aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/api.php2
-rw-r--r--include/attach.php67
-rw-r--r--include/auth.php1
-rw-r--r--include/channel.php11
-rw-r--r--include/connections.php6
-rw-r--r--include/import.php222
-rwxr-xr-xinclude/items.php2
-rw-r--r--include/menu.php10
-rw-r--r--include/permissions.php53
-rw-r--r--include/security.php102
-rw-r--r--include/text.php28
-rw-r--r--include/widgets.php14
12 files changed, 494 insertions, 24 deletions
diff --git a/include/api.php b/include/api.php
index f52b03240..2587a72bb 100644
--- a/include/api.php
+++ b/include/api.php
@@ -13,7 +13,7 @@ require_once('include/api_auth.php');
/*
*
- * Red API. Loosely based on and possibly compatible with a Twitter-Like API but all similarities end there.
+ * Hubzilla API. Loosely based on and possibly compatible with Twitter-Like (v1.0) API but all similarities end there.
*
*/
diff --git a/include/attach.php b/include/attach.php
index 7123d59fe..f3fb12293 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -1911,3 +1911,70 @@ function get_attach_binname($s) {
}
return $p;
}
+
+
+function get_dirpath_by_cloudpath($channel, $path) {
+
+ // Warning: Do not edit the following line. The first symbol is UTF-8 @
+ $path = str_replace('@','@',notags(trim($path)));
+
+ $h = @parse_url($path);
+
+ if(! $h || !x($h, 'path')) {
+ return null;
+ }
+ if(substr($h['path'],-1,1) === '/') {
+ $h['path'] = substr($h['path'],0,-1);
+ }
+ if(substr($h['path'],0,1) === '/') {
+ $h['path'] = substr($h['path'],1);
+ }
+ $folders = explode('/', $h['path']);
+ $f = array_shift($folders);
+
+ $nick = $channel['channel_address'];
+ //check to see if the absolute path was provided (/cloud/channelname/path/to/folder)
+ if($f === 'cloud' ) {
+ $g = array_shift($folders);
+ if( $g !== $nick) {
+ // if nick does not follow "cloud", then the top level folder must be called "cloud"
+ // and the given path must be relative to "/cloud/channelname/".
+ $folders = array_unshift(array_unshift($folders, $g), $f);
+ }
+ } else {
+ array_unshift($folders, $f);
+ }
+ $clouddir = 'store/' . $nick . '/' ;
+ $subdir = '/';
+ $valid = true;
+ while($folders && $valid && is_dir($clouddir . $subdir) && is_readable($clouddir . $subdir)) {
+ $valid = false;
+ $f = array_shift($folders);
+ $items = array_diff(scandir($clouddir . $subdir), array('.', '..')); // hashed names
+ foreach($items as $item) {
+ $filename = find_filename_by_hash($channel['channel_id'], $item);
+ if($filename === $f) {
+ $subdir .= $item . '/';
+ $valid = true;
+ }
+ }
+ }
+ if(!$valid) {
+ return null;
+ } else {
+ return $clouddir . $subdir;
+ }
+
+
+}
+
+function get_filename_by_cloudname($cloudname, $channel, $storepath) {
+ $items = array_diff(scandir($storepath), array('.', '..')); // hashed names
+ foreach($items as $item) {
+ $filename = find_filename_by_hash($channel['channel_id'], $item);
+ if($filename === $cloudname) {
+ return $item;
+ }
+ }
+ return null;
+} \ No newline at end of file
diff --git a/include/auth.php b/include/auth.php
index f3592cee3..fdcecec36 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -57,6 +57,7 @@ function account_verify_password($login, $pass) {
);
if($x) {
$ret['xchan'] = atoken_xchan($x[0]);
+ atoken_create_xchan($ret['xchan']);
return $ret;
}
}
diff --git a/include/channel.php b/include/channel.php
index 88dd818e6..c07cd14e2 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -640,19 +640,10 @@ function identity_basic_export($channel_id, $items = false) {
for($y = 0; $y < count($x); $y ++) {
$m = menu_fetch($x[$y]['menu_name'],$channel_id,$ret['channel']['channel_hash']);
if($m)
- $ret['menu'][] = menu_element($m);
+ $ret['menu'][] = menu_element($ret['channel'],$m);
}
}
- $x = menu_list($channel_id);
