diff options
Diffstat (limited to 'mod')
| -rwxr-xr-x | mod/community.php | 12 | ||||
| -rwxr-xr-x | mod/contacts.php | 5 | ||||
| -rw-r--r-- | mod/dfrn_confirm.php | 2 | ||||
| -rwxr-xr-x | mod/dfrn_poll.php | 6 | ||||
| -rwxr-xr-x | mod/group.php | 26 | ||||
| -rwxr-xr-x | mod/item.php | 10 | ||||
| -rwxr-xr-x | mod/lostpass.php | 9 | ||||
| -rwxr-xr-x | mod/notifications.php | 4 | ||||
| -rwxr-xr-x | mod/openid.php | 112 | ||||
| -rwxr-xr-x | mod/photo.php | 26 | ||||
| -rwxr-xr-x | mod/photos.php | 11 | ||||
| -rwxr-xr-x | mod/search.php | 7 | ||||
| -rwxr-xr-x | mod/settings.php | 1 |
13 files changed, 153 insertions, 78 deletions
diff --git a/mod/community.php b/mod/community.php index a98999942..f8cc3305b 100755 --- a/mod/community.php +++ b/mod/community.php @@ -41,15 +41,16 @@ function community_content(&$a, $update = 0) { // Here is the way permissions work in this module... - // Only public wall posts can be shown + // Only public posts can be shown // OR your own posts if you are a logged in member $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 + AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' + AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' + AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 " ); @@ -69,8 +70,9 @@ function community_content(&$a, $update = 0) { FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 + AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' + AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' + AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 ORDER BY `received` DESC LIMIT %d, %d ", intval($a->pager['start']), diff --git a/mod/contacts.php b/mod/contacts.php index 78c8d4092..8aa51d00a 100755 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -396,6 +396,11 @@ function contacts_content(&$a) { $tabs = array( array( + 'label' => t('Suggestions'), + 'url' => $a->get_baseurl(true) . '/suggest', + 'sel' => '', + ), + array( 'label' => t('All Contacts'), 'url' => $a->get_baseurl(true) . '/contacts/all', 'sel' => ($all) ? 'active' : '', diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 2f4fb7045..efb5be3a4 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -655,7 +655,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { if(count($r)) $photo = $r[0]['photo']; else - $photo = $a->get_baseurl() . '/images/default-profile.jpg'; + $photo = $a->get_baseurl() . '/images/person-175.jpg'; require_once("Photo.php"); diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index b12e07132..fe5cd4906 100755 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -199,7 +199,7 @@ function dfrn_poll_post(&$a) { $ptype = ((x($_POST,'type')) ? $_POST['type'] : ''); $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); $perm = ((x($_POST,'perm')) ? $_POST['perm'] : 'r'); - + if($ptype === 'profile-check') { if((strlen($challenge)) && (strlen($sec))) { @@ -358,8 +358,8 @@ function dfrn_poll_post(&$a) { intval($contact_id) ); } - } - + } + header("Content-type: application/atom+xml"); $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction); echo $o; diff --git a/mod/group.php b/mod/group.php index 13401ef0d..a282dbccf 100755 --- a/mod/group.php +++ b/mod/group.php @@ -21,6 +21,8 @@ function group_post(&$a) { } if(($a->argc == 2) && ($a->argv[1] === 'new')) { + check_form_security_token_redirectOnErr('/group/new', 'group_edit'); + $name = notags(trim($_POST['groupname'])); $r = group_add(local_user(),$name); if($r) { @@ -35,6 +37,8 @@ function group_post(&$a) { return; // NOTREACHED } if(($a->argc == 2) && (intval($a->argv[1]))) { + check_form_security_token_redirectOnErr('/group', 'group_edit'); + $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval(local_user()) @@ -62,7 +66,8 @@ function group_post(&$a) { } function group_content(&$a) { - + $change = false; + if(! local_user()) { notice( t('Permission denied') . EOL); return; @@ -83,14 +88,17 @@ function group_content(&$a) { return replace_macros($tpl, $context + array( '$title' => t('Create a group of contacts/friends.'), - '$gname' => array('groupname',t('Group Name: '),$group['name'], ''), + '$gname' => array('groupname',t('Group Name: '), '', ''), '$gid' => 'new', + '$form_security_token' => get_form_security_token("group_edit"), )); } if(($a->argc == 3) && ($a->argv[1] === 'drop')) { + check_form_security_token_redirectOnErr('/group', 'group_drop', 't'); + if(intval($a->argv[2])) { $r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[2]), @@ -108,6 +116,8 @@ function group_content(&$a) { } if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) { + check_form_security_token_ForbiddenOnErr('group_member_change', 't'); + $r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1", intval($a->argv[2]), intval(local_user()) @@ -155,7 +165,8 @@ function group_content(&$a) { $drop_tpl = get_markup_template('group_drop.tpl'); $drop_txt = replace_macros($drop_tpl, array( '$id' => $group['id'], - '$delete' => t('Delete') + '$delete' => t('Delete'), + '$form_security_token' => get_form_security_token("group_drop"), )); $celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false); @@ -166,6 +177,7 @@ function