diff options
Diffstat (limited to 'include')
| -rwxr-xr-x | include/Contact.php | 6 | ||||
| -rwxr-xr-x | include/Photo.php | 6 | ||||
| -rwxr-xr-x | include/Scrape.php | 2 | ||||
| -rwxr-xr-x | include/acl_selectors.php | 14 | ||||
| -rwxr-xr-x | include/auth.php | 34 | ||||
| -rwxr-xr-x | include/contact_widgets.php | 6 | ||||
| -rwxr-xr-x | include/conversation.php | 16 | ||||
| -rwxr-xr-x | include/dba.php | 24 | ||||
| -rwxr-xr-x | include/delivery.php | 3 | ||||
| -rwxr-xr-x | include/diaspora.php | 46 | ||||
| -rwxr-xr-x | include/email.php | 2 | ||||
| -rwxr-xr-x | include/enotify.php | 41 | ||||
| -rwxr-xr-x | include/items.php | 79 | ||||
| -rwxr-xr-x | include/nav.php | 2 | ||||
| -rwxr-xr-x | include/network.php | 4 | ||||
| -rwxr-xr-x | include/notifier.php | 4 | ||||
| -rwxr-xr-x | include/oembed.php | 5 | ||||
| -rwxr-xr-x | include/plugin.php | 11 | ||||
| -rwxr-xr-x | include/poller.php | 2 | ||||
| -rwxr-xr-x | include/queue.php | 11 | ||||
| -rwxr-xr-x | include/security.php | 24 | ||||
| -rwxr-xr-x | include/socgraph.php | 10 | ||||
| -rwxr-xr-x | include/template_processor.php | 4 | ||||
| -rw-r--r-- | include/text.php | 54 |
24 files changed, 282 insertions, 128 deletions
diff --git a/include/Contact.php b/include/Contact.php index baccea305..d9949b1ef 100755 --- a/include/Contact.php +++ b/include/Contact.php @@ -15,6 +15,12 @@ function user_remove($uid) { call_hooks('remove_user',$r[0]); + // save username (actually the nickname as it is guaranteed + // unique), so it cannot be re-registered in the future. + + q("insert into userd ( username ) values ( '%s' )", + $r[0]['nickname'] + ); q("DELETE FROM `contact` WHERE `uid` = %d", intval($uid)); q("DELETE FROM `group` WHERE `uid` = %d", intval($uid)); diff --git a/include/Photo.php b/include/Photo.php index 1450374ff..4d02b5c65 100755 --- a/include/Photo.php +++ b/include/Photo.php @@ -268,9 +268,9 @@ function import_profile_photo($photo,$uid,$cid) { $photo_failure = true; if($photo_failure) { - $photo = $a->get_baseurl() . '/images/default-profile.jpg'; - $thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg'; - $micro = $a->get_baseurl() . '/images/default-profile-mm.jpg'; + $photo = $a->get_baseurl() . '/images/person-175.jpg'; + $thumb = $a->get_baseurl() . '/images/person-80.jpg'; + $micro = $a->get_baseurl() . '/images/person-48.jpg'; } return(array($photo,$thumb,$micro)); diff --git a/include/Scrape.php b/include/Scrape.php index 8344aa737..9c237916b 100755 --- a/include/Scrape.php +++ b/include/Scrape.php @@ -684,7 +684,7 @@ function probe_url($url, $mode = PROBE_NORMAL) { if(! x($vcard,'photo')) { $a = get_app(); - $vcard['photo'] = $a->get_baseurl() . '/images/default-profile.jpg' ; + $vcard['photo'] = $a->get_baseurl() . '/images/person-175.jpg' ; } if(! $profile) diff --git a/include/acl_selectors.php b/include/acl_selectors.php index 67d8cebde..a5f5aff53 100755 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -113,11 +113,13 @@ function contact_selector($selname, $selclass, $preselected = false, $options) { $str_nets = implode(',',$x['networks']); $sql_extra .= " AND `network` IN ( $str_nets ) "; } + + $tabindex = (x($options, 'tabindex') ? "tabindex=\"" . $options["tabindex"] . "\"" : ""); if($x['single']) - $o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"" . $x['size'] . "\" >\r\n"; + $o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"" . $x['size'] . "\" $tabindex >\r\n"; else - $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"" . $x['size'] . "$\" >\r\n"; + $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"" . $x['size'] . "$\" $tabindex >\r\n"; $r = q("SELECT `id`, `name`, `url`, `network` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 AND `notify` != '' @@ -156,7 +158,7 @@ function contact_selector($selname, $selclass, $preselected = false, $options) { -function contact_select($selname, $selclass, $preselected = false, $size = 4, $privmail = false, $celeb = false, $privatenet = false) { +function contact_select($selname, $selclass, $preselected = false, $size = 4, $privmail = false, $celeb = false, $privatenet = false, $tabindex = null) { $a = get_app(); @@ -178,12 +180,12 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p $sql_extra .