diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/attach.php | 81 | ||||
| -rw-r--r-- | include/channel.php | 2 | ||||
| -rw-r--r-- | include/connections.php | 29 | ||||
| -rw-r--r-- | include/conversation.php | 7 | ||||
| -rw-r--r-- | include/items.php | 179 | ||||
| -rw-r--r-- | include/network.php | 2 | ||||
| -rw-r--r-- | include/permissions.php | 16 | ||||
| -rw-r--r-- | include/security.php | 41 | ||||
| -rw-r--r-- | include/socgraph.php | 5 | ||||
| -rw-r--r-- | include/text.php | 22 |
10 files changed, 288 insertions, 96 deletions
diff --git a/include/attach.php b/include/attach.php index 224af12c6..ead5a8e06 100644 --- a/include/attach.php +++ b/include/attach.php @@ -254,7 +254,7 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $ * @param int $rev (optional) Revision default 0 * @return array */ -function attach_by_hash($hash, $observer_hash, $rev = 0) { +function attach_by_hash($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) { $ret = array('success' => false); @@ -274,7 +274,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { return $ret; } - if(! attach_can_view($r[0]['uid'], $observer_hash, $hash)) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $hash, $token)) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -311,7 +311,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) { * @param string $observer_hash * @return array */ -function attach_by_id($id, $observer_hash) { +function attach_by_id($id, $observer_hash, $token = EMPTY_STR) { $ret = array('success' => false); @@ -325,7 +325,7 @@ function attach_by_id($id, $observer_hash) { return $ret; } - if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'])) { + if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'], $token)) { $ret['message'] = t('Permission denied.'); return $ret; } @@ -338,49 +338,56 @@ function attach_by_id($id, $observer_hash) { return $ret; } -function attach_can_view($uid,$ob_hash,$resource) { +function attach_can_view($uid, $ob_hash, $resource, $token = EMPTY_STR) { - $sql_extra = permissions_sql($uid,$ob_hash); - $hash = $resource; - - if(! perm_is_allowed($uid,$ob_hash,'view_storage')) { - return false; + if (!$token) { + if(! perm_is_allowed($uid, $ob_hash, 'view_storage')) { + return false; + } } + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); + $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", - dbesc($hash), + dbesc($resource), intval($uid) ); - if(! $r) { + + if(!$r) { return false; } - return attach_can_view_folder($uid,$ob_hash,$r[0]['folder']); + // don't perform recursive folder check when using OCAP. Only when using ACL access. + // For OCAP if the token is valid they can see the thing. -} + if ($token) { + return true; + } + + return attach_can_view_folder($uid, $ob_hash, $r[0]['folder'], $token); +} -function attach_can_view_folder($uid,$ob_hash,$folder_hash) { - $sql_extra = permissions_sql($uid,$ob_hash); - $hash = $folder_hash; +function attach_can_view_folder($uid, $ob_hash, $folder_hash, $token = EMPTY_STR) { - if(! $folder_hash) { - return perm_is_allowed($uid,$ob_hash,'view_storage'); + if(!$folder_hash && !$token) { + return perm_is_allowed($uid, $ob_hash, 'view_storage'); } + $sql_extra = permissions_sql($uid, $ob_hash, '', $token); do { $r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra", - dbesc($hash), + dbesc($folder_hash), intval($uid) ); if(! $r) return false; - $hash = $r[0]['folder']; - } while($hash); + $folder_hash = $r[0]['folder']; + } while($folder_hash); return true; } @@ -400,7 +407,7 @@ function attach_can_view_folder($uid,$ob_hash,$folder_hash) { * * \e string \b message (optional) only when success is false * * \e array \b data array of attach DB entry without data component */ -function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { +function attach_by_hash_nodata($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) { $ret = array('success' => false); @@ -425,7 +432,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { return $ret; } - $sql_extra = permissions_sql($r[0]['uid'], $observer_hash); + $sql_extra = permissions_sql($r[0]['uid'], $observer_hash, '', $token); // Now we'll see if we can access the attachment @@ -440,7 +447,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) { } if($r[0]['folder']) { - $x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder']); + $x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder'], $token); if(! $x) { $ret['message'] = t('Permission denied.'); return $ret; @@ -508,7 +515,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $upload_path = $arr['directory'] ?? ''; $visible = $arr['visible'] ?? 