aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/api.php5
-rw-r--r--include/attach.php71
-rw-r--r--include/bb2diaspora.php2
-rw-r--r--include/comanche.php9
-rwxr-xr-xinclude/diaspora.php9
-rw-r--r--include/enotify.php4
-rw-r--r--include/environment.php66
-rw-r--r--include/oauth.php11
-rw-r--r--include/permissions.php84
9 files changed, 216 insertions, 45 deletions
diff --git a/include/api.php b/include/api.php
index 01518bea8..e94266762 100644
--- a/include/api.php
+++ b/include/api.php
@@ -78,11 +78,14 @@ require_once('include/items.php');
// list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
if (!is_null($token)){
$oauth->loginUser($token->uid);
+
+ $a->set_oauth_key($consumer->key);
+
call_hooks('logged_in', $a->user);
return;
}
echo __file__.__line__.__function__."<pre>";
- var_dump($consumer, $token);
+// var_dump($consumer, $token);
die();
}
catch(Exception $e) {
diff --git a/include/attach.php b/include/attach.php
index 122f374b0..6fe440bd5 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -4,10 +4,11 @@
*
* @brief File/attach API with the potential for revision control.
*
- * @TODO: a filesystem storage abstraction which maintains security (and 'data' contains a system filename
- * which is inaccessible from the web). This could get around PHP storage limits and store videos and larger
- * items, using fread or OS methods or native code to read/write or chunk it through.
- * Also an 'append' option to the storage function might be a useful addition.
+ * @TODO A filesystem storage abstraction which maintains security (and 'data'
+ * contains a system filename which is inaccessible from the web). This could
+ * get around PHP storage limits and store videos and larger items, using fread
+ * or OS methods or native code to read/write or chunk it through.
+ * @todo Also an 'append' option to the storage function might be a useful addition.
*/
require_once('include/permissions.php');
@@ -123,7 +124,7 @@ function z_mime_content_type($filename) {
* @param string $hash (optional)
* @param string $filename (optional)
* @param string $filetype (optional)
- * @return assoziative array with:
+ * @return associative array with:
* * \e boolean \b success
* * \e int|boolean \b results amount of found results, or false
* * \e string \b message with error messages if any
@@ -161,7 +162,7 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '',
/**
* @brief Returns a list of files/attachments.
- *
+ *
* @param $channel_id
* @param $observer
* @param $hash (optional)
@@ -170,10 +171,10 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '',
* @param $orderby
* @param $start
* @param $entries
- * @return array
- * $ret['success'] boolean
- * $ret['results'] array with results, or false
- * $ret['message'] string with error messages if any
+ * @return associative array with:
+ * * \e boolean \b success
+ * * \e array|boolean \b results array with results, or false
+ * * \e string \b message with error messages if any
*/
function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '', $orderby = 'created desc', $start = 0, $entries = 0) {
@@ -213,11 +214,11 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $
/**
* @brief Find an attachment by hash and revision.
- *
+ *
* Returns the entire attach structure including data.
- *
+ *
* This could exhaust memory so most useful only when immediately sending the data.
- *
+ *
* @param string $hash
* @param int $rev Revision
* @return array
@@ -275,7 +276,7 @@ function attach_by_hash($hash, $rev = 0) {
* @see attach_by_hash()
* @param $hash
* @param $rev revision default 0
- * @return array Everything except data.
+ * @return associative array with everything except data
* * \e boolean \b success boolean true or false
* * \e string \b message (optional) only when success is false
* * \e array \b data array of attach DB entry without data component
@@ -326,12 +327,18 @@ function attach_by_hash_nodata($hash, $rev = 0) {
}
/**
- * @brief
+ * @brief Stores an attachment from a POST file upload.
+ *
+ * This function stores an attachment. It can be a new one, a replacement or a
+ * new revision depending on value set in \e $options.
*
- * @param $channel channel array of owner
- * @param $observer_hash hash of current observer
- * @param $options (optional)
- * @param $arr (optional)
+ * @note Requires an input field \e userfile and does not accept multiple files
+ * in one request.
