aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/admin.php120
-rw-r--r--mod/fbrowser.php99
-rw-r--r--mod/install.php7
-rw-r--r--mod/item.php2
-rw-r--r--mod/photo.php29
-rw-r--r--mod/photos.php1
-rw-r--r--mod/profile.php1
-rw-r--r--mod/randprof.php2
-rw-r--r--mod/wall_attach.php7
9 files changed, 238 insertions, 30 deletions
diff --git a/mod/admin.php b/mod/admin.php
index 7386dc5a3..cdc45c8e3 100644
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -4,7 +4,11 @@
* Friendica admin
*/
require_once("include/remoteupdate.php");
-
+
+
+/**
+ * @param App $a
+ */
function admin_post(&$a){
@@ -67,6 +71,10 @@ function admin_post(&$a){
return; // NOTREACHED
}
+/**
+ * @param App $a
+ * @return string
+ */
function admin_content(&$a) {
if(!is_site_admin()) {
@@ -74,7 +82,7 @@ function admin_content(&$a) {
}
if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
- return;
+ return "";
/**
* Side bar links
@@ -147,6 +155,7 @@ function admin_content(&$a) {
if(is_ajax()) {
echo $o;
killme();
+ return '';
} else {
return $o;
}
@@ -155,6 +164,8 @@ function admin_content(&$a) {
/**
* Admin Summary Page
+ * @param App $a
+ * @return string
*/
function admin_page_summary(&$a) {
$r = q("SELECT `page-flags`, COUNT(uid) as `count` FROM `user` GROUP BY `page-flags`");
@@ -188,12 +199,15 @@ function admin_page_summary(&$a) {
/**
* Admin Site Page
+ * @param App $a
*/
function admin_page_site_post(&$a){
if (!x($_POST,"page_site")){
return;
}
+ check_form_security_token_redirectOnErr('/admin/site', 'admin_site');
+
$sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : '');
$banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false);
$language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : '');
@@ -298,7 +312,7 @@ function admin_page_site_post(&$a){
} else {
set_config('system','directory_submit_url', $global_directory);
}
- set_config('system','directory_search_url', $global_search_url);
+
set_config('system','block_extended_register', $no_multi_reg);
set_config('system','no_openid', $no_openid);
set_config('system','no_regfullname', $no_regfullname);
@@ -317,7 +331,11 @@ function admin_page_site_post(&$a){
return; // NOTREACHED
}
-
+
+/**
+ * @param App $a
+ * @return string
+ */
function admin_page_site(&$a) {
/* Installed langs */
@@ -408,6 +426,7 @@ function admin_page_site(&$a) {
'$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""),
'$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
+ '$form_security_token' => get_form_security_token("admin_site"),
));
@@ -416,11 +435,15 @@ function admin_page_site(&$a) {
/**
* Users admin page
+ *
+ * @param App $a
*/
function admin_page_users_post(&$a){
$pending = ( x($_POST, 'pending') ? $_POST['pending'] : Array() );
$users = ( x($_POST, 'user') ? $_POST['user'] : Array() );
-
+
+ check_form_security_token_redirectOnErr('/admin/users', 'admin_users');
+
if (x($_POST,'page_users_block')){
foreach($users as $uid){
q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s",
@@ -452,7 +475,11 @@ function admin_page_users_post(&$a){
goaway($a->get_baseurl(true) . '/admin/users' );
return; // NOTREACHED
}
-
+
+/**
+ * @param App $a
+ * @return string
+ */
function admin_page_users(&$a){
if ($a->argc>2) {
$uid = $a->argv[3];
@@ -460,10 +487,11 @@ function admin_page_users(&$a){
if (count($user)==0){
notice( 'User not found' . EOL);
goaway($a->get_baseurl(true) . '/admin/users' );
- return; // NOTREACHED
+ return ''; // NOTREACHED
}
switch($a->argv[2]){
case "delete":{
+ check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
// delete user
require_once("include/Contact.php");
user_remove($uid);
@@ -471,6 +499,7 @@ function admin_page_users(&$a){
notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL);
}; break;
case "block":{
+ check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
q("UPDATE `user` SET `blocked`=%d WHERE `uid`=%s",
intval( 1-$user[0]['blocked'] ),
intval( $uid )
@@ -479,7 +508,7 @@ function admin_page_users(&$a){
}; break;
}
goaway($a->get_baseurl(true) . '/admin/users' );
- return; // NOTREACHED
+ return ''; // NOTREACHED
}
@@ -555,6 +584,7 @@ function admin_page_users(&$a){
'$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
'$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
+ '$form_security_token' => get_form_security_token("admin_users"),
// values //
'$baseurl' => $a->get_baseurl(true),
@@ -567,10 +597,12 @@ function admin_page_users(&$a){
}
-/*
+/**
* Plugins admin page
+ *
+ * @param App $a
+ * @return string
*/
-
function admin_page_plugins(&$a){
/**
@@ -580,10 +612,12 @@ function admin_page_plugins(&$a){
$plugin = $a->argv[2];
if (!is_file("addon/$plugin/$plugin.php")){
notice( t("Item not found.") );
- return;