0; $notify = $arr['notify'] ?? 0; - + $flags = (($arr && array_key_exists('flags', $arr)) ? intval($arr['flags']) : 0); $observer = array(); $dosync = ((array_key_exists('nosync',$arr) && $arr['nosync']) ? 0 : 1); @@ -933,8 +940,8 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { ); } else { - $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, content, created, edited, os_path, display_path, allow_cid, allow_gid,deny_cid, deny_gid ) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", + $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, flags, content, created, edited, os_path, display_path, allow_cid, allow_gid,deny_cid, deny_gid ) + VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), @@ -946,6 +953,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { intval(0), intval(1), intval($is_photo), + intval($flags), dbescbin($os_basepath . $os_relpath), dbesc($created), dbesc($created), @@ -1413,6 +1421,23 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi if(! $r) return; + $private = $allow_cid || $allow_gid || $deny_cid || $deny_gid; + + // preserve any existing tokens that may have been set for this file + // @fixme - we need a way to unconditionally clear these if desired. + + if ($private) { + $token_matches = null; + if (preg_match_all('/\<token:(.*?)\>/', $r[0]['allow_cid'], $token_matches, PREG_SET_ORDER)) { + foreach ($token_matches as $m) { + $tok = '<token:' . $m[1] . '>'; + if (!str_contains($allow_cid, $tok)) { + $allow_cid .= $tok; + } + } + } + } + if(intval($r[0]['is_dir'])) { if($recurse) { $r = q("select hash, flags, is_dir from attach where folder = '%s' and uid = %d", diff --git a/include/channel.php b/include/channel.php index 01302a1b9..2e8aefaaa 100644 --- a/include/channel.php +++ b/include/channel.php @@ -3092,5 +3092,5 @@ function channel_url($channel) { function get_channel_hashes() { $r = dbq("SELECT channel_hash FROM channel WHERE channel_removed = 0"); - return flatten_array_recursive($r); + return ids_to_array($r, 'channel_hash'); } diff --git a/include/connections.php b/include/connections.php index e8415bb25..9a6ee7d8d 100644 --- a/include/connections.php +++ b/include/connections.php @@ -67,6 +67,35 @@ function rconnect_url($channel_id,$xchan) { } +function deliverable_abook_xchans($channel_id, $filter = [], $flatten = true) { + $filter_sql = ''; + + if ($filter) { + $filter_sql = " AND abook_xchan IN (" . protect_sprintf(stringify_array($filter, true)) . ") "; + } + + $r = q("SELECT abook_xchan, xchan_network FROM abook LEFT JOIN xchan ON abook_xchan = xchan_hash WHERE + abook_channel = %d $filter_sql + AND abook_self = 0 + AND abook_pending = 0 + AND abook_archived = 0 + AND abook_not_here = 0 + AND xchan_network NOT IN ('anon', 'token', 'rss')", + intval($channel_id) + ); + + if (!$r) { + return []; + } + + if ($flatten) { + return ids_to_array($r, 'abook_xchan'); + } + + return $r; +} + + function abook_connections($channel_id, $sql_conditions = '') { $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 $sql_conditions", diff --git a/include/conversation.php b/include/conversation.php index 2f0b6f6fd..c02b0c4c8 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1215,11 +1215,16 @@ function builtin_activity_puller($item, &$conv_responses) { if((activity_match($item['verb'], $verb)) && ($item['id'] != $item['parent'])) { $name = (($item['author']['xchan_name']) ? $item['author']['xchan_name'] : t('Unknown')); + + $moderate = ((intval($item['item_blocked']) === ITEM_MODERATED) ? '<a href="moderate/' . $item['id'] . '/approve" onclick="moderate_approve(' . $item['id'] . '); return false;" class="text-success pe-2" title="' . t('Approve this item') . '"><i class="fa fa-check" ></i></a><a href="moderate/' . $item['id'] . '/drop" onclick="moderate_drop(' . $item['id'] . '); return false;" class="text-danger pe-2" title="' . t('Delete this item') . '"><i class="fa fa-trash-o" ></i></a>' : ''); + $url = (($item['author_xchan'] && $item['author']['xchan_photo_s']) - ? '<a class="dropdown-item" href="' . chanlink_hash($item['author_xchan']) . '">' . '<img class="menu-img-1" src="' . zid($item['author']['xchan_photo_s']) . '" alt="' . urlencode($name) . '" /> ' . $name . '</a>' + ? '<div class="dropdown-item">' . $moderate . '<a href="' . chanlink_hash($item['author_xchan']) . '" class="text-reset">' . '<img class="menu-img-1" src="' . zid($item['author']['xchan_photo_s']) . '" alt="' . urlencode($name) . '" /> ' . $name . '</a></div>' : '<a class="dropdown-item" href="#" class="disabled">' . $name . '</a>' ); + + if(! $item['thr_parent']) $item['thr_parent'] = $item['parent_mid']; diff --git a/include/items.php b/include/items.php index f6a93cc2c..d88a676a1 100644 --- a/include/items.php +++ b/include/items.php @@ -53,35 +53,28 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { $allow_groups = []; } - $recipients = array_unique(array_merge($allow_people,$allow_groups)); + $raw_recipients = array_unique(array_merge($allow_people, $allow_groups)); + $recipients = deliverable_abook_xchans($item['uid'], $raw_recipients); // if you specifically deny somebody but haven't allowed anybody, we'll allow everybody in your // address book minus the denied connections. The post is still private and can't be seen publicly // as that would allow the denied person to see the post by logging out. - if((! $item['allow_cid']) && (! $item['allow_gid'])) { - $r = q("select * from abook where abook_channel = %d and abook_self = 0 and abook_pending = 0 and abook_archived = 0 ", - intval($item['uid']) - ); - - if($r) { - foreach($r as $rr) { - $recipients[] = $rr['abook_xchan']; - } - } + if(!$item['allow_cid'] && !$item['allow_gid']) { + $recipients = deliverable_abook_xchans($item['uid']); } $deny_people = expand_acl($item['deny_cid']); $deny_groups = AccessList::expand(expand_acl($item['deny_gid'])); - $deny = array_unique(array_merge($deny_people,$deny_groups)); + $deny = array_unique(array_merge($deny_people, $deny_groups)); // Don't deny anybody if nobody was allowed (e.g. they were all filtered out) // That would lead to array_diff doing the wrong thing. // This will result in a private post that won't be delivered to anybody. if($recipients && $deny) - $recipients = array_diff($recipients,$deny); + $recipients = array_diff($recipients, $deny); $private_envelope = true; } @@ -112,9 +105,7 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { if ($hookinfo['recipients']) { $r = $hookinfo['recipients']; } else { - $r = q("select abook_xchan, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 and abook_pending = 0 and abook_archived = 0 and abook_not_here = 0 and xchan_network not in ('anon', 'token', 'rss')", - intval($item['uid']) - ); + $r = deliverable_abook_xchans($item['uid'], [], false); } if($r) { @@ -242,9 +233,21 @@ function comments_are_now_closed($item) { } function item_normal() { - return " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 - and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 - and item.item_blocked = 0 "; + $profile_uid = App::$profile['profile_uid'] ?? App::$profile_uid ?? null; + $uid = local_channel(); + $is_owner = ($uid && intval($profile_uid) === $uid); + + $sql = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0 + and item.item_unpublished = 0 and item.item_pending_remove = 0"; + + if ($is_owner) { + $sql .= " and item.item_blocked IN (0, " . intval(ITEM_MODERATED) . ") and item.item_delayed IN (0, 1) "; + } + else { + $sql .= " and item.item_blocked = 0 and item.item_delayed = 0 "; + } + + return $sql; } function item_normal_search() { @@ -2448,13 +2451,17 @@ function send_status_notifications($post_id,$item) { intval($item['uid']) ); - $thr_parent_id = $r[0]['id']; + if ($r) { + $thr_parent_id = $r[0]['id']; + } + } $r = q("select channel_hash from channel where channel_id = %d limit 1", intval($item['uid']) ); - if(! $r) + + if(!$r) return; // my own post - no notification needed @@ -5009,6 +5016,136 @@ function fix_attached_file_permissions($channel,$observer_hash,$body, } } +function list_attached_local_files($body) { + + $files = []; + $match = []; + + // match img and zmg image links + if (preg_match_all("/\[[zi]mg(.*?)](.*?)\[\/[zi]mg]/", $body, $match)) { + $images = array_merge($match[1], $match[2]); + if ($images) { + foreach ($images as $image) { + if (!stristr($image, z_root() . '/photo/')) { + continue; + } + $image_uri = substr($image,strrpos($image,'/') + 1); + if (str_contains($image_uri, '-')) { + $image_uri = substr($image_uri,0, strrpos($image_uri,'-')); + } + if (str_contains($image_uri, '.')) { + $image_uri = substr($image_uri,0, strpos($image_uri,'.')); + } + if ($image_uri && !in_array($image_uri, $files)) { + $files[] = $image_uri; + } + } + } + } + if (preg_match_all("/\[attachment](.*?)\[\/attachment]/",$body,$match)) { + $attaches = $match[1]; + if ($attaches) { + foreach ($attaches as $attach) { + $hash = substr($attach,0,strpos($attach,',')); + if ($hash && !in_array($hash, $files)) { + $files[] = $hash; + } + } + } + } + + return $files; +} + +function fix_attached_permissions($uid, $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $token = EMPTY_STR) { + + $files = list_attached_local_files($body); + + if (! $files) { + return; + } + + foreach ($files as $file) { + $attach_q = q("select id, hash, flags, is_photo, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d", + dbesc($file), + intval($uid) + ); + + if (! $attach_q) { + continue; + } + + $attach = array_shift($attach_q); + + $new_public = !