aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rwxr-xr-xinclude/api.php2
-rwxr-xr-xinclude/auth.php6
-rwxr-xr-xinclude/contact_widgets.php4
-rwxr-xr-xinclude/conversation.php63
-rwxr-xr-xinclude/dba.php6
-rwxr-xr-xinclude/diaspora.php12
-rwxr-xr-xinclude/email.php2
-rwxr-xr-xinclude/items.php18
-rwxr-xr-xinclude/message.php85
-rwxr-xr-xinclude/nav.php4
-rwxr-xr-xinclude/network.php3
-rwxr-xr-xinclude/security.php1
-rw-r--r--include/text.php12
13 files changed, 174 insertions, 44 deletions
diff --git a/include/api.php b/include/api.php
index 64772d657..065f14cff 100755
--- a/include/api.php
+++ b/include/api.php
@@ -83,7 +83,7 @@
$record = $r[0];
} else {
logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Friendika"');
+ header('WWW-Authenticate: Basic realm="Friendica"');
header('HTTP/1.0 401 Unauthorized');
die('This api requires login');
}
diff --git a/include/auth.php b/include/auth.php
index 835616a82..1341f3bb8 100755
--- a/include/auth.php
+++ b/include/auth.php
@@ -94,13 +94,17 @@ else {
// Otherwise it's probably an openid.
+ try {
require_once('library/openid.php');
$openid = new LightOpenID;
$openid->identity = $openid_url;
$_SESSION['openid'] = $openid_url;
$a = get_app();
$openid->returnUrl = $a->get_baseurl(true) . '/openid';
- goaway($openid->authUrl());
+ goaway($openid->authUrl());
+ } catch (Exception $e) {
+ notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage());
+ }
// NOTREACHED
}
}
diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index 9d7085d20..7346b95af 100755
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -87,13 +87,13 @@ function fileas_widget($baseurl,$selected = '') {
$cnt = preg_match_all('/\[(.*?)\]/',$saved,$matches,PREG_SET_ORDER);
if($cnt) {
foreach($matches as $mtch) {
- $unescaped = file_tag_decode($mtch[1]);
+ $unescaped = xmlify(file_tag_decode($mtch[1]));
$terms[] = array('name' => $unescaped,'selected' => (($selected == $unescaped) ? 'selected' : ''));
}
}
return replace_macros(get_markup_template('fileas_widget.tpl'),array(
- '$title' => t('File Selections'),
+ '$title' => t('Saved Folders'),
'$desc' => '',
'$sel_all' => (($selected == '') ? 'selected' : ''),
'$all' => t('Everything'),
diff --git a/include/conversation.php b/include/conversation.php
index 5de4fcb51..5a922b2b5 100755
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -94,9 +94,9 @@ function localize_item(&$item){
}
- $A = '[url=' . $Alink . ']' . $Aname . '[/url]';
- $B = '[url=' . $Blink . ']' . $Bname . '[/url]';
- if ($Bphoto!="") $Bphoto = '[url=' . $Blink . '][img]' . $Bphoto . '[/img][/url]';
+ $A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]';
+ $B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]';
+ if ($Bphoto!="") $Bphoto = '[url=' . zrl($Blink) . '][img]' . $Bphoto . '[/img][/url]';
$item['body'] = sprintf( t('%1$s is now friends with %2$s'), $A, $B)."\n\n\n".$Bphoto;
@@ -108,8 +108,8 @@ function localize_item(&$item){
if(count($r)==0) return;
$obj=$r[0];
- $author = '[url=' . $item['author-link'] . ']' . $item['author-name'] . '[/url]';
- $objauthor = '[url=' . $obj['author-link'] . ']' . $obj['author-name'] . '[/url]';
+ $author = '[url=' . zrl($item['author-link']) . ']' . $item['author-name'] . '[/url]';
+ $objauthor = '[url=' . zrl($obj['author-link']) . ']' . $obj['author-name'] . '[/url]';
switch($obj['verb']){
case ACTIVITY_POST:
@@ -158,14 +158,21 @@ function localize_item(&$item){
$target = $r[0];
$Bname = $target['author-name'];
$Blink = $target['author-link'];
- $A = '[url=' . $Alink . ']' . $Aname . '[/url]';
- $B = '[url=' . $Blink . ']' . $Bname . '[/url]';
+ $A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]';
+ $B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]';
$P = '[url=' . $target['plink'] . ']' . t('post/item') . '[/url]';
$item['body'] = sprintf( t('%1$s marked %2$s\'s %3$s as favorite'), $A, $B, $P)."\n";
}
}
}
+ $matches = null;
+ if(preg_match_all('/@\[url=(.*?)\]/is',$item['body'],$matches,PREG_SET_ORDER)) {
+ foreach($matches as $mtch) {
+ if(! strpos($mtch[1],'zrl='))
+ $item['body'] = str_replace($mtch[0],'@[url=' . zrl($mtch[1]). ']',$item['body']);