- if($x) {
- $ret['menu'] = array();
- for($y = 0; $y < count($x); $y ++) {
- $m = menu_fetch($x[$y]['menu_name'],$channel_id,$ret['channel']['channel_hash']);
- if($m)
- $ret['menu'][] = menu_element($m);
- }
- }
$addon = array('channel_id' => $channel_id,'data' => $ret);
call_hooks('identity_basic_export',$addon);
diff --git a/include/connections.php b/include/connections.php
index 9f55820cc..4f685388c 100644
--- a/include/connections.php
+++ b/include/connections.php
@@ -566,6 +566,7 @@ function contact_remove($channel_id, $abook_id) {
drop_item($rr['id'],false);
}
}
+
q("delete from abook where abook_id = %d and abook_channel = %d",
intval($abook['abook_id']),
@@ -588,6 +589,11 @@ function contact_remove($channel_id, $abook_id) {
intval($channel_id)
);
+ $r = q("delete from abconfig where chan = %d and xchan = '%s'",
+ intval($channel_id),
+ dbesc($abook['abook_xchan'])
+ );
+
return true;
}
diff --git a/include/import.php b/include/import.php
index 42c902a0a..5bbed828f 100644
--- a/include/import.php
+++ b/include/import.php
@@ -784,7 +784,11 @@ function import_menus($channel,$menus) {
foreach($menu['items'] as $it) {
$mitem = array();
+ $mitem['mitem_link'] = str_replace('[channelurl]',z_root() . '/channel/' . $channel['channel_address'],$it['link']);
+ $mitem['mitem_link'] = str_replace('[pageurl]',z_root() . '/page/' . $channel['channel_address'],$it['link']);
+ $mitem['mitem_link'] = str_replace('[cloudurl]',z_root() . '/cloud/' . $channel['channel_address'],$it['link']);
$mitem['mitem_link'] = str_replace('[baseurl]',z_root(),$it['link']);
+
$mitem['mitem_desc'] = escape_tags($it['desc']);
$mitem['mitem_order'] = intval($it['order']);
if(is_array($it['flags'])) {
@@ -864,7 +868,12 @@ function sync_menus($channel,$menus) {
foreach($menu['items'] as $it) {
$mitem = array();
+
+ $mitem['mitem_link'] = str_replace('[channelurl]',z_root() . '/channel/' . $channel['channel_address'],$it['link']);
+ $mitem['mitem_link'] = str_replace('[pageurl]',z_root() . '/page/' . $channel['channel_address'],$it['link']);
+ $mitem['mitem_link'] = str_replace('[cloudurl]',z_root() . '/cloud/' . $channel['channel_address'],$it['link']);
$mitem['mitem_link'] = str_replace('[baseurl]',z_root(),$it['link']);
+
$mitem['mitem_desc'] = escape_tags($it['desc']);
$mitem['mitem_order'] = intval($it['order']);
if(is_array($it['flags'])) {
@@ -1246,3 +1255,216 @@ function convert_oldfields(&$arr,$old,$new) {
unset($arr[$old]);
}
}
+
+function scan_webpage_elements($path, $type, $cloud = false) {
+ $channel = \App::get_channel();
+ $dirtoscan = $path;
+ switch ($type) {
+ case 'page':
+ $dirtoscan .= '/pages/';
+ $json_filename = 'page.json';
+ break;
+ case 'layout':
+ $dirtoscan .= '/layouts/';
+ $json_filename = 'layout.json';
+ break;
+ case 'block':
+ $dirtoscan .= '/blocks/';
+ $json_filename = 'block.json';
+ break;
+ default :
+ return array();
+ }
+ if($cloud) {
+ $dirtoscan = get_dirpath_by_cloudpath($channel, $dirtoscan);
+ }
+ $elements = [];
+ if (is_dir($dirtoscan)) {
+ $dirlist = scandir($dirtoscan);
+ if ($dirlist) {
+ foreach ($dirlist as $element) {
+ if ($element === '.' || $element === '..') {
+ continue;
+ }
+ $folder = $dirtoscan . '/' . $element;
+ if (is_dir($folder)) {
+ if($cloud) {
+ $jsonfilepath = $folder . '/' . get_filename_by_cloudname($json_filename, $channel, $folder);
+ } else {
+ $jsonfilepath = $folder . '/' . $json_filename;
+ }
+ if (is_file($jsonfilepath)) {
+ $metadata = json_decode(file_get_contents($jsonfilepath), true);
+ if($cloud) {
+ $contentfilename = get_filename_by_cloudname($metadata['contentfile'], $channel, $folder);
+ $metadata['path'] = $folder . '/' . $contentfilename;
+ } else {
+ $contentfilename = $metadata['contentfile'];
