diff options
Diffstat (limited to 'include')
34 files changed, 1656 insertions, 1239 deletions
diff --git a/include/activities.php b/include/activities.php index 3271db993..2671e668c 100644 --- a/include/activities.php +++ b/include/activities.php @@ -27,7 +27,7 @@ function profile_activity($changed, $value) { $arr['verb'] = ACTIVITY_UPDATE; $arr['obj_type'] = ACTIVITY_OBJ_PROFILE; - $arr['plink'] = z_root() . '/channel/' . $self['channel_address'] . '/?f=&mid=' . $arr['mid']; + $arr['plink'] = z_root() . '/channel/' . $self['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']); $A = '[url=' . z_root() . '/channel/' . $self['channel_address'] . ']' . $self['channel_name'] . '[/url]'; diff --git a/include/api_zot.php b/include/api_zot.php index 60cb288af..0881211d0 100644 --- a/include/api_zot.php +++ b/include/api_zot.php @@ -1,6 +1,8 @@ <?php function zot_api_init() { + api_register_func('api/red/version','api_zot_version',false); + api_register_func('api/z/1.0/version','api_zot_version',false); api_register_func('api/export/basic','api_export_basic', true); api_register_func('api/red/channel/export/basic','api_export_basic', true); api_register_func('api/z/1.0/channel/export/basic','api_export_basic', true); @@ -28,11 +30,12 @@ api_register_func('api/z/1.0/group','api_group', true); api_register_func('api/red/xchan','api_red_xchan',true); api_register_func('api/z/1.0/xchan','api_red_xchan',true); - api_register_func('api/red/item/new','red_item_new', true); - api_register_func('api/z/1.0/item/new','red_item_new', true); + api_register_func('api/red/item/update','zot_item_update', true); + api_register_func('api/z/1.0/item/update','zot_item_update', true); api_register_func('api/red/item/full','red_item', true); api_register_func('api/z/1.0/item/full','red_item', true); + api_register_func('api/z/1.0/network/stream','api_network_stream', true); api_register_func('api/z/1.0/abook','api_zot_abook_xchan',true); api_register_func('api/z/1.0/abconfig','api_zot_abconfig',true); api_register_func('api/z/1.0/perm_allowed','api_zot_perm_allowed',true); @@ -41,6 +44,22 @@ } + function api_zot_version($type) { + + if($type === 'xml') { + header('Content-type: application/xml'); + echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<version>' . Zotlabs\Lib\System::get_project_version() . '</version>' . "\r\n"; + killme(); + } + elseif($type === 'json') { + header('Content-type: application/json'); + echo '"' . Zotlabs\Lib\System::get_project_version() . '"'; + killme(); + } + } + + + /* * Red basic channel export */ @@ -55,29 +74,90 @@ } + function api_network_stream($type) { + if(api_user() === false) { + logger('api_channel_stream: no user'); + return false; + } + + $channel = channelx_by_n(api_user()); + if(! $channel) + return false; + + + if($_SERVER['REQUEST_METHOD'] == 'POST') { + // json_return_and_die(post_activity_item($_REQUEST)); + } + else { + $mindate = (($_REQUEST['mindate']) ? datetime_convert('UTC','UTC',$_REQUEST['mindate']) : ''); + if(! $mindate) + $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); + + $arr = $_REQUEST; + $ret = []; + $i = items_fetch($arr,App::get_channel(),get_observer_hash()); + if($i) { + foreach($i as $iv) { + $ret[] = encode_item($iv); + } + } + + json_return_and_die($ret); + } + } + + + + + + function api_channel_stream($type) { if(api_user() === false) { logger('api_channel_stream: no user'); return false; } + $channel = channelx_by_n(api_user()); + if(! $channel) + return false; + + if($_SERVER['REQUEST_METHOD'] == 'POST') { json_return_and_die(post_activity_item($_REQUEST)); } else { - // fetch stream + $mindate = (($_REQUEST['mindate']) ? datetime_convert('UTC','UTC',$_REQUEST['mindate']) : ''); + if(! $mindate) + $mindate = datetime_convert('UTC','UTC', 'now - 14 days'); + json_return_and_die(zot_feed($channel['channel_id'],$channel['channel_hash'],[ 'mindate' => $mindate ])); } } function api_attach_list($type) { + if(api_user() === false) + return false; + logger('api_user: ' . api_user()); - json_return_and_die(attach_list_files(api_user(),get_observer_hash(),'','','','created asc')); + $hash = ((array_key_exists('filehash',$_REQUEST)) ? $_REQUEST['filehash'] : ''); + $filename = ((array_key_exists('filename',$_REQUEST)) ? $_REQUEST['filename'] : ''); + $filetype = ((array_key_exists('filetype',$_REQUEST)) ? $_REQUEST['filetype'] : ''); + $start = ((array_key_exists('start',$_REQUEST)) ? intval($_REQUEST['start']) : 0); + $records = ((array_key_exists('records',$_REQUEST)) ? intval($_REQUEST['records']) : 0); + + $x = attach_list_files(api_user(),get_observer_hash(),$hash,$filename,$filetype,'created asc',$start,$records); + if($start || $records) { + $x['start'] = $start; + $x['records'] = count($x['results']); + } + + json_return_and_die($x); } function api_file_meta($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['file_id']) return false; $r = q("select * from attach where uid = %d and hash = '%s' limit 1", intval(api_user()), @@ -94,14 +174,15 @@ function api_file_data($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['file_id']) return false; $start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0); $length = (($_REQUEST['length']) ? intval($_REQUEST['length']) : 0); - $r = q("select * from attach where uid = %d and hash = '%s' limit 1", + $r = q("select * from attach where uid = %d and hash like '%s' limit 1", intval(api_user()), - dbesc($_REQUEST['file_id']) + dbesc($_REQUEST['file_id'] . '%') ); if($r) { $ptr = $r[0]; @@ -135,8 +216,10 @@ function api_file_export($type) { - if (api_user()===false) return false; - if(! $_REQUEST['file_id']) return false; + if(api_user() === false) + return false; + if(! $_REQUEST['file_id']) + return false; $ret = attach_export_data(api_user(),$_REQUEST['file_id']); if($ret) { @@ -147,7 +230,8 @@ function api_file_detail($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['file_id']) return false; $r = q("select * from attach where uid = %d and hash = '%s' limit 1", intval(api_user()), @@ -170,16 +254,21 @@ function api_albums($type) { + if(api_user() === false) + return false; json_return_and_die(photos_albums_list(App::get_channel(),App::get_observer())); } function api_photos($type) { + if(api_user() === false) + return false; $album = $_REQUEST['album']; json_return_and_die(photos_list_photos(App::get_channel(),App::get_observer(),$album)); } function api_photo_detail($type) { - if (api_user()===false) return false; + if(api_user() === false) + return false; if(! $_REQUEST['photo_id']) return false; $scale = ((array_key_exists('scale',$_REQUEST)) ? intval($_REQUEST['scale']) : 0); $r = q("select * from photo where uid = %d and resource_id = '%s' and imgscale = %d limit 1", @@ -237,8 +326,8 @@ } if($r) { - $x = q("select * from group_member left join xchan on group_member.xchan = xchan.xchan_hash - left join abook on abook_xchan = xchan_hash where gid = %d", + $x = q("select * from group_member left join abook on abook_xchan = xchan and abook_channel = group_member.uid left join xchan on group_member.xchan = xchan.xchan_hash + where gid = %d", intval($r[0]['id']) ); json_return_and_die($x); @@ -258,14 +347,12 @@ function api_red_xchan($type) { - logger('api_xchan'); - if(api_user() === false) return false; logger('api_xchan'); require_once('include/hubloc.php'); - if($_SERVER['REQUEST_METHOD'] === 'POST') { + if($_SERVER['REQUEST_METHOD'] === 'POST') { $r = xchan_store($_REQUEST); } $r = xchan_fetch($_REQUEST); @@ -341,15 +428,15 @@ } - function red_item_new($type) { + function zot_item_update($type) { if (api_user() === false) { - logger('api_red_item_new: no user'); + logger('api_red_item_store: no user'); return false; } - logger('api_red_item_new: REQUEST ' . print_r($_REQUEST,true)); - logger('api_red_item_new: FILES ' . print_r($_FILES,true)); + logger('api_red_item_store: REQUEST ' . print_r($_REQUEST,true)); + logger('api_red_item_store: FILES ' . print_r($_FILES,true)); // set this so that the item_post() function is quiet and doesn't redirect or emit json @@ -360,11 +447,10 @@ if(x($_FILES,'media')) { $_FILES['userfile'] = $_FILES['media']; // upload the image if we have one - $_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo - $mod = new Zotlabs\Module\Wall_upload(); + $mod = new Zotlabs\Module\Wall_attach(); $media = $mod->post(); - if(strlen($media)>0) - $_REQUEST['body'] .= "\n\n".$media; + if($media) + $_REQUEST['body'] .= "\n\n" . $media; } $mod = new Zotlabs\Module\Item(); diff --git a/include/attach.php b/include/attach.php index ac0185f5d..dc5bfd308 100644 --- a/include/attach.php +++ b/include/attach.php @@ -197,13 +197,13 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ $sql_extra .= protect_sprintf(" and hash = '" . dbesc($hash) . "' "); if($filename) - $sql_extra .= protect_sprintf(" and filename like '@" . dbesc($filename) . "@' "); + $sql_extra .= protect_sprintf(" and filename like '%" . dbesc($filename) . "%' "); if($filetype) - $sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' "); + $sql_extra .= protect_sprintf(" and filetype like '%" . dbesc($filetype) . "%' "); if($entries) - $limit = " limit " . intval($start) . ", " . intval(entries) . " "; + $limit = " limit " . intval($start) . ", " . intval($entries) . " "; // Retrieve all columns except 'data' @@ -1279,8 +1279,10 @@ function attach_delete($channel_id, $resource, $is_photo = 0) { intval($channel_id) ); - if(! $r) + if(! $r) { + attach_drop_photo($channel_id,$resource); return; + } $cloudpath = get_parent_cloudpath($channel_id, $channel_address, $resource); $object = get_file_activity_object($channel_id, $resource, $cloudpath); @@ -1326,19 +1328,10 @@ function attach_delete($channel_id, $resource, $is_photo = 0) { ); if($r[0]['is_photo']) { - $x = q("select id, item_hidden from item where resource_id = '%s' and resource_type = 'photo' and uid = %d", - dbesc($resource), - intval($channel_id) - ); - if($x) { - drop_item($x[0]['id'],false,(($x[0]['item_hidden']) ? DROPITEM_NORMAL : DROPITEM_PHASE1),true); - } - q("DELETE FROM photo WHERE uid = %d AND resource_id = '%s'", - intval($channel_id), - dbesc($resource) - ); + attach_drop_photo($channel_id,$resource); } + // update the parent folder's lastmodified timestamp $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc(datetime_convert()), @@ -1351,6 +1344,24 @@ function attach_delete($channel_id, $resource, $is_photo = 0) { return; } + +function attach_drop_photo($channel_id,$resource) { + + $x = q("select id, item_hidden from item where resource_id = '%s' and resource_type = 'photo' and uid = %d", + dbesc($resource), + intval($channel_id) + ); + if($x) { + drop_item($x[0]['id'],false,(($x[0]['item_hidden']) ? DROPITEM_NORMAL : DROPITEM_PHASE1),true); + } + q("DELETE FROM photo WHERE uid = %d AND resource_id = '%s'", + intval($channel_id), + dbesc($resource) + ); + +} + + /** * @brief Returns path to file in cloud/. * diff --git a/include/bb2diaspora.php b/include/bb2diaspora.php index da02d6cac..1759154f0 100644 --- a/include/bb2diaspora.php +++ b/include/bb2diaspora.php @@ -128,8 +128,16 @@ function markdown_to_bb($s, $use_zrl = false) { $s = str_replace("
","\r",$s); $s = str_replace("
\n>","",$s); + if(is_array($s)) { + btlogger('markdown_to_bb called with array. ' . print_r($s,true), LOGGER_NORMAL, LOG_WARNING); + return ''; + } + $s = html_entity_decode($s,ENT_COMPAT,'UTF-8'); + // if empty link text replace with the url + $s = preg_replace("/\[\]\((.*?)\)/ism",'[$1]($1)',$s); + // first try plustags $s = preg_replace_callback('/\@\{(.+?)\; (.+?)\@(.+?)\}\+/','diaspora_mention_callback',$s); @@ -155,10 +163,10 @@ function markdown_to_bb($s, $use_zrl = false) { // Convert everything that looks like a link to a link if($use_zrl) { $s = str_replace(array('[img','/img]'),array('[zmg','/zmg]'),$s); - $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1[zrl=$2$3]$2$3[/zrl]',$s); + $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\(\)]+)/ism", '$1[zrl=$2$3]$2$3[/zrl]',$s); } else { - $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1[url=$2$3]$2$3[/url]',$s); + $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\(\)]+)/ism", '$1[url=$2$3]$2$3[/url]',$s); } // remove duplicate adjacent code tags @@ -427,6 +435,12 @@ function bb2diaspora($Text,$preserve_nl = false, $fordiaspora = true) { $Text = preg_replace_callback('/\@\!?\[([zu])rl\=(\w+.*?)\](\w+.*?)\[\/([zu])rl\]/i', 'bb2dmention_callback', $Text); + // strip map tags, as the rendering is performed in bbcode() and the resulting output + // is not compatible with Diaspora (at least in the case of openstreetmap and probably + // due to the inclusion of an html iframe) + + $Text = preg_replace("/\[map\=(.*?)\]/ism", '$1', $Text); + $Text = preg_replace("/\[map\](.*?)\[\/map\]/ism", '$1', $Text); // Converting images with size parameters to simple images. Markdown doesn't know it. $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $Text); diff --git a/include/bbcode.php b/include/bbcode.php index 21bc6de77..b8d732443 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -473,11 +473,40 @@ function bb_sanitize_style($input) { return '<span style="' . $css_string_san . '">' . $input[2] . '</span>'; } +function oblanguage_callback($matches) { + if(strlen($matches[1]) == 2) { + $compare = strtolower(substr(\App::$language,0,2)); + } + else { + $compare = strtolower(\App::$language); + } + + if($compare === strtolower($matches[1])) + return $matches[2]; + + return ''; +} + +function oblanguage_necallback($matches) { + if(strlen($matches[1]) == 2) { + $compare = strtolower(substr(\App::$language,0,2)); + } + else { + $compare = strtolower(\App::$language); + } + + if($compare !== strtolower($matches[1])) + return $matches[2]; + + return ''; +} + function bb_observer($Text) { $observer = App::get_observer(); if ((strpos($Text,'[/observer]') !== false) || (strpos($Text,'[/rpost]') !== false)) { + if ($observer) { $Text = preg_replace("/\[observer\=1\](.*?)\[\/observer\]/ism", '$1', $Text); $Text = preg_replace("/\[observer\=0\].*?\[\/observer\]/ism", '', $Text); @@ -511,11 +540,25 @@ function bb_code($match) { return '<code class="inline-code">' . trim($match[1]) . '</code>'; } +function bb_code_options($match) { + if(strpos($match[0], "<br />")) { + $class = ""; + } else { + $class = "inline-code"; + } + if(strpos($match[1], 'nowrap')) { + $style = "overflow-x: auto; white-space: pre;"; + } else { + $style = ""; + } + return '<code class="'. $class .'" style="'. $style .'">' . trim($match[2]) . '</code>'; +} + function bb_highlight($match) { - if(in_array(strtolower($match[1]),['php','css','mysql','sql','abap','diff','html','perl','ruby', + $lang = ((in_array(strtolower($match[1]),['php','css','mysql','sql','abap','diff','html','perl','ruby', 'vbscript','avrc','dtd','java','xml','cpp','python','javascript','js','json','sh'])) - return text_highlight($match[2],strtolower($match[1])); - return $match[0]; + ? strtolower($match[1]) : 'php' ); + return text_highlight($match[2],$lang); } function bb_fixtable_lf($match) { @@ -529,7 +572,76 @@ function bb_fixtable_lf($match) { } +function parseIdentityAwareHTML($Text) { + + // Hide all [noparse] contained bbtags by spacefying them + if (strpos($Text,'[noparse]') !== false) { + $Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_spacefy',$Text); + } + if (strpos($Text,'[nobb]') !== false) { + $Text = preg_replace_callback("/\[nobb\](.*?)\[\/nobb\]/ism", 'bb_spacefy',$Text); + } + if (strpos($Text,'[pre]') !== false) { + $Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_spacefy',$Text); + } + // process [observer] tags before we do anything else because we might + // be stripping away stuff that then doesn't need to be worked on anymore + + $observer = App::get_observer(); + + if ((strpos($Text,'[/observer]') !== false) || (strpos($Text,'[/rpost]') !== false)) { + + $Text = preg_replace_callback("/\[observer\.language\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_callback', $Text); + + $Text = preg_replace_callback("/\[observer\.language\!\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_necallback', $Text); + + if ($observer) { + $Text = preg_replace("/\[observer\=1\](.*?)\[\/observer\]/ism", '$1', $Text); + $Text = preg_replace("/\[observer\=0\].*?\[\/observer\]/ism", '', $Text); + $Text = preg_replace_callback("/\[rpost(=(.*?))?\](.*?)\[\/rpost\]/ism", 'rpost_callback', $Text); + } else { + $Text = preg_replace("/\[observer\=1\].*?\[\/observer\]/ism", '', $Text); + $Text = preg_replace("/\[observer\=0\](.*?)\[\/observer\]/ism", '$1', $Text); + $Text = preg_replace("/\[rpost(=.*?)?\](.*?)\[\/rpost\]/ism", '', $Text); + } + } + // replace [observer.baseurl] + if ($observer) { + $s1 = '<span class="bb_observer" title="' . t('Different viewers will see this text differently') . '">'; + $s2 = '</span>'; + $obsBaseURL = $observer['xchan_connurl']; + $obsBaseURL = preg_replace("/\/poco\/.*$/", '', $obsBaseURL); + $Text = str_replace('[observer.baseurl]', $obsBaseURL, $Text); + $Text = str_replace('[observer.url]',$observer['xchan_url'], $Text); + $Text = str_replace('[observer.name]',$s1 . $observer['xchan_name'] . $s2, $Text); + $Text = str_replace('[observer.address]',$s1 . $observer['xchan_addr'] . $s2, $Text); + $Text = str_replace('[observer.webname]', substr($observer['xchan_addr'],0,strpos($observer['xchan_addr'],'@')), $Text); + $Text = str_replace('[observer.photo]',$s1 . '[zmg]'.$observer['xchan_photo_l'].'[/zmg]' . $s2, $Text); + } else { + $Text = str_replace('[observer.baseurl]', '', $Text); + $Text = str_replace('[observer.url]','', $Text); + $Text = str_replace('[observer.name]','', $Text); + $Text = str_replace('[observer.address]','', $Text); + $Text = str_replace('[observer.webname]','',$Text); + $Text = str_replace('[observer.photo]','', $Text); + } + + $Text = str_replace(array('[baseurl]','[sitename]'),array(z_root(),get_config('system','sitename')),$Text); + + // Unhide all [noparse] contained bbtags unspacefying them + // and triming the [noparse] tag. + if (strpos($Text,'[noparse]') !== false) { + $Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_unspacefy_and_trim', $Text); + } + if (strpos($Text,'[nobb]') !== false) { + $Text = preg_replace_callback("/\[nobb\](.*?)\[\/nobb\]/ism", 'bb_unspacefy_and_trim', $Text); + } + if (strpos($Text,'[pre]') !== false) { + $Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_unspacefy_and_trim', $Text); + } + return $Text; +} // BBcode 2 HTML was written by WAY2WEB.net // extended to work with Mistpark/Friendica/Redmatrix/Hubzilla - Mike Macgirvin @@ -565,6 +677,9 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $observer = App::get_observer(); if ((strpos($Text,'[/observer]') !== false) || (strpos($Text,'[/rpost]') !== false)) { + $Text = preg_replace_callback("/\[observer\.language\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_callback', $Text); + $Text = preg_replace_callback("/\[observer\.language\!\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_necallback', $Text); + if ($observer) { $Text = preg_replace("/\[observer\=1\](.*?)\[\/observer\]/ism", '$1', $Text); $Text = preg_replace("/\[observer\=0\].*?\[\/observer\]/ism", '', $Text); @@ -661,7 +776,7 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) // Perform URL Search - $urlchars = '[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,\@]'; + $urlchars = '[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,\@\(\)]'; if (strpos($Text,'http') !== false) { if($tryoembed) { @@ -745,6 +860,12 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) if (strpos($Text,'[/color]') !== false) { $Text = preg_replace("(\[color=(.*?)\](.*?)\[\/color\])ism", "<span style=\"color: $1;\">$2</span>", $Text); } + // Check for colored text + if (strpos($Text,'[/hl]') !== false) { + $Text = preg_replace("(\[hl\](.*?)\[\/hl\])ism", "<span style=\"background-color: yellow;\">$1</span>", $Text); + $Text = preg_replace("(\[hl=(.*?)\](.*?)\[\/hl\])ism", "<span style=\"background-color: $1;\">$2</span>", $Text); + } + // Check for sized text // [size=50] --> font-size: 50px (with the unit). if (strpos($Text,'[/size]') !== false) { @@ -776,12 +897,14 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $Text = preg_replace("(\[h6\](.*?)\[\/h6\])ism",'<h6>$1</h6>',$Text); } // Check for table of content without params - if (strpos($Text,'[toc]') !== false) { - $Text = preg_replace("/\[toc\]/ism",'<ul id="toc"></ul>',$Text); + while(strpos($Text,'[toc]') !