+ }
+ }
}
@@ -243,7 +250,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
$threads = array();
$threadsid = -1;
- if(count($items)) {
+ if($items && count($items)) {
if($mode === 'network-new' || $mode === 'search' || $mode === 'community') {
@@ -276,13 +283,16 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
if($item['author-link'] && (! $item['author-name']))
$profile_name = $item['author-link'];
+
+
$sp = false;
$profile_link = best_link_url($item,$sp);
- if($sp)
- $sparkle = ' sparkle';
if($profile_link === 'mailbox')
$profile_link = '';
-
+ if($sp)
+ $sparkle = ' sparkle';
+ else
+ $profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
@@ -484,7 +494,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
// This will have been stored in $a->page_contact by our calling page.
// Put this person on the left of the wall-to-wall notice.
- $owner_url = $a->page_contact['url'];
+ $owner_url = zrl($a->page_contact['url']);
$owner_photo = $a->page_contact['thumb'];
$owner_name = $a->page_contact['name'];
$template = $wallwall;
@@ -501,10 +511,12 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
$commentww = 'ww';
// If it is our contact, use a friendly redirect link
if((link_compare($item['owner-link'],$item['url']))
- && ($item['network'] === 'dfrn')) {
+ && ($item['network'] === NETWORK_DFRN)) {
$owner_url = $redirect_url;
$osparkle = ' sparkle';
}
+ else
+ $owner_url = zrl($owner_url);
}
}
@@ -520,9 +532,12 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
if ($shareable) $likebuttons['share'] = array( t('Share this'), t('share'));
}
+ $qc = $qcomment = null;
- $qc = ((local_user()) ? get_pconfig(local_user(),'qcomment','words') : null);
- $qcomment = (($qc) ? explode("\n",$qc) : null);
+ if(in_array('qcomment',$a->plugins)) {
+ $qc = ((local_user()) ? get_pconfig(local_user(),'qcomment','words') : null);
+ $qcomment = (($qc) ? explode("\n",$qc) : null);
+ }
if(($show_comment_box) || (($show_comment_box == false) && ($override_comment_box == false) && ($item['last-child']))) {
$comment = replace_macros($cmnt_tpl,array(
@@ -580,7 +595,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
'classtagger' => "",
);
}
- $filer = t("file as");
+ $filer = t("save to folder");
}
@@ -596,14 +611,14 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
if($item['author-link'] && (! $item['author-name']))
$profile_name = $item['author-link'];
-
$sp = false;
$profile_link = best_link_url($item,$sp);
- if($sp)
- $sparkle = ' sparkle';
-
if($profile_link === 'mailbox')
$profile_link = '';
+ if($sp)
+ $sparkle = ' sparkle';
+ else
+ $profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(($normalised != 'mailbox') && (x($a->contacts,$normalised)))
@@ -767,8 +782,10 @@ function item_photo_menu($item){
$photos_link = $profile_link . "?url=photos";
$profile_link = $profile_link . "?url=profile";
$pm_url = $a->get_baseurl($ssl_state) . '/message/new/' . $cid;
+ $zurl = '';
}
else {
+ $profile_link = zrl($profile_link);
if(local_user() && local_user() == $item['uid'] && link_compare($item['url'],$item['author-link'])) {
$cid = $item['contact-id'];
}
@@ -795,7 +812,7 @@ function item_photo_menu($item){
$menu = Array(
t("View status") => $status_link,
t("View profile") => $profile_link,
- t("View photos") => $photos_link,
+ t("View photos") => $photos_link,
t("View recent") => $posts_link,
t("Edit contact") => $contact_url,
t("Send PM") => $pm_url,
@@ -828,6 +845,8 @@ function like_puller($a,$item,&$arr,$mode) {
$url = $a->get_baseurl(true) . '/redir/' . $item['contact-id'];
$sparkle = ' class="sparkle" ';
}
+ else
+ $url = zrl($url);
if(! ((isset($arr[$item['parent'] . '-l'])) && (is_array($arr[$item['parent'] . '-l']))))
$arr[$item['parent'] . '-l'] = array();
if(! isset($arr[$item['parent']]))
@@ -896,7 +915,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
'$vidurl' => t("Please enter a video link/URL:"),
'$audurl' => t("Please enter an audio link/URL:"),
'$term' => t('Tag term:'),
- '$fileas' => t('File as:'),
+ '$fileas' => t('Save to Folder:'),
'$whereareu' => t('Where are you right now?')
