aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/Contact.php54
-rw-r--r--include/Scrape.php5
-rw-r--r--include/auth.php3
-rw-r--r--include/contact_widgets.php13
-rw-r--r--include/conversation.php21
-rw-r--r--include/delivery.php5
-rwxr-xr-xinclude/items.php14
-rw-r--r--include/notifier.php8
-rw-r--r--include/oauth.php1
-rw-r--r--include/security.php16
10 files changed, 123 insertions, 17 deletions
diff --git a/include/Contact.php b/include/Contact.php
index c141fa188..5e0964d03 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -1,6 +1,60 @@
<?php
+function map_perms($entity,$zguid) {
+
+ $is_contact = false;
+ $is_site = false;
+ $is_network = false;
+ $is_anybody = true;
+
+ if(strlen($zguid)) {
+
+ $is_network = true;
+
+ $r = q("select * from contact where guid = '%s' and uid = %d limit 1",
+ dbesc($zguid),
+ intval($entity['entity_id'])
+ );
+ if($r && count($r)) {
+ $is_contact = true;
+ $contact = $r[0];
+ }
+ $r = q("select * from entity where entity_global_id = '%s' limit 1",
+ dbesc($zguid)
+ );
+ if($r && count($r)) {
+ $is_site = true;
+ }
+ }
+
+
+
+
+
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
// Included here for completeness, but this is a very dangerous operation.
// It is the caller's responsibility to confirm the requestor's intent and
// authorisation to do this.
diff --git a/include/Scrape.php b/include/Scrape.php
index 5dbab23af..2e5ed7d32 100644
--- a/include/Scrape.php
+++ b/include/Scrape.php
@@ -532,9 +532,10 @@ function probe_url($url, $mode = PROBE_NORMAL) {
else
$poll = $tapi . '?screen_name=' . $tid;
$profile = 'http://twitter.com/#!/' . $tid;
- $vcard['photo'] = 'https://api.twitter.com/1/users/profile_image/' . $tid;
+ //$vcard['photo'] = 'https://api.twitter.com/1/users/profile_image/' . $tid;
+ $vcard['photo'] = 'https://api.twitter.com/1/users/profile_image?screen_name=' . $tid . '&size=bigger';
$vcard['nick'] = $tid;
- $vcard['fn'] = $tid . '@twitter';
+ $vcard['fn'] = $tid;
}
if($lastfm) {
diff --git a/include/auth.php b/include/auth.php
index 1e1df1808..d184b5ff7 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -11,14 +11,13 @@ function nuke_session() {
unset($_SESSION['administrator']);
unset($_SESSION['cid']);
unset($_SESSION['theme']);
+ unset($_SESSION['mobile-theme']);
unset($_SESSION['page_flags']);
unset($_SESSION['submanage']);
unset($_SESSION['my_url']);
unset($_SESSION['my_address']);
unset($_SESSION['addr']);
unset($_SESSION['return_url']);
- unset($_SESSION['theme']);
- unset($_SESSION['page_flags']);
}
/**
diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index ae88eefb4..a8eb893a5 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -136,9 +136,16 @@ function common_friends_visitor_widget($profile_uid) {
$cid = $zcid = 0;
- if(can_write_wall($a,$profile_uid))
- $cid = remote_user();
- else {
+ if(is_array($_SESSION['remote'])) {
+ foreach($_SESSION['remote'] as $visitor) {
+ if($visitor['uid'] == $profile_uid) {
+ $cid = $visitor['cid'];
+ break;
+ }
+ }
+ }
+
+ if(! $cid) {
if(get_my_url()) {
$r = q("select id from contact where nurl = '%s' and uid = %d limit 1",
dbesc(normalise_link(get_my_url())),
diff --git a/include/conversation.php b/include/conversation.php
index 7f0edc5de..7fb341ef3 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -365,12 +365,31 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$thumb = $item['thumb'];
$indent = '';
$osparkle = '';
+ $visiting = false;
$lastcollapsed = false;
$firstcollapsed = false;
$total_children += count_descendants($item);
$toplevelpost = (($item['id'] == $item['parent']) ? true : false);
+
+
+ if($item['uid'] == local_user())
+ $dropping = true;
+ elseif(is_array($_SESSION['remote'])) {
+ foreach($_SESSION['remote'] as $visitor) {
+ if($visitor['cid'] == $item['contact-id']) {
+ $dropping = true;
+ $visiting = true;
+ break;
+ }
+ }
+ }
+
$item_writeable = (($item['writable'] || $item['self']) ? true : false);
+
+ if($visiting && $mode == 'profile')
+ $item_writeable = true;
+