== false) { + $toc_id = 'toc-' . random_string(10); + $Text = preg_replace("/\[toc\]/ism", '<ul id="' . $toc_id . '" class="toc" data-toc=".section-content-wrapper"></ul><script>$("#' . $toc_id . '").toc();</script>', $Text, 1); } // Check for table of content with params - if (strpos($Text,'[toc') !== false) { - $Text = preg_replace("/\[toc([^\]]+?)\]/ism",'<ul$1></ul>',$Text); + while(strpos($Text,'[toc') !== false) { + $toc_id = 'toc-' . random_string(10); + $Text = preg_replace("/\[toc([^\]]+?)\]/ism", '<ul id="' . $toc_id . '" class="toc"$1></ul><script>$("#' . $toc_id . '").toc();</script>', $Text, 1); } // Check for centered text if (strpos($Text,'[/center]') !== false) { @@ -841,8 +964,8 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) } if (strpos($Text,'[/table]') !== false) { $Text = preg_replace("/\[table\](.*?)\[\/table\]/sm", '<table>$1</table>', $Text); - $Text = preg_replace("/\[table border=1\](.*?)\[\/table\]/sm", '<table border="1" >$1</table>', $Text); - $Text = preg_replace("/\[table border=0\](.*?)\[\/table\]/sm", '<table border="0" >$1</table>', $Text); + $Text = preg_replace("/\[table border=1\](.*?)\[\/table\]/sm", '<table class="table table-responsive table-bordered" >$1</table>', $Text); + $Text = preg_replace("/\[table border=0\](.*?)\[\/table\]/sm", '<table class="table table-responsive" >$1</table>', $Text); } $Text = str_replace('</tr><br /><tr>', "</tr>\n<tr>", $Text); $Text = str_replace('[hr]', '<hr />', $Text); @@ -861,6 +984,11 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $Text = preg_replace_callback("/\[code\](.*?)\[\/code\]/ism", 'bb_code', $Text); } + // Check for [code options] text + if (strpos($Text,'[code ') !== false) { + $Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_options', $Text); + } + // Check for [spoiler] text $endlessloop = 0; while ((strpos($Text, "[/spoiler]")!== false) and (strpos($Text, "[spoiler]") !== false) and (++$endlessloop < 20)) { @@ -1017,15 +1145,15 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $Text = preg_replace("/\[zaudio\](.*?)\[\/zaudio\]/", '<a class="zid" href="$1" target="_blank" >$1</a>', $Text); } - if ($tryoembed){ - if (strpos($Text,'[/iframe]') !== false) { - $Text = preg_replace_callback("/\[iframe\](.*?)\[\/iframe\]/ism", 'bb_iframe', $Text); - } - } else { - if (strpos($Text,'[/iframe]') !== false) { - $Text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '<a href="$1" target="_blank" >$1</a>', $Text); - } - } +// if ($tryoembed){ +// if (strpos($Text,'[/iframe]') !== false) { +// $Text = preg_replace_callback("/\[iframe\](.*?)\[\/iframe\]/ism", 'bb_iframe', $Text); +// } +// } else { +// if (strpos($Text,'[/iframe]') !== false) { +// $Text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '<a href="$1" target="_blank" >$1</a>', $Text); +// } +// } // oembed tag $Text = oembed_bbcode2html($Text); @@ -1077,9 +1205,9 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism", '<$1$2=$3&$4>', $Text); // This is subtle - it's an XSS filter. It only accepts links with a protocol scheme and where - // the scheme begins with z (zhttp), h (http(s)), f (ftp), m (mailto), and named anchors. + // the scheme begins with z (zhttp), h (http(s)), f (ftp(s)), m (mailto), t (tel) and named anchors. - $Text = preg_replace("/\<(.*?)(src|href)=\"[^zhfm#](.*?)\>/ism", '<$1$2="">', $Text); + $Text = preg_replace("/\<(.*?)(src|href)=\"[^zhfmt#](.*?)\>/ism", '<$1$2="">', $Text); $Text = bb_replace_images($Text, $saved_images); diff --git a/include/channel.php b/include/channel.php index 4fc873402..83f48f361 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1218,7 +1218,7 @@ function advanced_profile(&$a) { $profile['marital'] = array( t('Status:'), App::$profile['marital']); if(App::$profile['partner']) - $profile['marital']['partner'] = bbcode(App::$profile['partner']); + $profile['marital']['partner'] = zidify_links(bbcode(App::$profile['partner'])); if(strlen(App::$profile['howlong']) && App::$profile['howlong'] > NULL_DATE) { $profile['howlong'] = relative_date(App::$profile['howlong'], t('for %1$d %2$s')); @@ -1278,10 +1278,14 @@ function advanced_profile(&$a) { // logger('mod_profile: things: ' . print_r($things,true), LOGGER_DATA); + $exportlink = ((App::$profile['profile_vcard']) ? zid(z_root() . '/profile/' . App::$profile['channel_address'] . '/vcard') : ''); + return replace_macros($tpl, array( '$title' => t('Profile'), '$canlike' => (($profile['canlike'])? true : false), '$likethis' => t('Like this thing'), + '$export' => t('Export'), + '$exportlink' => $exportlink, '$profile' => $profile, '$fields' => $clean_fields, '$editmenu' => profile_edit_menu(App::$profile['profile_uid']), @@ -1705,21 +1709,26 @@ function get_zcard($channel, $observer_hash = '', $args = array()) { $maxwidth = (($args['width']) ? intval($args['width']) : 0); $maxheight = (($args['height']) ? intval($args['height']) : 0); - if(($maxwidth > 1200) || ($maxwidth < 1)) + if(($maxwidth > 1200) || ($maxwidth < 1)) { $maxwidth = 1200; + $cover_width = 1200; + } if($maxwidth <= 425) { $width = 425; + $cover_width = 425; $size = 'hz_small'; $cover_size = PHOTO_RES_COVER_425; $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 80 , 'height' => 80, 'href' => $channel['xchan_photo_m']); } elseif($maxwidth <= 900) { $width = 900; + $cover_width = 850; $size = 'hz_medium'; $cover_size = PHOTO_RES_COVER_850; $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 160 , 'height' => 160, 'href' => $channel['xchan_photo_l']); } elseif($maxwidth <= 1200) { $width = 1200; + $cover_width = 1200; $size = 'hz_large'; $cover_size = PHOTO_RES_COVER_1200; $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 300 , 'height' => 300, 'href' => $channel['xchan_photo_l']); @@ -1741,7 +1750,8 @@ function get_zcard($channel, $observer_hash = '', $args = array()) { $cover = $r[0]; $cover['href'] = z_root() . '/photo/' . $r[0]['resource_id'] . '-' . $r[0]['imgscale']; } else { - $cover = $pphoto; + $default_cover = get_config('system','default_cover_photo','pexels-94622'); + $cover = [ 'href' => z_root() . '/images/default_cover_photos/' . $default_cover . '/' . $cover_width . '.jpg' ]; } $o .= replace_macros(get_markup_template('zcard.tpl'), array( @@ -1765,23 +1775,28 @@ function get_zcard_embed($channel, $observer_hash = '', $args = array()) { $maxwidth = (($args['width']) ? intval($args['width']) : 0); $maxheight = (($args['height']) ? intval($args['height']) : 0); - if(($maxwidth > 1200) || ($maxwidth < 1)) + if(($maxwidth > 1200) || ($maxwidth < 1)) { $maxwidth = 1200; + $cover_width = 1200; + } if($maxwidth <= 425) { $width = 425; + $cover_width = 425; $size = 'hz_small'; $cover_size = PHOTO_RES_COVER_425; $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 80 , 'height' => 80, 'href' => $channel['xchan_photo_m']); } elseif($maxwidth <= 900) { $width = 900; + $cover_width = 850; $size = 'hz_medium'; $cover_size = PHOTO_RES_COVER_850; $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 160 , 'height' => 160, 'href' => $channel['xchan_photo_l']); } elseif($maxwidth <= 1200) { $width = 1200; + $cover_width = 1200; $size = 'hz_large'; $cover_size = PHOTO_RES_COVER_1200; $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 300 , 'height' => 300, 'href' => $channel['xchan_photo_l']); @@ -1799,8 +1814,10 @@ function get_zcard_embed($channel, $observer_hash = '', $args = array()) { if($r) { $cover = $r[0]; $cover['href'] = z_root() . '/photo/' . $r[0]['resource_id'] . '-' . $r[0]['imgscale']; - } else { - $cover = $pphoto; + } + else { + $default_cover = get_config('system','default_cover_photo','pexels-94622'); + $cover = [ 'href' => z_root() . '/images/default_cover_photos/' . $default_cover . '/' . $cover_width . '.jpg' ]; } $o .= replace_macros(get_markup_template('zcard_embed.tpl'),array( diff --git a/include/config.php b/include/config.php index 44ef29614..0b0e639ab 100644 --- a/include/config.php +++ b/include/config.php @@ -35,8 +35,8 @@ function load_config($family) { Zlib\Config::Load($family); } -function get_config($family, $key) { - return Zlib\Config::Get($family,$key); +function get_config($family, $key, $default = false) { + return Zlib\Config::Get($family,$key,$default); } function set_config($family, $key, $value) { @@ -51,8 +51,8 @@ function load_pconfig($uid) { Zlib\PConfig::Load($uid); } -function get_pconfig($uid, $family, $key, $instore = false) { - return Zlib\PConfig::Get($uid,$family,$key,$instore = false); +function get_pconfig($uid, $family, $key, $default = false) { + return Zlib\PConfig::Get($uid,$family,$key,$default); } function set_pconfig($uid, $family, $key, $value) { @@ -67,8 +67,8 @@ function load_xconfig($xchan) { Zlib\XConfig::Load($xchan); } -function get_xconfig($xchan, $family, $key) { - return Zlib\XConfig::Get($xchan,$family,$key); +function get_xconfig($xchan, $family, $key, $default = false) { + return Zlib\XConfig::Get($xchan,$family,$key, $default); } function set_xconfig($xchan, $family, $key, $value) { @@ -83,8 +83,8 @@ function load_aconfig($account_id) { Zlib\AConfig::Load($account_id); } -function get_aconfig($account_id, $family, $key) { - return Zlib\AConfig::Get($account_id, $family, $key); +function get_aconfig($account_id, $family, $key, $default = false) { + return Zlib\AConfig::Get($account_id, $family, $key, $default); } function set_aconfig($account_id, $family, $key, $value) { @@ -99,8 +99,8 @@ function load_abconfig($chan, $xhash, $family = '') { return Zlib\AbConfig::Load($chan,$xhash,$family); } -function get_abconfig($chan,$xhash,$family,$key) { - return Zlib\AbConfig::Get($chan,$xhash,$family,$key); +function get_abconfig($chan,$xhash,$family,$key, $default = false) { + return Zlib\AbConfig::Get($chan,$xhash,$family,$key, $default); } function set_abconfig($chan,$xhash,$family,$key,$value) { @@ -115,8 +115,8 @@ function load_iconfig(&$item) { Zlib\IConfig::Load($item); } -function get_iconfig(&$item, $family, $key) { - return Zlib\IConfig::Get($item, $family, $key); +function get_iconfig(&$item, $family, $key, $default = false) { + return Zlib\IConfig::Get($item, $family, $key, $default); } function set_iconfig(&$item, $family, $key, $value, $sharing = false) { diff --git a/include/connections.php b/include/connections.php index b08d046b3..f90644ec5 100644 --- a/include/connections.php +++ b/include/connections.php @@ -630,3 +630,279 @@ function random_profile() { return ''; } +function update_vcard($arr,$vcard = null) { + + + // logger('update_vcard: ' . print_r($arr,true)); + + $fn = $arr['fn']; + + + // This isn't strictly correct and could be a cause for concern. + // 'N' => array_reverse(explode(' ', $fn)) + + + // What we really want is + // 'N' => Adams;John;Quincy;Reverend,Dr.;III + // which is a very difficult parsing problem especially if you allow + // the surname to contain spaces. The only way to be sure to get it + // right is to provide a form to input all the various fields and not + // try to extract it from the FN. + + if(! $vcard) { + $vcard = new \Sabre\VObject\Component\VCard([ + 'FN' => $fn, + 'N' => array_reverse(explode(' ', $fn)) + ]); + } + else { + $vcard->FN = $fn; + $vcard->N = array_reverse(explode(' ', $fn)); + } + + $org = $arr['org']; + if($org) { + $vcard->ORG = $org; + } + + $title = $arr['title']; + if($title) { + $vcard->TITLE = $title; + } + + $tel = $arr['tel']; + $tel_type = $arr['tel_type']; + if($tel) { + $i = 0; + foreach($tel as $item) { + if($item) { + $vcard->add('TEL', $item, ['type' => $tel_type[$i]]); + } + $i++; + } + } + + $email = $arr['email']; + $email_type = $arr['email_type']; + if($email) { + $i = 0; + foreach($email as $item) { + if($item) { + $vcard->add('EMAIL', $item, ['type' => $email_type[$i]]); + } + $i++; + } + } + + $impp = $arr['impp']; + $impp_type = $arr['impp_type']; + if($impp) { + $i = 0; + foreach($impp as $item) { + if($item) { + $vcard->add('IMPP', $item, ['type' => $impp_type[$i]]); + } + $i++; + } + } + + $url = $arr['url']; + $url_type = $arr['url_type']; + if($url) { + $i = 0; + foreach($url as $item) { + if($item) { + $vcard->add('URL', $item, ['type' => $url_type[$i]]); + } + $i++; + } + } + + $adr = $arr['adr']; + $adr_type = $arr['adr_type']; + + if($adr) { + $i = 0; + foreach($adr as $item) { + if($item) { + $vcard->add('ADR', $item, ['type' => $adr_type[$i]]); + } + $i++; + } + } + + $note = $arr['note']; + if($note) { + $vcard->NOTE = $note; + } + + return $vcard->serialize(); + +} + +function get_vcard_array($vc,$id) { + + $photo = ''; + if($vc->PHOTO) { + $photo_value = strtolower($vc->PHOTO->getValueType()); // binary or uri + if($photo_value === 'binary') { + $photo_type = strtolower($vc->PHOTO['TYPE']); // mime jpeg, png or gif + $photo = 'data:image/' . $photo_type . ';base64,' . base64_encode((string)$vc->PHOTO); + } + else { + $url = parse_url((string)$vc->PHOTO); + $photo = 'data:' . $url['path']; + } + } + + $fn = ''; + if($vc->FN) { + $fn = (string) escape_tags($vc->FN); + } + + $org = ''; + if($vc->ORG) { + $org = (string) escape_tags($vc->ORG); + } + + $title = ''; + if($vc->TITLE) { + $title = (string) escape_tags($vc->TITLE); + } + + $tels = []; + if($vc->TEL) { + foreach($vc->TEL as $tel) { + $type = (($tel['TYPE']) ? vcard_translate_type((string)$tel['TYPE']) : ''); + $tels[] = [ + 'type' => $type, + 'nr' => (string) escape_tags($tel) + ]; + } + } + $emails = []; + if($vc->EMAIL) { + foreach($vc->EMAIL as $email) { + $type = (($email['TYPE']) ? vcard_translate_type((string)$email['TYPE']) : ''); + $emails[] = [ + 'type' => $type, + 'address' => (string) escape_tags($email) + ]; + } + } + + $impps = []; + if($vc->IMPP) { + foreach($vc->IMPP as $impp) { + $type = (($impp['TYPE']) ? vcard_translate_type((string)$impp['TYPE']) : ''); + $impps[] = [ + 'type' => $type, + 'address' => (string) escape_tags($impp) + ]; + } + } + + $urls = []; + if($vc->URL) { + foreach($vc->URL as $url) { + $type = (($url['TYPE']) ? vcard_translate_type((string)$url['TYPE']) : ''); + $urls[] = [ + 'type' => $type, + 'address' => (string) escape_tags($url) + ]; + } + } + + $adrs = []; + if($vc->ADR) { + foreach($vc->ADR as $adr) { + $type = (($adr['TYPE']) ? vcard_translate_type((string)$adr['TYPE']) : ''); + $adrs[] = [ + 'type' => $type, + 'address' => $adr->getParts() + ]; + $last_entry = end($adrs); + if($adrs[$last_entry]['address']) + array_walk($adrs[$last_entry]['address'],'array_escape_tags'); + } + } + + $note = ''; + if($vc->NOTE) { + $note = (string) escape_tags($vc->NOTE); + } + + $card = [ + 'id' => $id, + 'photo' => $photo, + 'fn' => $fn, + 'org' => $org, + 'title' => $title, + 'tels' => $tels, + 'emails' => $emails, + 'impps' => $impps, + 'urls' => $urls, + 'adrs' => $adrs, + 'note' => $note + ]; + + return $card; + +} + + +function vcard_translate_type($type) { + + if(!$type) + return; + + $type = strtoupper($type); + + $map = [ + 'CELL' => t('Mobile'), + 'HOME' => t('Home'), + 'HOME,VOICE' => t('Home, Voice'), + 'HOME,FAX' => t('Home, Fax'), + 'WORK' => t('Work'), + 'WORK,VOICE' => t('Work, Voice'), + 'WORK,FAX' => t('Work, Fax'), + 'OTHER' => t('Other') + ]; + + if (array_key_exists($type, $map)) { + return [$type, $map[$type]]; + } + else { + return [$type, t('Other') . ' (' . $type . ')']; + } +} + + +function vcard_query(&$r) { + + $arr = []; + + if($r && is_array($r) && count($r)) { + $uid = $r[0]['abook_channel']; + foreach($r as $rv) { + if($rv['abook_xchan'] && (! in_array("'" . dbesc($rv['abook_xchan']) . "'",$arr))) + $arr[] = "'" . dbesc($rv['abook_xchan']) . "'"; + } + } + + if($arr) { + $a = q("select * from abconfig where chan = %d and xchan in (" . protect_sprintf(implode(',', $arr)) . ") and cat = 'system' and k = 'vcard'", + intval($uid) + ); + if($a) { + foreach($a as $av) { + for($x = 0; $x < count($r); $x ++) { + if($r[$x]['abook_xchan'] == $av['xchan']) { + $vctmp = \Sabre\VObject\Reader::read($av['v']); + $r[$x]['vcard'] = (($vctmp) ? get_vcard_array($vctmp,$r[$x]['abook_id']) : [] ); + } + } + } + } + } +}
\ No newline at end of file diff --git a/include/conversation.php b/include/conversation.php index c260eb4a0..285ee752f 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -363,7 +363,7 @@ function localize_item(&$item){ if(intval($item['item_obscured']) && strlen($item['body']) && (! strpos($item['body'],'data'))) { - $item['body'] = json_encode(crypto_encapsulate($item['body'],get_config('system','pubkey'))); + $item['body'] = z_obscure($item['body']); } } @@ -473,22 +473,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ if (local_channel()) load_pconfig(local_channel(),''); - $arr_blocked = null; - - if (local_channel()) - $str_blocked = get_pconfig(local_channel(),'system','blocked'); - if (! local_channel() && ($mode == 'network')) { - $sys = get_sys_channel(); - $id = $sys['channel_id']; - $str_blocked = get_pconfig($id,'system','blocked'); - } - - if ($str_blocked) { - $arr_blocked = explode(',',$str_blocked); - for ($x = 0; $x < count($arr_blocked); $x ++) - $arr_blocked[$x] = trim($arr_blocked[$x]); - } - $profile_owner = 0; $page_writeable = false; $live_update_div = ''; @@ -615,17 +599,13 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ foreach($items as $item) { - if($arr_blocked) { - $blocked = false; - foreach($arr_blocked as $b) { - if(($b) && (($item['author_xchan'] == $b) || ($item['owner_xchan'] == $b))) { - $blocked = true; - break; - } - } - if($blocked) - continue; - } + $x = [ 'mode' => $mode, 'item' => $item ]; + call_hooks('stream_item',$x); + + if($x['item']['blocked']) + continue; + + $item = $x['item']; $threadsid++; @@ -709,7 +689,8 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ 'id' => (($preview) ? 'P0' : $item['item_id']), 'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, $profile_url), 'profile_url' => $profile_link, - 'item_photo_menu' => item_photo_menu($item), + 'thread_action_menu' => thread_action_menu($item,$mode), + 'thread_author_menu' => thread_author_menu($item,$mode), 'name' => $profile_name, 'sparkle' => $sparkle, 'lock' => $lock, @@ -752,7 +733,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ 'like' => '', 'dislike' => '', 'comment' => '', - 'conv' => (($preview) ? '' : array('href'=> z_root() . '/display/' . $item['mid'], 'title'=> t('View in context'))), + 'conv' => (($preview) ? '' : array('href'=> z_root() . '/display/' . gen_link_id($item['mid']), 'title'=> t('View in context'))), 'previewing' => $previewing, 'wait' => t('Please wait'), 'thread_level' => 1, @@ -787,28 +768,14 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ // Check for any blocked authors - if($arr_blocked) { - $blocked = false; - foreach($arr_blocked as $b) { - if(($b) && ($item['author_xchan'] == $b)) { - $blocked = true; - break; - } - } - if($blocked) - continue; - } - // Check all the kids too + $x = [ 'mode' => $mode, 'item' => $item ]; + call_hooks('stream_item',$x); + + if($x['item']['blocked']) + continue; - if($arr_blocked && $item['children']) { - for($d = 0; $d < count($item['children']); $d ++) { - foreach($arr_blocked as $b) { - if(($b) && ($item['children'][$d]['author_xchan'] == $b)) - $item['children'][$d]['author_blocked'] = true; - } - } - } + $item = $x['item']; builtin_activity_puller($item, $conv_responses); @@ -994,6 +961,169 @@ function item_photo_menu($item){ return $o; } + +function thread_action_menu($item,$mode = '') { + + $menu = []; + + if((local_channel()) && local_channel() == $item['uid']) { + $menu[] = [ + 'menu' => 'view_source', + 'title' => t('View Source'), + 'icon' => 'eye', + 'action' => 'viewsrc(' . $item['id'] . '); return false;', + 'href' => '#' + ]; + + if(! in_array($mode, [ 'network-new', 'search', 'community'])) { + if($item['parent'] == $item['id'] && (get_observer_hash() != $item['author_xchan'])) { + $menu[] = [ + 'menu' => 'follow_thread', + 'title' => t('Follow Thread'), + 'icon' => 'plus', + 'action' => 'dosubthread(' . $item['id'] . '); return false;', + 'href' => '#' + ]; + } + + $menu[] = [ + 'menu' => 'unfollow_thread', + 'title' => t('Unfollow Thread'), + 'icon' => 'minus', + 'action' => 'dounsubthread(' . $item['id'] . '); return false;', + 'href' => '#' + ]; + } + + } + + + + + $args = [ 'item' => $item, 'mode' => $mode, 'menu' => $menu ]; + call_hooks('thread_action_menu', $args); + + return $args['menu']; + +} + +function thread_author_menu($item, $mode = '') { + + $menu = []; + + $local_channel = local_channel(); + + if($local_channel) { + if(! count(App::$contacts)) + load_contact_links($local_channel); + $channel = App::get_channel(); + $channel_hash = (($channel) ? $channel['channel_hash'] : ''); + } + + $profile_link = chanlink_hash($item['author_xchan']); + if($item['uid'] > 0) + $pm_url = z_root() . '/mail/new/?f=&hash=' . $item['author_xchan']; + + if(App::$contacts && array_key_exists($item['author_xchan'],App::$contacts)) + $contact = App::$contacts[$item['author_xchan']]; + else + if($local_channel && $item['author']['xchan_addr']) + $follow_url = z_root() . '/follow/?f=&url=' . $item['author']['xchan_addr']; + + if($contact) { + $poke_link = z_root() . '/poke/?f=&c=' . $contact['abook_id']; + if (! intval($contact['abook_self'])) + $contact_url = z_root() . '/connedit/' . $contact['abook_id']; + $posts_link = z_root() . '/network/?cid=' . $contact['abook_id']; + + $clean_url = normalise_link($item['author-link']); + } + + $rating_enabled = get_config('system','rating_enabled'); + + $ratings_url = (($rating_enabled) ? z_root() . '/ratings/' . urlencode($item['author_xchan']) : ''); + + if($profile_link) { + $menu[] = [ + 'menu' => 'view_profile', + 'title' => t('View Profile'), + 'icon' => 'fw', + 'action' => '', + 'href' => $profile_link + ]; + } + + if($posts_link) { + $menu[] = [ + 'menu' => 'view_posts', + 'title' => t('Activity/Posts'), + 'icon' => 'fw', + 'action' => '', + 'href' => $posts_link + ]; + } + + if($follow_url) { + $menu[] = [ + 'menu' => 'follow', + 'title' => t('Connect'), + 'icon' => 'fw', + 'action' => '', + 'href' => $follow_url + ]; + } + + if($contact_url) { + $menu[] = [ + 'menu' => 'connedit', + 'title' => t('Edit Connection'), + 'icon' => 'fw', + 'action' => '', + 'href' => $contact_url + ]; + } + + if($pm_url) { + $menu[] = [ + 'menu' => 'prv_message', + 'title' => t('Message'), + 'icon' => 'fw', + 'action' => '', + 'href' => $pm_url + ]; + } + + if($ratings_url) { + $menu[] = [ + 'menu' => 'ratings', + 'title' => t('Ratings'), + 'icon' => 'fw', + 'action' => '', + 'href' => $ratings_url + ]; + } + + if($poke_link) { + $menu[] = [ + 'menu' => 'poke', + 'title' => t('Poke'), + 'icon' => 'fw', + 'action' => '', + 'href' => $poke_link + ]; + } + + $args = [ 'item' => $item, 'mode' => $mode, 'menu' => $menu ]; + call_hooks('thread_author_menu', $args); + + return $args['menu']; + +} + + + + + /** * @brief Checks item to see if it is one of the builtin activities (like/dislike, event attendance, consensus items, etc.) * @@ -1266,11 +1396,11 @@ function status_editor($a, $x, $popup = false) { '$setloc' => $setloc, '$voting' => t('Toggle voting'), '$feature_voting' => $feature_voting, - '$consensus' => 0, + '$consensus' => ((array_key_exists('item',$x)) ? $x['item']['item_consensus'] : 0), '$nocommenttitle' => t('Disable comments'), '$nocommenttitlesub' => t('Toggle comments'), '$feature_nocomment' => $feature_nocomment, - '$nocomment' => 0, + '$nocomment' => ((array_key_exists('item',$x)) ? $x['item']['item_nocomment'] : 0), '$clearloc' => $clearloc, '$title' => ((x($x, 'title')) ? htmlspecialchars($x['title'], ENT_COMPAT,'UTF-8') : ''), '$placeholdertitle' => ((x($x, 'placeholdertitle')) ? $x['placeholdertitle'] : t('Title (optional)')), @@ -1434,7 +1564,7 @@ function format_location($item) { if(strpos($item['location'],'#') === 0) { $location = substr($item['location'],1); - $location = ((strpos($location,'[') !