+ *
+ * @param array $channel channel array of owner
+ * @param string $observer_hash hash of current observer
+ * @param string $options (optional) one of update, replace, revision
+ * @param array $arr (optional) associative array
*/
function attach_store($channel, $observer_hash, $options = '', $arr = null) {
@@ -366,7 +373,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
if($options === 'replace') {
/** @BUG $replace is undefined here */
- $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1",
+ $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1",
intval($replace),
intval($channel_id)
);
@@ -457,7 +464,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
);
}
elseif($options === 'update') {
- $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s',
+ $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s',
allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d",
dbesc((array_key_exists('filename',$arr)) ? $arr['filename'] : $x[0]['filename']),
dbesc((array_key_exists('filetype',$arr)) ? $arr['filetype'] : $x[0]['filetype']),
@@ -551,7 +558,7 @@ function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') {
intval(ATTACH_FLAG_DIR)
);
if(! $r) {
- $ret['message'] = t('Path not available.');
+ $ret['message'] = t('Path not available.');
return $ret;
}
@@ -621,7 +628,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
// Check for duplicate name.
// Check both the filename and the hash as we will be making use of both.
-
+
$r = q("select hash from attach where ( filename = '%s' or hash = '%s' ) and folder = '%s' and uid = %d limit 1",
dbesc($arr['filename']),
dbesc($arr['hash']),
@@ -644,7 +651,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
$sql_options = permissions_sql($channel['channel_id']);
do {
- $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
+ $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
$sql_options limit 1",
intval($channel['channel_id']),
dbesc($lfile),
@@ -660,7 +667,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
$lpath = $r[0]['hash'] . '/' . $lpath;
$lfile = $r[0]['folder'];
} while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ;
- $path = $basepath . '/' . $lpath;
+ $path = $basepath . '/' . $lpath;
}
else
$path = $basepath . '/';
@@ -716,7 +723,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
/**
* @brief Changes permissions of a file.
- *
+ *
* @param int $channel_id
* @param array $resource
* @param string $allow_cid
@@ -841,7 +848,7 @@ function attach_delete($channel_id, $resource) {
* @warning This function cannot be used with mod/dav as it always returns a
* path valid under mod/cloud.
*
- * @param array $arr assoziative array with:
+ * @param array $arr associative array with:
* * \e int \b uid the channel's uid
* * \e string \b folder
* * \e string \b filename
@@ -866,7 +873,7 @@ function get_cloudpath($arr) {
$lfile = $arr['folder'];
do {
- $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
+ $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )>0
limit 1",
intval($arr['uid']),
dbesc($lfile),
@@ -961,7 +968,7 @@ function find_filename_by_hash($channel_id, $attachHash) {
}
/**
- *
+ *
* @param $in
* @param $out
*/
@@ -1212,6 +1219,7 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny
$ret = array();
$parent_arr = array();
+ $count_values = array();
$poster = get_app()->get_observer();
//turn allow_gid into allow_cid's
@@ -1319,11 +1327,10 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny
return $ret;
}
-
/**
- * @brief Returns members of a group
+ * @brief Returns members of a group.
*
- * @param $group_id
+ * @param int $group_id id of the group to look up
*/
function in_group($group_id) {
$group_members = array();
diff --git a/include/bb2diaspora.php b/include/bb2diaspora.php
index ed8625899..fc82cb48c 100644
--- a/include/bb2diaspora.php
+++ b/include/bb2diaspora.php
@@ -450,7 +450,7 @@ function format_event_diaspora($ev) {
$bd_format = t('l F d, Y \@ g:i A') ; // Friday January 18, 2011 @ 8 AM
- $o = t('Hubzilla event notification:') . "\n";
+ $o = t('$Projectname event notification:') . "\n";
$o .= '**' . (($ev['summary']) ? bb2diaspora($ev['summary']) : bb2diaspora($ev['desc'])) . '**' . "\n";
diff --git a/include/comanche.php b/include/comanche.php
index 3030ae5c6..fc4e4004b 100644
--- a/include/comanche.php
+++ b/include/comanche.php
@@ -166,12 +166,19 @@ function comanche_block($s, $class = '') {
intval($channel_id),