));
diff --git a/include/dba.php b/include/dba.php
index 5beea7a3a..76cc0bc7b 100755
--- a/include/dba.php
+++ b/include/dba.php
@@ -207,8 +207,10 @@ function q($sql) {
unset($args[0]);
if($db && $db->connected) {
- $ret = $db->q(vsprintf($sql,$args));
- return $ret;
+ $stmt = vsprintf($sql,$args);
+ if($stmt === false)
+ logger('dba: vsprintf error: ' . print_r(debug_backtrace(),true));
+ return $db->q($stmt);
}
/**
diff --git a/include/diaspora.php b/include/diaspora.php
index 84d28a7ec..104ccadf2 100755
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -688,9 +688,9 @@ function diaspora_post($importer,$xml) {
// don't link tags that are already embedded in links
- if(preg_match('/\[(.*?)' . preg_quote($tag) . '(.*?)\]/',$body))
+ if(preg_match('/\[(.*?)' . preg_quote($tag,'/') . '(.*?)\]/',$body))
continue;
- if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag) . '(.*?)\)/',$body))
+ if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag,'/') . '(.*?)\)/',$body))
continue;
$basetag = str_replace('_',' ',substr($tag,1));
@@ -853,9 +853,9 @@ function diaspora_reshare($importer,$xml) {
// don't link tags that are already embedded in links
- if(preg_match('/\[(.*?)' . preg_quote($tag) . '(.*?)\]/',$body))
+ if(preg_match('/\[(.*?)' . preg_quote($tag,'/') . '(.*?)\]/',$body))
continue;
- if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag) . '(.*?)\)/',$body))
+ if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag,'/') . '(.*?)\)/',$body))
continue;
@@ -1094,9 +1094,9 @@ function diaspora_comment($importer,$xml,$msg) {
// don't link tags that are already embedded in links
- if(preg_match('/\[(.*?)' . preg_quote($tag) . '(.*?)\]/',$body))
+ if(preg_match('/\[(.*?)' . preg_quote($tag,'/') . '(.*?)\]/',$body))
continue;
- if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag) . '(.*?)\)/',$body))
+ if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag,'/') . '(.*?)\)/',$body))
continue;
diff --git a/include/email.php b/include/email.php
index bd44cb763..b43ae0dc1 100755
--- a/include/email.php
+++ b/include/email.php
@@ -250,7 +250,7 @@ function email_header_encode($in_str, $charset) {
// remove trailing spacer and
// add start and end delimiters
- $spacer = preg_quote($spacer);
+ $spacer = preg_quote($spacer,'/');
$out_str = preg_replace("/" . $spacer . "$/", "", $out_str);
$out_str = $start . $out_str . $end;
}
diff --git a/include/items.php b/include/items.php
index 2eecadad1..e09b888ca 100755
--- a/include/items.php
+++ b/include/items.php
@@ -416,7 +416,7 @@ function get_atom_elements($feed,$item) {
// the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining
// html.