== false) ? bbcode($location) : $location); + $location = ((strpos($location,'[') !== false) ? zidify_links(bbcode($location)) : $location); } else { $locate = array('location' => $item['location'], 'coord' => $item['coord'], 'html' => ''); @@ -1486,7 +1616,7 @@ function prepare_page($item) { '$author' => (($naked) ? '' : $item['author']['xchan_name']), '$auth_url' => (($naked) ? '' : zid($item['author']['xchan_url'])), '$date' => (($naked) ? '' : datetime_convert('UTC', date_default_timezone_get(), $item['created'], 'Y-m-d H:i')), - '$title' => smilies(bbcode($item['title'])), + '$title' => zidify_links(smilies(bbcode($item['title']))), '$body' => $body['html'], '$preview' => $preview, '$link' => $link, @@ -1656,6 +1786,20 @@ function profile_tabs($a, $is_owner = false, $nickname = null){ $cal_link = '/cal/' . $nickname; } + require_once('include/security.php'); + $sql_options = item_permissions_sql($uid); + + $r = q("select item.* from item left join iconfig on item.id = iconfig.iid + where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' + and item.item_delayed = 0 and item.item_deleted = 0 + and ( iconfig.k = 'WEBPAGE' and item_type = %d ) + $sql_options limit 1", + intval($uid), + dbesc('home'), + intval(ITEM_TYPE_WEBPAGE) + ); + + $has_webpages = (($r) ? true : false); if (get_pconfig($uid, 'system', 'noprofiletabs')) return; @@ -1740,19 +1884,20 @@ function profile_tabs($a, $is_owner = false, $nickname = null){ ); } - if ($p['write_pages'] && feature_enabled($uid,'webpages')) { + if($has_webpages && feature_enabled($uid,'webpages')) { $tabs[] = array( 'label' => t('Webpages'), - 'url' => z_root() . '/webpages/' . $nickname, + 'url' => z_root() . '/page/' . $nickname . '/home', 'sel' => ((argv(0) == 'webpages') ? 'active' : ''), - 'title' => t('Manage Webpages'), + 'title' => t('View Webpages'), 'id' => 'webpages-tab', ); - } + } + if(feature_enabled($uid,'wiki') && (get_account_techlevel($account_id) > 3)) { $tabs[] = array( - 'label' => t('Wiki'), + 'label' => t('Wikis'), 'url' => z_root() . '/wiki/' . $nickname, 'sel' => ((argv(0) == 'wiki') ? 'active' : ''), 'title' => t('Wiki'), diff --git a/include/crypto.php b/include/crypto.php index bc798d919..f75390985 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -48,27 +48,122 @@ function pkcs5_unpad($text) function AES256CBC_encrypt($data,$key,$iv) { return openssl_encrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); - } function AES256CBC_decrypt($data,$key,$iv) { return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + +function AES128CBC_encrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,16); + return openssl_encrypt($data,'aes-128-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + +function AES128CBC_decrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,16); + return openssl_decrypt($data,'aes-128-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + +function STD_encrypt($data,$key,$iv) { + $key = substr($key,0,32); + $iv = substr($iv,0,16); + return openssl_encrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} + +function STD_decrypt($data,$key,$iv) { + $key = substr($key,0,32); + $iv = substr($iv,0,16); + return openssl_decrypt($data,'aes-256-cbc',str_pad($key,32,"\0"),OPENSSL_RAW_DATA,str_pad($iv,16,"\0")); +} +function CAST5CBC_encrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,8); + return openssl_encrypt($data,'cast5-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); +} + +function CAST5CBC_decrypt($data,$key,$iv) { + $key = substr($key,0,16); + $iv = substr($iv,0,8); + return openssl_decrypt($data,'cast5-cbc',str_pad($key,16,"\0"),OPENSSL_RAW_DATA,str_pad($iv,8,"\0")); } function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { + $fn = strtoupper($alg) . '_encrypt'; + if($alg === 'aes256cbc') return aes_encapsulate($data,$pubkey); + return other_encapsulate($data,$pubkey,$alg); + +} + +function other_encapsulate($data,$pubkey,$alg) { + if(! $pubkey) + logger('no key. data: ' . $data); + + $fn = strtoupper($alg) . '_encrypt'; + if(function_exists($fn)) { + + // A bit hesitant to use openssl_random_pseudo_bytes() as we know + // it has been historically targeted by US agencies for 'weakening'. + // It is still arguably better than trying to come up with an + // alternative cryptographically secure random generator. + // There is little point in using the optional second arg to flag the + // assurance of security since it is meaningless if the source algorithms + // have been compromised. Also none of this matters if RSA has been + // compromised by state actors and evidence is mounting that this has + // already happened. + + $key = openssl_random_pseudo_bytes(256); + $iv = openssl_random_pseudo_bytes(256); + $result['data'] = base64url_encode($fn($data,$key,$iv),true); + // log the offending call so we can track it down + if(! openssl_public_encrypt($key,$k,$pubkey)) { + $x = debug_backtrace(); + logger('RSA failed. ' . print_r($x[0],true)); + } + + $result['alg'] = $alg; + $result['key'] = base64url_encode($k,true); + openssl_public_encrypt($iv,$i,$pubkey); + $result['iv'] = base64url_encode($i,true); + return $result; + } + else { + $x = [ 'data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data ]; + call_hooks('other_encapsulate', $x); + return $x['result']; + } +} + +function crypto_methods() { + + if(\Zotlabs\Lib\System::get_server_role() !== 'pro') + return [ 'aes256cbc' ]; + + // 'std' is the new project standard which is aes256cbc but transmits/receives 256-byte key and iv. + // aes256cbc is provided for compatibility with earlier zot implementations which assume 32-byte key and 16-byte iv. + // other_encapsulate() now produces these longer keys/ivs by default so that it is difficult to guess a + // particular implementation or choice of underlying implementations based on the key/iv length. + // The actual methods are responsible for deriving the actual key/iv from the provided parameters; + // possibly by truncation or segmentation - though many other methods could be used. + + $r = [ 'std', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; + call_hooks('crypto_methods',$r); + return $r; + } function aes_encapsulate($data,$pubkey) { if(! $pubkey) logger('aes_encapsulate: no key. data: ' . $data); - $key = random_string(32,RANDOM_STRING_TEXT); - $iv = random_string(16,RANDOM_STRING_TEXT); + $key = openssl_random_pseudo_bytes(32); + $iv = openssl_random_pseudo_bytes(16); $result['data'] = base64url_encode(AES256CBC_encrypt($data,$key,$iv),true); // log the offending call so we can track it down if(! openssl_public_encrypt($key,$k,$pubkey)) { @@ -89,6 +184,22 @@ function crypto_unencapsulate($data,$prvkey) { if($alg === 'aes256cbc') return aes_unencapsulate($data,$prvkey); + return other_unencapsulate($data,$prvkey,$alg); + +} + +function other_unencapsulate($data,$prvkey,$alg) { + $fn = strtoupper($alg) . '_decrypt'; + if(function_exists($fn)) { + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); + return $fn(base64url_decode($data['data']),$k,$i); + } + else { + $x = [ 'data' => $data, 'prvkey' => $prvkey, 'alg' => $alg, 'result' => $data ]; + call_hooks('other_unencapsulate',$x); + return $x['result']; + } } diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php index 0b5f085af..e47f97387 100755 --- a/include/dba/dba_driver.php +++ b/include/dba/dba_driver.php @@ -98,7 +98,7 @@ class DBA { abstract class dba_driver { // legacy behavior - protected $db; + public $db; protected $pdo = array(); public $debug = 0; @@ -337,7 +337,7 @@ function db_concat($fld, $sep) { function q($sql) { $args = func_get_args(); - unset($args[0]); + array_shift($args); if(\DBA::$dba && \DBA::$dba->connected) { $stmt = vsprintf($sql, $args); diff --git a/include/dba/dba_pdo.php b/include/dba/dba_pdo.php index e235c467b..f76e6cdd7 100755 --- a/include/dba/dba_pdo.php +++ b/include/dba/dba_pdo.php @@ -133,7 +133,7 @@ class dba_pdo extends dba_driver { } function unescapebin($str) { - if($this->driver_dbtype === 'pgsql') { + if($this->driver_dbtype === 'pgsql' && (! is_null($str))) { $x = ''; while(! feof($str)) { $x .= fread($str,8192); diff --git a/include/dir_fns.php b/include/dir_fns.php index 03cc2706a..3922730fc 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -192,17 +192,19 @@ function sync_directories($dirmode) { 'site_update' => NULL_DATE, 'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch', 'site_realm' => DIRECTORY_REALM, - 'site_valid' => 1 + 'site_valid' => 1, + 'site_crypto' => 'aes256cbc' ); - $x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid ) - values ( '%s', %d, '%s', '%s', '%s', %d ) ", + $x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid, site_crypto ) + values ( '%s', %d, '%s', '%s', '%s', %d, '%s' ) ", dbesc($r[0]['site_url']), intval($r[0]['site_flags']), dbesc($r[0]['site_update']), dbesc($r[0]['site_directory']), dbesc($r[0]['site_realm']), - intval($r[0]['site_valid']) + intval($r[0]['site_valid']), + dbesc($r[0]['site_crypto']) ); $r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ", diff --git a/include/event.php b/include/event.php index cbee2b759..cf1cc331d 100644 --- a/include/event.php +++ b/include/event.php @@ -25,7 +25,7 @@ function format_event_html($ev) { $o = '<div class="vevent">' . "\r\n"; - $o .= '<div class="event-title"><h3><i class="fa fa-calendar"></i> ' . bbcode($ev['summary']) . '</h3></div>' . "\r\n"; + $o .= '<div class="event-title"><h3><i class="fa fa-calendar"></i> ' . zidify_links(smilies(bbcode($ev['summary']))) . '</h3></div>' . "\r\n"; $o .= '<div class="event-start"><span class="event-label">' . t('Starts:') . '</span> <span class="dtstart" title="' . datetime_convert('UTC', 'UTC', $ev['dtstart'], (($ev['adjust']) ? ATOM_TIME : 'Y-m-d\TH:i:s' )) @@ -46,11 +46,11 @@ function format_event_html($ev) { $ev['dtend'] , $bd_format ))) . '</span></div>' . "\r\n"; - $o .= '<div class="event-description">' . bbcode($ev['description']) . '</div>' . "\r\n"; + $o .= '<div class="event-description">' . zidify_links(smilies(bbcode($ev['description']))) . '</div>' . "\r\n"; if(strlen($ev['location'])) $o .= '<div class="event-location"><span class="event-label"> ' . t('Location:') . '</span> <span class="location">' - . bbcode($ev['location']) + . zidify_links(smilies(bbcode($ev['location']))) . '</span></div>' . "\r\n"; $o .= '</div>' . "\r\n"; @@ -69,7 +69,7 @@ function format_event_obj($jobject) { $bd_format = t('l F d, Y \@ g:i A'); // Friday January 18, 2011 @ 8:01 AM $event['header'] = replace_macros(get_markup_template('event_item_header.tpl'),array( - '$title' => bbcode($object['title']), + '$title' => zidify_links(smilies(bbcode($object['title']))), '$dtstart_label' => t('Starts:'), '$dtstart_title' => datetime_convert('UTC', 'UTC', $object['dtstart'], (($object['adjust']) ? ATOM_TIME : 'Y-m-d\TH:i:s' )), '$dtstart_dt' => (($object['adjust']) ? day_translate(datetime_convert('UTC', date_default_timezone_get(), $object['dtstart'] , $bd_format )) : day_translate(datetime_convert('UTC', 'UTC', $object['dtstart'] , $bd_format))), @@ -80,9 +80,9 @@ function format_event_obj($jobject) { )); $event['content'] = replace_macros(get_markup_template('event_item_content.tpl'),array( - '$description' => bbcode($object['description']), + '$description' => zidify_links(smilies(bbcode($object['description']))), '$location_label' => t('Location:'), - '$location' => bbcode($object['location']) + '$location' => zidify_links(smilies(bbcode($object['location']))) )); } @@ -127,12 +127,18 @@ function format_event_ical($ev) { $o .= "\r\nDTSTART:" . datetime_convert('UTC','UTC', $ev['dtstart'],'Ymd\\THis' . (($ev['adjust']) ? '\\Z' : '')); if($ev['dtend'] && ! $ev['nofinish']) $o .= "\r\nDTEND:" . datetime_convert('UTC','UTC', $ev['dtend'],'Ymd\\THis' . (($ev['adjust']) ? '\\Z' : '')); - if($ev['summary']) + if($ev['summary']) { $o .= "\r\nSUMMARY:" . format_ical_text($ev['summary']); - if($ev['location']) + $o .= "\r\nX-ZOT-SUMMARY:" . format_ical_sourcetext($ev['summary']); + } + if($ev['location']) { $o .= "\r\nLOCATION:" . format_ical_text($ev['location']); - if($ev['description']) + $o .= "\r\nX-ZOT-LOCATION:" . format_ical_sourcetext($ev['location']); + } + if($ev['description']) { $o .= "\r\nDESCRIPTION:" . format_ical_text($ev['description']); + $o .= "\r\nX-ZOT-DESCRIPTION:" . format_ical_sourcetext($ev['description']); + } if($ev['event_priority']) $o .= "\r\nPRIORITY:" . intval($ev['event_priority']); $o .= "\r\nUID:" . $ev['event_hash'] ; @@ -154,8 +160,10 @@ function format_todo_ical($ev) { $o .= "\r\nDTSTART:" . datetime_convert('UTC','UTC', $ev['dtstart'],'Ymd\\THis' . (($ev['adjust']) ? '\\Z' : '')); if($ev['dtend'] && ! $ev['nofinish']) $o .= "\r\nDUE:" . datetime_convert('UTC','UTC', $ev['dtend'],'Ymd\\THis' . (($ev['adjust']) ? '\\Z' : '')); - if($ev['summary']) + if($ev['summary']) { $o .= "\r\nSUMMARY:" . format_ical_text($ev['summary']); + $o .= "\r\nX-ZOT-SUMMARY:" . format_ical_sourcetext($ev['summary']); + } if($ev['event_status']) { $o .= "\r\nSTATUS:" . $ev['event_status']; if($ev['event_status'] === 'COMPLETED') @@ -165,10 +173,14 @@ function format_todo_ical($ev) { $o .= "\r\nPERCENT-COMPLETE:" . $ev['event_percent']; if(intval($ev['event_sequence'])) $o .= "\r\nSEQUENCE:" . $ev['event_sequence']; - if($ev['location']) + if($ev['location']) { $o .= "\r\nLOCATION:" . format_ical_text($ev['location']); - if($ev['description']) + $o .= "\r\nX-ZOT-LOCATION:" . format_ical_sourcetext($ev['location']); + } + if($ev['description']) { $o .= "\r\nDESCRIPTION:" . format_ical_text($ev['description']); + $o .= "\r\nX-ZOT-DESCRIPTION:" . format_ical_sourcetext($ev['description']); + } $o .= "\r\nUID:" . $ev['event_hash'] ; if($ev['event_priority']) $o .= "\r\nPRIORITY:" . intval($ev['event_priority']); @@ -178,7 +190,6 @@ function format_todo_ical($ev) { } - function format_ical_text($s) { require_once('include/bbcode.php'); require_once('include/html2plain.php'); @@ -186,6 +197,12 @@ function format_ical_text($s) { $s = html2plain(bbcode($s)); $s = str_replace(["\r\n","\n"],["",""],$s); return(wordwrap(str_replace(['\\',',',';'],['\\\\','\\,','\\;'],$s),72,"\r\n ",true)); + +} + +function format_ical_sourcetext($s) { + $s = base64_encode($s); + return(wordwrap(str_replace(['\\',',',';'],['\\\\','\\,','\\;'],$s),72,"\r\n ",true)); } @@ -623,12 +640,21 @@ function event_import_ical($ical, $uid) { $ev['edited'] = datetime_convert('UTC','UTC',$edited->format(\DateTime::W3C)); } - if(isset($ical->LOCATION)) + if(isset($ical->{'X-ZOT-LOCATION'})) + $ev['location'] = event_ical_get_sourcetext( (string) $ical->{'X-ZOT-LOCATION'}); + elseif(isset($ical->LOCATION)) $ev['location'] = (string) $ical->LOCATION; - if(isset($ical->DESCRIPTION)) + + if(isset($ical->{'X-ZOT-DESCRIPTION'})) + $ev['description'] = event_ical_get_sourcetext( (string) $ical->{'X-ZOT-DESCRIPTION'}); + elseif(isset($ical->DESCRIPTION)) $ev['description'] = (string) $ical->DESCRIPTION; - if(isset($ical->SUMMARY)) + + if(isset($ical->{'X-ZOT-SUMMARY'})) + $ev['summary'] = event_ical_get_sourcetext( (string) $ical->{'X-ZOT-SUMMARY'}); + elseif(isset($ical->SUMMARY)) $ev['summary'] = (string) $ical->SUMMARY; + if(isset($ical->PRIORITY)) $ev['event_priority'] = intval((string) $ical->PRIORITY); @@ -663,6 +689,10 @@ function event_import_ical($ical, $uid) { } +function event_ical_get_sourcetext($s) { + return base64_decode($s); +} + function event_import_ical_task($ical, $uid) { $c = q("select * from channel where channel_id = %d limit 1", @@ -718,12 +748,21 @@ function event_import_ical_task($ical, $uid) { $ev['edited'] = datetime_convert('UTC','UTC',$edited->format(\DateTime::W3C)); } - if(isset($ical->LOCATION)) + if(isset($ical->{'X-ZOT-LOCATION'})) + $ev['location'] = event_ical_get_sourcetext( (string) $ical->{'X-ZOT-LOCATION'}); + elseif(isset($ical->LOCATION)) $ev['location'] = (string) $ical->LOCATION; - if(isset($ical->DESCRIPTION)) + + if(isset($ical->{'X-ZOT-DESCRIPTION'})) + $ev['description'] = event_ical_get_sourcetext( (string) $ical->{'X-ZOT-DESCRIPTION'}); + elseif(isset($ical->DESCRIPTION)) $ev['description'] = (string) $ical->DESCRIPTION; - if(isset($ical->SUMMARY)) + + if(isset($ical->{'X-ZOT-SUMMARY'})) + $ev['summary'] = event_ical_get_sourcetext( (string) $ical->{'X-ZOT-SUMMARY'}); + elseif(isset($ical->SUMMARY)) $ev['summary'] = (string) $ical->SUMMARY; + if(isset($ical->PRIORITY)) $ev['event_priority'] = intval((string) $ical->PRIORITY); @@ -977,9 +1016,9 @@ function event_store_item($arr, $event) { // otherwise we'll fallback to /display/$message_id if($wall) - $item_arr['plink'] = z_root() . '/channel/' . $z[0]['channel_address'] . '/?f=&mid=' . $item_arr['mid']; + $item_arr['plink'] = z_root() . '/channel/' . $z[0]['channel_address'] . '/?f=&mid=' . urlencode($item_arr['mid']); else - $item_arr['plink'] = z_root() . '/display/' . $item_arr['mid']; + $item_arr['plink'] = z_root() . '/display/' . gen_link_id($item_arr['mid']); $x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($arr['event_xchan']) diff --git a/include/features.php b/include/features.php index 1ccdbf015..8ff0d2d21 100644 --- a/include/features.php +++ b/include/features.php @@ -157,6 +157,15 @@ function get_features($filtered = true) { feature_level('smart_birthdays',2), ], + [ + 'event_tz_select', + t('Event Timezone Selection'), + t('Allow event creation in timezones other than your own.'), + false, + get_config('feature_lock','event_tz_select'), + feature_level('event_tz_select',2), + ], + [ 'advanced_dirsearch', t('Advanced