13 files changed, 397 insertions, 35 deletions

diff --git a/include/attach.php b/include/attach.php
index 155ddbc96..a300e34b0 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -970,6 +970,33 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid,
 
 	$poster = get_app()->get_observer();
 
+	//if we got no object something went wrong
+	if(!$object)
+		return;
+
+	$is_dir = (($object['flags'] & ATTACH_FLAG_DIR) ? true : false);
+
+	//do not send activity for folders for now
+	if($is_dir)
+		return;
+
+/*
+	//check for recursive perms if we are in a folder
+	if($object['folder']) {
+
+		$folder_hash = $object['folder'];
+
+		$r_perms = check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash);
+
+		$allow_cid = perms2str($r_perms['allow_cid']);
+		$allow_gid = perms2str($r_perms['allow_gid']);
+		$deny_cid = perms2str($r_perms['deny_cid']);
+		$deny_gid = perms2str($r_perms['deny_gid']);
+
+	}
+*/
+
+
 	$mid = item_message_id();
 
 	$objtype = ACTIVITY_OBJ_FILE;
@@ -1124,3 +1151,83 @@ function get_file_activity_object($channel_id, $hash, $cloudpath) {
 	return $object;
 
 }
+
+function check_recursive_perms($allow_cid, $allow_gid, $deny_cid, $deny_gid, $folder_hash) {
+
+	$arr_allow_cid = expand_acl($allow_cid);
+	$arr_allow_gid = expand_acl($allow_gid);
+	$arr_deny_cid = expand_acl($deny_cid);
+	$arr_deny_gid = expand_acl($deny_gid);
+
+	$count = 0;
+	while($folder_hash) {
+		$x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, folder FROM attach WHERE hash = '%s' LIMIT 1",
+			dbesc($folder_hash)
+		);
+
+		//only process private folders
+		if($x[0]['allow_cid'] || $x[0]['allow_gid'] || $x[0]['deny_cid'] || $x[0]['deny_gid']) {
+
+			$parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']);
+			$parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']);
+			$parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']);
+			$parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']);
+
+			$parents_arr = $parent_arr;
+
+			$count++;
+
+		}
+
+		$folder_hash = $x[0]['folder'];
+
+	}
+
+	//if there are no perms on the file we get them from the first parent folder
+	if(!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) {
+		$arr_allow_cid = $parent_arr['allow_cid'][0];
+		$arr_allow_gid = $parent_arr['allow_gid'][0];
+		$arr_deny_cid = $parent_arr['deny_cid'][0];
+		$arr_deny_gid = $parent_arr['deny_gid'][0];
+	}
+
+	//allow_cid
+	foreach ($parents_arr['allow_cid'] as $folder_arr_allow_cid) {
+		foreach ($folder_arr_allow_cid as $ac_hash) {
+			$count_values[$ac_hash]++;
+		}
+	}
+	foreach ($arr_allow_cid as $fac_hash) {
+		if(($count_values[$fac_hash]) && ($count_values[$fac_hash] == $count))
+			$r_arr_allow_cid[] = $fac_hash;
+	}
+
+
+	//allow_gid
+	foreach ($parents_arr['allow_gid'] as $folder_arr_allow_gid) {
+		foreach ($folder_arr_allow_gid as $ag_hash) {
+			$count_values[$ag_hash]++;
+		}
+	}
+	foreach ($arr_allow_gid as $fag_hash) {
+		if(($count_values[$fag_hash]) && ($count_values[$fag_hash] == $count))
+			$r_arr_allow_gid[] = $fag_hash;
+	}
+
+	//deny_gid
+	foreach($parents_arr['deny_gid'] as $folder_arr_deny_gid) {
+		$arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid);
+	}
+
+	//deny_cid
+	foreach($parents_arr['deny_cid'] as $folder_arr_deny_cid) {
+		$arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid);
+	}
+
+	$ret['allow_gid'] = $r_arr_allow_gid;
+	$ret['allow_cid'] = $r_arr_allow_cid;
+	$ret['deny_gid'] = array_unique($r_arr_deny_gid);
+	$ret['deny_cid'] = array_unique($r_arr_deny_cid);
+
+	return $ret;
+}
diff --git a/include/conversation.php b/include/conversation.php
index 9429af754..952d7d322 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -619,10 +619,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
 					$profile_link = zid($profile_link);
 
 				$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
-				if(x($a->contacts,$normalised))
-					$profile_avatar = $a->contacts[$normalised]['thumb'];
-				else
-					$profile_avatar = ((strlen($item['author-avatar'])) ? $a->get_cached_avatar_image($item['author-avatar']) : $item['thumb']);
 