= " AND `network` IN ( 'dfrn', 'mail', 'face', 'dspr' ) "; } - + $tabindex = ($tabindex > 0 ? "tabindex=\"$tabindex\"" : ""); if($privmail) - $o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"$size\" >\r\n"; + $o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"$size\" $tabindex >\r\n"; else - $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" >\r\n"; + $o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" $tabindex >\r\n"; $r = q("SELECT `id`, `name`, `url`, `network` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 AND `notify` != '' diff --git a/include/auth.php b/include/auth.php index fc52684e6..835616a82 100755 --- a/include/auth.php +++ b/include/auth.php @@ -24,7 +24,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) { // process logout request - + call_hooks("logging_out"); nuke_session(); info( t('Logged out.') . EOL); goaway(z_root()); @@ -77,7 +77,7 @@ else { $noid = get_config('system','no_openid'); - $openid_url = trim( (strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) ); + $openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) ); // validate_url alters the calling parameter @@ -99,32 +99,12 @@ else { $openid->identity = $openid_url; $_SESSION['openid'] = $openid_url; $a = get_app(); - $openid->returnUrl = $a->get_baseurl() . '/openid'; - - $r = q("SELECT `uid` FROM `user` WHERE `openid` = '%s' LIMIT 1", - dbesc($openid_url) - ); - if(count($r)) { - // existing account - goaway($openid->authUrl()); - // NOTREACHED - } - else { - if($a->config['register_policy'] == REGISTER_CLOSED) { - $a = get_app(); - notice( t('Login failed.') . EOL); - goaway(z_root()); - // NOTREACHED - } - // new account - $_SESSION['register'] = 1; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED - } + $openid->returnUrl = $a->get_baseurl(true) . '/openid'; + goaway($openid->authUrl()); + // NOTREACHED } } + if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') { $record = null; @@ -165,7 +145,7 @@ else { } if((! $record) || (! count($record))) { - logger('authenticate: failed login attempt: ' . notags(trim($_POST['username']))); + logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); notice( t('Login failed.') . EOL ); goaway(z_root()); } diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 605a3eb78..9d7085d20 100755 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -15,8 +15,6 @@ function findpeople_widget() { $a = get_app(); - $inv = (($a->config['register_policy'] != REGISTER_CLOSED) ? t('Invite Friends') : ''); - if(get_config('system','invitation_only')) { $x = get_pconfig(local_user(),'system','invites_remaining'); if($x || is_site_admin()) { @@ -34,7 +32,7 @@ function findpeople_widget() { '$findthem' => t('Find'), '$suggest' => t('Friend Suggestions'), '$similar' => t('Similar Interests'), - '$inv' => $inv + '$inv' => t('Invite Friends') )); } @@ -48,7 +46,7 @@ function networks_widget($baseurl,$selected = '') { return ''; - $r = q("select distinct(network) from contact where uid = %d", + $r = q("select distinct(network) from contact where uid = %d and self = 0", intval(local_user()) ); diff --git a/include/conversation.php b/include/conversation.php index 88ecf502b..5de4fcb51 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -649,7 +649,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { // template to use to render item (wall, walltowall, search) 'template' => $template, - 'type' => implode("",array_slice(split("/",$item['verb']),-1)), + 'type' => implode("",array_slice(explode("/",$item['verb']),-1)), 'tags' => $tags, 'body' => template_escape($body), 'text' => strip_tags(template_escape($body)), @@ -779,6 +779,17 @@ function item_photo_menu($item){ if(($cid) && (! $item['self'])) { $contact_url = $a->get_baseurl($ssl_state) . '/contacts/' . $cid; $posts_link = $a->get_baseurl($ssl_state) . '/network/?cid=' . $cid; + + $clean_url = normalise_link($item['author-link']); + + if((local_user()) && (local_user() == $item['uid'])) { + if(isset($a->contacts) && x($a->contacts,$clean_url)) { + if($a->contacts[$clean_url]['network'] === NETWORK_DIASPORA) { + $pm_url = $a->get_baseurl($ssl_state) . '/message/new/' . $cid; + } + } + } + } $menu = Array( @@ -886,8 +897,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { '$audurl' => t("Please enter an audio link/URL:"), '$term' => t('Tag term:'), '$fileas' => t('File as:'), - '$whereareu' => t('Where are you right now?'), - '$title' => t('Enter a title for this item') + '$whereareu' => t('Where are you right now?') )); diff --git a/include/dba.php b/include/dba.php index 7455b6b3e..5beea7a3a 100755 --- a/include/dba.php +++ b/include/dba.php @@ -1,5 +1,7 @@ <?php +require_once('include/datetime.php'); + /** * * MySQL database class @@ -104,19 +106,17 @@ class dba { logger('dba: ' . $str ); } - else { - /** - * If dbfail.out exists, we will write any failed calls directly to it, - * regardless of any logging that may or may nor be