+ $metadata['path'] = $folder . '/' . $contentfilename;
+ }
+ if ($metadata['contentfile'] === '') {
+ logger('Invalid ' . $type . ' content file');
+ return false;
+ }
+ $content = file_get_contents($folder . '/' . $contentfilename);
+ if (!$content) {
+ logger('Failed to get file content for ' . $metadata['contentfile']);
+ return false;
+ }
+ $elements[] = $metadata;
+ }
+ }
+ }
+ }
+ }
+ return $elements;
+ }
+
+
+ function import_webpage_element($element, $channel, $type) {
+
+ $arr = array(); // construct information for the webpage element item table record
+
+ switch ($type) {
+ //
+ // PAGES
+ //
+ case 'page':
+ $arr['item_type'] = ITEM_TYPE_WEBPAGE;
+ $namespace = 'WEBPAGE';
+ $name = $element['pagelink'];
+ if($name) {
+ require_once('library/urlify/URLify.php');
+ $name = strtolower(\URLify::transliterate($name));
+ }
+ $arr['title'] = $element['title'];
+ $arr['term'] = $element['term'];
+ $arr['layout_mid'] = ''; // by default there is no layout associated with the page
+ // If a layout was specified, find it in the database and get its info. If
+ // it does not exist, leave layout_mid empty
+ if($element['layout'] !== '') {
+ $liid = q("select iid from iconfig where k = 'PDL' and v = '%s' and cat = 'system'",
+ dbesc($element['layout'])
+ );
+ if($liid) {
+ $linfo = q("select mid from item where id = %d",
+ intval($liid[0]['iid'])
+ );
+ $arr['layout_mid'] = $linfo[0]['mid'];
+ }
+ }
+ break;
+ //
+ // LAYOUTS
+ //
+ case 'layout':
+ $arr['item_type'] = ITEM_TYPE_PDL;
+ $namespace = 'PDL';
+ $name = $element['name'];
+ $arr['title'] = $element['description'];
+ $arr['term'] = $element['term'];
+ break;
+ //
+ // BLOCKS
+ //
+ case 'block':
+ $arr['item_type'] = ITEM_TYPE_BLOCK;
+ $namespace = 'BUILDBLOCK';
+ $name = $element['name'];
+ $arr['title'] = $element['title'];
+
+ break;
+ default :
+ return null; // return null if invalid element type
+ }
+
+ $arr['uid'] = $channel['channel_id'];
+ $arr['aid'] = $channel['channel_account_id'];
+
+ // Check if an item already exists based on the name
+ $iid = q("select iid from iconfig where k = '" . $namespace . "' and v = '%s' and cat = 'system'",
+ dbesc($name)
+ );
+ if($iid) { // If the item does exist, get the item metadata
+ $iteminfo = q("select mid,created,edited from item where id = %d",
+ intval($iid[0]['iid'])
+ );
+ $arr['mid'] = $arr['parent_mid'] = $iteminfo[0]['mid'];
+ $arr['created'] = $iteminfo[0]['created'];
+ $arr['edited'] = (($element['edited']) ? datetime_convert('UTC', 'UTC', $element['edited']) : datetime_convert());
+ } else { // otherwise, generate the creation times and unique id
+ $arr['created'] = (($element['created']) ? datetime_convert('UTC', 'UTC', $element['created']) : datetime_convert());
+ $arr['edited'] = datetime_convert('UTC', 'UTC', '0000-00-00 00:00:00');
+ $arr['mid'] = $arr['parent_mid'] = item_message_id();
+ }
+ // Import the actual element content
+ $arr['body'] = file_get_contents($element['path']);
+ // The element owner is the channel importing the elements
+ $arr['owner_xchan'] = get_observer_hash();
+ // The author is either the owner or whomever was specified
+ $arr['author_xchan'] = (($element['author_xchan']) ? $element['author_xchan'] : get_observer_hash());
+ // Import mimetype if it is a valid mimetype for the element
+ $mimetypes = [ 'text/bbcode',
+ 'text/html',
+ 'text/markdown',
+ 'text/plain',
+ 'application/x-pdl',
+ 'application/x-php'
+ ];
+ // Blocks and pages can have any mimetype, but layouts must be text/bbcode
+ if((in_array($element['mimetype'], $mimetypes)) && ($type === 'page' || $type === 'block') ) {
+ $arr['mimetype'] = $element['mimetype'];
+ } else {
+ $arr['mimetype'] = 'text/bbcode';
+ }
+
+ // Verify ability to use html or php!!!