Directory Search'), diff --git a/include/feedutils.php b/include/feedutils.php index 1d58ec317..b122a8e4b 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -236,7 +236,7 @@ function get_atom_elements($feed, $item, &$author) { if(substr($author['author_link'],-1,1) == '/') $author['author_link'] = substr($author['author_link'],0,-1); - $res['mid'] = base64url_encode(unxmlify($item->get_id())); + $res['mid'] = unxmlify($item->get_id()); $res['title'] = unxmlify($item->get_title()); $res['body'] = unxmlify($item->get_content()); $res['plink'] = unxmlify($item->get_link(0)); @@ -331,6 +331,8 @@ function get_atom_elements($feed, $item, &$author) { } } + $ostatus_protocol = (($item->get_item_tags(NAMESPACE_OSTATUS,'conversation')) ? true : false); + $apps = $item->get_item_tags(NAMESPACE_STATUSNET,'notice_info'); if($apps && $apps[0]['attribs']['']['source']) { $res['app'] = strip_tags(unxmlify($apps[0]['attribs']['']['source'])); @@ -343,6 +345,8 @@ function get_atom_elements($feed, $item, &$author) { $have_real_body = false; $rawenv = $item->get_item_tags(NAMESPACE_DFRN, 'env'); + if(! $rawenv) + $rawenv = $item->get_item_tags(NAMESPACE_ZOT,'source'); if($rawenv) { $have_real_body = true; $res['body'] = $rawenv[0]['data']; @@ -388,7 +392,15 @@ function get_atom_elements($feed, $item, &$author) { $res['body'] = escape_tags($res['body']); } - if($res['plink'] && $res['title']) { + + // strip title and don't apply "title-in-body" if the feed involved + // uses the OStatus stack. We need a more generalised way for the calling + // function to specify this behaviour or for plugins to alter it. + + if($ostatus_protocol) { + $res['title'] = ''; + } + elseif($res['plink'] && $res['title']) { $res['body'] = '#^[url=' . $res['plink'] . ']' . $res['title'] . '[/url]' . "\n\n" . $res['body']; $terms = array(); $terms[] = array( @@ -623,14 +635,16 @@ function get_atom_elements($feed, $item, &$author) { $res['target'] = $obj; } - $arr = array('feed' => $feed, 'item' => $item, 'result' => $res); + + $arr = array('feed' => $feed, 'item' => $item, 'author' => $author, 'result' => $res); call_hooks('parse_atom', $arr); - logger('get_atom_elements: author: ' . print_r($author,true),LOGGER_DATA); - logger('get_atom_elements: ' . print_r($res,true),LOGGER_DATA); + logger('get_atom_elements: author: ' . print_r($arr['author'],true),LOGGER_DATA); + + logger('get_atom_elements: ' . print_r($arr['result'],true),LOGGER_DATA); - return $res; + return $arr['result']; } function encode_rel_links($links) { @@ -718,7 +732,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { foreach($del_entries as $dentry) { $deleted = false; if(isset($dentry['attribs']['']['ref'])) { - $mid = $dentry['attribs']['']['ref']; + $mid = normalise_id($dentry['attribs']['']['ref']); $deleted = true; if(isset($dentry['attribs']['']['when'])) { $when = $dentry['attribs']['']['when']; @@ -730,7 +744,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { if($deleted && is_array($contact)) { $r = q("SELECT * from item where mid = '%s' and author_xchan = '%s' and uid = %d limit 1", - dbesc(base64url_encode($mid)), + dbesc($mid), dbesc($contact['xchan_hash']), intval($importer['channel_id']) ); @@ -739,7 +753,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { $item = $r[0]; if(! intval($item['item_deleted'])) { - logger('consume_feed: deleting item ' . $item['id'] . ' mid=' . base64url_decode($item['mid']), LOGGER_DEBUG); + logger('consume_feed: deleting item ' . $item['id'] . ' mid=' . $item['mid'], LOGGER_DEBUG); drop_item($item['id'],false); } } @@ -758,14 +772,14 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { foreach($items as $item) { $is_reply = false; - $item_id = base64url_encode($item->get_id()); + $item_id = normalise_id($item->get_id()); - logger('consume_feed: processing ' . $item_id, LOGGER_DEBUG); + logger('consume_feed: processing ' . $raw_item_id, LOGGER_DEBUG); $rawthread = $item->get_item_tags( NAMESPACE_THREAD,'in-reply-to'); if(isset($rawthread[0]['attribs']['']['ref'])) { $is_reply = true; - $parent_mid = base64url_encode($rawthread[0]['attribs']['']['ref']); + $parent_mid = normalise_id($rawthread[0]['attribs']['']['ref']); } if($is_reply) { @@ -775,7 +789,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { // Have we seen it? If not, import it. - $item_id = base64url_encode($item->get_id()); + $item_id = normalise_id($item->get_id()); $author = array(); $datarray = get_atom_elements($feed,$item,$author); @@ -824,7 +838,16 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { continue; } + $x = q("select mid from item where mid = '%s' and uid = %d limit 1", + dbesc($parent_mid), + intval($importer['channel_id']) + ); + if($x) + $parent_mid = $x[0]['mid']; + $datarray['parent_mid'] = $parent_mid; + + $datarray['aid'] = $importer['channel_account_id']; $datarray['uid'] = $importer['channel_id']; @@ -838,7 +861,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { // Head post of a conversation. Have we seen it? If not, import it. - $item_id = base64url_encode($item->get_id()); + $item_id = normalise_id($item->get_id()); $author = array(); $datarray = get_atom_elements($feed,$item,$author); @@ -943,6 +966,11 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { } +function normalise_id($id) { + return str_replace('X-ZOT:','',$id); +} + + /** * @brief Process atom feed and return the first post and structure * @@ -983,14 +1011,14 @@ function process_salmon_feed($xml, $importer) { foreach($items as $item) { - $item_id = base64url_encode($item->get_id()); + $item_id = normalise_id($item->get_id()); logger('processing ' . $item_id, LOGGER_DEBUG); $rawthread = $item->get_item_tags( NAMESPACE_THREAD,'in-reply-to'); if(isset($rawthread[0]['attribs']['']['ref'])) { $is_reply = true; - $parent_mid = base64url_encode($rawthread[0]['attribs']['']['ref']); + $parent_mid = normalise_id($rawthread[0]['attribs']['']['ref']); } if($is_reply) @@ -1159,7 +1187,8 @@ function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) { if(($item['parent'] != $item['id']) || ($item['parent_mid'] !== $item['mid']) || (($item['thr_parent'] !== '') && ($item['thr_parent'] !== $item['mid']))) { $parent_item = (($item['thr_parent']) ? $item['thr_parent'] : $item['parent_mid']); - $o .= '<thr:in-reply-to ref="' . z_root() . '/display/' . xmlify($parent_item) . '" type="text/html" href="' . xmlify($item['plink']) . '" />' . "\r\n"; + $o .= '<thr:in-reply-to ref="' . 'X-ZOT:' . xmlify($parent_item) . '" type="text/html" href="' . xmlify($item['plink']) . '" />' . "\r\n"; + } if(activity_match($item['obj_type'],ACTIVITY_OBJ_EVENT) && activity_match($item['verb'],ACTIVITY_POST)) { @@ -1177,7 +1206,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) { $o .= '<content type="' . $type . '" >' . xmlify(prepare_text($body,$item['mimetype'])) . '</content>' . "\r\n"; } - $o .= '<id>' . z_root() . '/display/' . xmlify($item['mid']) . '</id>' . "\r\n"; + $o .= '<id>' . 'X-ZOT:' . xmlify($item['mid']) . '</id>' . "\r\n"; $o .= '<published>' . xmlify(datetime_convert('UTC','UTC',$item['created'] . '+00:00',ATOM_TIME)) . '</published>' . "\r\n"; $o .= '<updated>' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '</updated>' . "\r\n"; @@ -1206,26 +1235,68 @@ function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) { if(strlen($actarg)) $o .= $actarg; - // FIXME -// $tags = item_getfeedtags($item); -// if(count($tags)) { -// foreach($tags as $t) { -// $o .= '<category scheme="X-DFRN:' . xmlify($t[0]) . ':' . xmlify($t[1]) . '" term="' . xmlify($t[2]) . '" />' . "\r\n"; -// } -// } -// FIXME -// $o .= item_getfeedattach($item); + if($item['attach']) { + $enclosures = json_decode($item['attach'],true); + if($enclosures) { + foreach($enclosures as $enc) { + $o .= '<link rel="enclosure" ' + . (($enc['href']) ? 'href="' . $enc['href'] . '" ' : '') + . (($enc['length']) ? 'length="' . $enc['length'] . '" ' : '') + . (($enc['type']) ? 'type="' . $enc['type'] . '" ' : '') + . ' />'; + } + } + } -// $mentioned = get_mentions($item,$tags); -// if($mentioned) -// $o .= $mentioned; + if($item['term']) { + foreach($item['term'] as $term) { + $scheme = ''; + $label = ''; + switch($term['ttype']) { + case TERM_UNKNOWN: + $scheme = NAMESPACE_ZOT . '/term/unknown'; + $label = $term['term']; + break; + case TERM_HASHTAG: + case TERM_COMMUNITYTAG: + $scheme = NAMESPACE_ZOT . '/term/hashtag'; + $label = '#' . $term['term']; + break; + case TERM_MENTION: + $scheme = NAMESPACE_ZOT . '/term/mention'; + $label = '@' . $term['term']; + break; + case TERM_CATEGORY: + $scheme = NAMESPACE_ZOT . '/term/category'; + $label = $term['term']; + break; + default: + break; + } + if(! $scheme) + continue; - call_hooks('atom_entry', $o); + $o .= '<category scheme="' . $scheme . '" term="' . $term['term'] . '" label="' . $label . '" />' . "\r\n"; + } + } $o .= '</entry>' . "\r\n"; - return $o; + $x = [ + 'item' => $item, + 'type' => $type, + 'author' => $author, + 'owner' => $owner, + 'comment' => $comment, + 'abook_id' => $cid, + 'entry' => $o + ]; + + + call_hooks('atom_entry', $x); + + return $x['entry']; } diff --git a/include/help.php b/include/help.php index f7fffc4d4..6e779f000 100644 --- a/include/help.php +++ b/include/help.php @@ -15,7 +15,7 @@ function get_help_content($tocpath = false) { $text = ''; $path = (($tocpath !== false) ? $tocpath : ''); - + if($tocpath === false && argc() > 1) { $path = ''; for($x = 1; $x < argc(); $x ++) { @@ -55,6 +55,7 @@ function get_help_content($tocpath = false) { if(! $text) { $doctype = 'bbcode'; $text = load_doc_file('doc/main.bb'); + goaway('/help/about/about_hubzilla'); \App::$page['title'] = t('Help'); } @@ -68,7 +69,7 @@ function get_help_content($tocpath = false) { } if($doctype === 'html') - $content = $text; + $content = parseIdentityAwareHTML($text); if($doctype === 'markdown') { require_once('library/markdown.php'); # escape #include tags @@ -78,7 +79,7 @@ function get_help_content($tocpath = false) { } if($doctype === 'bbcode') { require_once('include/bbcode.php'); - $content = bbcode($text); + $content = zidify_links(bbcode($text)); // bbcode retargets external content to new windows. This content is internal. $content = str_replace(' target="_blank"', '', $content); } @@ -94,7 +95,7 @@ function preg_callback_help_include($matches) { $include = str_replace($matches[0],load_doc_file($matches[1]),$matches[0]); if(preg_match('/\.bb$/', $matches[1]) || preg_match('/\.txt$/', $matches[1])) { require_once('include/bbcode.php'); - $include = bbcode($include); + $include = zidify_links(bbcode($include)); $include = str_replace(' target="_blank"','',$include); } elseif(preg_match('/\.md$/', $matches[1])) { diff --git a/include/html2plain.php b/include/html2plain.php index 2f5be7f69..979354079 100644 --- a/include/html2plain.php +++ b/include/html2plain.php @@ -113,7 +113,7 @@ function html2plain($html, $wraplength = 75, $compact = false) $xpath = new DomXPath($doc); $list = $xpath->query("//pre"); foreach ($list as $node) { - $node->nodeValue = str_replace("\n", "\r", $node->nodeValue); + $node->nodeValue = str_replace("\n", "\r", htmlspecialchars($node->nodeValue)); } $message = $doc->saveHTML(); diff --git a/include/hubloc.php b/include/hubloc.php index 17f921f67..6f81ea31f 100644 --- a/include/hubloc.php +++ b/include/hubloc.php @@ -200,6 +200,14 @@ function xchan_store($arr) { if(! $arr['photo']) $arr['photo'] = z_root() . '/' . get_default_profile_photo(); + + if($arr['network'] === 'zot') { + if((! $arr['key']) || (! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key']))) { + logger('Unable to verify signature for ' . $arr['hash']); + return false; + } + } + $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_addr, xchan_url, xchan_connurl, xchan_follow, xchan_connpage, xchan_name, xchan_network, xchan_instance_url, xchan_hidden, xchan_orphan, xchan_censored, xchan_selfcensored, xchan_system, xchan_pubforum, xchan_deleted, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s','%s','%s','%s',%d, %d, %d, %d, %d, %d, %d, '%s') ", dbesc($arr['hash']), dbesc($arr['guid']), diff --git a/include/import.php b/include/import.php index 0d8398acb..d19d056b3 100644 --- a/include/import.php +++ b/include/import.php @@ -86,7 +86,7 @@ function import_channel($channel, $account_id, $seize) { } if(! $r) { - logger('mod_import: channel clone failed. ', print_r($channel,true)); + logger('mod_import: channel clone failed. ' . print_r($channel,true)); notice( t('Channel clone failed. Import failed.') . EOL); return false; } @@ -96,7 +96,7 @@ function import_channel($channel, $account_id, $seize) { $channel['channel_guid'] // Already dbesc'd ); if(! $r) { - logger('mod_import: channel not found. ', print_r($channel,true)); + logger('mod_import: channel not found. ' . print_r($channel,true)); notice( t('Cloned channel not found. Import failed.') . EOL); return false; } @@ -155,7 +155,7 @@ function import_profiles($channel,$profiles) { } -function import_hublocs($channel,$hublocs,$seize) { +function import_hublocs($channel,$hublocs,$seize,$moving = false) { if($channel && $hublocs) { foreach($hublocs as $hubloc) { @@ -173,19 +173,32 @@ function import_hublocs($channel,$hublocs,$seize) { $hubloc['hubloc_deleted'] = (($hubloc['hubloc_flags'] & 0x1000) ? 1 : 0); } + if($moving && $hubloc['hubloc_hash'] === $channel['channel_hash'] && $hubloc['hubloc_url'] !== z_root()) { + $hubloc['hubloc_deleted'] = 1; + } + $arr = array( 'guid' => $hubloc['hubloc_guid'], 'guid_sig' => $hubloc['hubloc_guid_sig'], 'url' => $hubloc['hubloc_url'], - 'url_sig' => $hubloc['hubloc_url_sig'] + 'url_sig' => $hubloc['hubloc_url_sig'], + 'sitekey' => ((array_key_exists('hubloc_sitekey',$hubloc)) ? $hubloc['hubloc_sitekey'] : '') ); if(($hubloc['hubloc_hash'] === $channel['channel_hash']) && intval($hubloc['hubloc_primary']) && ($seize)) $hubloc['hubloc_primary'] = 0; - if(! zot_gethub($arr)) { + if(($x = zot_gethub($arr,false)) === false) { unset($hubloc['hubloc_id']); create_table_from_array('hubloc',$hubloc); } + else { + q("UPDATE hubloc set hubloc_primary = %d, hubloc_deleted = %d where hubloc_id = %d", + intval($hubloc['hubloc_primary']), + intval($hubloc['hubloc_deleted']), + intval($x['hubloc_id']) + ); + + } } } } diff --git a/include/items.php b/include/items.php index 4ac4d6049..e4ead28c8 100755 --- a/include/items.php +++ b/include/items.php @@ -302,7 +302,7 @@ function add_source_route($iid, $hash) { * * \e boolean \b success true or false * * \e array \b activity the resulting activity if successful */ -function post_activity_item($arr) { +function post_activity_item($arr,$allow_code = false,$deliver = true) { $ret = array('success' => false); @@ -367,7 +367,7 @@ function post_activity_item($arr) { $arr['comment_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments')); if ((! $arr['plink']) && (intval($arr['item_thread_top']))) { - $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; + $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']); } @@ -382,11 +382,11 @@ function post_activity_item($arr) { return $ret; } - $post = item_store($arr); + $post = item_store($arr,$allow_code,$deliver); if($post['success']) $post_id = $post['item_id']; - if($post_id) { + if($post_id && $deliver) { $arr['id'] = $post_id; call_hooks('post_local_end', $arr); Zotlabs\Daemon\Master::Summon(array('Notifier','activity',$post_id)); @@ -1463,6 +1463,11 @@ function item_store($arr, $allow_exec = false, $deliver = true) { $ret = array('success' => false, 'item_id' => 0); + if(array_key_exists('cancel',$arr) && $arr['cancel']) { + logger('cancelled by plugin'); + return $ret; + } + if(! $arr['uid']) { logger('item_store: no uid'); $ret['message'] = 'No uid.'; @@ -1522,7 +1527,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) { // apply the input filter here - if it is obscured it has been filtered already $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); - if(local_channel() && (! $arr['sig'])) { + if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) { $channel = App::get_channel(); if($channel['channel_hash'] === $arr['author_xchan']) { $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey'])); @@ -1559,8 +1564,11 @@ function item_store($arr, $allow_exec = false, $deliver = true) { $arr['attach'] = json_encode($arr['attach']); } - $arr['aid'] = ((x($arr,'aid')) ? intval($arr['aid']) : 0); - $arr['mid'] = ((x($arr,'mid')) ? notags(trim($arr['mid'])) : random_string()); + $arr['aid'] = ((x($arr,'aid')) ? intval($arr['aid']) : 0); + $arr['mid'] = ((x($arr,'mid')) ? notags(trim($arr['mid'])) : random_string()); + $arr['revision'] = ((x($arr,'revision') && intval($arr['revision']) > 0) ? intval($arr['revision']) : 0); +logger('revision: ' . $arr['revision']); + $arr['author_xchan'] = ((x($arr,'author_xchan')) ? notags(trim($arr['author_xchan'])) : ''); $arr['owner_xchan'] = ((x($arr,'owner_xchan')) ? notags(trim($arr['owner_xchan'])) : ''); $arr['created'] = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert()); @@ -1616,7 +1624,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) { if($d2 > $d1) $arr['item_delayed'] = 1; - $arr['llink'] = z_root() . '/display/' . $arr['mid']; + $arr['llink'] = z_root() . '/display/' . gen_link_id($arr['mid']); if(! $arr['plink']) $arr['plink'] = $arr['llink']; @@ -1721,9 +1729,10 @@ function item_store($arr, $allow_exec = false, $deliver = true) { if($parent_deleted) $arr['item_deleted'] = 1; - $r = q("SELECT id FROM item WHERE mid = '%s' AND uid = %d LIMIT 1", + $r = q("SELECT id FROM item WHERE mid = '%s' AND uid = %d and revision = %d LIMIT 1", dbesc($arr['mid']), - intval($arr['uid']) + intval($arr['uid']), + intval($arr['revision']) ); if($r) { logger('item_store: duplicate item ignored. ' . print_r($arr,true)); @@ -1778,9 +1787,10 @@ function item_store($arr, $allow_exec = false, $deliver = true) { // find the item we just created - $r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d ORDER BY id ASC ", + $r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d and revision = %d ORDER BY id ASC ", $arr['mid'], // already dbesc'd - intval($arr['uid']) + intval($arr['uid']), + intval($arr['revision']) ); if($r && count($r)) { @@ -1808,6 +1818,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) { $x = q("update item set parent = id where id = %d", intval($r[0]['id']) ); + $arr['parent'] = $r[0]['id']; } @@ -1841,18 +1852,22 @@ function item_store($arr, $allow_exec = false, $deliver = true) { call_hooks('post_remote_end',$arr); - // update the commented timestamp on the parent + // update the commented timestamp on the parent - unless this is potentially a clone of an older item + // which we don't wish to bring to the surface. As the queue only holds deliveries for 3 days, it's + // suspected of being an older cloned item if the creation time is older than that. - $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", - dbesc($arr['parent_mid']), - intval($arr['uid']) - ); + if($arr['created'] > datetime_convert('','','now - 4 days')) { + $z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ", + dbesc($arr['parent_mid']), + intval($arr['uid']) + ); - q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", - dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), - dbesc(datetime_convert()), - intval($parent_id) - ); + q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d", + dbesc(($z) ? $z[0]['commented'] : (datetime_convert())), + dbesc(datetime_convert()), + intval($parent_id) + ); + } // If _creating_ a deleted item, don't propagate it further or send out notifications. @@ -1881,6 +1896,12 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { $allow_exec = $d['allow_exec']; $ret = array('success' => false, 'item_id' => 0); + + if(array_key_exists('cancel',$arr) && $arr['cancel']) { + logger('cancelled by plugin'); + return $ret; + } + if(! intval($arr['uid'])) { logger('item_store_update: no uid'); $ret['message'] = 'no uid.'; @@ -1928,7 +1949,7 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { // apply the input filter here - if it is obscured it has been filtered already $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); - if(local_channel() && (! $arr['sig'])) { + if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) { $channel = App::get_channel(); if($channel['channel_hash'] === $arr['author_xchan']) { $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey'])); @@ -1980,6 +2001,8 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { $arr['edited'] = ((x($arr,'edited') !== false) ? datetime_convert('UTC','UTC',$arr['edited']) : datetime_convert()); $arr['expires'] = ((x($arr,'expires') !