- if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) {
+ if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) {
$res['body'] = reltoabs($res['body'],$base_url);
@@ -429,13 +429,14 @@ function get_atom_elements($feed,$item) {
// we shouldn't need a whitelist, because the bbcode converter
// will strip out any unsupported tags.
- // $config->set('HTML.Allowed', 'p,b,a[href],i');
$purifier = new HTMLPurifier($config);
$res['body'] = $purifier->purify($res['body']);
- $res['body'] = html2bbcode($res['body']);
+ $res['body'] = @html2bbcode($res['body']);
}
+ else
+ $res['body'] = escape_tags($res['body']);
$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
if($allow && $allow[0]['data'] == 1)
@@ -1090,12 +1091,23 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$postvars = array();
$sent_dfrn_id = hex2bin((string) $res->dfrn_id);
$challenge = hex2bin((string) $res->challenge);
+ $perm = (($res->perm) ? $res->perm : null);
$dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
$page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
$final_dfrn_id = '';
+ if($perm) {
+ if((($perm == 'rw') && (! intval($contact['writable'])))
+ || (($perm == 'r') && (intval($contact['writable'])))) {
+ q("update contact set writable = %d where id = %d limit 1",
+ intval(($perm == 'rw') ? 1 : 0),
+ intval($contact['id'])
+ );
+ $contact['writable'] = (string) 1 - intval($contact['writable']);
+ }
+ }
if(($contact['duplex'] && strlen($contact['pubkey']))
|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
diff --git a/include/message.php b/include/message.php
index 7ad80ae9c..377d7c715 100755
--- a/include/message.php
+++ b/include/message.php
@@ -1,4 +1,5 @@
<?php
+
// send a private message
@@ -155,3 +156,87 @@ function send_message($recipient=0, $body='', $subject='', $replyto=''){
}
}
+
+
+
+
+
+function send_wallmessage($recipient='', $body='', $subject='', $replyto=''){
+
+ $a = get_app();
+
+ if(! $recipient) return -1;
+
+ if(! strlen($subject))
+ $subject = t('[no subject]');
+
+ $hash = random_string();
+ $uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':' . local_user() . ':' . $hash ;
+
+ $convid = 0;
+ $reply = false;
+
+ require_once('include/Scrape.php');
+
+ $me = probe_url($replyto);
+
+ if(! $me['name'])
+ return -2;
+
+ $conv_guid = get_guid();
+
+ $recip_handle = $recipient['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
+
+ $sender_nick = basename($replyto);
+ $sender_host = substr($replyto,strpos($replyto,'://')+3);
+ $sender_host = substr($sender_host,0,strpos($sender_host,'/'));
+ $sender_handle = $sender_nick . '@' . $sender_host;
+
+ $handles = $recip_handle . ';' . $sender_handle;
+
+ $r = q("insert into conv (uid,guid,creator,created,updated,subject,recips) values(%d, '%s', '%s', '%s', '%s', '%s', '%s') ",
+ intval(local_user()),
+ dbesc($conv_guid),
+ dbesc($sender_handle),
+ dbesc(datetime_convert()),
+ dbesc(datetime_convert()),
+ dbesc($subject),
+ dbesc($handles)
+ );
+
+ $r = q("select * from conv where guid = '%s' and uid = %d limit 1",
+ dbesc($conv_guid),
+ intval($recipient['uid'])
+ );
+ if(count($r))
+ $convid = $r[0]['id'];
+
+ if(! $convid) {
+ logger('send message: conversation not found.');
+ return -4;
+ }
+
+ $r = q("INSERT INTO `mail` ( `uid`, `guid`, `convid`, `from-name`, `from-photo`, `from-url`,
+ `contact-id`, `title`, `body`, `seen`, `reply`, `replied`, `uri`, `parent-uri`, `created`, `unknown`)
+ VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', '%s', '%s', %d )",
+ intval($recipient['uid']),
+ dbesc(get_guid()),
+ intval($convid),
+ dbesc($me['name']),
+ dbesc($me['photo']),
+ dbesc($me['url']),
+ 0,
