diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/auth.php | 12 | ||||
| -rw-r--r-- | include/bbcode.php | 6 | ||||
| -rw-r--r-- | include/cdav.php | 2 | ||||
| -rw-r--r-- | include/channel.php | 2 | ||||
| -rw-r--r-- | include/conversation.php | 1 | ||||
| -rw-r--r-- | include/event.php | 4 | ||||
| -rw-r--r-- | include/hubloc.php | 8 | ||||
| -rw-r--r-- | include/items.php | 22 | ||||
| -rw-r--r-- | include/language.php | 6 | ||||
| -rw-r--r-- | include/nav.php | 5 | ||||
| -rw-r--r-- | include/oembed.php | 11 | ||||
| -rw-r--r-- | include/text.php | 75 |
12 files changed, 98 insertions, 56 deletions
diff --git a/include/auth.php b/include/auth.php index 125aedffd..5956b89e2 100644 --- a/include/auth.php +++ b/include/auth.php @@ -10,6 +10,8 @@ */ use Zotlabs\Lib\Libzot; +use Zotlabs\Lib\AConfig; +use Zotlabs\Module\Totp_check; require_once('include/api_auth.php'); require_once('include/security.php'); @@ -263,8 +265,16 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && App::$session->extend_cookie(); $login_refresh = true; } + + $multiFactor = AConfig::Get(App::$account['account_id'], 'system', 'mfa_enabled'); + if ($multiFactor && empty($_SESSION['2FA_VERIFIED']) && App::$module !== 'totp_check') { + $o = new Totp_check; + echo $o->get(); + killme(); + } + $ch = (($_SESSION['uid']) ? channelx_by_n($_SESSION['uid']) : null); - authenticate_success($r[0], null, $ch, false, false, $login_refresh); + authenticate_success($r[0], $ch, false, false, $login_refresh); } else { $_SESSION['account_id'] = 0; diff --git a/include/bbcode.php b/include/bbcode.php index 6ec24fa0b..735f267c3 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -295,9 +295,11 @@ function bb_parse_b64_crypt($match) { if(empty($match[2])) return; - $r .= '----- ENCRYPTED CONTENT -----' . PHP_EOL; - $r .= $match[2] . PHP_EOL; + $r .= '<code>'; + $r .= '----- ENCRYPTED CONTENT -----' . '<br>'; + $r .= $match[2] . '<br>'; $r .= '----- END ENCRYPTED CONTENT -----'; + $r .= '</code>'; return $r; diff --git a/include/cdav.php b/include/cdav.php index fcce0ec4a..73977e624 100644 --- a/include/cdav.php +++ b/include/cdav.php @@ -132,7 +132,7 @@ function import_cdav_card($id, $ext, $table, $column, $objects, $profile, $backe $objectUri = random_string(40) . '.' . $ext; $r = q("SELECT uri FROM $table WHERE $column = %d AND uri = '%s' LIMIT 1", - dbesc($id), + dbesc(is_array($id) ? $id[0] : $id), dbesc($objectUri) ); if (count($r)) diff --git a/include/channel.php b/include/channel.php index 296615524..c36e50f19 100644 --- a/include/channel.php +++ b/include/channel.php @@ -3086,6 +3086,6 @@ function channel_url($channel) { } function get_channel_hashes() { - $r = q("SELECT channel_hash FROM channel WHERE channel_removed = 0"); + $r = dbq("SELECT channel_hash FROM channel WHERE channel_removed = 0"); return flatten_array_recursive($r); } diff --git a/include/conversation.php b/include/conversation.php index caad5bb0e..2f0b6f6fd 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -802,6 +802,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa 'mid' => gen_link_id($item['mid']), 'mids' => json_encode([gen_link_id($item['mid'])]), 'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, $profile_link), + 'author_id' => (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']), 'profile_url' => $profile_link, 'thread_action_menu' => thread_action_menu($item,$mode), 'thread_author_menu' => thread_author_menu($item,$mode), diff --git a/include/event.php b/include/event.php index b27504296..6273279c2 100644 --- a/include/event.php +++ b/include/event.php @@ -1389,8 +1389,8 @@ function event_store_item($arr, $event) { // 'summary' => bbcode($arr['summary']), // RFC3339 Section 4.3 'startTime' => (($arr['adjust']) ? datetime_convert('UTC', 'UTC', $arr['dtstart'], ATOM_TIME) : datetime_convert('UTC', 'UTC', $arr['dtstart'], 'Y-m-d\\TH:i:s-00:00')), - 'content' => bbcode($arr['description']), - 'location' => [ 'type' => 'Place', 'name' => bbcode($arr['location']) ], + 'content' => $arr['description'], + 'location' => [ 'type' => 'Place', 'name' => $arr['location'] ], 'source' => [ 'content' => format_event_bbcode($arr), 'mediaType' => 'text/bbcode' ], 'url' => [ [ 'mediaType' => 'text/calendar', 'href' => z_root() . '/events/ical/' . $event['event_hash'] ] ], 'actor' => Activity::encode_person($z, false), diff --git a/include/hubloc.php b/include/hubloc.php index 0236e4ae7..4d2980a6b 100644 --- a/include/hubloc.php +++ b/include/hubloc.php @@ -392,3 +392,11 @@ function