diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/api.php | 5 | ||||
| -rw-r--r-- | include/attach.php | 71 | ||||
| -rw-r--r-- | include/bb2diaspora.php | 2 | ||||
| -rw-r--r-- | include/comanche.php | 9 | ||||
| -rwxr-xr-x | include/diaspora.php | 9 | ||||
| -rw-r--r-- | include/enotify.php | 4 | ||||
| -rw-r--r-- | include/environment.php | 66 | ||||
| -rw-r--r-- | include/oauth.php | 11 | ||||
| -rw-r--r-- | include/permissions.php | 84 |
9 files changed, 216 insertions, 45 deletions
diff --git a/include/api.php b/include/api.php index 01518bea8..e94266762 100644 --- a/include/api.php +++ b/include/api.php @@ -78,11 +78,14 @@ require_once('include/items.php'); // list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request()); if (!is_null($token)){ $oauth->loginUser($token->uid); + + $a->set_oauth_key($consumer->key); + call_hooks('logged_in', $a->user); return; } echo __file__.__line__.__function__."<pre>"; - var_dump($consumer, $token); +// var_dump($consumer, $token); die(); } catch(Exception $e) { diff --git a/include/attach.php b/include/attach.php index 122f374b0..6fe440bd5 100644 --- a/include/attach.php +++ b/include/attach.php @@ -4,10 +4,11 @@ * * @brief File/attach API with the potential for revision control. * - * @TODO: a filesystem storage abstraction which maintains security (and 'data' contains a system filename - * which is inaccessible from the web). This could get around PHP storage limits and store videos and larger - * items, using fread or OS methods or native code to read/write or chunk it through. - * Also an 'append' option to the storage function might be a useful addition. + * @TODO A filesystem storage abstraction which maintains security (and 'data' + * contains a system filename which is inaccessible from the web). This could + * get around PHP storage limits and store videos and larger items, using fread + * or OS methods or native code to read/write or chunk it through. + * @todo Also an 'append' option to the storage function might be a useful addition. */ require_once('include/permissions.php'); @@ -123,7 +124,7 @@ function z_mime_content_type($filename) { * @param string $hash (optional) * @param string $filename (optional) * @param string $filetype (optional) - * @return assoziative array with: + * @return associative array with: * * \e boolean \b success * * \e int|boolean \b results amount of found results, or false * * \e string \b message with error messages if any @@ -161,7 +162,7 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '', /** * @brief Returns a list of files/attachments. - * + * * @param $channel_id * @param $observer * @param $hash (optional) @@ -170,10 +171,10 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '', * @param $orderby * @param $start * @param $entries - * @return array - * $ret['success'] boolean - * $ret['results'] array with results, or false - * $ret['message'] string with error messages if any + * @return associative array with: + * * \e boolean \b success + * * \e array|boolean \b results array with results, or false + * * \e string \b message with error messages if any */ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '', $orderby = 'created desc', $start = 0, $entries = 0) { @@ -213,11 +214,11 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ /** * @brief Find an attachment by hash and revision. - * + * * Returns the entire attach structure including data. - * + * * This could exhaust memory so most useful only when immediately sending the data. - * + * * @param string $hash * @param int $rev Revision * @return array @@ -275,7 +276,7 @@ function attach_by_hash($hash, $rev = 0) { * @see attach_by_hash() * @param $hash * @param $rev revision default 0 - * @return array Everything except data. + * @return associative array with everything except data * * \e boolean \b success boolean true or false * * \e string \b message (optional) only when success is false * * \e array \b data array of attach DB entry without data component @@ -326,12 +327,18 @@ function attach_by_hash_nodata($hash, $rev = 0) { } /** - * @brief + * @brief Stores an attachment from a POST file upload. + * + * This function stores an attachment. It can be a new one, a replacement or a + * new revision depending on value set in \e $options. * - * @param $channel channel array of owner - * @param $observer_hash hash of current observer - * @param $options (optional) - * @param $arr (optional) + * @note Requires an input field \e userfile and does not accept multiple files + * in one request. + * + * @param array $channel channel array of owner + * @param string $observer_hash hash of current observer + * @param string $options (optional) one of update, replace, revision + * @param array $arr (optional) associative array */ function attach_store($channel, $observer_hash, $options = '', $arr = null) { @@ -366,7 +373,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { if($options === 'replace') { /** @BUG $replace is undefined here */ - $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", + $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($replace), intval($channel_id) ); @@ -457,7 +464,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { ); } elseif($options === 'update') { - $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', + $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d", dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']), dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']), @@ -551,7 +558,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') { intval(ATTACH_FLAG_DIR) ); if(! $r) { - $ret['message'] = t('Path not available.'); + $ret['message'] = t('Path not available.'); return $ret; } @@ -621,7 +628,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { // Check for duplicate name. // Check both the filename and the hash as we will be making use of both. - + $r = q("select hash from attach where ( filename = '%s' or hash = '%s' ) and folder = '%s' and uid = %d limit 1", dbesc($arr['filename']), dbesc($arr['hash']), @@ -644,7 +651,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { $sql_options = permissions_sql($channel['channel_id']); do { - $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 + $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 $sql_options limit 1", intval($channel['channel_id']), dbesc($lfile), @@ -660,7 +667,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { $lpath = $r[0]['hash'] . '/' . $lpath; $lfile = $r[0]['folder']; } while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ; - $path = $basepath . '/' . $lpath; + $path = $basepath . '/' . $lpath; } else $path = $basepath . '/'; @@ -716,7 +723,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { /** * @brief Changes permissions of a file. - * + * * @param int $channel_id * @param array $resource * @param string $allow_cid @@ -841,7 +848,7 @@ function attach_delete($channel_id, $resource) { * @warning This function cannot be used with mod/dav as it always returns a * path valid under mod/cloud. * - * @param array $arr assoziative array with: + * @param array $arr associative array with: * * \e int \b uid the channel's uid * * \e string \b folder * * \e string \b filename @@ -866,7 +873,7 @@ function get_cloudpath($arr) { $lfile = $arr['folder']; do { - $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 + $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0 limit 1", intval($arr['uid']), dbesc($lfile), @@ -961,7 +968,7 @@ function find_filename_by_hash($channel_id, $attachHash) { } /** - * + * * @param $in * @param $out */ @@ -1212,6 +1219,7 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny $ret = array(); $parent_arr = array(); + $count_values = array(); $poster = get_app()->get_observer(); //turn allow_gid into allow_cid's @@ -1319,11 +1327,10 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny return $ret; } - /** - * @brief Returns members of a group + * @brief Returns members of a group. * - * @param $group_id + * @param int $group_id id of the group to look up */ function in_group($group_id) { $group_members = array(); diff --git a/include/bb2diaspora.php b/include/bb2diaspora.php index ed8625899..fc82cb48c 100644 --- a/include/bb2diaspora.php +++ b/include/bb2diaspora.php @@ -450,7 +450,7 @@ function format_event_diaspora($ev) { $bd_format = t('l F d, Y \@ g:i A') ; // Friday January 18, 2011 @ 8 AM - $o = t('Hubzilla event notification:') . "\n"; + $o = t('$Projectname event notification:') . "\n"; $o .= '**' . (($ev['summary']) ? bb2diaspora($ev['summary']) : bb2diaspora($ev['desc'])) . '**' . "\n"; diff --git a/include/comanche.php b/include/comanche.php index 3030ae5c6..fc4e4004b 100644 --- a/include/comanche.php +++ b/include/comanche.php @@ -166,12 +166,19 @@ function comanche_block($s, $class = '') { intval($channel_id), dbesc($name) ); + if($r) { $o .