== false) ? datetime_convert('UTC','UTC',$arr['expires']) : $orig[0]['expires']); + $arr['revision'] = ((x($arr,'revision') && $arr['revision'] > 0) ? intval($arr['revision']) : 0); + if(array_key_exists('comments_closed',$arr) && $arr['comments_closed'] > NULL_DATE) $arr['comments_closed'] = datetime_convert('UTC','UTC',$arr['comments_closed']); else @@ -1987,20 +2010,8 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { $arr['commented'] = $orig[0]['commented']; - if($deliver) { - $arr['received'] = datetime_convert(); - $arr['changed'] = datetime_convert(); - } - else { - - // When deliver flag is false, we are *probably* performing an import or bulk migration. - // If one updates the changed timestamp it will be made available to zotfeed and delivery - // will still take place through backdoor methods. Since these fields are rarely used - // otherwise, just preserve the original timestamp. - - $arr['received'] = $orig[0]['received']; - $arr['changed'] = $orig[0]['changed']; - } + $arr['received'] = $orig[0]['received']; + $arr['changed'] = $orig[0]['changed']; $arr['route'] = ((array_key_exists('route',$arr)) ? trim($arr['route']) : $orig[0]['route']); $arr['diaspora_meta'] = ((x($arr,'diaspora_meta')) ? $arr['diaspora_meta'] : $orig[0]['diaspora_meta']); @@ -2268,7 +2279,7 @@ function send_status_notifications($post_id,$item) { if($unfollowed) return; - $link = z_root() . '/display/' . $item['mid']; + $link = z_root() . '/display/' . gen_link_id($item['mid']); $y = q("select id from notify where link = '%s' and uid = %d limit 1", dbesc($link), @@ -3968,8 +3979,8 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C $sql_nets .= "( abook.abook_closeness >= " . intval($arr['cmin']) . " "; $sql_nets .= " AND abook.abook_closeness <= " . intval($arr['cmax']) . " ) "; - /** @fixme dead code, $cmax is undefined */ - if ($cmax == 99) + + if ($arr['cmax'] == 99) $sql_nets .= " OR abook.abook_closeness IS NULL ) "; } } @@ -4104,25 +4115,21 @@ function webpage_to_namespace($webpage) { function update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid) { - $page_type = ''; - if(! $post_id) return; - if($webpage == ITEM_TYPE_WEBPAGE) - $page_type = 'WEBPAGE'; - elseif($webpage == ITEM_TYPE_BLOCK) - $page_type = 'BUILDBLOCK'; - elseif($webpage == ITEM_TYPE_PDL) - $page_type = 'PDL'; - elseif($webpage == ITEM_TYPE_DOC) - $page_type = 'docfile'; - elseif($namespace && $remote_id) { + $page_type = webpage_to_namespace($webpage); + + if($page_type == 'unknown' && $namespace && $remote_id) { $page_type = $namespace; $pagetitle = $remote_id; } + else { + $page_type = ''; + } if($page_type) { + // store page info as an alternate message_id so we can access it via // https://sitename/page/$channelname/$pagetitle // if no pagetitle was given or it couldn't be transliterated into a url, use the first @@ -4463,9 +4470,9 @@ function item_create_edit_activity($post) { $new_item['verb'] = ACTIVITY_UPDATE; $new_item['item_thread_top'] = 0; $new_item['created'] = $new_item['edited'] = datetime_convert(); - + $new_item['obj_type'] = (($update_item['item_thread_top']) ? ACTIVITY_OBJ_NOTE : ACTIVITY_OBJ_COMMENT); $new_item['obj'] = json_encode(array( - 'type' => (($update_item['item_thread_top']) ? ACTIVITY_OBJ_NOTE : ACTIVITY_OBJ_COMMENT), + 'type' => $new_item['obj_type'], 'id' => $update_item['mid'], 'parent' => $update_item['parent_mid'], 'link' => array(array('rel' => 'alternate','type' => 'text/html', 'href' => $update_item['plink'])), diff --git a/include/menu.php b/include/menu.php index b54ff7f9e..4add78c39 100644 --- a/include/menu.php +++ b/include/menu.php @@ -102,7 +102,7 @@ function menu_render($menu, $class='', $edit = false, $var = array()) { if($menu['items'][$x]['mitem_flags'] & MENU_ITEM_NEWWIN) $menu['items'][$x]['newwin'] = '1'; - $menu['items'][$x]['mitem_desc'] = bbcode($menu['items'][$x]['mitem_desc']); + $menu['items'][$x]['mitem_desc'] = zidify_links(smilies(bbcode($menu['items'][$x]['mitem_desc']))); } $wrap = (($var['wrap'] === 'none') ? false : true); diff --git a/include/message.php b/include/message.php index 7cbea3c6b..bde07afd8 100644 --- a/include/message.php +++ b/include/message.php @@ -8,7 +8,7 @@ require_once('include/attach.php'); // send a private message -function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='',$expires = ''){ +function send_message($uid = 0, $recipient = '', $body = '', $subject = '', $replyto = '', $expires = NULL_DATE) { $ret = array('success' => false); $is_reply = false; @@ -16,19 +16,6 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $a = get_app(); $observer_hash = get_observer_hash(); - if(! $recipient) { - $ret['message'] = t('No recipient provided.'); - return $ret; - } - - if(! strlen($subject)) - $subject = t('[no subject]'); - -// if(! $expires) -// $expires = NULL_DATE; -// else -// $expires = datetime_convert(date_default_timezone_get(),'UTC',$expires); - if($uid) { $r = q("select * from channel where channel_id = %d limit 1", @@ -47,6 +34,46 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' } + $body = cleanup_bbcode($body); + $results = linkify_tags($a, $body, $uid); + + + if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$match)) + $attaches = $match[1]; + + $attachments = ''; + + if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { + $attachments = array(); + foreach($match[2] as $mtch) { + $hash = substr($mtch,0,strpos($mtch,',')); + $rev = intval(substr($mtch,strpos($mtch,','))); + $r = attach_by_hash_nodata($hash,get_observer_hash(),$rev); + if($r['success']) { + $attachments[] = array( + 'href' => z_root() . '/attach/' . $r['data']['hash'], + 'length' => $r['data']['filesize'], + 'type' => $r['data']['filetype'], + 'title' => urlencode($r['data']['filename']), + 'revision' => $r['data']['revision'] + ); + } + $body = trim(str_replace($match[1],'',$body)); + } + } + + $jattach = (($attachments) ? json_encode($attachments) : ''); + + + if(! $recipient) { + $ret['message'] = t('No recipient provided.'); + return $ret; + } + + if(! strlen($subject)) + $subject = t('[no subject]'); + + // look for any existing conversation structure $conv_guid = ''; @@ -156,31 +183,6 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $match = false; - if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$match)) - $attaches = $match[1]; - - $attachments = ''; - - if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) { - $attachments = array(); - foreach($match[2] as $mtch) { - $hash = substr($mtch,0,strpos($mtch,',')); - $rev = intval(substr($mtch,strpos($mtch,','))); - $r = attach_by_hash_nodata($hash,get_observer_hash(),$rev); - if($r['success']) { - $attachments[] = array( - 'href' => z_root() . '/attach/' . $r['data']['hash'], - 'length' => $r['data']['filesize'], - 'type' => $r['data']['filetype'], - 'title' => urlencode($r['data']['filename']), - 'revision' => $r['data']['revision'] - ); - } - $body = trim(str_replace($match[1],'',$body)); - } - } - - $jattach = (($attachments) ? json_encode($attachments) : ''); if($subject) $subject = str_rot47(base64url_encode($subject)); diff --git a/include/nav.php b/include/nav.php index c2a058457..6ad43c909 100644 --- a/include/nav.php +++ b/include/nav.php @@ -1,6 +1,8 @@ <?php /** @file */ -function nav(&$a) { +use \Zotlabs\Lib as Zlib; + +function nav() { /** * @@ -12,8 +14,8 @@ function nav(&$a) { App::$page['nav'] = ''; $base = z_root(); - App::$page['htmlhead'] .= <<< EOT + App::$page['htmlhead'] .= <<< EOT <script>$(document).ready(function() { $("#nav-search-text").search_autocomplete('$base/acl'); }); @@ -21,8 +23,6 @@ function nav(&$a) { </script> EOT; - - if(local_channel()) { $channel = App::get_channel(); $observer = App::get_observer(); @@ -108,7 +108,7 @@ EOT; if(feature_enabled($channel['channel_id'],'webpages') && (! $basic)) $nav['usermenu'][] = Array('webpages/' . $channel['channel_address'],t('Webpages'),"",t('Your webpages'),'webpages_nav_btn'); if(feature_enabled($channel['channel_id'],'wiki') && (! $basic)) - $nav['usermenu'][] = Array('wiki/' . $channel['channel_address'],t('Wiki'),"",t('Your wiki'),'wiki_nav_btn'); + $nav['usermenu'][] = Array('wiki/' . $channel['channel_address'],t('Wikis'),"",t('Your wikis'),'wiki_nav_btn'); } else { if(! get_account_id()) { @@ -127,26 +127,24 @@ EOT; ); } - if($observer) { - $nav['lock'] = array('logout','','lock', - sprintf( t('%s - click to logout'), $observer['xchan_addr'])); - } elseif(! $_SESSION['authenticated']) { $nav['loginmenu'][] = Array('rmagic',t('Remote authentication'),'',t('Click to authenticate to your home hub'),'rmagic_nav_btn'); } - /** - * "Home" should also take you home from an authenticated remote profile connection - */ - $homelink = get_my_url(); if(! $homelink) { $observer = App::get_observer(); $homelink = (($observer) ? $observer['xchan_url'] : ''); } - if(! local_channel()) - $nav['home'] = array($homelink, t('Home'), "", t('Home Page'),'home_nav_btn'); + if(! local_channel()) { + $nav['rusermenu'] = array( + $homelink, + t('Get me home'), + 'logout', + t('Log me out of this site') + ); + } if(((get_config('system','register_policy') == REGISTER_OPEN) || (get_config('system','register_policy') == REGISTER_APPROVE)) && (! $_SESSION['authenticated'])) $nav['register'] = array('register',t('Register'), "", t('Create an account'),'register_nav_btn'); @@ -236,16 +234,41 @@ EOT; $x = array('nav' => $nav, 'usermenu' => $userinfo ); call_hooks('nav', $x); -// Not sure the best place to put this on the page. So I'm implementing it but leaving it -// turned off until somebody discovers this and figures out a good location for it. -$powered_by = ''; + // Not sure the best place to put this on the page. So I'm implementing it but leaving it + // turned off until somebody discovers this and figures out a good location for it. + $powered_by = ''; + + // $powered_by = '<strong>red<img class="smiley" src="' . z_root() . '/images/rm-16.png" alt="r#" />matrix</strong>'; + + + //app bin + $navapps = ''; + if(get_config('system','experimental_app_bin')) { + if(local_channel()) { + //Zlib\Apps::import_system_apps(); + $syslist = array(); + $list = Zlib\Apps::app_list(local_channel(), false, $_GET['cat']); + if($list) { + foreach($list as $li) { + $syslist[] = Zlib\Apps::app_encode($li); + } + } + Zlib\Apps::translate_system_apps($syslist); + } + else { + $syslist = Zlib\Apps::get_system_apps(true); + } -// $powered_by = '<strong>red<img class="smiley" src="' . z_root() . '/images/rm-16.png" alt="r#" />matrix</strong>'; + $navapps = replace_macros(get_markup_template('navapps.tpl'), array( + '$apps' => $syslist + )); + } $tpl = get_markup_template('nav.tpl'); App::$page['nav'] .= replace_macros($tpl, array( '$baseurl' => z_root(), + '$fulldocs' => t('Documentation'), '$sitelocation' => $sitelocation, '$nav' => $x['nav'], '$banner' => $banner, @@ -255,10 +278,10 @@ $powered_by = ''; '$sel' => App::$nav_sel, '$powered_by' => $powered_by, '$help' => t('@name, #tag, ?doc, content'), - '$pleasewait' => t('Please wait...') + '$pleasewait' => t('Please wait...'), + '$navapps' => $navapps )); - if(x($_SESSION, 'reload_avatar') && $observer) { // The avatar has been changed on the server but the browser doesn't know that, // force the browser to reload the image from the server instead of its cache. diff --git a/include/network.php b/include/network.php index fe360c425..d571ec2ce 100644 --- a/include/network.php +++ b/include/network.php @@ -59,7 +59,7 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) { if(x($opts,'filep')) { @curl_setopt($ch, CURLOPT_FILE, $opts['filep']); - @curl_setopt($ch, CURLOPT_HEADER, $false); + @curl_setopt($ch, CURLOPT_HEADER, false); } if(x($opts,'upload')) @@ -87,7 +87,7 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) { @curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']); } else { - $curl_time = intval(get_config('system','curl_timeout')); + $curl_time = intval(@get_config('system','curl_timeout')); @curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); } @@ -107,7 +107,7 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) { @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, ((x($opts,'novalidate') && intval($opts['novalidate'])) ? false : true)); - $prx = get_config('system','proxy'); + $prx = @get_config('system','proxy'); if(strlen($prx)) { @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); @curl_setopt($ch, CURLOPT_PROXY, $prx); @@ -226,7 +226,7 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { if(x($opts,'filep')) { @curl_setopt($ch, CURLOPT_FILE, $opts['filep']); - @curl_setopt($ch, CURLOPT_HEADER, $false); + @curl_setopt($ch, CURLOPT_HEADER, false); } if(x($opts,'headers')) { @@ -246,7 +246,7 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) { @curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']); } else { - $curl_time = intval(get_config('system','curl_timeout')); + $curl_time = intval(@get_config('system','curl_timeout')); @curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); } @@ -714,6 +714,10 @@ function scale_external_images($s, $include_link = true, $scale_replace = false) if($i['success']) { $ph = photo_factory($i['body'], $type); + + if(! is_object($ph)) + continue; + if($ph->is_valid()) { $orig_width = $ph->getWidth(); $orig_height = $ph->getHeight(); diff --git a/include/oembed.php b/include/oembed.php index 52fb04058..36395cfbc 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -104,7 +104,7 @@ function oembed_action($embedurl) { function oembed_process($url) { $j = oembed_fetch_url($url); - logger('oembed_process: ' . print_r($j,true)); + logger('oembed_process: ' . print_r($j,true), LOGGER_DATA, LOG_DEBUG); if($j && $j['type'] !== 'error') return '[embed]' . $url . '[/embed]'; return false; @@ -135,19 +135,15 @@ function oembed_fetch_url($embedurl){ // we should try to cache this and avoid a lookup on each render $zrl = is_matrix_url($embedurl); + $furl = ((local_channel() && $zrl) ? zid($embedurl) : $embedurl); + if($action !== 'block') { - $txt = Zlib\Cache::get('[' . App::$videowidth . '] ' . $embedurl); + $txt = Zlib\Cache::get('[' . App::$videowidth . '] ' . $furl); } if(is_null($txt)) { $txt = ""; - $furl = $embedurl; - - logger('local_channel: ' . local_channel()); - - if(local_channel() && $zrl) - $furl = zid($furl); if ($action !== 'block') { // try oembed autodiscovery @@ -206,11 +202,10 @@ function oembed_fetch_url($embedurl){ //save in cache if(! get_config('system','oembed_cache_disable')) - Zlib\Cache::set('[' . App::$videowidth . '] ' . $embedurl,$txt); + Zlib\Cache::set('[' . App::$videowidth . '] ' . $furl, $txt); } - $j = json_decode($txt,true); if(! $j) @@ -338,7 +333,7 @@ function oembed_iframe($src,$width,$height) { // Make sure any children are sandboxed within their own iframe. - return '<iframe ' . $scroll . 'height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' + return '<iframe ' . $scroll . 'height="' . $height . '" width="' . $width . '" src="' . $s . '" allowfullscreen frameborder="no" >' . t('Embedded content') . '</iframe>'; } diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index af4fd0a30..c8b3c3782 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -11,8 +11,10 @@ function photo_factory($data, $type = null) { 'image/svg+xml' ); - if($type && in_array(strtolower($type),$unsupported_types)) + if($type && in_array(strtolower($type),$unsupported_types)) { + logger('photo_factory: unsupported image type'); return null; + } $ignore_imagick = get_config('system', 'ignore_imagick'); diff --git a/include/photos.php b/include/photos.php index 5e4d755e3..55cc2d945 100644 --- a/include/photos.php +++ b/include/photos.php @@ -402,7 +402,7 @@ function photo_upload($channel, $observer, $args) { $arr['item_origin'] = 1; $arr['item_thread_top'] = 1; $arr['item_private'] = intval($acl->is_private()); - $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; + $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']); $arr['body'] = $summary; @@ -464,10 +464,15 @@ function photos_albums_list($channel, $observer, $sort_key = 'album', $direction $sort_key = dbesc($sort_key); $direction = dbesc($direction); - $albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and photo_usage IN ( %d, %d ) $sql_extra group by album order by $sort_key $direction", - intval($channel_id), - intval(PHOTO_NORMAL), - intval(PHOTO_PROFILE) + //$albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and photo_usage IN ( %d, %d ) $sql_extra group by album order by $sort_key $direction", + // intval($channel_id), + // intval(PHOTO_NORMAL), + // intval(PHOTO_PROFILE) + //); + + // this query provides the same results but might perform better + $albums = q("SELECT count( distinct resource_id ) as total, album from photo where uid = %d and os_storage = 1 $sql_extra group by album order by $sort_key $direction", + intval($channel_id) ); // add various encodings to the array so we can just loop through and pick them out in a template @@ -480,6 +485,7 @@ function photos_albums_list($channel, $observer, $sort_key = 'album', $direction foreach($albums as $k => $album) { $entry = array( 'text' => (($album['album']) ? $album['album'] : '/'), + 'jstext' => (($album['album']) ? addslashes($album['album']) : '/'), 'total' => $album['total'], 'url' => z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album['album']), 'urlencode' => urlencode($album['album']), @@ -489,6 +495,8 @@ function photos_albums_list($channel, $observer, $sort_key = 'album', $direction } } + App::$data['albums'] = $ret; + return $ret; } @@ -663,7 +671,7 @@ function photos_create_item($channel, $creator_hash, $photo, $visible = false) { $arr['deny_cid'] = $photo['deny_cid']; $arr['deny_gid'] = $photo['deny_gid']; - $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; + $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']); $arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo['resource_id'] . ']' . '[zmg]' . z_root() . '/photo/' . $photo['resource_id'] . '-' . $photo['imgscale'] . '[/zmg]' diff --git a/include/queue_fn.php b/include/queue_fn.php index 1e3126f77..0950faf85 100644 --- a/include/queue_fn.php +++ b/include/queue_fn.php @@ -93,7 +93,7 @@ function queue_deliver($outq, $immediate = false) { // your site has existed. Since we don't know for sure what these sites are, // call them unknown - q("insert into site (site_url, site_update, site_dead, site_type) values ('%s','%s',0,%d) ", + q("insert into site (site_url, site_update, site_dead, site_type, site_crypto) values ('%s','%s',0,%d,'') ", dbesc($base), dbesc(datetime_convert()), intval(($outq['outq_driver'] === 'post') ? SITE_TYPE_NOTZOT : SITE_TYPE_UNKNOWN) diff --git a/include/taxonomy.php b/include/taxonomy.php index 067bd3246..0b4b2aa9a 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -386,7 +386,7 @@ function get_things($profile_hash,$uid) { $things[$k] = null; foreach($r as $rr) { - $l = q("select xchan_name, xchan_photo_s, xchan_url from likes left join xchan on likee = xchan_hash where + $l = q("select xchan_name, xchan_photo_s, xchan_url from likes left join xchan on liker = xchan_hash where target_type = '%s' and target_id = '%s' and channel_id = %d", dbesc(ACTIVITY_OBJ_THING), dbesc($rr['obj_obj']), diff --git a/include/text.php b/include/text.php index 12b37222b..1beefc6eb 100644 --- a/include/text.php +++ b/include/text.php @@ -655,12 +655,28 @@ function logger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { */ function btlogger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) { + if(! defined('BTLOGGER_DEBUG_FILE')) + define('BTLOGGER_DEBUG_FILE','btlogger.out'); + logger($msg, $level, $priority); + + if(file_exists(BTLOGGER_DEBUG_FILE) && is_writable(BTLOGGER_DEBUG_FILE)) { + $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 2); + $where = basename($stack[0]['file']) . ':' . $stack[0]['line'] . ':' . $stack[1]['function'] . ': '; + $s = datetime_convert() . ':' . log_priority_str($priority) . ':' . session_id() . ':' . $where . $msg . PHP_EOL; + @file_put_contents(BTLOGGER_DEBUG_FILE, $s, FILE_APPEND); + } + if(version_compare(PHP_VERSION, '5.4.0') >= 0) { $stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); if($stack) { for($x = 1; $x < count($stack); $x ++) { - logger('stack: ' . basename($stack[$x]['file']) . ':' . $stack[$x]['line'] . ':' . $stack[$x]['function'] . '()',$level, $priority); + $s = 'stack: ' . basename($stack[$x]['file']) . ':' . $stack[$x]['line'] . ':' . $stack[$x]['function'] . '()'; + logger($s,$level, $priority); + + if(file_exists(BTLOGGER_DEBUG_FILE) && is_writable(BTLOGGER_DEBUG_FILE)) { + @file_put_contents(BTLOGGER_DEBUG_FILE, $s . PHP_EOL, FILE_APPEND); + } } } } @@ -2049,7 +2065,7 @@ function ids_to_array($arr,$idx = 'id') { $t = array(); if($arr) { foreach($arr as $x) { - if(array_key_exists($idx,$x) && strlen($x[$idx]) && (! in_array($x[$idx],$t))) { + if(array_key_exists($idx,$x) && strlen($x[$idx]) && (! in_array($x[$idx],$t))) { $t[] = $x[$idx]; } } @@ -2060,12 +2076,15 @@ function ids_to_array($arr,$idx = 'id') { -function ids_to_querystr($arr,$idx = 'id') { +function ids_to_querystr($arr,$idx = 'id',$quote = false) { $t = array(); if($arr) { foreach($arr as $x) { if(! in_array($x[$idx],$t)) { - $t[] = $x[$idx]; + if($quote) + $t[] = "'" . dbesc($x[$idx]) . "'"; + else + $t[] = $x[$idx]; } } } @@ -3058,4 +3077,66 @@ function create_table_from_array($table, $arr) { } return $r; -}