 				$profile_name = $item['author']['xchan_name'];
 				$profile_link = $item['author']['xchan_url'];
diff --git a/include/diaspora.php b/include/diaspora.php
index 8f2f93209..8047d0e64 100755
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -35,11 +35,16 @@ function diaspora_dispatch_public($msg) {
 			logger('diaspora_public: delivering to: ' . $rr['channel_name'] . ' (' . $rr['channel_address'] . ') ');
 			diaspora_dispatch($rr,$msg);
 		}
-		if($sys)
-			diaspora_dispatch($sys,$msg);
 	}
-	else
-		logger('diaspora_public: no subscribers');
+	else {
+		if(! $sys)
+			logger('diaspora_public: no subscribers');
+	}
+
+	if($sys) {
+		logger('diaspora_public: delivering to sys.');
+		diaspora_dispatch($sys,$msg);
+	}
 }
 
 
@@ -688,7 +693,7 @@ function diaspora_request($importer,$xml) {
 		$default_perms = $x['perms_accept'];
 	}
 	if(! $default_perms)
-		$default_perms = intval(get_pconfig($channel['channel_id'],'system','autoperms'));
+		$default_perms = intval(get_pconfig($importer['channel_id'],'system','autoperms'));
 				
 	$their_perms = PERMS_R_STREAM|PERMS_R_PROFILE|PERMS_R_PHOTOS|PERMS_R_ABOOK|PERMS_W_STREAM|PERMS_W_COMMENT|PERMS_W_MAIL|PERMS_W_CHAT|PERMS_R_STORAGE|PERMS_R_PAGES;
 
diff --git a/include/dir_fns.php b/include/dir_fns.php
index 6d06fddd1..8c0161ff1 100644
--- a/include/dir_fns.php
+++ b/include/dir_fns.php
@@ -216,6 +216,49 @@ function sync_directories($dirmode) {
 				);
 			}
 		}
+		if(count($j['ratings'])) {
+			foreach($j['ratings'] as $rr) {		
+				$x = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1",
+					dbesc($rr['channel']),
+					dbesc($rr['target'])
+				);
+				if($x && $x[0]['xlink_updated'] >= $rr['edited'])
+					continue;
+				$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
+					dbesc($rr['channel'])
+				);
+				if(! $y) {
+					logger('key unavailable on this site for ' . $rr['channel']);
+					continue;
+				}
+				if(! rsa_verify($rr['target'] . '.' . $rr['rating'] . '.' . $rr['rating_text'], base64url_decode($rr['signature']),$y[0]['xchan_pubkey'])) {
+			        logger('failed to verify rating');
+					continue;
+				}
+
+				if($x) {
+					$z = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' where xlink_id = %d",
+						intval($rr['rating']),
+						dbesc($rr['rating_text']),
+						dbesc($rr['signature']),
+						dbesc(datetime_convert()),
+						intval($x[0]['xlink_id'])
+	        		);
+			        logger('rating updated');
+    			}
+    			else {
+        			$z = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values( '%s', '%s', %d, '%s', '%s', 1 ) ",
+						dbesc($rr['channel']),
+						dbesc($rr['target']),
+						intval($rr['rating']),
+						dbesc($rr['rating_text']),
+						dbesc($rr['signature']),
+						dbesc(datetime_convert())
+					);
+					logger('rating created');
+				}
+			}
+		}
 	}
 }
 
diff --git a/include/identity.php b/include/identity.php
index 2fc183368..415e85f2f 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -943,6 +943,9 @@ logger('online: ' . $profile['online']);
 
 	$tpl = get_markup_template('profile_vcard.tpl');
 
+	require_once('include/widgets.php');
+	$z = widget_rating(array('target' => $profile['channel_hash']));
+
 	$o .= replace_macros($tpl, array(
 		'$profile'       => $profile,
 		'$connect'       => $connect,
@@ -954,6 +957,7 @@ logger('online: ' . $profile['online']);
 		'$homepage'      => $homepage,
 		'$chanmenu'      => $channel_menu,
 		'$diaspora'      => $diaspora,
+		'$rating'        => $z,
 		'$contact_block' => $contact_block,
 	));
 