= (($var['wrap'] == 'none') ? '' : '<div class="' . $class . '">'); if($r[0]['title']) $o .= '<h3>' . $r[0]['title'] . '</h3>'; - $o .= prepare_text($r[0]['body'], $r[0]['mimetype']); + if($r[0]['body'] === '$content') { + $o .= prepare_text(get_app()->data['webpage'][0]['body'], get_app()->data['webpage'][0]['mimetype']); + } + else { + $o .= prepare_text($r[0]['body'], $r[0]['mimetype']); + } + $o .= (($var['wrap'] == 'none') ? '' : '</div>'); } } diff --git a/include/diaspora.php b/include/diaspora.php index 43eed003e..618c27e1c 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -706,8 +706,9 @@ function diaspora_request($importer,$xml) { $cnv = random_string(); $mid = random_string(); - $msg = t('You have started sharing with a Hubzilla premium channel.'); - $msg .= t('Hubzilla premium channels are not available for sharing with Diaspora members. This sharing request has been blocked.') . "\r"; + $msg = t('You have started sharing with a $Projectname premium channel.'); + $msg .= t('$Projectname premium channels are not available for sharing with Diaspora members. This sharing request has been blocked.') . "\r"; + $msg .= t('Please do not reply to this message, as this channel is not sharing with you and any reply will not be seen by the recipient.') . "\r"; $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C'); @@ -2449,7 +2450,7 @@ function diaspora_send_status($item,$owner,$contact,$public_batch = false) { '$handle' => xmlify($myaddr), '$public' => $public, '$created' => $created, - '$provider' => (($item['app']) ? $item['app'] : 'hubzilla') + '$provider' => (($item['app']) ? $item['app'] : t('$projectname')) )); } else { $tpl = get_markup_template('diaspora_post.tpl'); @@ -2460,7 +2461,7 @@ function diaspora_send_status($item,$owner,$contact,$public_batch = false) { '$handle' => xmlify($myaddr), '$public' => $public, '$created' => $created, - '$provider' => (($item['app']) ? $item['app'] : 'hubzilla') + '$provider' => (($item['app']) ? $item['app'] : t('$projectname')) )); } diff --git a/include/enotify.php b/include/enotify.php index b34d7fdd7..cd49a9b34 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -55,8 +55,8 @@ function notification($params) { push_lang($recip['account_language']); // should probably have a channel language - $banner = t('Hubzilla Notification'); - $product = t('hubzilla'); // PLATFORM_NAME; + $banner = t('$Projectname Notification'); + $product = t('$projectname'); // PLATFORM_NAME; $siteurl = $a->get_baseurl(true); $thanks = t('Thank You,'); $sitename = get_config('system','sitename'); diff --git a/include/environment.php b/include/environment.php new file mode 100644 index 000000000..47ad241a7 --- /dev/null +++ b/include/environment.php @@ -0,0 +1,66 @@ +<?php +/** + * @file include/environment.php + * @brief Functions related to system/environment tasks. + * + * This file contains some functions to check the environment/system. + */ + +/** + * @brief Get some upload related limits from php.ini. + * + * This function returns values from php.ini like \b post_max_size, + * \b max_file_uploads, \b upload_max_filesize. + * + * @return array associative array + * * \e int \b post_max_size the maximum size of a complete POST in bytes + * * \e int \b upload_max_filesize the maximum size of one file in bytes + * * \e int \b max_file_uploads maximum number of files in one POST + * * \e int \b max_upload_filesize min(post_max_size, upload_max_filesize) + */ +function getPhpiniUploadLimits() { + $ret = array(); + + // max size of the complete POST + $ret['post_max_size'] = phpiniSizeToBytes(ini_get('post_max_size')); + // max size of one file + $ret['upload_max_filesize'] = phpiniSizeToBytes(ini_get('upload_max_filesize')); + // catch a configuration error where post_max_size < upload_max_filesize + $ret['max_upload_filesize'] = min( + $ret['post_max_size'], + $ret['upload_max_filesize'] + ); + // maximum number of files in one POST + $ret['max_file_uploads'] = intval(ini_get('max_file_uploads')); + + return $ret; +} + +/** + * @brief Parses php_ini size settings to bytes. + * + * This function parses common size setting from php.ini files to bytes. + * e.g. post_max_size = 8M ==> 8388608 + * + * \note This method does not recognise other human readable formats like + * 8MB, etc. + * + * @todo Make this function more universal useable. MB, T, etc. + * + * @param string $val value from php.ini e.g. 2M, 8M + * @return int size in bytes + */ +function phpiniSizeToBytes($val) { + $val = trim($val); + $unit = strtolower($val[strlen($val)-1]); + switch($unit) { + case 'g': + $val *= 1024; + case 'm': + $val *= 1024; + case 'k': + $val *= 1024; + } + + return (int)$val; +}