(($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny)); + $existing_public = !(($attach['allow_cid'] || $attach['allow_gid'] || $attach['deny_cid'] || $attach['deny_gid'])); + + if ($existing_public) { + // permissions have already been fixed and they are public. There's nothing for us to do. + continue; + } + + // if flags & 1, the attachment was uploaded directly into a post and needs to have permissions corrected + // or - if it is a private file and a new token was generated, we'll need to add the token to the ACL. + + if (((intval($attach['flags']) & 1) !== 1) && (! $token)) { + continue; + } + + $item_private = 0; + + if ($new_public === false) { + $item_private = (($str_group_allow || ($str_contact_allow && substr_count($str_contact_allow,'<') > 2)) ? 1 : 2); + + // preserve any existing tokens that may have been set for this file + $token_matches = null; + if (preg_match_all('/<token:(.*?)>/',$attach['allow_cid'],$token_matches, PREG_SET_ORDER)) { + foreach ($token_matches as $m) { + $tok = '<token:' . $m[1] . '>'; + if (!str_contains($str_contact_allow, $tok)) { + $str_contact_allow .= $tok; + } + } + } + if ($token && !str_contains($str_contact_allow, $token)) { + $str_contact_allow .= '<token:' . $token . '>'; + } + } + + q("update attach SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', flags = 0 + WHERE id = %d AND uid = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval($attach['id']), + intval($uid) + ); + + if ($attach['is_photo']) { + $r = q("UPDATE photo SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' + WHERE resource_id = '%s' AND uid = %d ", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + dbesc($file), + intval($uid) + ); + + $r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d + WHERE resource_id = '%s' AND 'resource_type' = 'photo' AND uid = %d", + dbesc($str_contact_allow), + dbesc($str_group_allow), + dbesc($str_contact_deny), + dbesc($str_group_deny), + intval($item_private), + dbesc($file), + intval($uid) + ); + } + } +} function item_create_edit_activity($post) { diff --git a/include/network.php b/include/network.php index f0642d8f7..b34fdffcc 100644 --- a/include/network.php +++ b/include/network.php @@ -1729,12 +1729,14 @@ function deliverable_singleton($channel_id,$xchan) { intval($channel_id), dbesc($xchan_hash) ); + if($r) { if(! $r[0]['abook_instance']) return true; if(strpos($r[0]['abook_instance'],z_root()) !== false) return true; } + return false; } diff --git a/include/permissions.php b/include/permissions.php index c3a9286c0..28f242712 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -175,7 +175,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ // They are in your address book, but haven't been approved - if($channel_perm & PERMS_PENDING && (! intval($x[0]['abook_pseudo']))) { + if($channel_perm & PERMS_PENDING) { $ret[$perm_name] = 1; continue; } @@ -188,12 +188,6 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ // They're a contact, so they have permission if($channel_perm & PERMS_CONTACTS) { - // it was a fake abook entry, not really a connection - if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) { - $ret[$perm_name] = 0; - continue; - } - $ret[$perm_name] = 1; continue; } @@ -340,7 +334,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } - // From here on we require that the observer be a connection or pseudo connection + // From here on we require that the observer be a connection if(! $x) { return false; @@ -348,7 +342,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // They are in your address book, but haven't been approved - if($channel_perm & PERMS_PENDING && (! intval($x[0]['abook_pseudo']))) { + if($channel_perm & PERMS_PENDING) { return true; } @@ -359,10 +353,6 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // They're a contact, so they have permission if($channel_perm & PERMS_CONTACTS) { - // it was a fake abook entry, not really a connection - if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) { - return false; - } return true; } diff --git a/include/security.php b/include/security.php index de9f1f337..b3e45742e 100644 --- a/include/security.php +++ b/include/security.php @@ -237,21 +237,6 @@ function atoken_abook($uid, $xchan_hash) { } -function pseudo_abook($xchan) { - if (!