\ No newline at end of file +} + + + +function cleanup_bbcode($body) { + + + /** + * fix naked links by passing through a callback to see if this is a hubzilla site + * (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both. + * First protect any url inside certain bbcode tags so we don't double link it. + */ + + $body = preg_replace_callback('/\[code(.*?)\[\/(code)\]/ism','\red_escape_codeblock',$body); + $body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','\red_escape_codeblock',$body); + $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body); + + + $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ ++\,\(\)]+)/ism", '\nakedoembed', $body); + $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ ++\,\(\)]+)/ism", '\red_zrl_callback', $body); + + $body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body); + $body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body); + $body = preg_replace_callback('/\[\$b64code(.*?)\[\/(code)\]/ism','\red_unescape_codeblock',$body); + + // fix any img tags that should be zmg + + $body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','\red_zrlify_img_callback',$body); + + + $body = bb_translate_video($body); + + /** + * Fold multi-line [code] sequences + */ + + $body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body); + + $body = scale_external_images($body,false); + + + return $body; + +} + +function gen_link_id($mid) { + if(strpbrk($mid,':/&?<>"\'') !== false) + return 'b64.' . base64url_encode($mid); + return $mid; +} + +// callback for array_walk + +function array_trim(&$v,$k) { + $v = trim($v); +} + +function array_escape_tags(&$v,$k) { + $v = escape_tags($v); +} + diff --git a/include/widgets.php b/include/widgets.php index 3dc555b46..799310908 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -104,7 +104,8 @@ function widget_appselect($arr) { '$authed' => ((local_channel()) ? true : false), '$personal' => t('Personal'), '$new' => t('New App'), - '$edit' => t('Edit App') + '$edit' => t('Edit Apps'), + '$cat' => ((array_key_exists('cat',$_REQUEST)) ? $_REQUEST['cat'] : '') )); } @@ -441,11 +442,13 @@ function widget_appcategories($arr) { if(! local_channel()) return ''; - $cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); - $srchurl = App::$query_string; + $selected = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : ''); + $srchurl = rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&'); $srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl); + $srchurl = z_root() . '/apps'; + $terms = array(); $r = q("select distinct(term.term) @@ -778,7 +781,7 @@ function widget_conversations($arr) { '$messages' => $messages )); - $o .= alt_pager($a,count($r)); + //$o .= alt_pager($a,count($r)); } @@ -899,92 +902,25 @@ function widget_chatroom_members() { function widget_wiki_list($arr) { - require_once("include/wiki.php"); - $channel = null; - if (argc() < 2 && local_channel()) { - // This should not occur because /wiki should redirect to /wiki/channel ... - $channel = \App::get_channel(); - } else { - $channel = channelx_by_nick(argv(1)); // Channel being viewed by observer - } - if (!$channel) { - return ''; - } - // init() should have forced the URL to redirect to /wiki/channel so assume argc() > 1 - $nick = argv(1); - $owner = channelx_by_nick($nick); // The channel who owns the wikis being viewed - // Determine if the observer is the channel owner so the ACL dialog can be populated - if (local_channel() === intval($owner['channel_id'])) { - - // Obtain the default permission settings of the channel - $owner_acl = array( - 'allow_cid' => $owner['channel_allow_cid'], - 'allow_gid' => $owner['channel_allow_gid'], - 'deny_cid' => $owner['channel_deny_cid'], - 'deny_gid' => $owner['channel_deny_gid'] - ); - // Initialize the ACL to the channel default permissions - $x = array( - 'lockstate' => (( $owner['channel_allow_cid'] || - $owner['channel_allow_gid'] || - $owner['channel_deny_cid'] || - $owner['channel_deny_gid']) ? 'lock' : 'unlock' - ), - 'acl' => populate_acl($owner_acl), - 'allow_cid' => acl2json($owner_acl['allow_cid']), - 'allow_gid' => acl2json($owner_acl['allow_gid']), - 'deny_cid' => acl2json($owner_acl['deny_cid']), - 'deny_gid' => acl2json($owner_acl['deny_gid']), - 'bang' => '' - ); - } else { - // Not the channel owner - $owner_acl = $x = array(); - } - if(argc()>1) { - $activeWikiURLname = argv(2); - } else { - $activeWikiURLname = ''; - } - logger($activeWikiURLname, LOGGER_DEBUG); - $wikis = wiki_list($channel, get_observer_hash()); - foreach($wikis['wikis'] as &$w) { - if($w['urlName'] === $activeWikiURLname) { - $w['active'] = true; - } else { - $w['active'] = false; - } - } - if ($wikis) { - return replace_macros(get_markup_template('wikilist.tpl'), array( - '$header' => t('Wiki List'), - '$channel' => $channel['channel_address'], - '$wikis' => $wikis['wikis'], - // If the observer is the local channel owner, show the wiki controls - '$owner' => ((local_channel() && local_channel() === intval(\App::$profile['uid'])) ? true : false), - '$edit' => t('Edit'), - '$download' => t('Download'), - '$view' => t('View'), - '$addnew' => t('Create new wiki'), - '$create' => t('Create'), - '$wikiName' => array('wikiName', t('Wiki name'), '', ''), - '$lockstate' => $x['lockstate'], - '$acl' => $x['acl'], - '$allow_cid' => $x['allow_cid'], - '$allow_gid' => $x['allow_gid'], - '$deny_cid' => $x['deny_cid'], - '$deny_gid' => $x['deny_gid'], - '$bang' => $x['bang'], - '$notify' => t('Send notification') - )); - } - return ''; + $channel = channelx_by_n(App::$profile_uid); + + $wikis = Zotlabs\Lib\NativeWiki::listwikis($channel,get_observer_hash()); + + if($wikis) { + return replace_macros(get_markup_template('wikilist_widget.tpl'), array( + '$header' => t('Wiki List'), + '$channel' => $channel['channel_address'], + '$wikis' => $wikis['wikis'] + )); + } + return ''; } function widget_wiki_pages($arr) { - require_once("include/wiki.php"); $channelname = ((array_key_exists('channel',$arr)) ? $arr['channel'] : ''); + $c = channelx_by_nick($channelname); + $wikiname = ''; if (array_key_exists('refresh', $arr)) { $not_refresh = (($arr['refresh']=== true) ? false : true); @@ -992,11 +928,12 @@ function widget_wiki_pages($arr) { $not_refresh = true; } $pages = array(); - if (!array_key_exists('resource_id', $arr)) { + if (! array_key_exists('resource_id', $arr)) { $hide = true; } else { - $p = wiki_page_list($arr['resource_id']); - if ($p['pages']) { + $p = Zotlabs\Lib\NativeWikiPage::page_list($c['channel_id'],get_observer_hash(),$arr['resource_id']); + + if($p['pages']) { $pages = $p['pages']; $w = $p['wiki']; // Wiki item record is $w['wiki'] @@ -1010,6 +947,7 @@ function widget_wiki_pages($arr) { return replace_macros(get_markup_template('wiki_page_list.tpl'), array( '$hide' => $hide, + '$resource_id' => $arr['resource_id'], '$not_refresh' => $not_refresh, '$header' => t('Wiki Pages'), '$channel' => $channelname, @@ -1017,18 +955,23 @@ function widget_wiki_pages($arr) { '$pages' => $pages, '$canadd' => $can_create, '$addnew' => t('Add new page'), + '$pageName' => array('pageName', t('Page name')), )); } function widget_wiki_page_history($arr) { - require_once("include/wiki.php"); + $pageUrlName = ((array_key_exists('pageUrlName', $arr)) ? $arr['pageUrlName'] : ''); $resource_id = ((array_key_exists('resource_id', $arr)) ? $arr['resource_id'] : ''); - $pageHistory = wiki_page_history(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); - return replace_macros(get_markup_template('wiki_page_history.tpl'), array( - '$pageHistory' => $pageHistory['history'] + $pageHistory = Zotlabs\Lib\NativeWikiPage::page_history(array('channel_id' => App::$profile_uid, 'observer_hash' => get_observer_hash(), 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); + return replace_macros(get_markup_template('nwiki_page_history.tpl'), array( + '$pageHistory' => $pageHistory['history'], + '$permsWrite' => $arr['permsWrite'], + '$name_lbl' => t('Name'), + '$msg_label' => t('Message','wiki_history') )); + } function widget_bookmarkedchats($arr) { @@ -1472,14 +1415,23 @@ function widget_forums($arr) { $perms_sql = item_permissions_sql(local_channel()) . item_normal(); - /** - * We used to try and find public forums with custom permissions by checking to see if - * send_stream was false and tag_deliver was true. However with the newer extensible - * permissions infrastructure this makes for a very complicated query. Now we're only - * checking channels that report themselves specifically as pubforums - */ + $xf = false; + + $x1 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'send_stream' and v = '0'", + intval(local_channel()) + ); + if($x1) { + $xc = ids_to_querystr($x1,'xchan',true); + $x2 = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'tag_deliver' and v = '1' and xchan in (" . $xc . ") ", + intval(local_channel()) + ); + if($x2) + $xf = ids_to_querystr($x2,'xchan',true); + } + + $sql_extra = (($xf) ? " and ( xchan_hash in (" . $xf . ") or xchan_pubforum = 1 ) " : " and xchan_pubforum = 1 "); - $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_pubforum = 1 and xchan_deleted = 0 and abook_channel = %d order by xchan_name $limit ", + $r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_deleted = 0 and abook_channel = %d $sql_extra order by xchan_name $limit ", intval(local_channel()) ); if(! $r1) @@ -1563,7 +1515,6 @@ function widget_tasklist($arr) { function widget_helpindex($arr) { $o .= '<div class="widget">'; - $o .= '<h3>' . t('Documentation') . '</h3>'; $level_0 = get_help_content('sitetoc'); if(! $level_0) diff --git a/include/wiki.php b/include/wiki.php deleted file mode 100644 index bcdf9d7d8..000000000 --- a/include/wiki.php +++ /dev/null @@ -1,613 +0,0 @@ -<?php -/** - * @file include/wiki.php - * @brief Wiki related functions. - */ - -use \Zotlabs\Storage\GitRepo as GitRepo; -define ( 'WIKI_ITEM_RESOURCE_TYPE', 'wiki' ); - -function wiki_list($channel, $observer_hash) { - $sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash); - $wikis = q("SELECT * FROM item WHERE resource_type = '%s' AND mid = parent_mid AND uid = %d AND item_deleted = 0 $sql_extra", - dbesc(WIKI_ITEM_RESOURCE_TYPE), - intval($channel['channel_id']) - ); - if($wikis) { - foreach($wikis as &$w) { - $w['rawName'] = get_iconfig($w, 'wiki', 'rawName'); - $w['htmlName'] = get_iconfig($w, 'wiki', 'htmlName'); - $w['urlName'] = get_iconfig($w, 'wiki', 'urlName'); - $w['path'] = get_iconfig($w, 'wiki', 'path'); - } - } - // TODO: query db for wikis the observer can access. Return with two lists, for read and write access - return array('wikis' => $wikis); -} - -function wiki_page_list($resource_id) { - // TODO: Create item table records for pages so that metadata like title can be applied - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('pages' => null, 'wiki' => null); - } - $pages = array(); - if (is_dir($w['path']) === true) { - $files = array_diff(scandir($w['path']), array('.', '..', '.git')); - // TODO: Check that the files are all text files - - foreach($files as $file) { - // strip the .md file extension and unwrap URL encoding to leave HTML encoded name - $pages[] = array('title' => urldecode(substr($file, 0, -3)), 'url' => urlencode(substr($file, 0, -3))); - } - } - - return array('pages' => $pages, 'wiki' => $w); -} - -function wiki_init_wiki($channel, $wiki) { - // Store the path as a relative path, but pass absolute path to mkdir - $path = 'store/[data]/git/'.$channel['channel_address'].'/wiki/'.$wiki['urlName']; - if (!os_mkdir(__DIR__ . '/../' . $path, 0770, true)) { - logger('Error creating wiki path: ' . $path); - return null; - } - // Create GitRepo object - $git = new GitRepo($channel['channel_address'], null, false, $wiki['urlName'], __DIR__ . '/../' . $path); - if(!$git->initRepo()) { - logger('Error creating new git repo in ' . $git->path); - return null; - } - - return array('path' => $path); -} - -function wiki_create_wiki($channel, $observer_hash, $wiki, $acl) { - $wikiinit = wiki_init_wiki($channel, $wiki); - if (!$wikiinit['path']) { - notice('Error creating wiki'); - return array('item' => null, 'success' => false); - } - $path = $wikiinit['path']; - // Generate unique resource_id using the same method as item_message_id() - do { - $dups = false; - $resource_id = random_string(); - $r = q("SELECT mid FROM item WHERE resource_id = '%s' AND resource_type = '%s' AND uid = %d LIMIT 1", - dbesc($resource_id), - dbesc(WIKI_ITEM_RESOURCE_TYPE), - intval($channel['channel_id']) - ); - if (count($r)) - $dups = true; - } while ($dups == true); - $ac = $acl->get(); - $mid = item_message_id(); - $arr = array(); // Initialize the array of parameters for the post - $item_hidden = ((intval($wiki['postVisible']) === 0) ? 1 : 0); - $wiki_url = z_root() . '/wiki/' . $channel['channel_address'] . '/' . $wiki['urlName']; - $arr['aid'] = $channel['channel_account_id']; - $arr['uid'] = $channel['channel_id']; - $arr['mid'] = $mid; - $arr['parent_mid'] = $mid; - $arr['item_hidden'] = $item_hidden; - $arr['resource_type'] = WIKI_ITEM_RESOURCE_TYPE; - $arr['resource_id'] = $resource_id; - $arr['owner_xchan'] = $channel['channel_hash']; - $arr['author_xchan'] = $observer_hash; - $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; - $arr['llink'] = $arr['plink']; - $arr['title'] = $wiki['htmlName']; // name of new wiki; - $arr['allow_cid'] = $ac['allow_cid']; - $arr['allow_gid'] = $ac['allow_gid']; - $arr['deny_cid'] = $ac['deny_cid']; - $arr['deny_gid'] = $ac['deny_gid']; - $arr['item_wall'] = 1; - $arr['item_origin'] = 1; - $arr['item_thread_top'] = 1; - $arr['item_private'] = intval($acl->is_private()); - $arr['verb'] = ACTIVITY_CREATE; - $arr['obj_type'] = ACTIVITY_OBJ_WIKI; - $arr['body'] = '[table][tr][td][h1]New Wiki[/h1][/td][/tr][tr][td][zrl=' . $wiki_url . ']' . $wiki['htmlName'] . '[/zrl][/td][/tr][/table]'; - // Save the path using iconfig. The file path should not be shared with other hubs - if (!set_iconfig($arr, 'wiki', 'path', $path, false)) { - return array('item' => null, 'success' => false); - } - // Save the wiki name information using iconfig. This is shareable. - if (!set_iconfig($arr, 'wiki', 'rawName', $wiki['rawName'], true)) { - return array('item' => null, 'success' => false); - } - if (!set_iconfig($arr, 'wiki', 'htmlName', $wiki['htmlName'], true)) { - return array('item' => null, 'success' => false); - } - if (!set_iconfig($arr, 'wiki', 'urlName', $wiki['urlName'], true)) { - return array('item' => null, 'success' => false); - } - $post = item_store($arr); - $item_id = $post['item_id']; - - if ($item_id) { - \Zotlabs\Daemon\Master::Summon(array('Notifier', 'activity', $item_id)); - return array('item' => $post['item'], 'success' => true); - } else { - return array('item' => null, 'success' => false); - } -} - -function wiki_delete_wiki($resource_id) { - - $w = wiki_get_wiki($resource_id); - $item = $w['wiki']; - if (!$item || !$w['path']) { - return array('item' => null, 'success' => false); - } else { - $drop = drop_item($item['id'], false, DROPITEM_NORMAL, true); - $pathdel = rrmdir($w['path']); - if ($pathdel) { - info('Wiki files deleted successfully'); - } - return array('item' => $item, 'success' => (($drop === 1 && $pathdel) ? true : false)); - } -} - -function wiki_get_wiki($resource_id) { - $item = q("SELECT * FROM item WHERE resource_type = '%s' AND resource_id = '%s' AND item_deleted = 0 limit 1", - dbesc(WIKI_ITEM_RESOURCE_TYPE), - dbesc($resource_id) - ); - if (!$item) { - return array('wiki' => null, 'path' => null); - } else { - $w = $item[0]; // wiki item table record - // Get wiki metadata - $rawName = get_iconfig($w, 'wiki', 'rawName'); - $htmlName = get_iconfig($w, 'wiki', 'htmlName'); - $urlName = get_iconfig($w, 'wiki', 'urlName'); - $path = get_iconfig($w, 'wiki', 'path'); - if (!realpath(__DIR__ . '/../' . $path)) { - return array('wiki' => null, 'path' => null); - } - // Path to wiki exists - $abs_path = realpath(__DIR__ . '/../' . $path); - return array( 'wiki' => $w, - 'path' => $abs_path, - 'rawName' => $rawName, - 'htmlName' => $htmlName, - 'urlName' => $urlName - ); - } -} - -function wiki_exists_by_name($uid, $urlName) { - $item = q("SELECT id,resource_id FROM item WHERE resource_type = '%s' AND title = '%s' AND uid = '%s' AND item_deleted = 0 limit 1", - dbesc(WIKI_ITEM_RESOURCE_TYPE), - dbesc(escape_tags(urldecode($urlName))), - dbesc($uid) - ); - if (!$item) { - return array('id' => null, 'resource_id' => null); - } else { - return array('id' => $item[0]['id'], 'resource_id' => $item[0]['resource_id']); - } -} - -function wiki_get_permissions($resource_id, $owner_id, $observer_hash) { - // TODO: For now, only the owner can edit - $sql_extra = item_permissions_sql($owner_id, $observer_hash); - - if(local_channel() && local_channel == $owner_id) { - return [ 'read' => true, 'write' => true, 'success' => true ]; - } - - $r = q("SELECT * FROM item WHERE uid = %d and resource_type = '%s' AND resource_id = '%s' $sql_extra LIMIT 1", - intval($owner_id), - dbesc(WIKI_ITEM_RESOURCE_TYPE), - dbesc($resource_id) - ); - - if (!$r) { - return array('read' => false, 'write' => false, 'success' => true); - } else { - // TODO: Create a new permission setting for wiki analogous to webpages. Until - // then, use webpage permissions - $write = perm_is_allowed($owner_id, $observer_hash,'write_pages'); - return array('read' => true, 'write' => $write, 'success' => true); - } -} - -function wiki_create_page($name, $resource_id) { - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('page' => null, 'wiki' => null, 'message' => 'Wiki not found.', 'success' => false); - } - $page = array('rawName' => $name, 'htmlName' => escape_tags($name), 'urlName' => urlencode(escape_tags($name)), 'fileName' => urlencode(escape_tags($name)).'.md'); - $page_path = $w['path'] . '/' . $page['fileName']; - if (is_file($page_path)) { - return array('page' => null, 'wiki' => null, 'message' => 'Page already exists.', 'success' => false); - } - // Create the page file in the wiki repo - if(!touch($page_path)) { - return array('page' => null, 'wiki' => null, 'message' => 'Page file cannot be created.', 'success' => false); - } else { - return array('page' => $page, 'wiki' => $w, 'message' => '', 'success' => true); - } - -} - -function wiki_rename_page($arr) { - $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); - $pageNewName = ((array_key_exists('pageNewName',$arr)) ? $arr['pageNewName'] : ''); - $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('message' => 'Wiki not found.', 'success' => false); - } - $page_path_old = $w['path'].'/'.$pageUrlName.'.md'; - if (!is_readable($page_path_old) === true) { - return array('message' => 'Cannot read wiki page: ' . $page_path_old, 'success' => false); - } - $page = array('rawName' => $pageNewName, 'htmlName' => escape_tags($pageNewName), 'urlName' => urlencode(escape_tags($pageNewName)), 'fileName' => urlencode(escape_tags($pageNewName)).'.md'); - $page_path_new = $w['path'] . '/' . $page['fileName'] ; - if (is_file($page_path_new)) { - return array('message' => 'Page already exists.', 'success' => false); - } - // Rename the page file in the wiki repo - if(!rename($page_path_old, $page_path_new)) { - return array('message' => 'Error renaming page file.', 'success' => false); - } else { - return array('page' => $page, 'message' => '', 'success' => true); - } - -} - -function wiki_get_page_content($arr) { - $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); - $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('content' => null, 'message' => 'Error reading wiki', 'success' => false); - } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; - if (is_readable($page_path) === true) { - if(filesize($page_path) === 0) { - $content = ''; - } else { - $content = file_get_contents($page_path); - if(!