+ dbesc($subject),
+ dbesc($body),
+ 0,
+ 0,
+ 0,
+ dbesc($uri),
+ dbesc($replyto),
+ datetime_convert(),
+ 1
+ );
+
+ return 0;
+
+}
diff --git a/include/nav.php b/include/nav.php
index f40e92dbc..2c9c643a9 100755
--- a/include/nav.php
+++ b/include/nav.php
@@ -69,7 +69,9 @@ function nav(&$a) {
* "Home" should also take you home from an authenticated remote profile connection
*/
- $homelink = ((x($_SESSION,'visitor_home')) ? $_SESSION['visitor_home'] : '');
+ $homelink = get_my_url();
+ if(! $homelink)
+ $homelink = ((x($_SESSION,'visitor_home')) ? $_SESSION['visitor_home'] : '');
if(($a->module != 'home') && (! (local_user())))
$nav['home'] = array($homelink, t('Home'), "", t('Home Page'));
diff --git a/include/network.php b/include/network.php
index 22157ff18..9e1ed2091 100755
--- a/include/network.php
+++ b/include/network.php
@@ -364,6 +364,9 @@ function lrdd($uri, $debug = false) {
logger('lrdd: host_meta: ' . $xml, LOGGER_DATA);
+ if(! stristr($xml,'<xrd'))
+ return array();
+
$h = parse_xml_string($xml);
if(! $h)
return array();
diff --git a/include/security.php b/include/security.php
index 19e91eb63..66622fd33 100755
--- a/include/security.php
+++ b/include/security.php
@@ -9,6 +9,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
$_SESSION['authenticated'] = 1;
$_SESSION['page_flags'] = $user_record['page-flags'];
$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $user_record['nickname'];
+ $_SESSION['my_address'] = $user_record['nickname'] . '@' . substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3);
$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
$a->user = $user_record;
diff --git a/include/text.php b/include/text.php
index 6d557ed84..191f4fca8 100644
--- a/include/text.php
+++ b/include/text.php
@@ -205,7 +205,6 @@ function hex2bin($s) {
return '';
if(! ctype_xdigit($s)) {
- logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true));
return($s);
}
@@ -610,6 +609,8 @@ function micropro($contact, $redirect = false, $class = '', $textmode = false) {
$url = $redirect_url;
$sparkle = ' sparkle';
}
+ else
+ $url = zrl($url);
}
$click = ((x($contact,'click')) ? ' onclick="' . $contact['click'] . '" ' : '');
if($click)
@@ -919,7 +920,7 @@ function prepare_body($item,$attach = false) {
foreach($matches as $mtch) {
if(strlen($x))
$x .= ',';
- $x .= file_tag_decode($mtch[1]);
+ $x .= xmlify(file_tag_decode($mtch[1]));
}
if(strlen($x))
$s .= '<div class="categorytags"><span>' . t('Categories:') . ' </span>' . $x . '</div>';
@@ -934,7 +935,7 @@ function prepare_body($item,$attach = false) {
foreach($matches as $mtch) {
if(strlen($x))
$x .= '&nbsp;&nbsp;&nbsp;';
- $x .= file_tag_decode($mtch[1]). ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . file_tag_decode($mtch[1]) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>';
+ $x .= xmlify(file_tag_decode($mtch[1])) . ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . xmlify(file_tag_decode($mtch[1])) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>';
}
if(strlen($x) && (local_user() == $item['uid']))
$s .= '<div class="filesavetags"><span>' . t('Filed under:') . ' </span>' . $x . '</div>';
@@ -1305,10 +1306,11 @@ function file_tag_decode($s) {
}
function file_tag_file_query($table,$s,$type = 'file') {
+
if($type == 'file')
- $str = preg_quote( '[' . file_tag_encode($s) . ']' );
+ $str = preg_quote( '[' . str_replace('%','%%',file_tag_encode($s)) . ']' );
else
- $str = preg_quote( '<' . file_tag_encode($s) . '>' );
+ $str = preg_quote( '<' . str_replace('%','%%',file_tag_encode($s)) . '>' );
return " AND " . (($table) ? dbesc($table) . '.' : '') . "file regexp '" . dbesc($str) . "' ";
}