diff --git a/include/items.php b/include/items.php
index c34e694ac..0b2106572 100755
--- a/include/items.php
+++ b/include/items.php
@@ -4751,6 +4751,7 @@ function item_remove_cid($xchan_hash,$mid,$uid) {
 // Set item permissions based on results obtained from linkify_tags()
 function set_linkified_perms($linkified, &$str_contact_allow, &$str_group_allow, $profile_uid, $parent_item = false) {
 	$first_access_tag = true;
+
 	foreach($linkified as $x) {
 		$access_tag = $x['access_tag'];
 		if(($access_tag) && (! $parent_item)) {
diff --git a/include/js_strings.php b/include/js_strings.php
index f4c0a631d..56ffa9536 100644
--- a/include/js_strings.php
+++ b/include/js_strings.php
@@ -16,6 +16,10 @@ function js_strings() {
 		'$permschange' => t('Notice: Permissions have changed but have not yet been submitted.'),
 		'$closeAll'    => t('close all'),
 		'$nothingnew'  => t('Nothing new here'),
+		'$rating_desc' => t('Rate This Channel (this is public)'),
+		'$rating_val'  => t('Rating'),
+		'$rating_text' => t('Describe (optional)'),
+		'$submit'      => t('Submit'),
 
 		'$t01' => ((t('timeago.prefixAgo') != 'timeago.prefixAgo') ? t('timeago.prefixAgo') : ''),
 		'$t02' => ((t('timeago.prefixFromNow') != 'timeago.prefixFromNow') ? t('timeago.prefixFromNow') : ''),
diff --git a/include/notifier.php b/include/notifier.php
index edb2f1946..fe6ac33c0 100644
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -297,15 +297,6 @@ function notifier_run($argv, $argc){
 		$private = false;
 		$packet_type = 'purge';
 	}
-	elseif($cmd === 'rating') {
-		$r = q("select * from xlink where xlink_id = %d and xlink_static = 1 limit 1",
-			intval($item_id)
-		);
-		if($r) {
-			logger('rating message: ' . print_r($r[0],true));
-			return;
-		}
-	}
 	else {
 
 		// Normal items
@@ -483,11 +474,6 @@ function notifier_run($argv, $argc){
 	// Now we have collected recipients (except for external mentions, FIXME)
 	// Let's reduce this to a set of hubs.
 
-	
-	// for public posts always include our own hub
-// this shouldn't be needed any more. collect_recipients should take care of it.
-//	$sql_extra = (($private) ? "" : " or hubloc_url = '" . dbesc(z_root()) . "' ");
-
 	logger('notifier: hub choice: ' . intval($relay_to_owner) . ' ' . intval($private) . ' ' . $cmd, LOGGER_DEBUG);
 
 	if($relay_to_owner && (! $private) && ($cmd !== 'relay')) {
diff --git a/include/poller.php b/include/poller.php
index dc310fe16..fd78ce087 100644
--- a/include/poller.php
+++ b/include/poller.php
@@ -164,6 +164,10 @@ function poller_run($argv, $argc){
 				db_utcnow(), db_quoteinterval('14 DAY')
 			);
 
+			$dirmode = intval(get_config('system','directory_mode'));
+			if($dirmode == DIRECTORY_MODE_SECONDARY) {
+				logger('regdir: ' . print_r(z_fetch_url(get_directory_primary() . '/regdir?f=&url=' . z_root() . '&realm=' . get_directory_realm()),true));
+			}
 