$xchan) - return false; - - // set abook_pseudo to flag that we aren't really connected. - - $xchan['abook_pseudo'] = 1; - $xchan['abook_blocked'] = 0; - $xchan['abook_ignored'] = 0; - $xchan['abook_pending'] = 0; - - return $xchan; -} - - /** * @brief Change to another channel with current logged-in account. * @@ -326,11 +311,12 @@ function change_channel($change_channel) { * @param int $owner_id * @param bool $remote_observer (optional) use current observer if unset * @param $table (optional) + * @param $token (optional) * * @return string additional SQL where statement */ -function permissions_sql($owner_id, $remote_observer = null, $table = '') { +function permissions_sql($owner_id, $remote_observer = null, $table = '', $token = EMPTY_STR) { $local_channel = local_channel(); @@ -412,6 +398,16 @@ function permissions_sql($owner_id, $remote_observer = null, $table = '') { dbesc($gs) ); } + + /* + * OCAP token access + */ + + elseif ($token) { + $sql = " AND ( {$table}allow_cid like '" . protect_sprintf('%<token:' . $token . '>%') . + "' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '' AND {$table}deny_cid = '' AND {$table}deny_gid = '' ) )"; + } + } return $sql; @@ -490,12 +486,19 @@ function item_permissions_sql($owner_id, $remote_observer = null) { $gs = '<<>>'; // should be impossible to match } + // This function is often called without an $owner_id in places where this could not be + // determined in advance. The ACL fields will usually not contain the original author or owner + // so we will also check for author_xchan and owner_xchan to account for this ACL deficiency. + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND (( NOT (deny_cid $regexop '%s' OR deny_gid $regexop '%s') - AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) - ) OR ( item_private = 1 $scope )) + " AND ( author_xchan = '%s' OR owner_xchan = '%s' OR + (( NOT (deny_cid $regexop '%s' OR deny_gid $regexop '%s') + AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) + ))) ", + dbesc($observer), + dbesc($observer), dbesc($cs), dbesc($gs), dbesc($cs), diff --git a/include/socgraph.php b/include/socgraph.php index 372928798..e5e8ddf74 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -148,7 +148,7 @@ function poco_load($xchan = '', $url = null) { // We've never seen this person before. Import them. - if(($x !== false) && (! count($x))) { + if(!$x) { if($address) { if($network === 'zot6') { $j = Zotfinger::exec($profile_url); @@ -170,7 +170,6 @@ function poco_load($xchan = '', $url = null) { $total ++; - $r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 0 limit 1", dbesc($xchan), dbesc($hash) @@ -427,7 +426,7 @@ function poco() { intval($startIndex) ); } else { - $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d + $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and xchan_deleted = 0 $sql_extra LIMIT %d OFFSET %d", intval($channel_id), intval($itemsPerPage), diff --git a/include/text.php b/include/text.php index 2693e7b16..6ab8fc1ce 100644 --- a/include/text.php +++ b/include/text.php @@ -887,6 +887,8 @@ function get_tags($s) { // ignore anything in a code or svg block $s = preg_replace('/\[code(.*?)\](.*?)\[\/code\]/sm','',$s); + $s = preg_replace('/\[nobb\](.*?)\[\/nobb\]/sm','',$s); + $s = preg_replace('/\[noparse\](.*?)\[\/noparse\]/sm','',$s); $s = preg_replace('/\[svg(.*?)\](.*?)\[\/svg\]/sm','',$s); $s = preg_replace('/\[toc(.*?)\]/sm','',$s); @@ -2529,26 +2531,26 @@ function check_webbie($arr) { return ''; } -function ids_to_array($arr,$idx = 'id') { - $t = array(); +function ids_to_array($arr, $idx = 'id') { + $t = []; if($arr) { foreach($arr as $x) { - if(array_key_exists($idx,$x) && strlen($x[$idx]) && (! in_array($x[$idx],$t))) { + if(array_key_exists($idx, $x) && strlen($x[$idx]) && (! in_array($x[$idx], $t))) { $t[] = $x[$idx]; } } } - return($t); + return $t; } -function ids_to_querystr($arr,$idx = 'id',$quote = false) { - $t = array(); +function ids_to_querystr($arr, $idx = 'id', $quote = false) { + $t = []; if($arr) { foreach($arr as $x) { - if(! in_array($x[$idx],$t)) { + if(!in_array($x[$idx], $t)) { if($quote) $t[] = "'" . dbesc($x[$idx]) . "'"; else @@ -2556,7 +2558,7 @@ function ids_to_querystr($arr,$idx = 'id',$quote = false) { } } } - return(implode(',', $t)); + return implode(',', $t); } /** @@ -2699,8 +2701,8 @@ function stringify_array_elms(&$arr, $escape = false) { */ function stringify_array($arr, $escape = false) { if($arr) { - stringify_array_elms($arr); - return(implode(',',$arr)); + stringify_array_elms($arr, $escape); + return(implode(',', $arr)); } return EMPTY_STR; } |