in effect. - * These usually indicate SQL syntax errors that need to be resolved. - */ + /** + * If dbfail.out exists, we will write any failed calls directly to it, + * regardless of any logging that may or may nor be in effect. + * These usually indicate SQL syntax errors that need to be resolved. + */ - if($result === false) { - logger('dba: ' . printable($sql) . ' returned false.'); - if(file_exists('dbfail.out')) - file_put_contents('dbfail.out', printable($sql) . ' returned false' . "\n", FILE_APPEND); - } + if($result === false) { + logger('dba: ' . printable($sql) . ' returned false.'); + if(file_exists('dbfail.out')) + file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n", FILE_APPEND); } if(($result === true) || ($result === false)) @@ -140,7 +140,7 @@ class dba { if($this->debug) - logger('dba: ' . printable(print_r($r, true)), LOGGER_DATA); + logger('dba: ' . printable(print_r($r, true))); return($r); } diff --git a/include/delivery.php b/include/delivery.php index 44a482ca2..532dcd699 100755 --- a/include/delivery.php +++ b/include/delivery.php @@ -256,7 +256,8 @@ function delivery_run($argv, $argc){ '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => $birthday + '$birthday' => $birthday, + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') )); foreach($items as $item) { diff --git a/include/diaspora.php b/include/diaspora.php index dca857a19..84d28a7ec 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1159,6 +1159,48 @@ function diaspora_comment($importer,$xml,$msg) { proc_run('php','include/notifier.php','comment',$message_id); } + + $myconv = q("SELECT `author-link`, `author-avatar`, `parent` FROM `item` WHERE `parent-uri` = '%s' AND `uid` = %d AND `parent` != 0 ", + dbesc($parent_item['uri']), + intval($importer['uid']) + ); + + if(count($myconv)) { + $importer_url = $a->get_baseurl() . '/profile/' . $importer['nickname']; + + foreach($myconv as $conv) { + + // now if we find a match, it means we're in this conversation + + if(! link_compare($conv['author-link'],$importer_url)) + continue; + + require_once('include/enotify.php'); + + $conv_parent = $conv['parent']; + + notification(array( + 'type' => NOTIFY_COMMENT, + 'notify_flags' => $importer['notify-flags'], + 'language' => $importer['language'], + 'to_name' => $importer['username'], + 'to_email' => $importer['email'], + 'uid' => $importer['uid'], + 'item' => $datarray, + 'link' => $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $message_id, + 'source_name' => $datarray['author-name'], + 'source_link' => $datarray['author-link'], + 'source_photo' => $datarray['author-avatar'], + 'verb' => ACTIVITY_POST, + 'otype' => 'item', + 'parent' => $conv_parent, + + )); + + // only send one notification + break; + } + } return; } @@ -1695,7 +1737,7 @@ function diaspora_retraction($importer,$xml) { contact_remove($contact['id']); } elseif($type === 'Post') { - $r = q("select * from item where guid = '%s' and uid = %d limit 1", + $r = q("select * from item where guid = '%s' and uid = %d and not file like '%%[%%' limit 1", dbesc('guid'), intval($importer['uid']) ); @@ -1743,7 +1785,7 @@ function diaspora_signed_retraction($importer,$xml,$msg) { } if($type === 'StatusMessage') { - $r = q("select * from item where guid = '%s' and uid = %d limit 1", + $r = q("select * from item where guid = '%s' and uid = %d and not file like '%%[%%' limit 1", dbesc($guid), intval($importer['uid']) ); diff --git a/include/email.php b/include/email.php index 43f04d7c2..bd44cb763 100755 --- a/include/email.php +++ b/include/email.php @@ -56,7 +56,7 @@ function email_msg_headers($mbox,$uid) { $raw_header = (($mbox && $uid) ? @imap_fetchheader($mbox,$uid,FT_UID) : ''); $raw_header = str_replace("\r",'',$raw_header); $ret = array(); - $h = split("\n",$raw_header); + $h = explode("\n",$raw_header); if(count($h)) foreach($h as $line ) { if (preg_match("/^[a-zA-Z]/", $line)) { diff --git a/include/enotify.php b/include/enotify.php index a505f1f04..8385bdec5 100755 --- a/include/enotify.php +++ b/include/enotify.php @@ -5,6 +5,12 @@ function notification($params) { logger('notification: entry', LOGGER_DEBUG); $a = get_app(); + + // from here on everything is in the recipients language + + push_lang($params['language']); + + $banner = t('Friendica Notification'); $product = FRIENDICA_PLATFORM; $siteurl = z_path(); @@ -153,9 +159,33 @@ function notification($params) { } - // from here on everything is in the recipients language + if($params['type'] == NOTIFY_SYSTEM) { + + } + + $h = array( + 'params' => $params, + 'subject' => $subject, + 'preamble' => $preamble, + 