 			/**
 			 * End Cron Weekly
diff --git a/include/ratenotif.php b/include/ratenotif.php
new file mode 100644
index 000000000..4fa0077a6
--- /dev/null
+++ b/include/ratenotif.php
@@ -0,0 +1,124 @@
+<?php
+
+require_once('include/cli_startup.php');
+require_once('include/zot.php');
+require_once('include/queue_fn.php');
+
+
+function ratenotif_run($argv, $argc){
+
+	cli_startup();
+
+	$a = get_app();
+
+	require_once("session.php");
+	require_once("datetime.php");
+	require_once('include/items.php');
+	require_once('include/Contact.php');
+
+	if($argc < 3)
+		return;
+
+
+	logger('ratenotif: invoked: ' . print_r($argv,true), LOGGER_DEBUG);
+
+	$cmd = $argv[1];
+
+	$item_id = $argv[2];
+
+
+	if($cmd === 'rating') {
+		$r = q("select * from xlink where xlink_id = %d and xlink_static = 1 limit 1",
+			intval($item_id)
+		);
+		if(! $r) {
+			logger('rating not found');
+			return;
+		}
+
+		$encoded_item = array(
+			'type' => 'rating', 
+			'encoding' => 'zot',
+			'target' => $r[0]['xlink_link'],
+			'rating' => intval($r[0]['xlink_rating']),
+			'rating_text' => $r[0]['xlink_rating_text'],
+			'signature' => $r[0]['xlink_sig'],
+			'edited' => $r[0]['xlink_updated']
+		);
+	}
+
+	$channel = channelx_by_hash($r[0]['xlink_xchan']);
+	if(! $channel) {
+		logger('no channel');
+		return;
+	}
+
+
+	$primary = get_directory_primary();
+
+	if(! $primary)
+		return;
+
+
+	$interval = ((get_config('system','delivery_interval') !== false) 
+		? intval(get_config('system','delivery_interval')) : 2 );
+
+	$deliveries_per_process = intval(get_config('system','delivery_batch_count'));
+
+	if($deliveries_per_process <= 0)
+		$deliveries_per_process = 1;
+
+	$deliver = array();
+
+	$x = z_fetch_url($primary . '/regdir');
+	if($x['success']) {
+		$j = json_decode($x['body'],true);
+		if($j && $j['success'] && is_array($j['directories'])) {
+
+			foreach($j['directories'] as $h) {
+//				if($h == z_root())
+//					continue;
+
+				$hash = random_string();
+				$n = zot_build_packet($channel,'notify',null,null,$hash);
+
+				q("insert into outq ( outq_hash, outq_account, outq_channel, outq_driver, outq_posturl, outq_async, outq_created, outq_updated, outq_notify, outq_msg ) values ( '%s', %d, %d, '%s', '%s', %d, '%s', '%s', '%s', '%s' )",
+					dbesc($hash),
+					intval($channel['channel_account_id']),
+					intval($channel['channel_id']),
+					dbesc('zot'),
+					dbesc($h . '/post'),
+					intval(1),
+					dbesc(datetime_convert()),
+					dbesc(datetime_convert()),
+					dbesc($n),
+					dbesc(json_encode($encoded_item))
+				);
+			}
+			$deliver[] = $hash;
+
+			if(count($deliver) >= $deliveries_per_process) {
+				proc_run('php','include/deliver.php',$deliver);
+				$deliver = array();
+				if($interval)
+					@time_sleep_until(microtime(true) + (float) $interval);
+			}
+
+
+			// catch any stragglers
+
+			if(count($deliver)) {
+			proc_run('php','include/deliver.php',$deliver);
+			}
+		}
+	}
+		
+	logger('ratenotif: complete.');
+	return;
+
+}
+
+if (array_search(__file__,get_included_files())===0){
+  ratenotif_run($argv,$argc);
+  killme();
+}
diff --git a/include/text.php b/include/text.php
index 5c8242e79..ef2fc2371 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1946,9 +1946,9 @@ function find_xchan_in_array($xchan,$arr) {
 }
 
 function get_rel_link($j,$rel) {
-	if(count($j))
+	if(is_array($j) && ($j))
 		foreach($j as $l)
-			if($l['rel'] === $rel)
+			if(array_key_exists('rel',$j) && $l['rel'] === $rel && array_key_exists('href',$l))
 				return $l['href'];
 
 	return '';
@@ -2297,6 +2297,7 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag) {
 			}
 		}
 		else {
+
 			// check for a group/collection exclusion tag			
 
 			// note that we aren't setting $replaced even though we're replacing text.
@@ -2357,6 +2358,8 @@ function linkify_tags($a, &$body, $uid) {
 	$tags = get_tags($body);
 	if(count($tags)) {
 		foreach($tags as $tag) {
+			$access_tag = '';
+
 			// If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
 			// Robert Johnson should be first in the $tags array
 
@@ -2388,6 +2391,7 @@ function getIconFromType($type) {
 	$iconMap = array(
 		//Folder
 		t('Collection') => 'icon-folder-close',
+		'multipart/mixed' => 'icon-folder-close', //dirs in attach use this mime type
 		//Common file
 		'application/octet-stream' => 'icon-file-alt',
 		//Text
diff --git a/include/widgets.php b/include/widgets.php
index 523318850..d457db07d 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -903,3 +903,63 @@ function widget_random_block($arr) {
 
