diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/Contact.php | 54 | ||||
-rw-r--r-- | include/Scrape.php | 5 | ||||
-rw-r--r-- | include/auth.php | 3 | ||||
-rw-r--r-- | include/contact_widgets.php | 13 | ||||
-rw-r--r-- | include/conversation.php | 21 | ||||
-rw-r--r-- | include/delivery.php | 5 | ||||
-rwxr-xr-x | include/items.php | 14 | ||||
-rw-r--r-- | include/notifier.php | 8 | ||||
-rw-r--r-- | include/oauth.php | 1 | ||||
-rw-r--r-- | include/security.php | 16 |
10 files changed, 123 insertions, 17 deletions
diff --git a/include/Contact.php b/include/Contact.php index c141fa188..5e0964d03 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -1,6 +1,60 @@ <?php +function map_perms($entity,$zguid) { + + $is_contact = false; + $is_site = false; + $is_network = false; + $is_anybody = true; + + if(strlen($zguid)) { + + $is_network = true; + + $r = q("select * from contact where guid = '%s' and uid = %d limit 1", + dbesc($zguid), + intval($entity['entity_id']) + ); + if($r && count($r)) { + $is_contact = true; + $contact = $r[0]; + } + $r = q("select * from entity where entity_global_id = '%s' limit 1", + dbesc($zguid) + ); + if($r && count($r)) { + $is_site = true; + } + } + + + + + + +} + + + + + + + + + + + + + + + + + + + + + // Included here for completeness, but this is a very dangerous operation. // It is the caller's responsibility to confirm the requestor's intent and // authorisation to do this. diff --git a/include/Scrape.php b/include/Scrape.php index 5dbab23af..2e5ed7d32 100644 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -532,9 +532,10 @@ function probe_url($url, $mode = PROBE_NORMAL) { else $poll = $tapi . '?screen_name=' . $tid; $profile = 'http://twitter.com/#!/' . $tid; - $vcard['photo'] = 'https://api.twitter.com/1/users/profile_image/' . $tid; + //$vcard['photo'] = 'https://api.twitter.com/1/users/profile_image/' . $tid; + $vcard['photo'] = 'https://api.twitter.com/1/users/profile_image?screen_name=' . $tid . '&size=bigger'; $vcard['nick'] = $tid; - $vcard['fn'] = $tid . '@twitter'; + $vcard['fn'] = $tid; } if($lastfm) { diff --git a/include/auth.php b/include/auth.php index 1e1df1808..d184b5ff7 100644 --- a/include/auth.php +++ b/include/auth.php @@ -11,14 +11,13 @@ function nuke_session() { unset($_SESSION['administrator']); unset($_SESSION['cid']); unset($_SESSION['theme']); + unset($_SESSION['mobile-theme']); unset($_SESSION['page_flags']); unset($_SESSION['submanage']); unset($_SESSION['my_url']); unset($_SESSION['my_address']); unset($_SESSION['addr']); unset($_SESSION['return_url']); - unset($_SESSION['theme']); - unset($_SESSION['page_flags']); } /** diff --git a/include/contact_widgets.php b/include/contact_widgets.php index ae88eefb4..a8eb893a5 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -136,9 +136,16 @@ function common_friends_visitor_widget($profile_uid) { $cid = $zcid = 0; - if(can_write_wall($a,$profile_uid)) - $cid = remote_user(); - else { + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['uid'] == $profile_uid) { + $cid = $visitor['cid']; + break; + } + } + } + + if(! $cid) { if(get_my_url()) { $r = q("select id from contact where nurl = '%s' and uid = %d limit 1", dbesc(normalise_link(get_my_url())), diff --git a/include/conversation.php b/include/conversation.php index 7f0edc5de..7fb341ef3 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -365,12 +365,31 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $thumb = $item['thumb']; $indent = ''; $osparkle = ''; + $visiting = false; $lastcollapsed = false; $firstcollapsed = false; $total_children += count_descendants($item); $toplevelpost = (($item['id'] == $item['parent']) ? true : false); + + + if($item['uid'] == local_user()) + $dropping = true; + elseif(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['cid'] == $item['contact-id']) { + $dropping = true; + $visiting = true; + break; + } + } + } + $item_writeable = (($item['writable'] || $item['self']) ? true : false); + + if($visiting && $mode == 'profile') + $item_writeable = true; + $show_comment_box = ((($page_writeable) && ($item_writeable)) ? true : false); $lock = ((($item['private'] == 1) || (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid'])))) @@ -382,8 +401,6 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr $edpost = array($a->get_baseurl($ssl_state)."