'epreamble' => $epreamble, + 'body' => $body, + 'sitelink' => $sitelink, + 'tsitelink' => $tsitelink, + 'hsitelink' => $hsitelink, + 'itemlink' => $itemlink + ); + + call_hooks('enotify',$h); + + $subject = $h['subject']; + $preamble = $h['preamble']; + $epreamble = $h['epreamble']; + $body = $h['body']; + $sitelink = $h['sitelink']; + $tsitelink = $h['tsitelink']; + $hsitelink = $h['hsitelink']; + $itemlink = $h['itemlink']; - push_lang($params['language']); require_once('include/html2bbcode.php'); @@ -207,8 +237,10 @@ function notification($params) { ); if($r) $notify_id = $r[0]['id']; - else + else { + pop_lang(); return; + } $itemlink = $a->get_baseurl() . '/notify/view/' . $notify_id; $msg = replace_macros($epreamble,array('$itemlink' => $itemlink)); @@ -219,11 +251,10 @@ function notification($params) { ); - // send email notification if notification preferences permit require_once('bbcode.php'); - if(intval($params['notify_flags']) & intval($params['type'])) { + if((intval($params['notify_flags']) & intval($params['type'])) || $params['type'] == NOTIFY_SYSTEM) { logger('notification: sending notification email'); diff --git a/include/items.php b/include/items.php index 4b1523ff6..2eecadad1 100755 --- a/include/items.php +++ b/include/items.php @@ -7,14 +7,11 @@ require_once('include/crypto.php'); function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) { - // default permissions - anonymous user - - if(! strlen($owner_nick)) - killme(); + $sitefeed = ((strlen($owner_nick)) ? false : true); // not yet implemented, need to rewrite huge chunks of following logic $public_feed = (($dfrn_id) ? false : true); - $starred = false; - $converse = false; + $starred = false; // not yet implemented, possible security issues + $converse = false; if($public_feed && $a->argc > 2) { for($x = 2; $x < $a->argc; $x++) { @@ -25,10 +22,11 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) } } + // default permissions - anonymous user $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone` + $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick) @@ -156,7 +154,8 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '') + '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''), + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') )); call_hooks('atom_feed', $atom); @@ -1048,6 +1047,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $ssl_val = intval(get_config('system','ssl_policy')); $ssl_policy = ''; + switch($ssl_val){ case SSL_POLICY_FULL: $ssl_policy = 'full'; @@ -1092,6 +1092,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $challenge = hex2bin((string) $res->challenge); $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0); $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); + $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); $final_dfrn_id = ''; @@ -1135,6 +1136,9 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars['ssl_policy'] = $ssl_policy; + if($page) + $postvars['page'] = '1'; + if($rino && $rino_allowed && (! $dissolve)) { $key = substr(random_string(),0,16); $data = bin2hex(aes_encrypt($postvars['data'],$key)); @@ -1399,6 +1403,19 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) } + $community_page = 0; + $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community'); + if($rawtags) { + $community_page = intval($rawtags[0]['data']); + } + if(is_array($contact) && intval($contact['forum']) != $community_page) { + q("update contact set forum = %d where id = %d limit 1", + intval($community_page), + intval($contact['id']) + ); + $contact['forum'] = (string) $community_page; + } + // process any deleted entries @@ -1418,7 +1435,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) } if($deleted && is_array($contact)) { $r = q("SELECT `item`.*, `contact`.`self` FROM `item` left join `contact` on `item`.`contact-id` = `contact`.`id` - WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d LIMIT 1", + WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1", dbesc($uri), intval($importer['uid']), intval($contact['id']) @@ -1563,9 +1580,10 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) if(count($r)) { if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { - $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), + dbesc($datarray['tag']), dbesc(datetime_convert('UTC','UTC',$datarray['edited'])), dbesc($item_id), intval($importer['uid']) @@ -1708,9 +1726,10 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) if(count($r)) { if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { - $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), + dbesc($datarray['tag']), dbesc(datetime_convert('UTC','UTC',$datarray['edited'])), dbesc($item_id), intval($importer['uid']) @@ -1781,7 +1800,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) // but otherwise there's a possible data mixup on the sender's system. // the tgroup delivery code called from item_store will correct it if it's a forum, // but we're going to unconditionally correct it here so that the post will always be owned by our contact. - logger('local_delivery: Correcting item owner.', LOGGER_DEBUG); + logger('consume_feed: Correcting item owner.', LOGGER_DEBUG); $datarray['owner-name'] = $contact['name']; $datarray['owner-link'] = $contact['url']; $datarray['owner-avatar'] = $contact['thumb']; @@ -1877,6 +1896,14 @@ function local_delivery($importer,$data) { ); if(count($r)) { $fid = $r[0]['id']; + + // OK, we do. Do we already have an introduction for this person ? + $r = q("select id from intro where uid = %d and fid = %d limit 1", + intval($fsugg['uid']), + intval($fid) + ); + if(count($r)) + return 0; } if(! $fid) $r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo`,`request` ) VALUES ( '%s', '%s', '%s', '%s' ) ", @@ -1897,6 +1924,7 @@ function local_delivery($importer,$data) { else return 0; + $hash = random_string(); $r = q("INSERT INTO `intro` ( `uid`, `fid`, `contact-id`, `note`, `hash`, `datetime`, `blocked` ) @@ -1982,6 +2010,19 @@ function local_delivery($importer,$data) { // NOTREACHED } + + $community_page = 0; + $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community'); + if($rawtags) { + $community_page = intval($rawtags[0]['data']); + } + if(intval($importer['forum']) != $community_page) { + q("update contact set forum = %d where id = %d limit 1", + intval($community_page), + intval($importer['id']) + ); + $importer['forum'] = (string) $community_page; + } logger('local_delivery: feed item count = ' . $feed->get_item_quantity()); @@ -2004,7 +2045,7 @@ function local_delivery($importer,$data) { if($deleted) { $r = q("SELECT `item`.*, `contact`.`self` FROM `item` left join contact on `item`.`contact-id` = `contact`.`id` - WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d LIMIT 1", + WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1", dbesc($uri), intval($importer['importer_uid']), intval($importer['id']) @@ -2021,6 +2062,7 @@ function local_delivery($importer,$data) { if(($item['verb'] === ACTIVITY_TAG) && ($item['object-type'] === ACTVITY_OBJ_TAGTERM)) { $xo = parse_xml_string($item['object'],false); $xt = parse_xml_string($item['target'],false); + if($xt->type === ACTIVITY_OBJ_NOTE) { $i = q("select * from `item` where uri = '%s' and uid = %d limit 1", dbesc($xt->id), @@ -2299,9 +2341,10 @@ function local_delivery($importer,$data) { if(count($r)) { if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { - $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), + dbesc($datarray['tag']), dbesc(datetime_convert('UTC','UTC',$datarray['edited'])), dbesc($item_id), intval($importer['importer_uid']) @@ -2464,9 +2507,10 @@ function local_delivery($importer,$data) { if(count($r)) { if((x($datarray,'edited') !== false) && (datetime_convert('UTC','UTC',$datarray['edited']) !== $r[0]['edited'])) { - $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s' WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($datarray['title']), dbesc($datarray['body']), + dbesc($datarray['tag']), dbesc(datetime_convert('UTC','UTC',$datarray['edited'])), dbesc($item_id), intval($importer['importer_uid']) @@ -2892,6 +2936,11 @@ function item_expire($uid,$days) { foreach($r as $item) { + // don't expire filed items + + if(strpos($item['file'],'[') !== false) + continue; + // Only expire posts, not photos and photo comments if($expire_photos==0 && strlen($item['resource-id'])) diff --git a/include/nav.php b/include/nav.php index e28081839..f40e92dbc 100755 --- a/include/nav.php +++ b/include/nav.php @@ -55,7 +55,7 @@ function nav(&$a) { // user info $r = q("SELECT micro FROM contact WHERE uid=%d AND self=1", intval($a->user['uid'])); $userinfo = array( - 'icon' => (count($r) ? $r[0]['micro']: $a->get_baseurl($ssl_state)."/images/default-profile-mm.jpg"), + 'icon' => (count($r) ? $r[0]['micro']: $a->get_baseurl($ssl_state)."