z6_discover() { } } + +function get_hubloc_id_urls_by_x($xchan) { + $r = q("SELECT hubloc_id_url FROM hubloc WHERE hubloc_deleted = 0 AND hubloc_hash = '%s' order by hubloc_primary desc", + dbesc($xchan) + ); + return flatten_array_recursive($r); +} + diff --git a/include/items.php b/include/items.php index 900ffe2fa..b795df90d 100644 --- a/include/items.php +++ b/include/items.php @@ -149,14 +149,16 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { // in the middle of a public thread. Unless we can guarantee beyond all doubt that // this is public, don't allow it to go to thread listeners. - if(! intval($item['item_private'])) { + if(!intval($item['item_private'])) { $sys = get_sys_channel(); $recipients[] = $sys['xchan_hash']; $r = ThreadListener::fetch_by_target($item['parent_mid']); if($r) { foreach($r as $rv) { - $recipients[] = $rv['portable_id']; + if (!in_array($rv['portable_id'], $recipients)) { + $recipients[] = $rv['portable_id']; + } } } } @@ -172,9 +174,9 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { $r = q("select author_xchan from item where parent = %d", intval($item['parent']) ); - if($r) { + if ($r) { foreach($r as $rv) { - if(! in_array($rv['author_xchan'],$recipients)) { + if (!in_array($rv['author_xchan'], $recipients)) { $recipients[] = $rv['author_xchan']; } } @@ -185,7 +187,7 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { // This is a somewhat expensive operation but important. // Don't send this item to anybody who isn't allowed to see it - $recipients = check_list_permissions($item['uid'],$recipients,'view_stream'); + $recipients = check_list_permissions($item['uid'], $recipients, 'view_stream'); // remove any upstream recipients from our list. // If it is ourself we'll add it back in a second. @@ -193,7 +195,7 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { // sending to anybody who is on our list of those who sent it to us. if($item['route']) { - $route = explode(',',$item['route']); + $route = explode(',', $item['route']); if(count($route)) { $route = array_unique($route); $recipients = array_diff($recipients,$route); @@ -202,9 +204,13 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { // add ourself just in case we have nomadic clones that need to get a copy. - $recipients[] = $item['author_xchan']; - if($item['owner_xchan'] != $item['author_xchan']) + if (!in_array($item['author_xchan'], $recipients)) { + $recipients[] = $item['author_xchan']; + } + + if($item['owner_xchan'] !== $item['author_xchan'] && !in_array($item['owner_xchan'], $recipients)) { $recipients[] = $item['owner_xchan']; + } return $recipients; } diff --git a/include/language.php b/include/language.php index 23aff0a02..e7363cffb 100644 --- a/include/language.php +++ b/include/language.php @@ -24,15 +24,15 @@ use CommerceGuys\Intl\Language\LanguageRepository; * @return array with ordered list of preferred languages from browser */ function get_browser_language() { - $langs = array(); - $lang_parse = array(); + $langs = []; + $lang_parse = []; if (x($_SERVER, 'HTTP_ACCEPT_LANGUAGE')) { // break up string into pieces (languages and q factors) preg_match_all('/([a-z]{1,8}(-[a-z]{1,8})?)\s*(;\s*q\s*=\s*(1|0\.[0-9]+))?/i', $_SERVER['HTTP_ACCEPT_LANGUAGE'], $lang_parse); - if (count($lang_parse[1])) { + if (is_array($lang_parse[1])) { // create a list like "en" => 0.8 $langs = array_combine($lang_parse[1], $lang_parse[4]); diff --git a/include/nav.php b/include/nav.php index 2cdf7d42b..31a447a84 100644 --- a/include/nav.php +++ b/include/nav.php @@ -201,6 +201,8 @@ function nav($template = 'default') { $nav['admin'] = ['admin/', t('Admin'), "", t('Site Setup and Configuration'), 'admin_nav_btn']; } + $theme_switch_icon = ((App::$page['color_mode'] === 'dark') ? 'sun' : 'moon'); + $x = ['nav' => $nav, 'usermenu' => $userinfo]; call_hooks('nav', $x); @@ -317,6 +319,9 @@ function nav($template = 'default') { App::$page['nav'] .= replace_macros($tpl, [ '$baseurl' => z_root(), + '$color_mode' => App::$page['color_mode'] ?? '', + '$navbar_color_mode' => App::$page['navbar_color_mode'] ?? '', + '$theme_switch_icon' => $theme_switch_icon, '$fulldocs' => t('Help'), '$sitelocation' => $sitelocation, '$nav' => $x['nav'], diff --git a/include/oembed.php b/include/oembed.php index bcf5d525c..fbe6a573b 100644 --- a/include/oembed.php +++ b/include/oembed.php @@ -147,6 +147,7 @@ function oembed_fetch_url($embedurl){ $txt = Cache::get('[' . App::$videowidth . '] ' . $furl); } + if(strpos(strtolower($embedurl),'.pdf') !