group_content(&$a) { '$gname' => array('groupname',t('Group Name: '),$group['name'], ''), '$gid' => $group['id'], '$drop' => $drop_txt, + '$form_security_token' => get_form_security_token('group_edit'), ); } @@ -177,14 +189,14 @@ function group_content(&$a) { 'label_members' => t('Members'), 'members' => array(), 'label_contacts' => t('All Contacts'), - 'contacts' => arraY(), + 'contacts' => array(), ); - + $sec_token = addslashes(get_form_security_token('group_member_change')); $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false); foreach($members as $member) { if($member['url']) { - $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;'; + $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;'; $groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode); } else @@ -199,7 +211,7 @@ function group_content(&$a) { $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); foreach($r as $member) { if(! in_array($member['id'],$preselected)) { - $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;'; + $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;'; $groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode); } } diff --git a/mod/item.php b/mod/item.php index fe570075f..ee6c5c9a7 100755 --- a/mod/item.php +++ b/mod/item.php @@ -243,6 +243,7 @@ function item_post(&$a) { } + if(! strlen($body)) { if($preview) killme(); @@ -253,6 +254,15 @@ function item_post(&$a) { } } + // Work around doubled linefeeds in Tinymce 3.5b2 + // First figure out if it's a status post that would've been + // created using tinymce. Otherwise leave it alone. + + $plaintext = (local_user() ? intval(get_pconfig(local_user(),'system','plaintext')) : 0); + if((! $parent) && (! $api_source) && (! $plaintext)) { + $body = str_replace("\r\n","\n",$body); + $body = str_replace("\n\n","\n",$body); + } // get contact info for poster diff --git a/mod/lostpass.php b/mod/lostpass.php index b71398fa4..57e6d6965 100755 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -3,13 +3,13 @@ function lostpass_post(&$a) { - $email = notags(trim($_POST['login-name'])); - if(! $email) + $loginame = notags(trim($_POST['login-name'])); + if(! $loginame) goaway(z_root()); $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1", - dbesc($email), - dbesc($email) + dbesc($loginame), + dbesc($loginame) ); if(! count($r)) { @@ -19,6 +19,7 @@ function lostpass_post(&$a) { $uid = $r[0]['uid']; $username = $r[0]['username']; + $email = $r[0]['email']; $new_password = autoname(12) . mt_rand(100,9999); $new_password_encoded = hash('whirlpool',$new_password); diff --git a/mod/notifications.php b/mod/notifications.php index d478b5163..ff131010f 100755 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -143,7 +143,7 @@ function notifications_content(&$a) { '$intro_id' => $rr['intro_id'], '$madeby' => sprintf( t('suggested by %s'),$rr['name']), '$contact_id' => $rr['contact-id'], - '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/default-profile.jpg"), + '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/person-175.jpg"), '$fullname' => $rr['fname'], '$url' => $rr['furl'], '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''), @@ -191,7 +191,7 @@ function notifications_content(&$a) { '$uid' => $_SESSION['uid'], '$intro_id' => $rr['intro_id'], '$contact_id' => $rr['contact-id'], - '$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/default-profile.jpg"), + '$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/person-175.jpg"), '$fullname' => $rr['name'], '$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''), '$activity' => array('activity', t('Post a new friend activity'), 1, t('if applicable')), diff --git a/mod/openid.php b/mod/openid.php index df074b299..e2cea7d85 100755 --- a/mod/openid.php +++ b/mod/openid.php @@ -10,68 +10,84 @@ function openid_content(&$a) { if($noid) goaway(z_root()); + logger('mod_openid ' . print_r($_REQUEST,true), LOGGER_DATA); + if((x($_GET,'openid_mode')) && (x($_SESSION,'openid'))) { + $openid = new LightOpenID; if($openid->validate()) { - if(x($_SESSION,'register')) { - unset($_SESSION['register']); - $args = ''; - $attr = $openid->getAttributes(); - if(is_array($attr) && count($attr)) { - foreach($attr as $k => $v) { - if($k === 'namePerson/friendly') - $nick = notags(trim($v)); - if($k === 'namePerson/first') - $first = notags(trim($v)); - if($k === 'namePerson') - $args .= '&username=' . notags(trim($v)); - if($k === 'contact/email') - $args .= '&email=' . notags(trim($v)); - if($k === 'media/image/aspect11') - $photosq = bin2hex(trim($v)); - if($k === 'media/image/default') - $photo = bin2hex(trim($v)); - } - } - if($nick) - $args .= '&nickname=' . $nick; - elseif($first) - $args .= '&nickname=' . $first; + $authid = normalise_openid($_REQUEST['openid_identity']); - if($photosq) - $args .= '&photo=' . $photosq; - elseif($photo) - $args .= '&photo=' . $photo; + if(! strlen($authid)) { + logger( t('OpenID protocol error. No ID returned.') . EOL); + goaway(z_root()); + } - $args .