/images/person-48.jpg"), 'name' => $a->user['username'], ); diff --git a/include/network.php b/include/network.php index c72919dd8..22157ff18 100755 --- a/include/network.php +++ b/include/network.php @@ -303,7 +303,7 @@ function webfinger_dfrn($s,&$hcard) { if(! function_exists('webfinger')) { -function webfinger($s) { +function webfinger($s, $debug = false) { $host = ''; if(strstr($s,'@')) { $host = substr($s,strpos($s,'@') + 1); @@ -328,7 +328,7 @@ function webfinger($s) { }} if(! function_exists('lrdd')) { -function lrdd($uri) { +function lrdd($uri, $debug = false) { $a = get_app(); diff --git a/include/notifier.php b/include/notifier.php index 07edc7046..d63ad7ae7 100755 --- a/include/notifier.php +++ b/include/notifier.php @@ -337,7 +337,9 @@ function notifier_run($argv, $argc){ '$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) , '$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) , '$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) , - '$birthday' => $birthday + '$birthday' => $birthday, + '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '') + )); if($mail) { diff --git a/include/oembed.php b/include/oembed.php index cc71f9757..1f45d2814 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -38,7 +38,8 @@ function oembed_fetch_url($embedurl){ $entries = $xpath->query("//link[@type='application/json+oembed']"); foreach($entries as $e){ $href = $e->getAttributeNode("href")->nodeValue; - $txt = fetch_url($href); + $txt = fetch_url($href . '&maxwidth=425'); + break; } } } @@ -46,7 +47,7 @@ function oembed_fetch_url($embedurl){ if ($txt==false || $txt==""){ // try oohembed service - $ourl = "http://oohembed.com/oohembed/?url=".urlencode($embedurl); + $ourl = "http://oohembed.com/oohembed/?url=".urlencode($embedurl).'&maxwidth=425'; $txt = fetch_url($ourl); } diff --git a/include/plugin.php b/include/plugin.php index 8280b1022..e37ae8435 100755 --- a/include/plugin.php +++ b/include/plugin.php @@ -249,6 +249,7 @@ function get_theme_info($theme){ list($k,$v) = array_map("trim", explode(":",$l,2)); $k= strtolower($k); if ($k=="author"){ + $r=preg_match("|([^<]+)<([^>]+)>|", $v, $m); if ($r) { $info['author'][] = array('name'=>$m[1], 'link'=>$m[2]); @@ -276,3 +277,13 @@ function get_theme_info($theme){ return $info; }} + +function get_theme_screenshot($theme) { + $a = get_app(); + $exts = array('.png','.jpg'); + foreach($exts as $ext) { + if(file_exists('view/theme/' . $theme . '/screenshot' . $ext)) + return($a->get_baseurl() . '/view/theme/' . $theme . '/screenshot' . $ext); + } + return($a->get_baseurl() . '/images/blank.png'); +} diff --git a/include/poller.php b/include/poller.php index 085e95a6a..90a97867c 100755 --- a/include/poller.php +++ b/include/poller.php @@ -232,7 +232,7 @@ function poller_run($argv, $argc){ $importer_uid = $contact['uid']; - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", + $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `contact`.`uid` = `user`.`uid` WHERE `user`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1", intval($importer_uid) ); if(! count($r)) diff --git a/include/queue.php b/include/queue.php index d312b50f5..7e92705be 100755 --- a/include/queue.php +++ b/include/queue.php @@ -61,13 +61,18 @@ function queue_run($argv, $argc){ q("DELETE FROM `queue` WHERE `created` < UTC_TIMESTAMP() - INTERVAL 3 DAY"); } - if($queue_id) + if($queue_id) { $r = q("SELECT `id` FROM `queue` WHERE `id` = %d LIMIT 1", intval($queue_id) ); - else - $r = q("SELECT `id` FROM `queue` WHERE `last` < UTC_TIMESTAMP() - INTERVAL 15 MINUTE "); + } + else { + // For the first 12 hours we'll try to deliver every 15 minutes + // After that, we'll only attempt delivery once per hour. + + $r = q("SELECT `id` FROM `queue` WHERE (( `created` > UTC_TIMESTAMP() - INTERVAL 12 HOUR && `last` < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ) OR ( `last` < UTC_TIMESTAMP() - INTERVAL 1 HOUR ))"); + } if(! count($r)){ return; } diff --git a/include/security.php b/include/security.php index 6ea515bff..19e91eb63 100755 --- a/include/security.php +++ b/include/security.php @@ -299,16 +299,16 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null) * Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are, * so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types). */ -function get_form_security_token($typename = "") { +function get_form_security_token($typename = '') { $a = get_app(); $timestamp = time(); - $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $timestamp . $typename); + $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $timestamp . $typename); - return $timestamp . "." . $sec_hash; + return $timestamp . '.' . $sec_hash; } -function check_form_security_token($typename = "", $formname = 'form_security_token') { +function check_form_security_token($typename = '', $formname = 'form_security_token') { if (!x($_REQUEST, $formname)) return false; $hash = $_REQUEST[$formname]; @@ -316,10 +316,10 @@ function check_form_security_token($typename = "", $formname = 'form_security_to $a = get_app(); - $x = explode(".", $hash); + $x = explode('.', $hash); if (time() > (IntVal($x[0]) + $max_livetime)) return false; - $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $x[0] . $typename); + $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename); return ($sec_hash == $x[1]); } @@ -327,10 +327,20 @@ function check_form_security_token($typename = "", $formname = 'form_security_to function check_form_security_std_err_msg() { return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before subitting it.') . EOL; } -function check_form_security_token_redirectOnErr($err_redirect, $typename = "", $formname = 'form_security_token') { +function check_form_security_token_redirectOnErr($err_redirect, $typename = '', $formname = 'form_security_token') { if (!check_form_security_token($typename, $formname)) { $a = get_app(); + logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); + logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); notice( check_form_security_std_err_msg() ); goaway($a->get_baseurl() . $err_redirect ); } } +function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') { + if (!check_form_security_token($typename, $formname)) { + logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename); + logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA); + header('HTTP/1.1 403 Forbidden'); + killme(); + } +}
\ No newline at end of file diff --git a/include/socgraph.php b/include/socgraph.php index 79d7340a4..3f5194049 100755 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -230,19 +230,21 @@ function all_friends($uid,$cid,$start = 0, $limit = 80) { -function suggestion_query($uid, $start = 0, $limit = 40) { +function suggestion_query($uid, $start = 0, $limit = 80) { if(! $uid) return array(); $r = q("SELECT count(glink.gcid) as `total`, gcontact.* from gcontact left join glink on glink.gcid = gcontact.id - where uid = %d and not gcontact.nurl in ( select nurl from contact where uid = %d) + where uid = %d and not gcontact.nurl in ( select nurl from contact where uid = %d ) + and not gcontact.name in ( select name from contact where uid = %d ) and not gcontact.id in ( select gcid from gcign where uid = %d ) group by glink.gcid order by total desc limit %d, %d ", intval($uid), intval($uid), intval($uid), + intval($uid), intval($start), intval($limit) ); @@ -252,11 +254,13 @@ function suggestion_query($uid, $start = 0, $limit = 40) { $r2 = q("SELECT gcontact.* from gcontact left join glink on glink.gcid = gcontact.id - where glink.uid = 0 and glink.cid = 0 and not gcontact.nurl in ( select nurl from contact where uid = %d) + where glink.uid = 0 and glink.cid = 0 and not gcontact.nurl in ( select nurl from contact where uid = %d ) + and not gcontact.name in ( select name from contact where uid = %d ) and not gcontact.id in ( select gcid from gcign where uid = %d ) order by rand() limit %d, %d ", intval($uid), intval($uid), + intval($uid), intval($start), intval($limit) ); diff --git a/include/template_processor.php b/include/template_processor.php index 7f7b0b55b..4c317efe1 100755 --- a/include/template_processor.php +++ b/include/template_processor.php @@ -96,7 +96,7 @@ $this->_push_stack(); $r = $this->r; $r[$varname] = $v; - if ($keyname!='') $r[$keyname] = $k; + if ($keyname!='') $r[$keyname] = (($k === 0) ? '0' : $k); $ret .= $this->replace($args[3], $r); $this->_pop_stack(); } @@ -203,7 +203,7 @@ $os=$s; $count++; $s = $this->var_replace($s); } - return template_unescape($s); + return $s; } } diff --git a/include/text.php b/include/text.php index 049771949..6d557ed84 100644 --- a/include/text.php +++ b/include/text.php @@ -20,7 +20,7 @@ function replace_macros($s,$r) { //$a = get_app(); //$a->page['debug'] .= "$tt <br>\n"; - return $r; + return template_unescape($r); }} @@ -638,7 +638,7 @@ if(! function_exists('search')) { function search($s,$id='search-box',$url='/search',$save = false) { $a = get_app(); $o = '<div id="' . $id . '">'; - $o .= '<form action="' . $a->get_baseurl() . $url . '" method="get" >'; + $o .= '<form action="' . $a->get_baseurl((stristr($url,'network')) ? true : false) . $url . '" method="get" >'; $o .= '<input type="text" name="search" id="search-text" value="' . $s .'" />'; $o .= '<input type="submit" name="submit" id="search-submit" value="' . t('Search') . '" />'; if($save) @@ -694,8 +694,13 @@ function linkify($s) { if(! function_exists('smilies')) { function smilies($s, $sample = false) { + $a = get_app(); + if(intval(get_config('system','no_smilies')) + || (local_user() && intval(get_pconfig(local_user(),'system','no_smilies')))) + return $s; + $s = preg_replace_callback('/<pre>(.