== false && get_config('system','inline_pdf')) { $action = 'allow'; $j = [ @@ -158,7 +159,6 @@ function oembed_fetch_url($embedurl){ // set $txt to something so that we don't attempt to fetch what could be a lengthy pdf. $txt = EMPTY_STR; } - if(is_null($txt)) { $txt = EMPTY_STR; @@ -177,12 +177,17 @@ function oembed_fetch_url($embedurl){ $headers = get_headers($furl, true); - if (isset($headers['Content-Length']) && $headers['Content-Length'] > $max_oembed_size) { - $action = 'block'; + if (isset($headers['Content-Length'])) { + $content_length = ((is_array($headers['Content-Length'])) ? array_key_last($headers['Content-Length']) : $headers['Content-Length']); + + if ($content_length > $max_oembed_size) { + $action = 'block'; + } } } if ($action !== 'block') { + // try oembed autodiscovery $redirects = 0; $result = z_fetch_url($furl, false, $redirects, diff --git a/include/text.php b/include/text.php index 35ce465d6..705147e93 100644 --- a/include/text.php +++ b/include/text.php @@ -1795,7 +1795,6 @@ function prepare_body(&$item,$attach = false,$opts = false) { } $event = (($item['obj_type'] === ACTIVITY_OBJ_EVENT) ? format_event_obj($item['obj']) : []); - $prep_arr = [ 'item' => $item, 'html' => $event ? $event['content'] : $s, @@ -2621,13 +2620,13 @@ function xchan_query(&$items, $abook = true, $effective_uid = 0) { if(count($arr)) { if($abook) { $chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash and abook_channel = %d - where xchan_hash in (" . protect_sprintf(implode(',', $arr)) . ") and hubloc_primary = 1", + where xchan_hash in (" . protect_sprintf(implode(',', $arr)) . ") and hubloc_deleted = 0 order by hubloc_primary desc", intval($item['uid']) ); } else { $chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash - where xchan_hash in (" . protect_sprintf(implode(',', $arr)) . ") and hubloc_primary = 1"); + where xchan_hash in (" . protect_sprintf(implode(',', $arr)) . ") and hubloc_deleted = 0 order by hubloc_primary desc"); } $xchans = q("select * from xchan where xchan_hash in (" . protect_sprintf(implode(',',$arr)) . ") and xchan_network in ('rss','unknown', 'anon', 'token')"); if(! $chans) @@ -3033,46 +3032,44 @@ function handle_tag(&$body, &$str_tags, $profile_uid, $tag, $in_network = true) if($r) { - $xchan[0] = Libzot::zot_record_preferred($r, 'xchan_network'); + $xc = Libzot::zot_record_preferred($r, 'xchan_network'); - foreach($xchan as $xc) { - $profile = $xc['xchan_url']; - $newname = $xc['xchan_name']; - // add the channel's xchan_hash to $access_tag if exclusive - if($exclusive) { - $access_tag = 'cid:' . $xc['xchan_hash']; - } + $profile = $xc['xchan_url']; + $newname = $xc['xchan_name']; + // add the channel's xchan_hash to $access_tag if exclusive + if($exclusive) { + $access_tag = 'cid:' . $xc['xchan_hash']; + } - // if there is a url for this channel + // if there is a url for this channel - if(isset($profile)) { - $replaced = true; - //create profile link - $profile = str_replace(',','%2c',$profile); - $url = $profile; + if(isset($profile)) { + $replaced = true; + //create profile link + $profile = str_replace(',','%2c',$profile); + $url = $profile; + $bb_tag = (($xc['xchan_network'] === 'zot6') ? 'zrl' : 'url'); - $newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . $profile . ']' . $newname . '[/zrl]'; - $body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body); + $newtag = '@' . (($exclusive) ? '!' : '') . '[' . $bb_tag . '=' . $profile . ']' . $newname . '[/' . $bb_tag . ']'; + $body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body); - // append tag to str_tags - if(! stristr($str_tags,$newtag)) { - if(strlen($str_tags)) - $str_tags .= ','; - $str_tags .= $newtag; - } + // append tag to str_tags + if(! stristr($str_tags,$newtag)) { + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; } + } - $fn_results[] = [ - 'replaced' => $replaced, - 'termtype' => $termtype, - 'term' => $newname, - 'url' => $url, - 'access_tag' => $access_tag, - 'contact' => (($r) ? $xc : []), - ]; - - } + $fn_results[] = [ + 'replaced' => $replaced, + 'termtype' => $termtype, + 'term' => $newname, + 'url' => $url, + 'access_tag' => $access_tag, + 'contact' => (($r) ? $xc : []), + ]; } else { @@ -3505,6 +3502,14 @@ function flatten_array_recursive($arr) { return($ret); } +// Turn $element into an array if it isn't already. +function force_array($element) { + if (empty($element)) { + return []; + } + return (is_array($element)) ? $element : [$element]; +} + /** * @brief Highlight Text. * |