$show_comment_box = ((($page_writeable) && ($item_writeable)) ? true : false);
$lock = ((($item['private'] == 1) || (($item['uid'] == local_user()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
|| strlen($item['deny_cid']) || strlen($item['deny_gid']))))
@@ -382,8 +401,6 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$edpost = array($a->get_baseurl($ssl_state)."/editpost/".$item['id'], t("Edit"));
else
$edpost = false;
- if((intval($item['contact-id']) && $item['contact-id'] == remote_user()) || ($item['uid'] == local_user()))
- $dropping = true;
$drop = array(
'dropping' => $dropping,
diff --git a/include/delivery.php b/include/delivery.php
index 09448fcae..0d99f48a2 100644
--- a/include/delivery.php
+++ b/include/delivery.php
@@ -322,8 +322,9 @@ function delivery_run($argv, $argc){
dbesc($nickname)
);
- if(count($x)) {
- if($owner['page-flags'] == PAGE_COMMUNITY && ! $x[0]['writable']) {
+ if($x && count($x)) {
+ $write_flag = (($x[0]['rel'] == CONTACT_IS_FOLLOWER || $x[0]['rel'] == CONTACT_IS_FRIEND) ? true : false);
+ if((($owner['page-flags'] == PAGE_COMMUNITY) || ($write_flag)) && (! $x[0]['writable'])) {
q("update contact set writable = 1 where id = %d limit 1",
intval($x[0]['id'])
);
diff --git a/include/items.php b/include/items.php
index 63e9a646d..4acf72d77 100755
--- a/include/items.php
+++ b/include/items.php
@@ -3557,9 +3557,21 @@ function drop_item($id,$interactive = true) {
$owner = $item['uid'];
+ $cid = 0;
+
// check if logged in user is either the author or owner of this item
- if((local_user() == $item['uid']) || (remote_user() == $item['contact-id']) || (! $interactive)) {
+ if(is_array($_SESSION['remote'])) {
+ foreach($_SESSION['remote'] as $visitor) {
+ if($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
+ $cid = $visitor['cid'];
+ break;
+ }
+ }
+ }
+
+
+ if((local_user() == $item['uid']) || ($cid) || (! $interactive)) {
// delete the item
diff --git a/include/notifier.php b/include/notifier.php
index 6e3cede56..15ab67b7b 100644
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -279,7 +279,7 @@ function notifier_run($argv, $argc){
// a delivery fork. private groups (forum_mode == 2) do not uplink
if((intval($parent['forum_mode']) == 1) && (! $top_level) && ($cmd !== 'uplink')) {
- proc_run('php','include/notifier','uplink',$item_id);
+ proc_run('php','include/notifier.php','uplink',$item_id);
}
$conversants = array();
@@ -543,9 +543,9 @@ function notifier_run($argv, $argc){
dbesc($nickname)
);
- if(count($x)) {
-
- if($owner['page-flags'] == PAGE_COMMUNITY && ! $x[0]['writable']) {
+ if($x && count($x)) {
+ $write_flag = (($x[0]['rel'] == CONTACT_IS_FOLLOWER || $x[0]['rel'] == CONTACT_IS_FRIEND) ? true : false);
+ if((($owner['page-flags'] == PAGE_COMMUNITY) || ($write_flag)) && (! $x[0]['writable'])) {
q("update contact set writable = 1 where id = %d limit 1",
intval($x[0]['id'])
);
diff --git a/include/oauth.php b/include/oauth.php
index 2724dcf7c..103d4c2fa 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -145,6 +145,7 @@ class FKOAuth1 extends OAuthServer {
}
$_SESSION['uid'] = $record['uid'];
$_SESSION['theme'] = $record['theme'];
+ $_SESSION['mobile-theme'] = get_pconfig($record['uid'], 'system', 'mobile_theme');
$_SESSION['authenticated'] = 1;
$_SESSION['page_flags'] = $record['page-flags'];
$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $record['nickname'];
diff --git a/include/security.php b/include/security.php
index 497166ec4..bc1e97059 100644
--- a/include/security.php
+++ b/include/security.php
@@ -181,12 +181,26 @@ function can_write_wall(&$a,$owner) {
elseif($verified === 1)
return false;
else {
+ $cid = 0;
+
+ if(is_array($_SESSION['remote'])) {
+ foreach($_SESSION['remote'] as $visitor) {
+ if($visitor['uid'] == $owner) {
+ $cid = $visitor['cid'];
+ break;
+ }
+ }
+ }
+
+ if(! $cid)
+ return false;
+
$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
intval($owner),
- intval(remote_user()),
+ intval($cid),
intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND),
intval(PAGE_COMMUNITY)