*?)<\/pre>/ism','smile_encode',$s); $s = preg_replace_callback('/<code>(.*?)<\/code>/ism','smile_encode',$s); @@ -704,27 +709,21 @@ function smilies($s, $sample = false) { '</3', '<\\3', ':-)', -// ':)', ';-)', -// ';)', ':-(', -// ':(', ':-P', -// ':P', + ':-p', ':-"', ':-"', ':-x', ':-X', ':-D', -// ':D', '8-|', '8-O', ':-O', '\\o/', 'o.O', 'O.o', - '\\.../', - '\\ooo/', ":'(", ":-!", ":-/", @@ -734,12 +733,8 @@ function smilies($s, $sample = false) { ':homebrew', ':coffee', ':facepalm', - ':headdesk', '~friendika', - '~friendica', -// 'Diaspora*' - ':beard', - ':whitebeard' + '~friendica' ); @@ -748,27 +743,21 @@ function smilies($s, $sample = false) { '<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="</3" />', '<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="<\\3" />', '<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":-)" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":)" />', '<img src="' . $a->get_baseurl() . '/images/smiley-wink.gif" alt=";-)" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-wink.gif" alt=";)"/>', '<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":-(" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":(" />', '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":-P" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":P" />', + '<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":-p" />', '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-\"" />', '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-\"" />', '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-x" />', '<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-X" />', '<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":-D" />', -// '<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":D"/>', '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-|" />', '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />', '<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt=":-O" />', '<img src="' . $a->get_baseurl() . '/images/smiley-thumbsup.gif" alt="\\o/" />', '<img src="' . $a->get_baseurl() . '/images/smiley-Oo.gif" alt="o.O" />', '<img src="' . $a->get_baseurl() . '/images/smiley-Oo.gif" alt="O.o" />', - '<img src="' . $a->get_baseurl() . '/images/smiley-shaka.gif" alt="\\.../" />', - '<img src="' . $a->get_baseurl() . '/images/smiley-shaka.gif" alt="\\ooo/" />', '<img src="' . $a->get_baseurl() . '/images/smiley-cry.gif" alt=":\'(" />', '<img src="' . $a->get_baseurl() . '/images/smiley-foot-in-mouth.gif" alt=":-!" />', '<img src="' . $a->get_baseurl() . '/images/smiley-undecided.gif" alt=":-/" />', @@ -778,12 +767,8 @@ function smilies($s, $sample = false) { '<img src="' . $a->get_baseurl() . '/images/beer_mug.gif" alt=":homebrew" />', '<img src="' . $a->get_baseurl() . '/images/coffee.gif" alt=":coffee" />', '<img src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />', - '<img src="' . $a->get_baseurl() . '/images/smiley-bangheaddesk.gif" alt=":headdesk" />', '<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>', - '<a href="http://friendica.com">~friendica <img src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>', -// '<a href="http://diasporafoundation.org">Diaspora<img src="' . $a->get_baseurl() . '/images/diaspora.png" alt="Diaspora*" /></a>', - '<img src="' . $a->get_baseurl() . '/images/smiley-beard.png" alt=":beard" />', - '<img src="' . $a->get_baseurl() . '/images/smiley-whitebeard.png" alt=":whitebeard" />' + '<a href="http://friendica.com">~friendica <img src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>' ); $params = array('texts' => $texts, 'icons' => $icons, 'string' => $s); @@ -1345,6 +1330,7 @@ function file_tag_save_file($uid,$item,$file) { $saved = get_pconfig($uid,'system','filetags'); if((! strlen($saved)) || (! stristr($saved,'[' . file_tag_encode($file) . ']'))) set_pconfig($uid,'system','filetags',$saved . '[' . file_tag_encode($file) . ']'); + info( t('Item filed') ); } return true; } @@ -1380,3 +1366,19 @@ function file_tag_unsave_file($uid,$item,$file) { return true; } +function normalise_openid($s) { + return trim(str_replace(array('http://','https://'),array('',''),$s),'/'); +} + + +function undo_post_tagging($s) { + $matches = null; + $cnt = preg_match_all('/([@#])\[url=(.*?)\](.*?)\[\/url\]/ism',$s,$matches,PREG_SET_ORDER); + if($cnt) { + foreach($matches as $mtch) { + $s = str_replace($mtch[0], $mtch[1] . $mtch[3],$s); + } + } + return $s; +} + |