+ $execflag = false;
+ if ($arr['mimetype'] === 'application/x-php') {
+ $z = q("select account_id, account_roles, channel_pageflags from account "
+ . "left join channel on channel_account_id = account_id where channel_id = %d limit 1",
+ intval(local_channel())
+ );
+
+ if ($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
+ $execflag = true;
+ }
+ }
+
+ $z = q("select * from iconfig where v = '%s' and k = '%s' and cat = 'service' limit 1",
+ dbesc($name),
+ dbesc($namespace)
+ );
+
+ $i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1",
+ dbesc($arr['mid']),
+ intval(local_channel())
+ );
+ $remote_id = 0;
+ if ($z && $i) {
+ $remote_id = $z[0]['id'];
+ $arr['id'] = $i[0]['id'];
+ // don't update if it has the same timestamp as the original
+ if ($arr['edited'] > $i[0]['edited'])
+ $x = item_store_update($arr, $execflag);
+ } else {
+ if (($i) && (intval($i[0]['item_deleted']))) {
+ // was partially deleted already, finish it off
+ q("delete from item where mid = '%s' and uid = %d",
+ dbesc($arr['mid']),
+ intval(local_channel())
+ );
+ }
+ $x = item_store($arr, $execflag);
+ }
+ if ($x['success']) {
+ $item_id = $x['item_id'];
+ update_remote_id($channel, $item_id, $arr['item_type'], $name, $namespace, $remote_id, $arr['mid']);
+ $element['import_success'] = 1;
+ } else {
+ $element['import_success'] = 0;
+ }
+
+ return $element;
+
+}
diff --git a/include/items.php b/include/items.php
index 178fb30d6..5bd0b0968 100755
--- a/include/items.php
+++ b/include/items.php
@@ -421,7 +421,7 @@ function post_activity_item($arr) {
$arr['deny_cid'] = ((x($arr,'deny_cid')) ? $arr['deny_cid'] : $channel['channel_deny_cid']);
$arr['deny_gid'] = ((x($arr,'deny_gid')) ? $arr['deny_gid'] : $channel['channel_deny_gid']);
- $arr['comment_policy'] = map_scope(\Zotlabs\Access/PermissionLimits::Get($channel['channel_id'],'post_comments'));
+ $arr['comment_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'post_comments'));
if ((! $arr['plink']) && (intval($arr['item_thread_top']))) {
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
diff --git a/include/menu.php b/include/menu.php
index e8f1d8eb8..3b0180d37 100644
--- a/include/menu.php
+++ b/include/menu.php
@@ -25,7 +25,7 @@ function menu_fetch($name,$uid,$observer_xchan) {
return null;
}
-function menu_element($menu) {
+function menu_element($channel,$menu) {
$arr = array();
$arr['type'] = 'menu';
@@ -46,7 +46,12 @@ function menu_element($menu) {
$arr['items'] = array();
foreach($menu['items'] as $it) {
$entry = array();
+
+ $entry['link'] = str_replace(z_root() . '/channel/' . $channel['channel_address'],'[channelurl]',$it['mitem_link']);
+ $entry['link'] = str_replace(z_root() . '/page/' . $channel['channel_address'],'[pageurl]',$it['mitem_link']);
+ $entry['link'] = str_replace(z_root() . '/cloud/' . $channel['channel_address'],'[cloudurl]',$it['mitem_link']);
$entry['link'] = str_replace(z_root(),'[baseurl]',$it['mitem_link']);
+
$entry['desc'] = $it['mitem_desc'];
$entry['order'] = $it['mitem_order'];
if($it['mitem_flags']) {
@@ -389,12 +394,13 @@ function menu_del_item($menu_id,$uid,$item_id) {
function menu_sync_packet($uid,$observer_hash,$menu_id,$delete = false) {
$r = menu_fetch_id($menu_id,$uid);
+ $c = channelx_by_n($uid);
if($r) {
$m = menu_fetch($r['menu_name'],$uid,$observer_hash);
if($m) {
if($delete)
$m['menu_delete'] = 1;
- build_sync_packet($uid,array('menu' => array(menu_element($m))));
+ build_sync_packet($uid,array('menu' => array(menu_element($c,$m))));
}
}
}
diff --git a/include/permissions.php b/include/permissions.php
index 638bedb24..637193973 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -1,4 +1,7 @@
<?php
+
+require_once('include/security.php');
+
/**
* @file include/permissions.php
*
@@ -119,10 +122,21 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
dbesc($observer_xchan)
);
if(! $x) {
- // not in address book, see if they've got an xchan
- $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
- );
+ // see if they've got a guest access token; these are treated as connections
+ $y = atoken_abook($uid,$observer_xchan);
+ if($y)
+ $x = array($y);
+
+ if(! $x) {
+ // not in address book and no guest token, see if they've got an xchan
+ // these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections
+ $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
+ dbesc($observer_xchan)
+ );
+ if($y) {
+ $x = array(pseudo_abook($y[0]));
+ }
+ }
}
$abook_checked = true;
@@ -184,7 +198,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// If we're still here, we have an observer, check the network.