dbesc($name)
);
+
if($r) {
$o .= (($var['wrap'] == 'none') ? '' : '<div class="' . $class . '">');
if($r[0]['title'])
$o .= '<h3>' . $r[0]['title'] . '</h3>';
- $o .= prepare_text($r[0]['body'], $r[0]['mimetype']);
+ if($r[0]['body'] === '$content') {
+ $o .= prepare_text(get_app()->data['webpage'][0]['body'], get_app()->data['webpage'][0]['mimetype']);
+ }
+ else {
+ $o .= prepare_text($r[0]['body'], $r[0]['mimetype']);
+ }
+
$o .= (($var['wrap'] == 'none') ? '' : '</div>');
}
}
diff --git a/include/diaspora.php b/include/diaspora.php
index 43eed003e..618c27e1c 100755
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -706,8 +706,9 @@ function diaspora_request($importer,$xml) {
$cnv = random_string();
$mid = random_string();
- $msg = t('You have started sharing with a Hubzilla premium channel.');
- $msg .= t('Hubzilla premium channels are not available for sharing with Diaspora members. This sharing request has been blocked.') . "\r";
+ $msg = t('You have started sharing with a $Projectname premium channel.');
+ $msg .= t('$Projectname premium channels are not available for sharing with Diaspora members. This sharing request has been blocked.') . "\r";
+
$msg .= t('Please do not reply to this message, as this channel is not sharing with you and any reply will not be seen by the recipient.') . "\r";
$created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C');
@@ -2449,7 +2450,7 @@ function diaspora_send_status($item,$owner,$contact,$public_batch = false) {
'$handle' => xmlify($myaddr),
'$public' => $public,
'$created' => $created,
- '$provider' => (($item['app']) ? $item['app'] : 'hubzilla')
+ '$provider' => (($item['app']) ? $item['app'] : t('$projectname'))
));
} else {
$tpl = get_markup_template('diaspora_post.tpl');
@@ -2460,7 +2461,7 @@ function diaspora_send_status($item,$owner,$contact,$public_batch = false) {
'$handle' => xmlify($myaddr),
'$public' => $public,
'$created' => $created,
- '$provider' => (($item['app']) ? $item['app'] : 'hubzilla')
+ '$provider' => (($item['app']) ? $item['app'] : t('$projectname'))
));
}
diff --git a/include/enotify.php b/include/enotify.php
index b34d7fdd7..cd49a9b34 100644
--- a/include/enotify.php
+++ b/include/enotify.php
@@ -55,8 +55,8 @@ function notification($params) {
push_lang($recip['account_language']); // should probably have a channel language
- $banner = t('Hubzilla Notification');
- $product = t('hubzilla'); // PLATFORM_NAME;
+ $banner = t('$Projectname Notification');
+ $product = t('$projectname'); // PLATFORM_NAME;
$siteurl = $a->get_baseurl(true);
$thanks = t('Thank You,');
$sitename = get_config('system','sitename');
diff --git a/include/environment.php b/include/environment.php
new file mode 100644
index 000000000..47ad241a7
--- /dev/null
+++ b/include/environment.php
@@ -0,0 +1,66 @@
+<?php
+/**
+ * @file include/environment.php
+ * @brief Functions related to system/environment tasks.
+ *
+ * This file contains some functions to check the environment/system.
+ */
+
+/**
+ * @brief Get some upload related limits from php.ini.
+ *
+ * This function returns values from php.ini like \b post_max_size,
+ * \b max_file_uploads, \b upload_max_filesize.
+ *
+ * @return array associative array
+ * * \e int \b post_max_size the maximum size of a complete POST in bytes
+ * * \e int \b upload_max_filesize the maximum size of one file in bytes
+ * * \e int \b max_file_uploads maximum number of files in one POST
+ * * \e int \b max_upload_filesize min(post_max_size, upload_max_filesize)
+ */
+function getPhpiniUploadLimits() {
+ $ret = array();
+
+ // max size of the complete POST
+ $ret['post_max_size'] = phpiniSizeToBytes(ini_get('post_max_size'));
+ // max size of one file
+ $ret['upload_max_filesize'] = phpiniSizeToBytes(ini_get('upload_max_filesize'));
+ // catch a configuration error where post_max_size < upload_max_filesize
+ $ret['max_upload_filesize'] = min(
+ $ret['post_max_size'],
+ $ret['upload_max_filesize']
+ );
+ // maximum number of files in one POST
+ $ret['max_file_uploads'] = intval(ini_get('max_file_uploads'));
+
+ return $ret;
+}
+
+/**
+ * @brief Parses php_ini size settings to bytes.
+ *
+ * This function parses common size setting from php.ini files to bytes.
+ * e.g. post_max_size = 8M ==> 8388608
+ *
+ * \note This method does not recognise other human readable formats like
+ * 8MB, etc.
+ *
+ * @todo Make this function more universal useable. MB, T, etc.
