diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/auth.php | 37 | ||||
| -rw-r--r-- | include/bbcode.php | 12 | ||||
| -rw-r--r-- | include/contact_widgets.php | 1 | ||||
| -rw-r--r-- | include/dir_fns.php | 1 | ||||
| -rw-r--r-- | include/externals.php | 24 | ||||
| -rw-r--r-- | include/identity.php | 2 | ||||
| -rwxr-xr-x | include/items.php | 2 | ||||
| -rw-r--r-- | include/nav.php | 7 | ||||
| -rw-r--r-- | include/zot.php | 6 |
9 files changed, 75 insertions, 17 deletions
diff --git a/include/auth.php b/include/auth.php index 8e02b7b4f..cc07917b7 100644 --- a/include/auth.php +++ b/include/auth.php @@ -128,13 +128,40 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p // first check if we're enforcing that sessions can't change IP address - if($_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { + if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - if(get_config('system','paranoia')) { - logger('Session address changed. Paranoid setting in effect, blocking session. ' + + $partial1 = substr($_SESSION['addr'],0,strrpos($_SESSION['addr'],'.')); + $partial2 = substr($_SERVER['REMOTE_ADDR'],0,strrpos($_SERVER['REMOTE_ADDR'],'.')); + + + $paranoia = intval(get_pconfig($_SESSION['uid'],'system','paranoia')); + if(! $paranoia) + $paranoia = intval(get_config('system','paranoia')); + + switch($paranoia) { + case 0: + // no IP checking + break; + case 2: + // check 2 octets + $partial1 = substr($partial1,0,strrpos($partial1,'.')); + $partial2 = substr($partial2,0,strrpos($partial2,'.')); + if($partial1 == $partial2) + break; + case 1: + // check 3 octets + if($partial1 == $partial2) + break; + case 3: + default: + // check any difference at all + logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - nuke_session(); - goaway(z_root()); + nuke_session(); + goaway(z_root()); + break; + } } diff --git a/include/bbcode.php b/include/bbcode.php index 45126c0eb..195700729 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -657,24 +657,24 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { // [img=widthxheight]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { - $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px;" alt="' . t('Image/photo') . '" />', $Text); } if (strpos($Text,'[/zmg]') !== false) { - $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*)\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*)\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px;" alt="' . t('Image/photo') . '" />', $Text); } // [img=widthxheight float={left, right}]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { - $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px; float: left;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px; float: left;" alt="' . t('Image/photo') . '" />', $Text); } if (strpos($Text,'[/img]') !== false) { - $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px; float: right;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px; float: right;" alt="' . t('Image/photo') . '" />', $Text); } if (strpos($Text,'[/zmg]') !== false) { - $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px; float: left;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px; float: left;" alt="' . t('Image/photo') . '" />', $Text); } if (strpos($Text,'[/zmg]') !== false) { - $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px; float: right;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px; float: right;" alt="' . t('Image/photo') . '" />', $Text); } // style (sanitized) diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 758b7291b..bccf8b4ae 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -79,6 +79,7 @@ function categories_widget($baseurl,$selected = '') { and term.uid = item.uid and term.type = %d and item.author_xchan = '%s' + and item.restrict = 0 order by term.term asc", intval($a->profile['profile_uid']), intval(TERM_CATEGORY), diff --git a/include/dir_fns.php b/include/dir_fns.php index 1bc97cfec..14e4c0a1d 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -185,6 +185,7 @@ function local_dir_update($uid,$force) { ); $profile = array(); + $profile['encoding'] = 'zot'; if($p) { $hash = $p[0]['channel_hash']; diff --git a/include/externals.php b/include/externals.php index 1d9fd2902..a96bf7c97 100644 --- a/include/externals.php +++ b/include/externals.php @@ -33,8 +33,32 @@ function externals_run($argv, $argc){ $url = $r[0]['site_url']; } + // Note: blacklisted sites must be stored in the config as an array. + // No simple way to turn this into a personal config because we have no identity here. + // For that we probably need a variant of superblock. + + $blacklisted = false; + $bl1 = get_config('system','blacklisted_sites'); + if(is_array($bl1) && $bl1) { + foreach($bl1 as $bl) { + if(strpos($url,$bl) !