if($channel_perm & PERMS_NETWORK) {
- if(($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) {
+ if($x && $x[0]['xchan_network'] === 'zot') {
$ret[$perm_name] = true;
continue;
}
@@ -232,6 +246,12 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
// They're a contact, so they have permission
if($channel_perm & PERMS_CONTACTS) {
+ // it was a fake abook entry, not really a connection
+ if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) {
+ $ret[$perm_name] = false;
+ continue;
+ }
+
$ret[$perm_name] = true;
continue;
}
@@ -328,10 +348,21 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
return false;
if(! $x) {
- // not in address book, see if they've got an xchan
- $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
- );
+ // see if they've got a guest access token
+ $y = atoken_abook($uid,$observer_xchan);
+ if($y)
+ $x = array($y);
+
+ if(! $x) {
+ // not in address book and no guest token, see if they've got an xchan
+ $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
+ dbesc($observer_xchan)
+ );
+ if($y) {
+ $x = array(pseudo_abook($y[0]));
+ }
+ }
+
}
$abperms = load_abconfig($uid,$observer_xchan,'my_perms');
}
@@ -401,6 +432,10 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
// They're a contact, so they have permission
if($channel_perm & PERMS_CONTACTS) {
+ // it was a fake abook entry, not really a connection
+ if(array_key_exists('abook_pseudo',$x[0]) && intval($x[0]['abook_pseudo'])) {
+ return false;
+ }
return true;
}
diff --git a/include/security.php b/include/security.php
index c67a1b400..83bf51bc0 100644
--- a/include/security.php
+++ b/include/security.php
@@ -108,6 +108,7 @@ function atoken_xchan($atoken) {
'xchan_name' => $atoken['atoken_name'],
'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(),
'xchan_network' => 'unknown',
+ 'xchan_url' => z_root(),
'xchan_hidden' => 1,
'xchan_photo_mimetype' => 'image/jpeg',
'xchan_photo_l' => get_default_profile_photo(300),
@@ -119,6 +120,105 @@ function atoken_xchan($atoken) {
return null;
}
+function atoken_delete($atoken_id) {
+
+ $r = q("select * from atoken where atoken_id = %d",
+ intval($atoken_id)
+ );
+ if(! $r)
+ return;
+
+ $c = q("select channel_id, channel_hash from channel where channel_id = %d",
+ intval($r[0]['atoken_uid'])
+ );
+ if(! $c)
+ return;
+
+ $atoken_xchan = substr($c[0]['channel_hash'],0,16) . '.' . $r[0]['atoken_name'];
+
+ q("delete from atoken where atoken_id = %d",
+ intval($atoken_id)
+ );
+ q("delete from abconfig where chan = %d and xchan = '%s'",
+ intval($c[0]['channel_id']),
+ dbesc($atoken_xchan)
+ );
+}
+
+
+
+// in order for atoken logins to create content (such as posts) they need a stored xchan.
