diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/api.php | 32 | ||||
| -rw-r--r-- | include/comanche.php | 15 | ||||
| -rwxr-xr-x | include/diaspora.php | 10 | ||||
| -rw-r--r-- | include/identity.php | 5 | ||||
| -rw-r--r-- | include/notifier.php | 2 | ||||
| -rw-r--r-- | include/oauth.php | 8 | ||||
| -rw-r--r-- | include/text.php | 66 | ||||
| -rw-r--r-- | include/zot.php | 7 |
8 files changed, 130 insertions, 15 deletions
diff --git a/include/api.php b/include/api.php index e94266762..e4c4b5240 100644 --- a/include/api.php +++ b/include/api.php @@ -433,6 +433,38 @@ require_once('include/items.php'); } + function api_client_register(&$a,$type) { + + $ret = array(); + $key = random_string(16); + $secret = random_string(16); + $name = trim(escape_tags($_REQUEST['application_name'])); + if(! $name) + json_return_and_die($ret); + if(is_array($_REQUEST['redirect_uris'])) + $redirect = trim($_REQUEST['redirect_uris'][0]); + else + $redirect = trim($_REQUEST['redirect_uris']); + $icon = trim($_REQUEST['logo_uri']); + $r = q("INSERT INTO clients (client_id, pw, name, redirect_uri, icon, uid) + VALUES ('%s','%s','%s','%s','%s',%d)", + dbesc($key), + dbesc($secret), + dbesc($name), + dbesc($redirect), + dbesc($icon), + intval(0) + ); + + $ret['client_id'] = $key; + $ret['client_secret'] = $secret; + $ret['expires_at'] = 0; + json_return_and_die($ret); + } + + api_register_func('api/client/register','api_client_register', false); + + function api_item_get_user(&$a, $item) { global $usercache; diff --git a/include/comanche.php b/include/comanche.php index 826948fa6..57056ae2a 100644 --- a/include/comanche.php +++ b/include/comanche.php @@ -168,6 +168,21 @@ function comanche_block($s, $class = '') { ); if($r) { + //check for eventual menus in the block and parse them + $cnt = preg_match_all("/\[menu\](.*?)\[\/menu\]/ism", $r[0]['body'], $matches, PREG_SET_ORDER); + if($cnt) { + foreach($matches as $mtch) { + $r[0]['body'] = str_replace($mtch[0], comanche_menu(trim($mtch[1])), $r[0]['body']); + } + } + $cnt = preg_match_all("/\[menu=(.*?)\](.*?)\[\/menu\]/ism", $r[0]['body'], $matches, PREG_SET_ORDER); + if($cnt) { + foreach($matches as $mtch) { + $r[0]['body'] = str_replace($mtch[0],comanche_menu(trim($mtch[2]),$mtch[1]),$r[0]['body']); + } + } + + //emit the block $o .= (($var['wrap'] == 'none') ? '' : '<div class="' . $class . '">'); if($r[0]['title'] && trim($r[0]['body']) != '$content') { diff --git a/include/diaspora.php b/include/diaspora.php index fc7dbfa18..8968ee5f4 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -24,8 +24,9 @@ function diaspora_dispatch_public($msg) { // find everybody following or allowing this author - $r = q("SELECT * from channel where channel_id in ( SELECT abook_channel from abook left join xchan on abook_xchan = xchan_hash WHERE xchan_network like '%%diaspora%%' and xchan_addr = '%s' )", - dbesc($msg['author']) + $r = q("SELECT * from channel where channel_id in ( SELECT abook_channel from abook left join xchan on abook_xchan = xchan_hash WHERE xchan_network like '%%diaspora%%' and xchan_addr = '%s' ) and ( channel_pageflags & %d ) = 0 ", + dbesc($msg['author']), + intval(PAGE_REMOVED) ); // also need to look for those following public streams @@ -2390,6 +2391,11 @@ function diaspora_send_status($item,$owner,$contact,$public_batch = false) { $a = get_app(); $myaddr = $owner['channel_address'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + if(intval($item['id']) != intval($item['parent'])) { + logger('attempted to send a comment as a top-level post'); + return; + } + $images = array(); $title = $item['title']; diff --git a/include/identity.php b/include/identity.php index 6a2b66dda..b07706ae0 100644 --- a/include/identity.php +++ b/include/identity.php @@ -619,8 +619,9 @@ function profile_load(&$a, $nickname, $profile = '') { logger('profile_load: ' . $nickname . (($profile) ? ' profile: ' . $profile : '')); - $user = q("select channel_id from channel where channel_address = '%s' limit 1", - dbesc($nickname) + $user = q("select channel_id from channel where channel_address = '%s' and not ( channel_pageflags & %d ) > 0 limit 1", + dbesc($nickname), + intval(PAGE_REMOVED) ); if(! $user) { diff --git a/include/notifier.php b/include/notifier.php index e12fc56e9..ffdd80403 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -410,6 +410,8 @@ function notifier_run($argv, $argc){ $relay_to_owner = (((! $top_level_post) && (intval($target_item['item_origin'])) && comment_local_origin($target_item)) ? true : false); + + $uplink = false; // $cmd === 'relay' indicates the owner is sending it to the original recipients diff --git a/include/oauth.php b/include/oauth.php index a9509c68e..80336f906 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -175,16 +175,8 @@ class FKOAuth1 extends OAuthServer { if(strlen($a->channel['channel_timezone'])) { date_default_timezone_set($a->channel['channel_timezone']); -// $a->timezone = $a->user['timezone']; } -// $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1", -// intval($_SESSION['uid'])); -// if(count($r)) { -// $a->contact = $r[0]; -// $a->cid = $r[0]['id']; -// $_SESSION['cid'] = $a->cid; -// } // q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1", // dbesc(datetime_convert()), // intval($_SESSION['uid']) diff --git a/include/text.php b/include/text.php index 