diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/auth.php | 37 | ||||
| -rw-r--r-- | include/bbcode.php | 12 | ||||
| -rw-r--r-- | include/chat.php | 6 | ||||
| -rw-r--r-- | include/contact_selectors.php | 4 | ||||
| -rw-r--r-- | include/contact_widgets.php | 1 | ||||
| -rw-r--r-- | include/conversation.php | 4 | ||||
| -rw-r--r-- | include/dir_fns.php | 1 | ||||
| -rw-r--r-- | include/externals.php | 24 | ||||
| -rw-r--r-- | include/features.php | 2 | ||||
| -rw-r--r-- | include/identity.php | 2 | ||||
| -rwxr-xr-x | include/items.php | 2 | ||||
| -rw-r--r-- | include/nav.php | 7 | ||||
| -rw-r--r-- | include/profile_selectors.php | 55 | ||||
| -rw-r--r-- | include/zot.php | 6 |
14 files changed, 141 insertions, 22 deletions
diff --git a/include/auth.php b/include/auth.php index 8e02b7b4f..cc07917b7 100644 --- a/include/auth.php +++ b/include/auth.php @@ -128,13 +128,40 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p // first check if we're enforcing that sessions can't change IP address - if($_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { + if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - if(get_config('system','paranoia')) { - logger('Session address changed. Paranoid setting in effect, blocking session. ' + + $partial1 = substr($_SESSION['addr'],0,strrpos($_SESSION['addr'],'.')); + $partial2 = substr($_SERVER['REMOTE_ADDR'],0,strrpos($_SERVER['REMOTE_ADDR'],'.')); + + + $paranoia = intval(get_pconfig($_SESSION['uid'],'system','paranoia')); + if(! $paranoia) + $paranoia = intval(get_config('system','paranoia')); + + switch($paranoia) { + case 0: + // no IP checking + break; + case 2: + // check 2 octets + $partial1 = substr($partial1,0,strrpos($partial1,'.')); + $partial2 = substr($partial2,0,strrpos($partial2,'.')); + if($partial1 == $partial2) + break; + case 1: + // check 3 octets + if($partial1 == $partial2) + break; + case 3: + default: + // check any difference at all + logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - nuke_session(); - goaway(z_root()); + nuke_session(); + goaway(z_root()); + break; + } } diff --git a/include/bbcode.php b/include/bbcode.php index 45126c0eb..195700729 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -657,24 +657,24 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { // [img=widthxheight]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { - $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px;" alt="' . t('Image/photo') . '" />', $Text); } if (strpos($Text,'[/zmg]') !== false) { - $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*)\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*)\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px;" alt="' . t('Image/photo') . '" />', $Text); } // [img=widthxheight float={left, right}]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { - $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px; float: left;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px; float: left;" alt="' . t('Image/photo') . '" />', $Text); } if (strpos($Text,'[/img]') !== false) { - $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px; float: right;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/img\]/ism", '<img src="$3" style="width: 100%; max-width: $1px; float: right;" alt="' . t('Image/photo') . '" />', $Text); } if (strpos($Text,'[/zmg]') !== false) { - $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px; float: left;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px; float: left;" alt="' . t('Image/photo') . '" />', $Text); } if (strpos($Text,'[/zmg]') !== false) { - $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px; float: right;" alt="' . t('Image/photo') . '" >', $Text); + $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: 100%; max-width: $1px; float: right;" alt="' . t('Image/photo') . '" />', $Text); } // style (sanitized) diff --git a/include/chat.php b/include/chat.php index 9d2341dfa..5f69853e7 100644 --- a/include/chat.php +++ b/include/chat.php @@ -119,10 +119,10 @@ function chatroom_enter($observer_xchan,$room_id,$status,$client) { $limit = service_class_fetch($r[0]['cr_uid'],'chatters_inroom'); if($limit !== false) { - $x = q("select count(*) as total from chatpresence where cp_room = %d", + $y = q("select count(*) as total from chatpresence where cp_room = %d", intval($room_id) ); - if($x && $x[0]['total'] > $limit) { + if($y && $y[0]['total'] > $limit) { notice( t('Room is full') . EOL); return false; } @@ -235,6 +235,8 @@ function chat_message($uid,$room_id,$xchan,$text) { */ function chatroom_flush($room_id,$xchan) { + + $date_limit = date('Y-m-d H:i:s', time() - 3600 * MAX_CHATROOM_HOURS); $d = q("delete from chat where chat_room = %d and chat_xchan = '%s' and created < '%s'", intval($room_id), diff --git a/include/contact_selectors.php b/include/contact_selectors.php index a3cfd2489..726efce9d 100644 --- a/include/contact_selectors.php +++ b/include/contact_selectors.php @@ -20,6 +20,7 @@ function contact_profile_assign($current) { return $o; } +/* unused currently function contact_reputation($current) { @@ -27,7 +28,7 @@ function contact_reputation($current) { $o .