== false) { + $blacklisted = true; + break; + } + } + } + $attempts ++; + // make sure we can eventually break out if somebody blacklists all known sites + + if($blacklisted) { + if($attempts > 20) + break; + $attempts --; + continue; + } + if($url) { if($r[0]['site_pull'] !== '0000-00-00 00:00:00') $mindate = urlencode($r[0]['site_pull']); diff --git a/include/identity.php b/include/identity.php index e210b37ab..c4134d3e8 100644 --- a/include/identity.php +++ b/include/identity.php @@ -952,7 +952,7 @@ function advanced_profile(&$a) { if($a->profile['gender']) $profile['gender'] = array( t('Gender:'), $a->profile['gender'] ); $ob_hash = get_observer_hash(); - if($ob_hash && perm_is_allowed($a->profile['profile_uid'],$ob_hash,'post_wall')) { + if($ob_hash && perm_is_allowed($a->profile['profile_uid'],$ob_hash,'post_like')) { $profile['canlike'] = true; $profile['likethis'] = t('Like this channel'); $profile['profile_guid'] = $a->profile['profile_guid']; diff --git a/include/items.php b/include/items.php index 10daa85f2..679c24dc1 100755 --- a/include/items.php +++ b/include/items.php @@ -838,6 +838,7 @@ function import_author_rss($x) { function encode_item($item) { $x = array(); $x['type'] = 'activity'; + $x['encoding'] = 'zot'; // logger('encode_item: ' . print_r($item,true)); @@ -1069,6 +1070,7 @@ function encode_item_flags($item) { function encode_mail($item) { $x = array(); $x['type'] = 'mail'; + $x['encoding'] = 'zot'; if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { $key = get_config('system','prvkey'); diff --git a/include/nav.php b/include/nav.php index 80e4955e5..8133ecf67 100644 --- a/include/nav.php +++ b/include/nav.php @@ -34,6 +34,10 @@ EOT; if(local_user()) { $channel = $a->get_channel(); $observer = $a->get_observer(); + $prof = q("select id from profile where uid = %d and is_default = 1", + intval($channel['channel_id']) + ); + } elseif(remote_user()) $observer = $a->get_observer(); @@ -81,6 +85,9 @@ EOT; $nav['usermenu'][] = Array('profile/' . $channel['channel_address'], t('View Profile'), "", t('Your profile page')); if(feature_enabled(local_user(),'multi_profiles')) $nav['usermenu'][] = Array('profiles', t('Edit Profiles'),"", t('Manage/Edit profiles')); + else + $nav['usermenu'][] = Array('profiles/' . $prof[0]['id'], t('Edit Profile'),"", t('Edit your profile')); + $nav['usermenu'][] = Array('photos/' . $channel['channel_address'], t('Photos'), "", t('Your photos')); $nav['usermenu'][] = Array('cloud/' . $channel['channel_address'],t('Files'),"",t('Your files')); diff --git a/include/zot.php b/include/zot.php index 0fbeed519..5df217c03 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1648,11 +1648,6 @@ function delete_imported_item($sender,$item,$uid) { require_once('include/items.php'); - // FIXME issue #230 is related - // Chicken/egg problem because we have to drop_item, but this removes information that tag_deliver may need to do its stuff. - // We can't reverse the order because drop_item refuses to run if the item already has the deleted flag set and we need to - // set that flag prior to calling tag_deliver. - // Use phased deletion to set the deleted flag, call both tag_deliver and the notifier to notify downstream channels // and then clean up after ourselves with a cron job after several days to do the delete_item_lowlevel() (DROPITEM_PHASE2). @@ -2104,6 +2099,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { $info = (($packet) ? $packet : array()); $info['type'] = 'channel_sync'; + $info['encoding'] = 'red'; // note: not zot, this packet is very red specific if(array_key_exists($uid,$a->config) && array_key_exists('transient',$a->config[$uid])) { $settings = $a->config[$uid]['transient']; |