$content) { - return array('content' => null, 'message' => 'Error reading page content', 'success' => false); - } - } - // TODO: Check that the files are all text files - return array('content' => json_encode($content), 'message' => '', 'success' => true); - } -} - -function wiki_page_history($arr) { - $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); - $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('history' => null, 'message' => 'Error reading wiki', 'success' => false); - } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; - if (!is_readable($page_path) === true) { - return array('history' => null, 'message' => 'Cannot read wiki page: ' . $page_path, 'success' => false); - } - $reponame = ((array_key_exists('title', $w['wiki'])) ? $w['wiki']['title'] : 'repo'); - if($reponame === '') { - $reponame = 'repo'; - } - $git = new GitRepo('', null, false, $w['wiki']['title'], $w['path']); - try { - $gitlog = $git->git->log('', $page_path , array('limit' => 500)); - return array('history' => $gitlog, 'message' => '', 'success' => true); - } catch (\PHPGit\Exception\GitException $e) { - return array('history' => null, 'message' => 'GitRepo error thrown', 'success' => false); - } -} - -function wiki_save_page($arr) { - $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); - $content = ((array_key_exists('content',$arr)) ? purify_html($arr['content']) : ''); - $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('message' => 'Error reading wiki', 'success' => false); - } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; - if (is_writable($page_path) === true) { - if(!file_put_contents($page_path, $content)) { - return array('message' => 'Error writing to page file', 'success' => false); - } - return array('message' => '', 'success' => true); - } else { - return array('message' => 'Page file not writable', 'success' => false); - } -} - -function wiki_delete_page($arr) { - $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); - $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('message' => 'Error reading wiki', 'success' => false); - } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; - if (is_writable($page_path) === true) { - if(!unlink($page_path)) { - return array('message' => 'Error deleting page file', 'success' => false); - } - return array('message' => '', 'success' => true); - } else { - return array('message' => 'Page file not writable', 'success' => false); - } -} - -function wiki_revert_page($arr) { - $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); - $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); - $commitHash = ((array_key_exists('commitHash',$arr)) ? $arr['commitHash'] : null); - if (! $commitHash) { - return array('content' => $content, 'message' => 'No commit was provided', 'success' => false); - } - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('content' => $content, 'message' => 'Error reading wiki', 'success' => false); - } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; - if (is_writable($page_path) === true) { - - $reponame = ((array_key_exists('title', $w['wiki'])) ? urlencode($w['wiki']['title']) : 'repo'); - if($reponame === '') { - $reponame = 'repo'; - } - $git = new GitRepo($observer['xchan_addr'], null, false, $w['wiki']['title'], $w['path']); - $content = null; - try { - $git->setIdentity($observer['xchan_name'], $observer['xchan_addr']); - foreach ($git->git->tree($commitHash) as $object) { - if ($object['type'] == 'blob' && $object['file'] === $pageUrlName.'.md' ) { - $content = $git->git->cat->blob($object['hash']); - } - } - } catch (\PHPGit\Exception\GitException $e) { - return array('content' => $content, 'message' => 'GitRepo error thrown', 'success' => false); - } - return array('content' => $content, 'message' => '', 'success' => true); - } else { - return array('content' => $content, 'message' => 'Page file not writable', 'success' => false); - } -} - -function wiki_compare_page($arr) { - $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); - $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); - $currentCommit = ((array_key_exists('currentCommit',$arr)) ? $arr['currentCommit'] : 'HEAD'); - $compareCommit = ((array_key_exists('compareCommit',$arr)) ? $arr['compareCommit'] : null); - if (! $compareCommit) { - return array('message' => 'No compare commit was provided', 'success' => false); - } - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('message' => 'Error reading wiki', 'success' => false); - } - $page_path = $w['path'].'/'.$pageUrlName.'.md'; - if (is_readable($page_path) === true) { - $reponame = ((array_key_exists('title', $w['wiki'])) ? urlencode($w['wiki']['title']) : 'repo'); - if($reponame === '') { - $reponame = 'repo'; - } - $git = new GitRepo('', null, false, $w['wiki']['title'], $w['path']); - $compareContent = $currentContent = ''; - try { - foreach ($git->git->tree($currentCommit) as $object) { - if ($object['type'] == 'blob' && $object['file'] === $pageUrlName.'.md' ) { - $currentContent = $git->git->cat->blob($object['hash']); - } - } - foreach ($git->git->tree($compareCommit) as $object) { - if ($object['type'] == 'blob' && $object['file'] === $pageUrlName.'.md' ) { - $compareContent = $git->git->cat->blob($object['hash']); - } - } - require_once('library/class.Diff.php'); - $diff = Diff::toTable(Diff::compare($currentContent, $compareContent)); - } catch (\PHPGit\Exception\GitException $e) { - return array('message' => 'GitRepo error thrown', 'success' => false); - } - return array('diff' => $diff, 'message' => '', 'success' => true); - } else { - return array('message' => 'Page file not writable', 'success' => false); - } -} - -function wiki_git_commit($arr) { - $files = ((array_key_exists('files', $arr)) ? $arr['files'] : null); - $all = ((array_key_exists('all', $arr)) ? $arr['all'] : false); - $commit_msg = ((array_key_exists('commit_msg', $arr)) ? $arr['commit_msg'] : 'Repo updated'); - if(array_key_exists('resource_id', $arr)) { - $resource_id = $arr['resource_id']; - } else { - return array('message' => 'Wiki resource_id required for git commit', 'success' => false); - } - if(array_key_exists('observer', $arr)) { - $observer = $arr['observer']; - } else { - return array('message' => 'Observer required for git commit', 'success' => false); - } - $w = wiki_get_wiki($resource_id); - if (!$w['path']) { - return array('message' => 'Error reading wiki', 'success' => false); - } - $reponame = ((array_key_exists('title', $w['wiki'])) ? urlencode($w['wiki']['title']) : 'repo'); - if($reponame === '') { - $reponame = 'repo'; - } - $git = new GitRepo($observer['xchan_addr'], null, false, $w['wiki']['title'], $w['path']); - try { - $git->setIdentity($observer['xchan_name'], $observer['xchan_addr']); - if ($files === null) { - $options = array('all' => true); // git commit option to include all changes - } else { - $options = array('all' => $all); // git commit options\ - foreach ($files as $file) { - if (!$git->git->add($file)) { // add specified files to the git repo stage - if (!$git->git->reset->hard()) { - return array('message' => 'Error adding file to git stage: ' . $file . '. Error resetting git repo.', 'success' => false); - } - return array('message' => 'Error adding file to git stage: ' . $file, 'success' => false); - } - } - } - if ($git->commit($commit_msg, $options)) { - return array('message' => 'Wiki repo commit succeeded', 'success' => true); - } else { - return array('message' => 'Wiki repo commit failed', 'success' => false); - } - } catch (\PHPGit\Exception\GitException $e) { - return array('message' => 'GitRepo error thrown', 'success' => false); - } -} - -function wiki_generate_page_filename($name) { - $file = urlencode(escape_tags($name)); - if( $file === '') { - return null; - } else { - return $file . '.md'; - } -} - -function wiki_convert_links($s, $wikiURL) { - - if (strpos($s,'[[') !== false) { - preg_match_all("/\[\[(.*?)\]\]/", $s, $match); - $pages = $pageURLs = array(); - foreach ($match[1] as $m) { - // TODO: Why do we need to double urlencode for this to work? - $pageURLs[] = urlencode(urlencode(escape_tags($m))); - $pages[] = $m; - } - $idx = 0; - while(strpos($s,'[[') !== false) { - $replace = '<a href="'.$wikiURL.'/'.$pageURLs[$idx].'">'.$pages[$idx].'</a>'; - $s = preg_replace("/\[\[(.*?)\]\]/", $replace, $s, 1); - $idx++; - } - } - return $s; -} - -/** - * Replace the instances of the string [toc] with a list element that will be populated by - * a table of contents by the JavaScript library - * @param string $s - * @return string - */ -function wiki_generate_toc($s) { - - if (strpos($s,'[toc]') !== false) { - //$toc_md = wiki_toc($s); // Generate Markdown-formatted list prior to HTML render - $toc_md = '<ul id="wiki-toc"></ul>'; // use the available jQuery plugin http://ndabas.github.io/toc/ - $s = preg_replace("/\[toc\]/", $toc_md, $s, -1); - } - return $s; -} - -/** - * Converts a select set of bbcode tags. Much of the code is copied from include/bbcode.php - * @param string $s - * @return string - */ -function wiki_bbcode($s) { - - $s = str_replace(array('[baseurl]', '[sitename]'), array(z_root(), get_config('system', 'sitename')), $s); - - $observer = App::get_observer(); - if ($observer) { - $s1 = '<span class="bb_observer" title="' . t('Different viewers will see this text differently') . '">'; - $s2 = '</span>'; - $obsBaseURL = $observer['xchan_connurl']; - $obsBaseURL = preg_replace("/\/poco\/.*$/", '', $obsBaseURL); - $s = str_replace('[observer.baseurl]', $obsBaseURL, $s); - $s = str_replace('[observer.url]', $observer['xchan_url'], $s); - $s = str_replace('[observer.name]', $s1 . $observer['xchan_name'] . $s2, $s); - $s = str_replace('[observer.address]', $s1 . $observer['xchan_addr'] . $s2, $s); - $s = str_replace('[observer.webname]', substr($observer['xchan_addr'], 0, strpos($observer['xchan_addr'], '@')), $s); - $s = str_replace('[observer.photo]', '', $s); - } else { - $s = str_replace('[observer.baseurl]', '', $s); - $s = str_replace('[observer.url]', '', $s); - $s = str_replace('[observer.name]', '', $s); - $s = str_replace('[observer.address]', '', $s); - $s = str_replace('[observer.webname]', '', $s); - $s = str_replace('[observer.photo]', '', $s); - } - - return $s; -} - -// This function is derived from -// http://stackoverflow.com/questions/32068537/generate-table-of-contents-from-markdown-in-php -function wiki_toc($content) { - // ensure using only "\n" as line-break - $source = str_replace(["\r\n", "\r"], "\n", $content); - - // look for markdown TOC items - preg_match_all( - '/^(?:=|-|#).*$/m', - $source, - $matches, - PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE - ); - - // preprocess: iterate matched lines to create an array of items - // where each item is an array(level, text) - $file_size = strlen($source); - foreach ($matches[0] as $item) { - $found_mark = substr($item[0], 0, 1); - if ($found_mark == '#') { - // text is the found item - $item_text = $item[0]; - $item_level = strrpos($item_text, '#') + 1; - $item_text = substr($item_text, $item_level); - } else { - // text is the previous line (empty if <hr>) - $item_offset = $item[1]; - $prev_line_offset = strrpos($source, "\n", -($file_size - $item_offset + 2)); - $item_text = - substr($source, $prev_line_offset, $item_offset - $prev_line_offset - 1); - $item_text = trim($item_text); - $item_level = $found_mark == '=' ? 1 : 2; - } - if (!trim($item_text) OR strpos($item_text, '|') !== FALSE) { - // item is an horizontal separator or a table header, don't mind - continue; - } - $raw_toc[] = ['level' => $item_level, 'text' => trim($item_text)]; - } - $o = ''; - foreach($raw_toc as $t) { - $level = intval($t['level']); - $text = $t['text']; - switch ($level) { - case 1: - $li = '* '; - break; - case 2: - $li = ' * '; - break; - case 3: - $li = ' * '; - break; - case 4: - $li = ' * '; - break; - default: - $li = '* '; - break; - } - $o .= $li . $text . "\n"; - } - return $o; -} diff --git a/include/zot.php b/include/zot.php index 5c9fb4e82..c6d52816a 100644 --- a/include/zot.php +++ b/include/zot.php @@ -110,20 +110,21 @@ function zot_get_hublocs($hash) { * @param string $extra * @returns string json encoded zot packet */ -function zot_build_packet($channel, $type = 'notify', $recipients = null, $remote_key = null, $secret = null, $extra = null) { +function zot_build_packet($channel, $type = 'notify', $recipients = null, $remote_key = null, $methods = '', $secret = null, $extra = null) { - $data = array( + $data = [ 'type' => $type, - 'sender' => array( + 'sender' => [ 'guid' => $channel['channel_guid'], 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'])), 'url' => z_root(), 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), 'sitekey' => get_config('system','pubkey') - ), + ], 'callback' => '/post', - 'version' => ZOT_REVISION - ); + 'version' => ZOT_REVISION, + 'encryption' => crypto_methods() + ]; if ($recipients) { for ($x = 0; $x < count($recipients); $x ++) @@ -146,14 +147,54 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot // Hush-hush ultra top-secret mode - if ($remote_key) { - $data = crypto_encapsulate(json_encode($data),$remote_key); + if($remote_key) { + $algorithm = zot_best_algorithm($methods); + $data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm); } return json_encode($data); } /** + * @brief choose best encryption function from those available on both sites + * + * @param string $methods + * comma separated list of encryption methods + * @return string first match from our site method preferences crypto_methods() array + * of a method which is common to both sites; or 'aes256cbc' if no matches are found. + */ + +function zot_best_algorithm($methods) { + + if(\Zotlabs\Lib\System::get_server_role() !== 'pro') + return 'aes256cbc'; + + $x = [ 'methods' => $methods, 'result' => '' ]; + call_hooks('zot_best_algorithm',$x); + if($x['result']) + return $x['result']; + + if($methods) { + $x = explode(',',$methods); + if($x) { + $y = crypto_methods(); + if($y) { + foreach($y as $yv) { + $yv = trim($yv); + if(in_array($yv,$x)) { + return($yv); + } + } + } + } + } + + return 'aes256cbc'; +} + + + +/** * @brief * * @see z_post_url() @@ -167,101 +208,11 @@ function zot_zot($url, $data) { } /** - * @brief Look up information about channel. - * - * @param string $webbie - * does not have to be host qualified e.g. 'foo' is treated as 'foo\@thishub' - * @param array $channel - * (optional), if supplied permissions will be enumerated specifically for $channel - * @param boolean $autofallback - * fallback/failover to http if https connection cannot be established. Default is true. - * - * @return array see z_post_url() and \ref Zotlabs::Zot::Finger "\\Zotlabs\\Zot\\Finger" - */ -function zot_finger($webbie, $channel = null, $autofallback = true) { - - if (strpos($webbie,'@') === false) { - $address = $webbie; - $host = App::get_hostname(); - } else { - $address = substr($webbie,0,strpos($webbie,'@')); - $host = substr($webbie,strpos($webbie,'@')+1); - if(strpos($host,'/')) - $host = substr($host,0,strpos($host,'/')); - } - - $xchan_addr = $address . '@' . $host; - - if ((! $address) || (! $xchan_addr)) { - logger('zot_finger: no address :' . $webbie); - return array('success' => false); - } - logger('using xchan_addr: ' . $xchan_addr, LOGGER_DATA, LOG_DEBUG); - - // potential issue here; the xchan_addr points to the primary hub. - // The webbie we were called with may not, so it might not be found - // unless we query for hubloc_addr instead of xchan_addr - - $r = q("select xchan.*, hubloc.* from xchan - left join hubloc on xchan_hash = hubloc_hash - where xchan_addr = '%s' and hubloc_primary = 1 limit 1", - dbesc($xchan_addr) - ); - - if ($r) { - $url = $r[0]['hubloc_url']; - - if ($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') { - logger('zot_finger: alternate network: ' . $webbie); - logger('url: '.$url.', net: '.var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG); - return array('success' => false); - } - } else { - $url = 'https://' . $host; - } - - $rhs = '/.well-known/zot-info'; - $https = ((strpos($url,'https://') === 0) ? true : false); - - logger('zot_finger: ' . $address . ' at ' . $url, LOGGER_DEBUG); - - if ($channel) { - $postvars = array( - 'address' => $address, - 'target' => $channel['channel_guid'], - 'target_sig' => $channel['channel_guid_sig'], - 'key' => $channel['channel_pubkey'] - ); - - $result = z_post_url($url . $rhs,$postvars); - - if ((! $result['success']) && ($autofallback)) { - if ($https) { - logger('zot_finger: https failed. falling back to http'); - $result = z_post_url('http://' . $host . $rhs,$postvars); - } - } - } else { - $rhs .= '?f=&address=' . urlencode($address); - - $result = z_fetch_url($url . $rhs); - if ((! $result['success']) && ($autofallback)) { - if ($https) { - logger('zot_finger: https failed. falling back to http'); - $result = z_fetch_url('http://' . $host . $rhs); - } - } - } - - if (! $result['success']) - logger('zot_finger: no results'); - - return $result; -} - -/** * @brief Refreshes after permission changed or friending, etc. * + * The top half of this function is similar to \Zotlabs\Zot\Finger::run() and could potentially be + * consolidated. + * * zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified * to fetch new permissions via a finger/discovery operation. This may result in a new connection * (abook entry) being added to a local channel and it may result in auto-permissions being granted. @@ -283,6 +234,7 @@ function zot_finger($webbie, $channel = null, $autofallback = true) { * * @returns boolean true if successful, else false */ + function zot_refresh($them, $channel = null, $force = false) { if (array_key_exists('xchan_network', $them) && ($them['xchan_network'] !== 'zot')) { @@ -298,7 +250,8 @@ function zot_refresh($them, $channel = null, $force = false) { if ($them['hubloc_url']) { $url = $them['hubloc_url']; - } else { + } + else { $r = null; // if they re-installed the server we could end up with the wrong record - pointing to the old install. @@ -334,7 +287,7 @@ function zot_refresh($them, $channel = null, $force = false) { $token = random_string(); - $postvars = array(); + $postvars = []; $postvars['token'] = $token; @@ -395,10 +348,13 @@ function zot_refresh($them, $channel = null, $force = false) { if($channel) { if($j['permissions']['data']) { - $permissions = crypto_unencapsulate(array( + $permissions = crypto_unencapsulate( + [ 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], - 'iv' => $j['permissions']['iv']), + 'iv' => $j['permissions']['iv'], + 'alg' => $j['permissions']['alg'] + ], $channel['channel_prvkey']); if($permissions) $permissions = json_decode($permissions,true); @@ -424,6 +380,10 @@ function zot_refresh($them, $channel = null, $force = false) { $next_birthday = NULL_DATE; } + + // Keep original perms to check if we need to notify them + $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); + $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc($x['hash']), intval($channel['channel_id']) @@ -487,10 +447,6 @@ function zot_refresh($them, $channel = null, $force = false) { } } - // Keep original perms to check if we need to notify them - $previous_perms = get_all_perms($channel['channel_id'],$x['hash']); - - $closeness = get_pconfig($channel['channel_id'],'system','new_abook_closeness'); if($closeness === false) $closeness = 80; @@ -520,12 +476,14 @@ function zot_refresh($them, $channel = null, $force = false) { if($new_connection) { if(! \Zotlabs\Access\Permissions::PermsCompare($new_perms,$previous_perms)) Zotlabs\Daemon\Master::Summon(array('Notifier','permission_create',$new_connection[0]['abook_id'])); - Zotlabs\Lib\Enotify::submit(array( + Zotlabs\Lib\Enotify::submit( + [ 'type' => NOTIFY_INTRO, 'from_xchan' => $x['hash'], 'to_xchan' => $channel['channel_hash'], - 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'], - )); + 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'] + ] + ); if(intval($permissions['view_stream'])) { if(intval(get_pconfig($channel['channel_id'],'perm_limits','send_stream') & PERMS_PENDING) @@ -535,6 +493,7 @@ function zot_refresh($them, $channel = null, $force = false) { /** If there is a default group for this channel, add this connection to it */ + $default_group = $channel['channel_default_group']; if($default_group) { require_once('include/group.php'); @@ -580,6 +539,7 @@ function zot_refresh($them, $channel = null, $force = false) { * @returns array|null null if site is blacklisted or not found, otherwise an * array with an hubloc record */ + function zot_gethub($arr, $multiple = false) { if($arr['guid'] && $arr['guid_sig'] && $arr['url'] && $arr['url_sig']) { @@ -592,7 +552,7 @@ function zot_gethub($arr, $multiple = false) { $limit = (($multiple) ? '' : ' limit 1 '); $sitekey = ((array_key_exists('sitekey',$arr) && $arr['sitekey']) ? " and hubloc_sitekey = '" . protect_sprintf($arr['sitekey']) . "' " : ''); - $r = q("select * from hubloc + $r = q("select hubloc.