+ *
+ * @param string $val value from php.ini e.g. 2M, 8M
+ * @return int size in bytes
+ */
+function phpiniSizeToBytes($val) {
+ $val = trim($val);
+ $unit = strtolower($val[strlen($val)-1]);
+ switch($unit) {
+ case 'g':
+ $val *= 1024;
+ case 'm':
+ $val *= 1024;
+ case 'k':
+ $val *= 1024;
+ }
+
+ return (int)$val;
+} \ No newline at end of file
diff --git a/include/oauth.php b/include/oauth.php
index 8eb8a83d8..ec754db95 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -20,19 +20,21 @@ class FKOAuthDataStore extends OAuthDataStore {
logger(__function__.":".$consumer_key);
// echo "<pre>"; var_dump($consumer_key); killme();
- $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
+ $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id = '%s'",
dbesc($consumer_key)
);
- if (count($r))
+ if($r) {
+ get_app()->set_oauth_key($consumer_key);
return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
+ }
return null;
}
function lookup_token($consumer, $token_type, $token) {
logger(__function__.":".$consumer.", ". $token_type.", ".$token);
- $r = q("SELECT id, secret,scope, expires, uid FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
+ $r = q("SELECT id, secret, scope, expires, uid FROM tokens WHERE client_id = '%s' AND scope = '%s' AND id = '%s'",
dbesc($consumer->key),
dbesc($token_type),
dbesc($token)
@@ -51,7 +53,7 @@ class FKOAuthDataStore extends OAuthDataStore {
function lookup_nonce($consumer, $token, $nonce, $timestamp) {
// echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
- $r = q("SELECT id, secret FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
+ $r = q("SELECT id, secret FROM tokens WHERE client_id = '%s' AND id = '%s' AND expires = %d",
dbesc($consumer->key),
dbesc($nonce),
intval($timestamp)
@@ -132,6 +134,7 @@ class FKOAuthDataStore extends OAuthDataStore {
}
class FKOAuth1 extends OAuthServer {
+
function __construct() {
parent::__construct(new FKOAuthDataStore());
$this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
diff --git a/include/permissions.php b/include/permissions.php
index 68ff2b3d4..f63c6da18 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -65,6 +65,10 @@ function get_perms() {
*/
function get_all_perms($uid, $observer_xchan, $internal_use = true) {
+ $api = get_app()->get_oauth_key();
+ if($api)
+ return get_all_api_perms($uid,$api);
+
$global_perms = get_perms();
// Save lots of individual lookups
@@ -265,6 +269,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
*/
function perm_is_allowed($uid, $observer_xchan, $permission) {
+ $api = get_app()->get_oauth_key();
+ if($api)
+ return api_perm_is_allowed($uid,$api,$permission);
+
$arr = array(
'channel_id' => $uid,
'observer_hash' => $observer_xchan,
@@ -388,6 +396,82 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
return false;
}
+function get_all_api_perms($uid,$api) {
+
+ $global_perms = get_perms();
+
+ $ret = array();
+
+ $r = q("select * from xperm where xp_client = '%s' and xp_channel = %d",
+ dbesc($api),
+ intval($uid)
+ );
+
+ if(! $r)
+ return false;
+
+ $allow_all = false;
+ $allowed = array();
+ foreach($r as $rr) {
+ if($rr['xp_perm'] === 'all')
+ $allow_all = true;
+ if(! in_array($rr['xp_perm'],$allowed))
+ $allowed[] = $rr['xp_perm'];
+ }
+
+ foreach($global_perms as $perm_name => $permission) {
+ if($allow_all || in_array($perm_name,$allowed))
+ $ret[$perm_name] = true;
+ else
+ $ret[$perm_name] = false;
+
+ }
+
+ $arr = array(
+ 'channel_id' => $uid,
+ 'observer_hash' => $observer_xchan,
+ 'permissions' => $ret);
+
+ call_hooks('get_all_api_perms',$arr);
+
+ return $arr['permissions'];
+
+}
+
+
+function api_perm_is_allowed($uid,$api,$permission) {
+
+ $arr = array(
+ 'channel_id' => $uid,
+ 'observer_hash' => $observer_xchan,
+ 'permission' => $permission,
+ 'result' => false
+ );
+
+ call_hooks('api_perm_is_allowed', $arr);
+ if($arr['result'])
+ return true;
+
+ $r = q("select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' )",
+ dbesc($api),
+ intval($uid),
+ dbesc($permission)
+ );
+
+ if(! $r)
+ return false;
+
+ foreach($r as $rr) {
+ if($rr['xp_perm'] === 'all' || $rr['xp_perm'] === $permission)
+ return true;
+
+ }
+
+ return false;
+
+}
+
+
// Check a simple array of observers against a permissions
// return a simple array of those with permission