+// we'll create one on the first atoken_login; it can't really ever go away but perhaps
+// @fixme we should set xchan_deleted if it's expired or removed
+
+function atoken_create_xchan($xchan) {
+
+ $r = q("select xchan_hash from xchan where xchan_hash = '%s'",
+ dbesc($xchan['xchan_hash'])
+ );
+ if($r)
+ return;
+
+ $r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_photo_mimetype, xchan_photo_l, xchan_photo_m, xchan_photo_s )
+ values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
+ dbesc($xchan['xchan_hash']),
+ dbesc($xchan['xchan_hash']),
+ dbesc($xchan['xchan_addr']),
+ dbesc($xchan['xchan_url']),
+ dbesc($xchan['xchan_name']),
+ dbesc($xchan['xchan_network']),
+ dbesc($xchan['xchan_photo_mimetype']),
+ dbesc($xchan['xchan_photo_l']),
+ dbesc($xchan['xchan_photo_m']),
+ dbesc($xchan['xchan_photo_s'])
+ );
+
+ return true;
+}
+
+function atoken_abook($uid,$xchan_hash) {
+
+ if(substr($xchan_hash,16,1) != '.')
+ return false;
+
+ $r = q("select channel_hash from channel where channel_id = %d limit 1",
+ intval($uid)
+ );
+
+ if(! $r)
+ return false;
+
+ $x = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
+ intval($uid),
+ dbesc(substr($xchan_hash,17))
+ );
+
+ if($x) {
+ $xchan = atoken_xchan($x[0]);
+ $xchan['abook_blocked'] = 0;
+ $xchan['abook_ignored'] = 0;
+ $xchan['abook_pending'] = 0;
+ return $xchan;
+ }
+
+ return false;
+
+}
+
+
+function pseudo_abook($xchan) {
+ if(! $xchan)
+ return false;
+
+ // set abook_pseudo to flag that we aren't really connected.
+
+ $xchan['abook_pseudo'] = 1;
+ $xchan['abook_blocked'] = 0;
+ $xchan['abook_ignored'] = 0;
+ $xchan['abook_pending'] = 0;
+ return $xchan;
+
+}
/**
@@ -396,7 +496,7 @@ function public_permissions_sql($observer_hash) {
* In this implementation, a security token is reusable (if the user submits a form, goes back and resubmits the form, maybe with small changes;
* or if the security token is used for ajax-calls that happen several times), but only valid for a certain amout of time (3hours).
* The "typename" seperates the security tokens of different types of forms. This could be relevant in the following case:
- * A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link).
+ * A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link).
* If the new page contains by any chance external elements, then the used security token is exposed by the referrer.
* Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are,
* so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
diff --git a/include/text.php b/include/text.php
index 6d7d0ed8d..d283bb41f 100644
--- a/include/text.php
+++ b/include/text.php
@@ -2242,6 +2242,34 @@ function design_tools() {
));
}
+/**
+ * @brief Creates website import tools menu
+ *
+ * @return string
+ */
+function website_import_tools() {
+
+ $channel = App::get_channel();
+ $sys = false;
+
+ if(App::$is_sys && is_site_admin()) {
+ require_once('include/channel.php');
+ $channel = get_sys_channel();
+ $sys = true;
+ }
+
+ return replace_macros(get_markup_template('website_import_tools.tpl'), array(
+ '$title' => t('Import'),
+ '$import_label' => t('Import website...'),
+ '$import_placeholder' => t('Select folder to import'),
+ '$file_upload_text' => t('Import from a zipped folder:'),
+ '$file_import_text' => t('Import from cloud files:'),
+ '$desc' => t('/cloud/channel/path/to/folder'),
+ '$hint' => t('Enter path to website files'),
+ '$select' => t('Select folder'),
+ ));
+}
+
/* case insensitive in_array() */
function in_arrayi($needle, $haystack) {
diff --git a/include/widgets.php b/include/widgets.php
index 3516e82da..5477dc1e4 100644
--- a/include/widgets.php
+++ b/include/widgets.php
@@ -779,6 +779,20 @@ function widget_design_tools($arr) {
return design_tools();
}
+function widget_website_import_tools($arr) {
+
+ // mod menu doesn't load a profile. For any modules which load a profile, check it.
+ // otherwise local_channel() is sufficient for permissions.
+
+ if(App::$profile['profile_uid'])
+ if((App::$profile['profile_uid'] != local_channel()) && (! App::$is_sys))
+ return '';
+
+ if(! local_channel())
+ return '';
+
+ return website_import_tools();
+}
function widget_findpeople($arr) {
return findpeople_widget();