*, site.site_crypto from hubloc left join site on hubloc_url = site_url where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_url = '%s' and hubloc_url_sig = '%s' $sitekey $limit", @@ -608,7 +568,7 @@ function zot_gethub($arr, $multiple = false) { } logger('zot_gethub: not found: ' . print_r($arr,true), LOGGER_DEBUG); - return null; + return false; } /** @@ -629,9 +589,10 @@ function zot_gethub($arr, $multiple = false) { * * \b success boolean true or false * * \b message (optional) error string only if success is false */ + function zot_register_hub($arr) { - $result = array('success' => false); + $result = [ 'success' => false ]; if($arr['url'] && $arr['url_sig'] && $arr['guid'] && $arr['guid_sig']) { @@ -690,6 +651,7 @@ function zot_register_hub($arr) { * * \e boolean \b success boolean true or false * * \e string \b message (optional) error string only if success is false */ + function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { call_hooks('import_xchan', $arr); @@ -788,7 +750,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $what .= 'xchan '; $changed = true; } - } else { + } + else { $import_photos = true; if((($arr['site']['directory_mode'] === 'standalone') @@ -824,7 +787,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $changed = true; } - if ($import_photos) { + if($import_photos) { require_once('include/photo/photo_driver.php'); @@ -833,9 +796,9 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $local = q("select channel_account_id, channel_id from channel where channel_hash = '%s' limit 1", dbesc($xchan_hash) ); - if ($local) { + if($local) { $ph = z_fetch_url($arr['photo'], true); - if ($ph['success']) { + if($ph['success']) { $hash = import_channel_photo($ph['body'], $arr['photo_mimetype'], $local[0]['channel_account_id'], $local[0]['channel_id']); @@ -873,11 +836,12 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { false ); } - } else { + } + else { $photos = import_xchan_photo($arr['photo'], $xchan_hash); } - if ($photos) { - if ($photos[4]) { + if($photos) { + if($photos[4]) { // importing the photo failed somehow. Leave the photo_date alone so we can try again at a later date. // This often happens when somebody joins the matrix with a bad cert. $r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' @@ -888,7 +852,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { dbesc($photos[3]), dbesc($xchan_hash) ); - } else { + } + else { $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])), @@ -945,7 +910,8 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $what .= 'profile '; $changed = true; } - } else { + } + else { logger('import_xchan: profile not available - hiding'); // they may have made it private $r = q("delete from xprof where xprof_hash = '%s'", @@ -998,16 +964,17 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { * @param array $arr - output of z_post_url() * @param array $outq - The queue structure attached to this request */ + function zot_process_response($hub, $arr, $outq) { - if (! $arr['success']) { + if(! $arr['success']) { logger('zot_process_response: failed: ' . $hub); return; } $x = json_decode($arr['body'], true); - if (! $x) { + if(! $x) { logger('zot_process_response: No json from ' . $hub); logger('zot_process_response: headers: ' . print_r($arr['header'],true), LOGGER_DATA, LOG_DEBUG); } @@ -1065,6 +1032,7 @@ function zot_process_response($hub, $arr, $outq) { * decrypted and json decoded notify packet from remote site * @return array from zot_import() */ + function zot_fetch($arr) { logger('zot_fetch: ' . print_r($arr,true), LOGGER_DATA, LOG_DEBUG); @@ -1082,16 +1050,18 @@ function zot_fetch($arr) { } foreach($ret_hubs as $ret_hub) { - $data = array( - 'type' => 'pickup', - 'url' => z_root(), - 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post',get_config('system','prvkey'))), - 'callback' => z_root() . '/post', - 'secret' => $arr['secret'], - 'secret_sig' => base64url_encode(rsa_sign($arr['secret'],get_config('system','prvkey'))) - ); - $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'])); + $data = [ + 'type' => 'pickup', + 'url' => z_root(), + 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), + 'callback' => z_root() . '/post', + 'secret' => $arr['secret'], + 'secret_sig' => base64url_encode(rsa_sign($arr['secret'], get_config('system','prvkey'))) + ]; + + $algorithm = zot_best_algorithm($ret_hub['site_crypto']); + $datatosend = json_encode(crypto_encapsulate(json_encode($data),$ret_hub['hubloc_sitekey'], $algorithm)); $fetch = zot_zot($url,$datatosend); @@ -1142,6 +1112,11 @@ function zot_import($arr, $sender_url) { $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true); } + if(! is_array($data)) { + logger('decode error'); + return array(); + } + if(! $data['success']) { if($data['message']) logger('remote pickup failed: ' . $data['message']); @@ -1167,6 +1142,12 @@ function zot_import($arr, $sender_url) { logger('zot_import: notify: ' . print_r($i['notify'],true), LOGGER_DATA, LOG_DEBUG); + if(! is_array($i['notify'])) { + logger('decode error'); + continue; + } + + $hub = zot_gethub($i['notify']['sender']); if((! $hub) || ($hub['hubloc_url'] != $sender_url)) { logger('zot_import: potential forgery: wrong site for sender: ' . $sender_url . ' != ' . print_r($i['notify'],true)); @@ -1357,6 +1338,7 @@ function zot_import($arr, $sender_url) { * @param array $msg * @return NULL|array */ + function public_recips($msg) { require_once('include/channel.php'); @@ -1566,6 +1548,7 @@ function allowed_public_recips($msg) { * @param boolean $request (optional) default false * @return array */ + function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $request = false) { $result = array(); @@ -1799,7 +1782,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $result[] = $DR->get(); } else { - update_imported_item($sender,$arr,$r[0],$channel['channel_id']); + update_imported_item($sender,$arr,$r[0],$channel['channel_id'],$tag_delivery); $DR->update('updated'); $result[] = $DR->get(); if(! $relay) @@ -1875,6 +1858,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ * * \e int \b mid * @param int $uid */ + function remove_community_tag($sender, $arr, $uid) { if(! (activity_match($arr['verb'], ACTIVITY_TAG) && ($arr['obj_type'] == ACTIVITY_OBJ_TAGTERM))) @@ -1945,7 +1929,8 @@ function remove_community_tag($sender, $arr, $uid) { * @param array $orig * @param int $uid */ -function update_imported_item($sender, $item, $orig, $uid) { + +function update_imported_item($sender, $item, $orig, $uid, $tag_delivery) { // If this is a comment being updated, remove any privacy information // so that item_store_update will set it from the original. @@ -1958,6 +1943,15 @@ function update_imported_item($sender, $item, $orig, $uid) { unset($item['item_private']); } + // we need the tag_delivery check for downstream flowing posts as the stored post + // may have a different owner than the one being transmitted. + + if(($sender['hash'] != $orig['owner_xchan'] && $sender['hash'] != $orig['author_xchan']) && (! $tag_delivery)) { + notice('sender is not owner or author'); + return; + } + + $x = item_store_update($item); // If we're updating an event that we've saved locally, we store the item info first @@ -1985,6 +1979,7 @@ function update_imported_item($sender, $item, $orig, $uid) { * @param boolean $relay * @return boolean|int post_id */ + function delete_imported_item($sender, $item, $uid, $relay) { logger('delete_imported_item invoked', LOGGER_DEBUG); @@ -2002,13 +1997,14 @@ function delete_imported_item($sender, $item, $uid, $relay) { intval($uid) ); - if ($r) { - if ($r[0]['author_xchan'] === $sender['hash'] || $r[0]['owner_xchan'] === $sender['hash'] || $r[0]['source_xchan'] === $sender['hash']) + if($r) { + if($r[0]['author_xchan'] === $sender['hash'] || $r[0]['owner_xchan'] === $sender['hash'] || $r[0]['source_xchan'] === $sender['hash']) $ownership_valid = true; $post_id = $r[0]['id']; $item_found = true; - } else { + } + else { // perhaps the item is still in transit and the delete notification got here before the actual item did. Store it with the deleted flag set. // item_store() won't try to deliver any notifications or start delivery chains if this flag is set. @@ -2017,25 +2013,24 @@ function delete_imported_item($sender, $item, $uid, $relay) { logger('delete received for non-existent item - storing item data.'); - /** @BUG $arr is undefined here, so this is dead code */ - if ($arr['author_xchan'] === $sender['hash'] || $arr['owner_xchan'] === $sender['hash'] || $arr['source_xchan'] === $sender['hash']) { + if($item['author_xchan'] === $sender['hash'] || $item['owner_xchan'] === $sender['hash'] || $item['source_xchan'] === $sender['hash']) { $ownership_valid = true; - $item_result = item_store($arr); + $item_result = item_store($item); $post_id = $item_result['item_id']; } } - if ($ownership_valid === false) { + if($ownership_valid === false) { logger('delete_imported_item: failed: ownership issue'); return false; } require_once('include/items.php'); - if ($item_found) { - if (intval($r[0]['item_deleted'])) { + if($item_found) { + if(intval($r[0]['item_deleted'])) { logger('delete_imported_item: item was already deleted'); - if (! $relay) + if(! $relay) return false; // This is a bit hackish, but may have to suffice until the notification/delivery loop is optimised @@ -2146,6 +2141,7 @@ function process_mail_delivery($sender, $arr, $deliveries) { * * \e string \b hash a xchan_hash * @param array $arr */ + function process_rating_delivery($sender, $arr) { logger('process_rating_delivery: ' . print_r($arr,true)); @@ -2205,6 +2201,7 @@ function process_rating_delivery($sender, $arr) { * @param array $arr * @param array $deliveries (unused) */ + function process_profile_delivery($sender, $arr, $deliveries) { logger('process_profile_delivery', LOGGER_DEBUG); @@ -2301,6 +2298,7 @@ function check_location_move($sender_hash,$locations) { * @param boolean $absolute (optional) default false * @return array */ + function sync_locations($sender, $arr, $absolute = false) { $ret = array(); @@ -2548,7 +2546,7 @@ function zot_encode_locations($channel) { if(intval($channel['channel_removed']) && $hub['hubloc_url'] === z_root()) $hub['hubloc_deleted'] = 1; - $ret[] = array( + $ret[] = [ 'host' => $hub['hubloc_host'], 'address' => $hub['hubloc_addr'], 'primary' => (intval($hub['hubloc_primary']) ? true : false), @@ -2557,7 +2555,7 @@ function zot_encode_locations($channel) { 'callback' => $hub['hubloc_callback'], 'sitekey' => $hub['hubloc_sitekey'], 'deleted' => (intval($hub['hubloc_deleted']) ? true : false) - ); + ]; } } @@ -2574,6 +2572,7 @@ function zot_encode_locations($channel) { * @param number $suppress_update default 0 * @return boolean $updated if something changed */ + function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLAGS_UPDATED, $suppress_update = 0) { logger('import_directory_profile', LOGGER_DEBUG); @@ -2708,6 +2707,7 @@ function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLA * @param string $hash * @param array $keywords */ + function import_directory_keywords($hash, $keywords) { $existing = array(); @@ -2752,6 +2752,7 @@ function import_directory_keywords($hash, $keywords) { * @param string $addr * @param int $flags (optional) default 0 */ + function update_modtime($hash, $guid, $addr, $flags = 0) { $dirmode = intval(get_config('system', 'directory_mode')); @@ -2784,6 +2785,7 @@ function update_modtime($hash, $guid, $addr, $flags = 0) { * @param string $pubkey * @return boolean true if updated or inserted */ + function import_site($arr, $pubkey) { if( (! is_array($arr)) || (! $arr['url']) || (! $arr['url_sig'])) return false; @@ -2851,6 +2853,7 @@ function import_site($arr, $pubkey) { $site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false); $site_realm = htmlspecialchars($arr['realm'],ENT_COMPAT,'UTF-8',false); $site_project = htmlspecialchars($arr['project'],ENT_COMPAT,'UTF-8',false); + $site_crypto = ((array_key_exists('encryption',$arr) && is_array($arr['encryption'])) ? htmlspecialchars(implode(',',$arr['encryption']),ENT_COMPAT,'UTF-8',false) : ''); $site_version = ((array_key_exists('version',$arr)) ? htmlspecialchars($arr['version'],ENT_COMPAT,'UTF-8',false) : ''); // You can have one and only one primary directory per realm. @@ -2872,6 +2875,7 @@ function import_site($arr, $pubkey) { || ($siterecord['site_register'] != $register_policy) || ($siterecord['site_project'] != $site_project) || ($siterecord['site_realm'] != $site_realm) + || ($siterecord['site_crypto'] != $site_crypto) || ($siterecord['site_version'] != $site_version) ) { $update = true; @@ -2880,7 +2884,7 @@ function import_site($arr, $pubkey) { // logger('import_site: stored: ' . print_r($siterecord,true)); - $r = q("update site set site_dead = 0, site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s', site_type = %d, site_project = '%s', site_version = '%s' + $r = q("update site set site_dead = 0, site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s', site_type = %d, site_project = '%s', site_version = '%s', site_crypto = '%s' where site_url = '%s'", dbesc($site_location), intval($site_directory), @@ -2893,6 +2897,7 @@ function import_site($arr, $pubkey) { intval(SITE_TYPE_ZOT), dbesc($site_project), dbesc($site_version), + dbesc($site_crypto), dbesc($url) ); if(! $r) { @@ -2910,8 +2915,8 @@ function import_site($arr, $pubkey) { else { $update = true; - $r = q("insert into site ( site_location, site_url, site_access, site_flags, site_update, site_directory, site_register, site_sellpage, site_realm, site_type, site_project, site_version ) - values ( '%s', '%s', %d, %d, '%s', '%s', %d, '%s', '%s', %d, '%s', '%s' )", + $r = q("insert into site ( site_location, site_url, site_access, site_flags, site_update, site_directory, site_register, site_sellpage, site_realm, site_type, site_project, site_version, site_crypto ) + values ( '%s', '%s', %d, %d, '%s', '%s', %d, '%s', '%s', %d, '%s', '%s', '%s' )", dbesc($site_location), dbesc($url), intval($access_policy), @@ -2923,7 +2928,8 @@ function import_site($arr, $pubkey) { dbesc($site_realm), intval(SITE_TYPE_ZOT), dbesc($site_project), - dbesc($site_version) + dbesc($site_version), + dbesc($site_crypto) ); if(! $r) { logger('import_site: record create failed. ' . print_r($arr,true)); @@ -2942,6 +2948,7 @@ function import_site($arr, $pubkey) { * @param array $packet (optional) default null * @param boolean $groups_changed (optional) default false */ + function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { if(get_config('system','server_role') === 'basic') @@ -2977,7 +2984,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { if(intval($channel['channel_removed'])) return; - $h = q("select * from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", + $h = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash = '%s' and hubloc_deleted = 0", dbesc($channel['channel_hash']) ); @@ -3064,7 +3071,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { foreach($synchubs as $hub) { $hash = random_string(); - $n = zot_build_packet($channel,'notify',$env_recips,$hub['hubloc_sitekey'],$hash); + $n = zot_build_packet($channel,'notify',$env_recips,$hub['hubloc_sitekey'],$hub['site_crypto'],$hash); queue_insert(array( 'hash' => $hash, 'account_id' => $channel['channel_account_id'], @@ -3090,6 +3097,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { * @param array $deliveries * @return array */ + function process_channel_sync_delivery($sender, $arr, $deliveries) { if(get_config('system','server_role') === 'basic') @@ -3564,6 +3572,7 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { * * \e string \b xchan_url * @return string */ + function get_rpost_path($observer) { if(! $observer) return ''; @@ -3579,6 +3588,7 @@ function get_rpost_path($observer) { * @param array $x * @return boolean|string return false or a hash */ + function import_author_zot($x) { $hash = make_xchan_hash($x['guid'],$x['guid_sig']); @@ -3618,6 +3628,7 @@ function import_author_zot($x) { * @param array $data * @return array */ + function zot_reply_message_request($data) { $ret = array('success' => false); @@ -3654,7 +3665,7 @@ function zot_reply_message_request($data) { if ($messages) { $env_recips = null; - $r = q("select * from hubloc where hubloc_hash = '%s' and hubloc_error = 0 and hubloc_deleted = 0", + $r = q("select hubloc.*, site.site_crypto from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s' and hubloc_error = 0 and hubloc_deleted = 0", dbesc($sender_hash) ); if (! $r) { @@ -3676,7 +3687,7 @@ function zot_reply_message_request($data) { * create a notify packet and drop the actual message packet in the queue for pickup */ - $n = zot_build_packet($c[0],'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null),$hash,array('message_id' => $data['message_id'])); + $n = zot_build_packet($c[0],'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null),$hub['site_crypto'],$hash,array('message_id' => $data['message_id'])); queue_insert(array( 'hash' => $hash, @@ -3913,6 +3924,11 @@ function zotinfo($arr) { $permissions['connected'] = true; } + // encrypt this with the default aes256cbc since we cannot be sure at this point which + // algorithms are preferred for communications with the remote site; notably + // because ztarget refers to an xchan and we don't necessarily know the origination + // location. + $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey) : $permissions); if($permissions['view_profile']) @@ -3943,6 +3959,8 @@ function zotinfo($arr) { $ret['site']['directory_url'] = z_root() . '/dirsearch'; + $ret['site']['encryption'] = crypto_methods(); + // hide detailed site information if you're off the grid if($dirmode != DIRECTORY_MODE_STANDALONE) { @@ -3980,17 +3998,17 @@ function zotinfo($arr) { $r = q("select * from addon where hidden = 0"); if($r) foreach($r as $rr) - $visible_plugins[] = $rr['name']; + $visible_plugins[] = $rr['aname']; } - $ret['site']['plugins'] = $visible_plugins; - $ret['site']['sitehash'] = get_config('system','location_hash'); - $ret['site']['sitename'] = get_config('system','sitename'); - $ret['site']['sellpage'] = get_config('system','sellpage'); - $ret['site']['location'] = get_config('system','site_location'); - $ret['site']['realm'] = get_directory_realm(); - $ret['site']['project'] = Zotlabs\Lib\System::get_platform_name() . ' ' . Zotlabs\Lib\System::get_server_role(); - $ret['site']['version'] = Zotlabs\Lib\System::get_project_version(); + $ret['site']['plugins'] = $visible_plugins; + $ret['site']['sitehash'] = get_config('system','location_hash'); + $ret['site']['sitename'] = get_config('system','sitename'); + $ret['site']['sellpage'] = get_config('system','sellpage'); + $ret['site']['location'] = get_config('system','site_location'); + $ret['site']['realm'] = get_directory_realm(); + $ret['site']['project'] = Zotlabs\Lib\System::get_platform_name() . ' ' . Zotlabs\Lib\System::get_server_role(); + $ret['site']['version'] = Zotlabs\Lib\System::get_project_version(); } @@ -4175,7 +4193,7 @@ function update_hub_connected($hub,$sitekey = '') { dbesc($sitekey) ); if(intval($hub['hubloc_orphancheck'])) { - q("update hubloc set hubloc_orhpancheck = 0 where hubloc_id = %d and hubloc_sitekey = '%s' ", + q("update hubloc set hubloc_orphancheck = 0 where hubloc_id = %d and hubloc_sitekey = '%s' ", intval($hub['hubloc_id']), dbesc($sitekey) ); @@ -4317,7 +4335,15 @@ function zot_reply_pickup($data) { } } - $encrypted = crypto_encapsulate(json_encode($ret),$sitekey); + // this is a bit of a hack because we don't have the hubloc_url here, only the callback url. + // worst case is we'll end up using aes256cbc if they've got a different post endpoint + + $x = q("select site_crypto from site where site_url = '%s' limit 1", + dbesc(str_replace('/post','',$data['callback'])) + ); + $algorithm = zot_best_algorithm(($x) ? $x[0]['site_crypto'] : ''); + + $encrypted = crypto_encapsulate(json_encode($ret),$sitekey,$algorithm); json_return_and_die($encrypted); /* pickup: end */ |