= "<select id=\"contact-reputation-selector\" name=\"reputation\" />\r\n"; $rep = array( - 0 => t('Unknown | Not categorised'), + 0 => t('Unknown | Not categorized'), 1 => t('Block immediately'), 2 => t('Shady, spammer, self-marketer'), 3 => t('Known to me, but no opinion'), @@ -43,6 +44,7 @@ function contact_reputation($current) { return $o; } +*/ function contact_poll_interval($current, $disabled = false) { diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 758b7291b..28a9fcfd3 100644 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -79,6 +79,7 @@ function categories_widget($baseurl,$selected = '') { and term.uid = item.uid and term.type = %d and item.author_xchan = '%s' + and item.item_restrict = 0 order by term.term asc", intval($a->profile['profile_uid']), intval(TERM_CATEGORY), diff --git a/include/conversation.php b/include/conversation.php index 5481037e7..c0d0c1e7d 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -179,8 +179,8 @@ function localize_item(&$item){ if (activity_match($item['verb'],ACTIVITY_FRIEND)) { - -// if ($item['obj_type']=="" || $item['obj_type']!== ACTIVITY_OBJ_PERSON) return; + if ($item['obj_type'] == "" || $item['obj_type'] !== ACTIVITY_OBJ_PERSON) + return; $Aname = $item['author']['xchan_name']; $Alink = $item['author']['xchan_url']; diff --git a/include/dir_fns.php b/include/dir_fns.php index 1bc97cfec..14e4c0a1d 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -185,6 +185,7 @@ function local_dir_update($uid,$force) { ); $profile = array(); + $profile['encoding'] = 'zot'; if($p) { $hash = $p[0]['channel_hash']; diff --git a/include/externals.php b/include/externals.php index 1d9fd2902..a96bf7c97 100644 --- a/include/externals.php +++ b/include/externals.php @@ -33,8 +33,32 @@ function externals_run($argv, $argc){ $url = $r[0]['site_url']; } + // Note: blacklisted sites must be stored in the config as an array. + // No simple way to turn this into a personal config because we have no identity here. + // For that we probably need a variant of superblock. + + $blacklisted = false; + $bl1 = get_config('system','blacklisted_sites'); + if(is_array($bl1) && $bl1) { + foreach($bl1 as $bl) { + if(strpos($url,$bl) !== false) { + $blacklisted = true; + break; + } + } + } + $attempts ++; + // make sure we can eventually break out if somebody blacklists all known sites + + if($blacklisted) { + if($attempts > 20) + break; + $attempts --; + continue; + } + if($url) { if($r[0]['site_pull'] !== '0000-00-00 00:00:00') $mindate = urlencode($r[0]['site_pull']); diff --git a/include/features.php b/include/features.php index a2698cc72..383cb739f 100644 --- a/include/features.php +++ b/include/features.php @@ -24,6 +24,8 @@ function get_features() { // This is per post, and different from fixed expiration 'expire' which isn't working yet array('content_expire', t('Content Expiration'), t('Remove posts/comments and/or private messages at a future time')), array('multi_profiles', t('Multiple Profiles'), t('Ability to create multiple profiles')), + array('advanced_profiles', t('Advanced Profiles'), t('Additional profile sections and selections')), + array('webpages', t('Web Pages'), t('Provide managed web pages on your channel')), array('private_notes', t('Private Notes'), t('Enables a tool to store notes and reminders')), // prettyphoto has licensing issues and will no longer be provided in core - diff --git a/include/identity.php b/include/identity.php index e210b37ab..c4134d3e8 100644 --- a/include/identity.php +++ b/include/identity.php @@ -952,7 +952,7 @@ function advanced_profile(&$a) { if($a->profile['gender']) $profile['gender'] = array( t('Gender:'), $a->profile['gender'] ); $ob_hash = get_observer_hash(); - if($ob_hash && perm_is_allowed($a->profile['profile_uid'],$ob_hash,'post_wall')) { + if($ob_hash && perm_is_allowed($a->profile['profile_uid'],$ob_hash,'post_like')) { $profile['canlike'] = true; $profile['likethis'] = t('Like this channel'); $profile['profile_guid'] = $a->profile['profile_guid']; diff --git a/include/items.php b/include/items.php index 10daa85f2..679c24dc1 100755 --- a/include/items.php +++ b/include/items.php @@ -838,6 +838,7 @@ function import_author_rss($x) { function encode_item($item) { $x = array(); $x['type'] = 'activity'; + $x['encoding'] = 'zot'; // logger('encode_item: ' . print_r($item,true)); @@ -1069,6 +1070,7 @@ function encode_item_flags($item) { function encode_mail($item) { $x = array(); $x['type'] = 'mail'; + $x['encoding'] = 'zot'; if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { $key = get_config('system','prvkey'); diff --git a/include/nav.php b/include/nav.php index 80e4955e5..8133ecf67 100644 --- a/include/nav.php +++ b/include/nav.php @@ -34,6 +34,10 @@ EOT; if(local_user()) { $channel = $a->get_channel(); $observer = $a->get_observer(); + $prof = q("select id from profile where uid = %d and is_default = 1", + intval($channel['channel_id']) + ); + } elseif(remote_user()) $observer = $a->get_observer(); @@ -81,6 +85,9 @@ EOT; $nav['usermenu'][] = Array('profile/' . $channel['channel_address'], t('View Profile'), "", t('Your profile page')); if(feature_enabled(local_user(),'multi_profiles')) $nav['usermenu'][] = Array('profiles', t('Edit Profiles'),"", t('Manage/Edit profiles')); + else + $nav['usermenu'][] = Array('profiles/' . $prof[0]['id'], t('Edit Profile'),"", t('Edit your profile')); + $nav['usermenu'][] = Array('photos/' . $channel['channel_address'], t('Photos'), "", t('Your photos')); $nav['usermenu'][] = Array('cloud/' . $channel['channel_address'],t('Files'),"",t('Your files')); diff --git a/include/profile_selectors.php b/include/profile_selectors.php index 1ffcd49be..a80677cb3 100644 --- a/include/profile_selectors.php +++ b/include/profile_selectors.php @@ -18,6 +18,25 @@ function gender_selector($current="",$suffix="") { return $o; } +function gender_selector_min($current="",$suffix="") { + $o = ''; + $select = array('', t('Male'), t('Female'), t('Other')); + + call_hooks('gender_selector_min', $select); + + $o .= "<select name=\"gender$suffix\" id=\"gender-select$suffix\" size=\"1\" >"; + foreach($select as $selection) { + if($selection !== 'NOTRANSLATION') { + $selected = (($selection == $current) ? ' selected="selected" ' : ''); + $o .= "<option value=\"$selection\" $selected >$selection</option>"; + } + } + $o .= '</select>'; + return $o; +} + + + function sexpref_selector($current="",$suffix="") { $o = ''; $select = array('', t('Males'), t('Females'), t('Gay'), t('Lesbian'), t('No Preference'), t('Bisexual'), t('Autosexual'), t('Abstinent'), t('Virgin'), t('Deviant'), t('Fetish'), t('Oodles'), t('Nonsexual')); @@ -37,6 +56,25 @@ function sexpref_selector($current="",$suffix="") { } +function sexpref_selector_min($current="",$suffix="") { + $o = ''; + $select = array('', t('Males'), t('Females'), t('Other')); + + call_hooks('sexpref_selector_min', $select); + + $o .= "<select name=\"sexual$suffix\" id=\"sexual-select$suffix\" size=\"1\" >"; + foreach($select as $selection) { + if($selection !== 'NOTRANSLATION') { + $selected = (($selection == $current) ? ' selected="selected" ' : ''); + $o .= "<option value=\"$selection\" $selected >$selection</option>"; + } + } + $o .= '</select>'; + return $o; +} + + + function marital_selector($current="",$suffix="") { $o = ''; $select = array('', t('Single'), t('Lonely'), t('Available'), t('Unavailable'), t('Has crush'), t('Infatuated'), t('Dating'), t('Unfaithful'), t('Sex Addict'), t('Friends'), t('Friends/Benefits'), t('Casual'), t('Engaged'), t('Married'), t('Imaginarily married'), t('Partners'), t('Cohabiting'), t('Common law'), t('Happy'), t('Not looking'), t('Swinger'), t('Betrayed'), t('Separated'), t('Unstable'), t('Divorced'), t('Imaginarily divorced'), t('Widowed'), t('Uncertain'), t('It\'s complicated'), t('Don\'t care'), t('Ask me') ); @@ -53,3 +91,20 @@ function marital_selector($current="",$suffix="") { $o .= '</select>'; return $o; } + +function marital_selector_min($current="",$suffix="") { + $o = ''; + $select = array('', t('Single'), t('Dating'), t('Cohabiting'), t('Married'), t('Separated'), t('Divorced'), t('Widowed'), t('It\'s complicated'), t('Other')); + + call_hooks('marital_selector_min', $select); + + $o .= "<select name=\"marital\" id=\"marital-select\" size=\"1\" >"; + foreach($select as $selection) { + if($selection !== 'NOTRANSLATION') { + $selected = (($selection == $current) ? ' selected="selected" ' : ''); + $o .= "<option value=\"$selection\" $selected >$selection</option>"; + } + } + $o .= '</select>'; + return $o; +} diff --git a/include/zot.php b/include/zot.php index 0fbeed519..5df217c03 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1648,11 +1648,6 @@ function delete_imported_item($sender,$item,$uid) { require_once('include/items.php'); - // FIXME issue #230 is related - // Chicken/egg problem because we have to drop_item, but this removes information that tag_deliver may need to do its stuff. - // We can't reverse the order because drop_item refuses to run if the item already has the deleted flag set and we need to - // set that flag prior to calling tag_deliver. - // Use phased deletion to set the deleted flag, call both tag_deliver and the notifier to notify downstream channels // and then clean up after ourselves with a cron job after several days to do the delete_item_lowlevel() (DROPITEM_PHASE2). @@ -2104,6 +2099,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) { $info = (($packet) ? $packet : array()); $info['type'] = 'channel_sync'; + $info['encoding'] = 'red'; // note: not zot, this packet is very red specific if(array_key_exists($uid,$a->config) && array_key_exists('transient',$a->config[$uid])) { $settings = $a->config[$uid]['transient']; |