 	return $o;
 }
+
+
+function widget_rating($arr) {
+	$a = get_app();
+
+	$poco_rating = get_config('system','poco_rating_enable');
+	if((! $poco_rating) && ($poco_rating !== false)) {
+		return;
+	}
+
+	if($arr['target'])
+		$hash = $arr['target'];
+	else
+		$hash = $a->poi['xchan_hash'];
+
+	if(! $hash)
+		return;
+
+	$url = '';
+	$remote = false;
+
+	if(remote_channel() && ! local_channel()) {
+		$ob = $a->get_observer();
+		if($ob && $ob['xchan_url']) {
+			$p = parse_url($ob['xchan_url']);
+			if($p) {
+				$url = $p['scheme'] . '://' . $p['host'] . (($p['port']) ? ':' . $p['port'] : '');
+				$url .= '/rate?f=&target=' . urlencode($hash);
+			}
+			$remote = true;
+		}
+	}
+
+	$self = false;
+
+	if(local_channel()) {
+		$channel = $a->get_channel();
+
+		if($hash == $channel['channel_hash'])
+			$self = true;
+
+		head_add_js('ratings.js');
+
+	}
+
+	if((($remote) || (local_channel())) && (! $self)) {
+		$o = '<div class="widget rateme">';
+		if($remote)
+			$o .= '<a class="rateme" href="' . $url . '"><i class="icon-pencil"></i> ' . t('Rate Me') . '</a>';
+		else
+			$o .= '<div class="rateme fakelink" onclick="doRatings(\'' . $hash . '\'); return false;"><i class="icon-pencil"></i> ' . t('Rate Me') . '</div>';
+		$o .= '</div>';
+	}
+
+	$o .= '<div class="widget rateme"><a class="rateme" href="ratings/' . $hash . '"><i class="icon-eye-open"></i> ' . t('View Ratings') . '</a>';
+	$o .= '</div>';
+
+	return $o;
+
+}
\ No newline at end of file
diff --git a/include/zot.php b/include/zot.php
index 5faabd5ec..7e9a6ee54 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1084,6 +1084,11 @@ function zot_import($arr, $sender_url) {
 
 	if(is_array($incoming)) {
 		foreach($incoming as $i) {
+			if(! is_array($i)) {
+				logger('incoming is not an array');
+				continue;
+			}
+
 			$result = null;
 
 			if(array_key_exists('iv',$i['notify'])) {
@@ -1108,7 +1113,8 @@ function zot_import($arr, $sender_url) {
 			if(array_key_exists('message',$i) && array_key_exists('type',$i['message']) && $i['message']['type'] === 'rating') {
 				// rating messages are processed only by directory servers
 				logger('Rating received: ' . print_r($arr,true), LOGGER_DATA);
-				$result = process_rating_delivery($i['notify']['sender'],$arr);
+				$result = process_rating_delivery($i['notify']['sender'],$i['message']);
+				continue;
 			}
 
 			if(array_key_exists('recipients',$i['notify']) && count($i['notify']['recipients'])) {
@@ -1813,34 +1819,52 @@ function process_mail_delivery($sender,$arr,$deliveries) {
 
 function process_rating_delivery($sender,$arr) {
 
-	$dirmode = intval(get_config('system','directory_mode'));
-	if($dirmode == DIRECTORY_MODE_NORMAL)
-		return;
+	logger('process_rating_delivery: ' . print_r($arr,true));
 
 	if(! $arr['target'])
 		return;
 
-	$r = q("select * from xlink where xlink_xchan = '%s' and xlink_target = '%s' limit 1",
+	$z = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
+		dbesc($sender['hash'])
+	);
+
+
+	if((! $z) || (! rsa_verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) {
+		logger('failed to verify rating');
+		return;
+	}
+
+	$r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1",
 		dbesc($sender['hash']),
 		dbesc($arr['target'])
-	);		
+	);	
+	
 	if($r) {
-		$x = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_updated = '%s' where xlink_id = %d",
+		if($r[0]['xlink_updated'] >= $arr['edited']) {
+			logger('rating message duplicate');
+			return;
+		}
+
+		$x = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' where xlink_id = %d",
 			intval($arr['rating']),
-			intval($arr['rating_text']),
+			dbesc($arr['rating_text']),
+			dbesc($arr['signature']),
 			dbesc(datetime_convert()),
 			intval($r[0]['xlink_id'])
 		);
+		logger('rating updated');
 	}
 	else {
-		$x = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_updated, xlink_static )
+		$x = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static )
 			values( '%s', '%s', %d, '%s', '%s', 1 ) ",
 			dbesc($sender['hash']),
 			dbesc($arr['target']),
 			intval($arr['rating']),
-			intval($arr['rating_text']),
+			dbesc($arr['rating_text']),
+			dbesc($arr['signature']),
 			dbesc(datetime_convert())
 		);
+		logger('rating created');
 	}
 	return;
 }