= '&openid_url=' . notags(trim($_SESSION['openid'])); - if($a->config['register_policy'] != REGISTER_CLOSED) - goaway($a->get_baseurl() . '/register' . $args); - else - goaway(z_root()); + $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` + FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 + AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", + dbesc($authid) + ); - // NOTREACHED - } + if($r && count($r)) { + // successful OpenID login - $r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` - FROM `user` WHERE `openid` = '%s' AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1", - dbesc($_SESSION['openid']) - ); - if(! count($r)) { - notice( t('Login failed.') . EOL ); + unset($_SESSION['openid']); + + require_once('include/security.php'); + authenticate_success($r[0],true,true); + + // just in case there was no return url set + // and we fell through + + goaway(z_root()); + } + + // Successful OpenID login - but we can't match it to an existing account. + // New registration? + + if($a->config['register_policy'] == REGISTER_CLOSED) { + notice( t('Account not found and OpenID registration is not permitted on this site.') . EOL); goaway(z_root()); - } - unset($_SESSION['openid']); + } + + unset($_SESSION['register']); + $args = ''; + $attr = $openid->getAttributes(); + if(is_array($attr) && count($attr)) { + foreach($attr as $k => $v) { + if($k === 'namePerson/friendly') + $nick = notags(trim($v)); + if($k === 'namePerson/first') + $first = notags(trim($v)); + if($k === 'namePerson') + $args .= '&username=' . notags(trim($v)); + if($k === 'contact/email') + $args .= '&email=' . notags(trim($v)); + if($k === 'media/image/aspect11') + $photosq = bin2hex(trim($v)); + if($k === 'media/image/default') + $photo = bin2hex(trim($v)); + } + } + if($nick) + $args .= '&nickname=' . $nick; + elseif($first) + $args .= '&nickname=' . $first; + + if($photosq) + $args .= '&photo=' . $photosq; + elseif($photo) + $args .= '&photo=' . $photo; - require_once('include/security.php'); - authenticate_success($r[0],true,true); + $args .= '&openid_url=' . notags(trim($authid)); - // just in case there was no return url set - // and we fell through + goaway($a->get_baseurl() . '/register' . $args); - goaway(z_root()); + // NOTREACHED } } notice( t('Login failed.') . EOL); diff --git a/mod/photo.php b/mod/photo.php index c4a93769a..3a7025120 100755 --- a/mod/photo.php +++ b/mod/photo.php @@ -23,7 +23,7 @@ function photo_init(&$a) { // NOTREACHED } - $default = 'images/default-profile.jpg'; + $default = 'images/person-175.jpg'; if(isset($type)) { @@ -39,12 +39,12 @@ function photo_init(&$a) { break; case 'micro': $resolution = 6; - $default = 'images/default-profile-mm.jpg'; + $default = 'images/person-48.jpg'; break; case 'avatar': default: $resolution = 5; - $default = 'images/default-profile-sm.jpg'; + $default = 'images/person-80.jpg'; break; } @@ -115,8 +115,24 @@ function photo_init(&$a) { } if(! isset($data)) { - killme(); - // NOTREACHED + if(isset($resolution)) { + switch($resolution) { + + case 4: + $data = file_get_contents('images/person-175.jpg'); + break; + case 5: + $data = file_get_contents('images/person-80.jpg'); + break; + case 6: + $data = file_get_contents('images/person-48.jpg'); + break; + default: + killme(); + // NOTREACHED + break; + } + } } if(isset($customres) && $customres > 0 && $customres < 500) { diff --git a/mod/photos.php b/mod/photos.php index e40ae0d74..b294f0a66 100755 --- a/mod/photos.php +++ b/mod/photos.php @@ -1081,6 +1081,17 @@ function photos_content(&$a) { } + if(! $cmd !== 'edit') { + $a->page['htmlhead'] .= '<script> + $(document).keydown(function(event) {' . "\n"; + + if($prevlink) + $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n"; + if($nextlink) + $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n"; + $a->page['htmlhead'] .= '});</script>'; + } + if($prevlink) $prevlink = array($prevlink, '<div class="icon prev"></div>') ; diff --git a/mod/search.php b/mod/search.php index 386592ea1..50e7a6abc 100755 --- a/mod/search.php +++ b/mod/search.php @@ -93,8 +93,9 @@ function search_content(&$a) { return $o; // Here is the way permissions work in the search module... - // Only public wall posts can be shown + // Only public posts can be shown // OR your own posts if you are a logged in member + // No items will be shown if the member has a blocked profile wall. $s_regx = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\[')); @@ -104,7 +105,7 @@ function search_content(&$a) { $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0) + AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0) OR `item`.`uid` = %d ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $search_alg ", @@ -127,7 +128,7 @@ function search_content(&$a) { FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) + AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) OR `item`.`uid` = %d ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $search_alg diff --git a/mod/settings.php b/mod/settings.php index 3a8ad29d2..59ede4729 100755 --- a/mod/settings.php +++ b/mod/settings.php @@ -322,6 +322,7 @@ function settings_post(&$a) { $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; + $openid = normalise_openid($openid); // If openid has changed or if there's an openid but no openidserver, try and discover it. |