data for an array of items with only an * author_xchan and owner_xchan. * @@ -3263,29 +3292,3 @@ function purify_filename($s) { } -/** - * @brief array_elm_to_str($arr,$elm,$delim = ',') extract unique individual elements from an array of arrays and return them as a string separated by a delimiter - * - * empty elements (evaluated after trim()) are ignored. - * @param $arr array - * @param $elm array key to extract from sub-array - * @param $delim string default ',' - * @returns string - */ - -function array_elm_to_str($arr,$elm,$delim = ',') { - - $tmp = []; - if($arr && is_array($arr)) { - foreach($arr as $x) { - if(is_array($x) && array_key_exists($elm,$x)) { - $z = trim($x[$elm]); - if(($z) && (! in_array($z,$tmp))) { - $tmp[] = $z; - } - } - } - } - return implode($tmp,$delim); -} - diff --git a/include/zot.php b/include/zot.php index 8e3d03ad8..d28e584a1 100644 --- a/include/zot.php +++ b/include/zot.php @@ -158,6 +158,85 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot return json_encode($data); } + +/** + * @brief Builds a zot6 notification packet. + * + * Builds a zot6 notification packet that you can either store in the queue with + * a message array or call zot_zot to immediately zot it to the other side. + * + * @param array $channel + * sender channel structure + * @param string $type + * packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'keychange', 'force_refresh', 'notify', 'auth_check' + * @param array $recipients + * envelope information, array ( 'guid' => string, 'guid_sig' => string ); empty for public posts + * @param string $remote_key + * optional public site key of target hub used to encrypt entire packet + * NOTE: remote_key and encrypted packets are required for 'auth_check' packets, optional for all others + * @param string $methods + * optional comma separated list of encryption methods @ref zot_best_algorithm() + * @param string $secret + * random string, required for packets which require verification/callback + * e.g. 'pickup', 'purge', 'notify', 'auth_check'. Packet types 'ping', 'force_refresh', and 'refresh' do not require verification + * @param string $extra + * @returns string json encoded zot packet + */ +function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg = '', $remote_key = null, $methods = '', $secret = null, $extra = null) { + + $sig_method = get_config('system','signature_algorithm','sha256'); + + $data = [ + 'type' => $type, + 'sender' => [ + 'guid' => $channel['channel_guid'], + 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)), + 'url' => z_root(), + 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)), + 'sitekey' => get_config('system','pubkey') + ], + 'callback' => '/post', + 'version' => Zotlabs\Lib\System::get_zot_revision(), + 'encryption' => crypto_methods(), + 'signing' => signing_methods() + ]; + + if ($recipients) { + for ($x = 0; $x < count($recipients); $x ++) + unset($recipients[$x]['hash']); + + $data['recipients'] = $recipients; + } + + if($msg) { + $data['msg'] = $msg; + } + + if ($secret) { + $data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret); + $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method)); + } + + if ($extra) { + foreach ($extra as $k => $v) + $data[$k] = $v; + } + + logger('zot6_build_packet: ' . print_r($data,true), LOGGER_DATA, LOG_DEBUG); + + // Hush-hush ultra top-secret mode + + if($remote_key) { + $algorithm = zot_best_algorithm($methods); + $data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm); + } + + return json_encode($data); +} + + + + /** * @brief Choose best encryption function from those available on both sites. * @@ -209,10 +288,23 @@ function zot_best_algorithm($methods) { * * @param string $url * @param array $data + * @param array $channel (optional if using zot6 delivery) + * @param array $crypto (optional if encrypted httpsig, requires hubloc_sitekey and site_crypto elements) * @return array see z_post_url() for returned data format */ -function zot_zot($url, $data) { - return z_post_url($url, array('data' => $data)); +function zot_zot($url, $data, $channel = null,$crypto = null) { + + $headers = []; + + if($channel) { + $headers['X-Zot-Token'] = random_string(); + $hash = \Zotlabs\Web\HTTPSig::generate_digest($data,false); + $headers['X-Zot-Digest'] = 'SHA-256=' . $hash; + $h = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,false,'sha512',(($crypto) ? $crypto['hubloc_sitekey'] : ''), (($crypto) ? zot_best_algorithm($crypto['site_crypto']) : '')); + } + + $redirects = 0; + return z_post_url($url, array('data' => $data),$redirects,((empty($h)) ? [] : [ 'headers' => $h ])); } /** @@ -1060,7 +1152,12 @@ function zot_process_response($hub, $arr, $outq) { * @brief * * We received a notification packet (in mod_post) that a message is waiting for us, and we've verified the sender. - * Now send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site + * Check if the site is using zot6 delivery and includes a verified HTTP Signature, signed content, and a 'msg' field, + * and also that the signer and the sender match. + * If that happens, we do not need to fetch/pickup the message - we have it already and it is verified. + * Translate it into the form we need for zot_import() and import it. + * + * Otherwise send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site * private key. * The entire pickup message is encrypted with the remote site's public key. * If everything checks out on the remote end, we will receive back a packet containing one or more messages, @@ -1078,38 +1175,61 @@ function zot_fetch($arr) { $url = $arr['sender']['url'] . $arr['callback']; - // set $multiple param on zot_gethub() to return all matching hubs - // This allows us to recover from re-installs when a redundant (but invalid) hubloc for - // this identity is widely dispersed throughout the network. + $import = null; + $hubs = null; + + $zret = zot6_check_sig(); - $ret_hubs = zot_gethub($arr['sender'],true); - if(! $ret_hubs) { + if($zret['success'] && $zret['hubloc'] && $zret['hubloc']['hubloc_guid'] === $data['sender']['guid'] && $data['msg']) { + logger('zot6_delivery',LOGGER_DEBUG); + logger('zot6_data: ' . print_r($data,true),LOGGER_DATA); + + $ret['collected'] = true; + + $import = [ 'success' => true, 'body' => json_encode( [ 'success' => true, 'pickup' => [ [ 'notify' => $data, 'message' => json_decode($data['msg'],true) ] ] ] ) ]; + $hubs = [ $zret['hubloc'] ] ; + } + + if(! $hubs) { + // set $multiple param on zot_gethub() to return all matching hubs + // This allows us to recover from re-installs when a redundant (but invalid) hubloc for + // this identity is widely dispersed throughout the network. + + $hubs = zot_gethub($arr['sender'],true); + } + + if(! $hubs) { logger('No hub: ' . print_r($arr['sender'],true)); return; } - foreach($ret_hubs as $ret_hub) { + foreach($hubs as $hub) { - $secret = substr(preg_replace('/[^0-9a-fA-F]/','',$arr['secret']),0,64); + if(! $import) { + $secret = substr(preg_replace('/[^0-9a-fA-F]/','',$arr['secret']),0,64); - $data = [ - 'type' => 'pickup', - 'url' => z_root(), - 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), - 'callback' => z_root() . '/post', - 'secret' => $secret, - 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey'))) - ]; + $data = [ + 'type' => 'pickup', + 'url' => z_root(), + 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), + 'callback' => z_root() . '/post', + 'secret' => $secret, + 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey'))) + ]; - $algorithm = zot_best_algorithm($ret_hub['site_crypto']); - $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'], $algorithm)); + $algorithm = zot_best_algorithm($hub['site_crypto']); + $datatosend = json_encode(crypto_encapsulate(json_encode($data),$hub['hubloc_sitekey'], $algorithm)); - $fetch = zot_zot($url,$datatosend); + $import = zot_zot($url,$datatosend); + } + else { + $algorithm = zot_best_algorithm($hub['site_crypto']); + } - $result = zot_import($fetch, $arr['sender']['url']); + $result = zot_import($import, $arr['sender']['url']); if($result) { - $result = crypto_encapsulate(json_encode($result),$ret_hub['hubloc_sitekey'], $algorithm); + $result = crypto_encapsulate(json_encode($result),$hub['hubloc_sitekey'], $algorithm); return $result; } @@ -4967,6 +5087,39 @@ function zot_reply_refresh($sender, $recipients) { } +function zot6_check_sig() { + + $ret = [ 'success' => false ]; + + logger('server: ' . print_r($_SERVER,true), LOGGER_DATA); + + if(array_key_exists('HTTP_SIGNATURE',$_SERVER)) { + $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER['HTTP_SIGNATURE']); + if($sigblock) { + $keyId = $sigblock['keyId']; + + if($keyId) { + $r = q("select hubloc.*, site_crypto from hubloc left join site on hubloc_url = site_url + where hubloc_addr = '%s' ", + dbesc(str_replace('acct:','',$keyId)) + ); + if($r) { + foreach($r as $hubloc) { + $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); + if($verified && $verified['header_signed'] && $verified['header_valid'] && $verified['content_signed'] && $verified['content_valid']) { + $ret['hubloc'] = $hubloc; + $ret['success'] = true; + return $ret; + } + } + } + } + } + } + + return $ret; +} + function zot_reply_notify($data) { $ret = array('success' => false); |