58e3436ca..e1923aed6 100644 --- a/include/text.php +++ b/include/text.php @@ -137,6 +137,72 @@ function purify_html($s) { $config->set('Cache.DefinitionImpl', null); $config->set('Attr.EnableID', true); + //Allow some custom data- attributes used by built-in libs. + //In this way members which do not have allowcode set can still use the built-in js libs in webpages to some extent. + + $def = $config->getHTMLDefinition(true); + + //data- attributes used by the foundation library + $def->info_global_attr['data-options'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-magellan-expedition'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-magellan-destination'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-magellan-arrival'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-offcanvas'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-topbar'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-orbit'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-orbit-slide-number'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-dropdown'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-dropdown-content'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-reveal-id'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-reveal'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-alert'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-tooltip'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-joyride'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-id'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-text'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-class'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-prev-tex'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-button'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-accordion'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-tab'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-equalizer'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-equalizer-watch'] = new HTMLPurifier_AttrDef_Text; + + //data- attributes used by the bootstrap library + $def->info_global_attr['data-dismiss'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-target'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-toggle'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-backdrop'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-keyboard'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-show'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-spy'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-offset'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-animation'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-container'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-delay'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-placement'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-title'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-trigger'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-content'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-trigger'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-parent'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-ride'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-slide-to'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-slide'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-interval'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-pause'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-wrap'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-offset-top'] = new HTMLPurifier_AttrDef_Text; + $def->info_global_attr['data-offset-bottom'] = new HTMLPurifier_AttrDef_Text; + + //some html5 elements + $def->addElement('section', 'Block', 'Flow', 'Common'); + $def->addElement('nav', 'Block', 'Flow', 'Common'); + $def->addElement('article', 'Block', 'Flow', 'Common'); + $def->addElement('aside', 'Block', 'Flow', 'Common'); + $def->addElement('header', 'Block', 'Flow', 'Common'); + $def->addElement('footer', 'Block', 'Flow', 'Common'); + $purifier = new HTMLPurifier($config); return $purifier->purify($s); diff --git a/include/zot.php b/include/zot.php index 694338a9e..5f93ba75b 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1097,7 +1097,7 @@ function zot_import($arr, $sender_url) { } stringify_array_elms($recip_arr); $recips = implode(',',$recip_arr); - $r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d )>0 ", + $r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and not ( channel_pageflags & %d ) > 0 ", intval(PAGE_REMOVED) ); if(! $r) { @@ -1361,7 +1361,8 @@ function public_recips($msg) { if(($tag['type'] === 'mention') && (strpos($tag['url'],z_root()) !== false)) { $address = basename($tag['url']); if($address) { - $z = q("select channel_hash as hash from channel where channel_address = '%s' limit 1", + $z = q("select channel_hash as hash from channel where channel_address = '%s' + and ( channel_pageflags & " . intval(PAGE_REMOVED) . " ) = 0 limit 1", dbesc($address) ); if($z) @@ -1465,7 +1466,7 @@ function allowed_public_recips($msg) { $condensed_recips[] = $rr['hash']; $results = array(); - $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and not ( channel_pageflags & %d ) > 0 ", + $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and ( channel_pageflags & %d ) = 0 ", dbesc($hash), intval(PAGE_REMOVED) ); |