/editpost/".$item['id'], t("Edit")); else $edpost = false; - if((intval($item['contact-id']) && $item['contact-id'] == remote_user()) || ($item['uid'] == local_user())) - $dropping = true; $drop = array( 'dropping' => $dropping, diff --git a/include/delivery.php b/include/delivery.php index 09448fcae..0d99f48a2 100644 --- a/include/delivery.php +++ b/include/delivery.php @@ -322,8 +322,9 @@ function delivery_run($argv, $argc){ dbesc($nickname) ); - if(count($x)) { - if($owner['page-flags'] == PAGE_COMMUNITY && ! $x[0]['writable']) { + if($x && count($x)) { + $write_flag = (($x[0]['rel'] == CONTACT_IS_FOLLOWER || $x[0]['rel'] == CONTACT_IS_FRIEND) ? true : false); + if((($owner['page-flags'] == PAGE_COMMUNITY) || ($write_flag)) && (! $x[0]['writable'])) { q("update contact set writable = 1 where id = %d limit 1", intval($x[0]['id']) ); diff --git a/include/items.php b/include/items.php index 63e9a646d..4acf72d77 100755 --- a/include/items.php +++ b/include/items.php @@ -3557,9 +3557,21 @@ function drop_item($id,$interactive = true) { $owner = $item['uid']; + $cid = 0; + // check if logged in user is either the author or owner of this item - if((local_user() == $item['uid']) || (remote_user() == $item['contact-id']) || (! $interactive)) { + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) { + $cid = $visitor['cid']; + break; + } + } + } + + + if((local_user() == $item['uid']) || ($cid) || (! $interactive)) { // delete the item diff --git a/include/notifier.php b/include/notifier.php index 6e3cede56..15ab67b7b 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -279,7 +279,7 @@ function notifier_run($argv, $argc){ // a delivery fork. private groups (forum_mode == 2) do not uplink if((intval($parent['forum_mode']) == 1) && (! $top_level) && ($cmd !== 'uplink')) { - proc_run('php','include/notifier','uplink',$item_id); + proc_run('php','include/notifier.php','uplink',$item_id); } $conversants = array(); @@ -543,9 +543,9 @@ function notifier_run($argv, $argc){ dbesc($nickname) ); - if(count($x)) { - - if($owner['page-flags'] == PAGE_COMMUNITY && ! $x[0]['writable']) { + if($x && count($x)) { + $write_flag = (($x[0]['rel'] == CONTACT_IS_FOLLOWER || $x[0]['rel'] == CONTACT_IS_FRIEND) ? true : false); + if((($owner['page-flags'] == PAGE_COMMUNITY) || ($write_flag)) && (! $x[0]['writable'])) { q("update contact set writable = 1 where id = %d limit 1", intval($x[0]['id']) ); diff --git a/include/oauth.php b/include/oauth.php index 2724dcf7c..103d4c2fa 100644 --- a/include/oauth.php +++ b/include/oauth.php @@ -145,6 +145,7 @@ class FKOAuth1 extends OAuthServer { } $_SESSION['uid'] = $record['uid']; $_SESSION['theme'] = $record['theme']; + $_SESSION['mobile-theme'] = get_pconfig($record['uid'], 'system', 'mobile_theme'); $_SESSION['authenticated'] = 1; $_SESSION['page_flags'] = $record['page-flags']; $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $record['nickname']; diff --git a/include/security.php b/include/security.php index 497166ec4..bc1e97059 100644 --- a/include/security.php +++ b/include/security.php @@ -181,12 +181,26 @@ function can_write_wall(&$a,$owner) { elseif($verified === 1) return false; else { + $cid = 0; + + if(is_array($_SESSION['remote'])) { + foreach($_SESSION['remote'] as $visitor) { + if($visitor['uid'] == $owner) { + $cid = $visitor['cid']; + break; + } + } + } + + if(! $cid) + return false; + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1", intval($owner), - intval(remote_user()), + intval($cid), intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND), intval(PAGE_COMMUNITY) |