\ No newline at end of file diff --git a/include/oauth.php b/include/oauth.php index 8eb8a83d8..ec754db95 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -20,19 +20,21 @@ class FKOAuthDataStore extends OAuthDataStore { logger(__function__.":".$consumer_key); // echo "<pre>"; var_dump($consumer_key); killme(); - $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'", + $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id = '%s'", dbesc($consumer_key) ); - if (count($r)) + if($r) { + get_app()->set_oauth_key($consumer_key); return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']); + } return null; } function lookup_token($consumer, $token_type, $token) { logger(__function__.":".$consumer.", ". $token_type.", ".$token); - $r = q("SELECT id, secret,scope, expires, uid FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'", + $r = q("SELECT id, secret, scope, expires, uid FROM tokens WHERE client_id = '%s' AND scope = '%s' AND id = '%s'", dbesc($consumer->key), dbesc($token_type), dbesc($token) @@ -51,7 +53,7 @@ class FKOAuthDataStore extends OAuthDataStore { function lookup_nonce($consumer, $token, $nonce, $timestamp) { // echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme(); - $r = q("SELECT id, secret FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d", + $r = q("SELECT id, secret FROM tokens WHERE client_id = '%s' AND id = '%s' AND expires = %d", dbesc($consumer->key), dbesc($nonce), intval($timestamp) @@ -132,6 +134,7 @@ class FKOAuthDataStore extends OAuthDataStore { } class FKOAuth1 extends OAuthServer { + function __construct() { parent::__construct(new FKOAuthDataStore()); $this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT()); diff --git a/include/permissions.php b/include/permissions.php index 68ff2b3d4..f63c6da18 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -65,6 +65,10 @@ function get_perms() { */ function get_all_perms($uid, $observer_xchan, $internal_use = true) { + $api = get_app()->get_oauth_key(); + if($api) + return get_all_api_perms($uid,$api); + $global_perms = get_perms(); // Save lots of individual lookups @@ -265,6 +269,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) { */ function perm_is_allowed($uid, $observer_xchan, $permission) { + $api = get_app()->get_oauth_key(); + if($api) + return api_perm_is_allowed($uid,$api,$permission); + $arr = array( 'channel_id' => $uid, 'observer_hash' => $observer_xchan, @@ -388,6 +396,82 @@ function perm_is_allowed($uid, $observer_xchan, $permission) { return false; } +function get_all_api_perms($uid,$api) { + + $global_perms = get_perms(); + + $ret = array(); + + $r = q("select * from xperm where xp_client = '%s' and xp_channel = %d", + dbesc($api), + intval($uid) + ); + + if(! $r) + return false; + + $allow_all = false; + $allowed = array(); + foreach($r as $rr) { + if($rr['xp_perm'] === 'all') + $allow_all = true; + if(! in_array($rr['xp_perm'],$allowed)) + $allowed[] = $rr['xp_perm']; + } + + foreach($global_perms as $perm_name => $permission) { + if($allow_all || in_array($perm_name,$allowed)) + $ret[$perm_name] = true; + else + $ret[$perm_name] = false; + + } + + $arr = array( + 'channel_id' => $uid, + 'observer_hash' => $observer_xchan, + 'permissions' => $ret); + + call_hooks('get_all_api_perms',$arr); + + return $arr['permissions']; + +} + + +function api_perm_is_allowed($uid,$api,$permission) { + + $arr = array( + 'channel_id' => $uid, + 'observer_hash' => $observer_xchan, + 'permission' => $permission, + 'result' => false + ); + + call_hooks('api_perm_is_allowed', $arr); + if($arr['result']) + return true; + + $r = q("select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' )", + dbesc($api), + intval($uid), + dbesc($permission) + ); + + if(! $r) + return false; + + foreach($r as $rr) { + if($rr['xp_perm'] === 'all' || $rr['xp_perm'] === $permission) + return true; + + } + + return false; + +} + + // Check a simple array of observers against a permissions // return a simple array of those with permission |