+ return '';
}
if (x($_GET,"a") && $_GET['a']=="t"){
+ check_form_security_token_redirectOnErr('/admin/plugins', 'admin_themes', 't');
+
// Toggle plugin status
$idx = array_search($plugin, $a->plugins);
if ($idx !== false){
@@ -597,7 +631,7 @@ function admin_page_plugins(&$a){
}
set_config("system","addon", implode(", ",$a->plugins));
goaway($a->get_baseurl(true) . '/admin/plugins' );
- return; // NOTREACHED
+ return ''; // NOTREACHED
}
// display plugin details
require_once('library/markdown.php');
@@ -641,7 +675,9 @@ function admin_page_plugins(&$a){
'$admin_form' => $admin_form,
'$function' => 'plugins',
'$screenshot' => '',
- '$readme' => $readme
+ '$readme' => $readme,
+
+ '$form_security_token' => get_form_security_token("admin_themes"),
));
}
@@ -670,10 +706,16 @@ function admin_page_plugins(&$a){
'$submit' => t('Submit'),
'$baseurl' => $a->get_baseurl(true),
'$function' => 'plugins',
- '$plugins' => $plugins
+ '$plugins' => $plugins,
+ '$form_security_token' => get_form_security_token("admin_themes"),
));
}
+/**
+ * @param array $themes
+ * @param string $th
+ * @param int $result
+ */
function toggle_theme(&$themes,$th,&$result) {
for($x = 0; $x < count($themes); $x ++) {
if($themes[$x]['name'] === $th) {
@@ -689,6 +731,11 @@ function toggle_theme(&$themes,$th,&$result) {
}
}
+/**
+ * @param array $themes
+ * @param string $th
+ * @return int
+ */
function theme_status($themes,$th) {
for($x = 0; $x < count($themes); $x ++) {
if($themes[$x]['name'] === $th) {
@@ -702,9 +749,12 @@ function theme_status($themes,$th) {
}
return 0;
}
-
+/**
+ * @param array $themes
+ * @return string
+ */
function rebuild_theme_table($themes) {
$o = '';
if(count($themes)) {
@@ -720,10 +770,12 @@ function rebuild_theme_table($themes) {
}
-/*
+/**
* Themes admin page
+ *
+ * @param App $a
+ * @return string
*/
-
function admin_page_themes(&$a){
$allowed_themes_str = get_config('system','allowed_themes');
@@ -740,7 +792,7 @@ function admin_page_themes(&$a){
foreach($files as $file) {
$f = basename($file);
$is_experimental = intval(file_exists($file . '/experimental'));
- $is_unsupported = 1-(intval(file_exists($file . '/unsupported')));
+ $is_supported = 1-(intval(file_exists($file . '/unsupported'))); // Is not used yet
$is_allowed = intval(in_array($f,$allowed_themes));
$themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed);
}
@@ -748,7 +800,7 @@ function admin_page_themes(&$a){
if(! count($themes)) {
notice( t('No themes found.'));
- return;
+ return '';
}
/**
@@ -759,10 +811,11 @@ function admin_page_themes(&$a){
$theme = $a->argv[2];
if(! is_dir("view/theme/$theme")){
notice( t("Item not found.") );
- return;
+ return '';
}
if (x($_GET,"a") && $_GET['a']=="t"){
+ check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't');
// Toggle theme status
@@ -775,7 +828,7 @@ function admin_page_themes(&$a){
set_config('system','allowed_themes',$s);
goaway($a->get_baseurl(true) . '/admin/themes' );
- return; // NOTREACHED
+ return ''; // NOTREACHED
}
// display theme details
@@ -826,7 +879,9 @@ function admin_page_themes(&$a){
'$str_author' => t('Author: '),
'$str_maintainer' => t('Maintainer: '),
'$screenshot' => $screenshot,
- '$readme' => $readme
+ '$readme' => $readme,
+
+ '$form_security_token' => get_form_security_token("admin_themes"),
));
}
@@ -852,17 +907,21 @@ function admin_page_themes(&$a){
'$function' => 'themes',
'$plugins' => $xthemes,
'$experimental' => t('[Experimental]'),
- '$unsupported' => t('[Unsupported]')
+ '$unsupported' => t('[Unsupported]'),
+ '$form_security_token' => get_form_security_token("admin_themes"),
));
}
/**
* Logs admin page
+ *
+ * @param App $a
*/
function admin_page_logs_post(&$a) {
if (x($_POST,"page_logs")) {
+ check_form_security_token_redirectOnErr('/admin/logs', 'admin_logs');
$logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : '');
$debugging = ((x($_POST,'debugging')) ? true : false);
@@ -879,7 +938,11 @@ function admin_page_logs_post(&$a) {
goaway($a->get_baseurl(true) . '/admin/logs' );
return; // NOTREACHED
}
-
+
+/**
+ * @param App $a
+ * @return string
+ */
function admin_page_logs(&$a){
$log_choices = Array(
@@ -937,9 +1000,14 @@ readable.");
'$debugging' => array('debugging', t("Debugging"),get_config('system','debugging'), ""),
'$logfile' => array('logfile', t("Log file"), get_config('system','logfile'), t("Must be writable by web server. Relative to your Friendica top-level directory.")),
'$loglevel' => array('loglevel', t("Log level"), get_config('system','loglevel'), "", $log_choices),
+
+ '$form_security_token' => get_form_security_token("admin_logs"),
));
}
+/**
+ * @param App $a
+ */
function admin_page_remoteupdate_post(&$a) {
// this function should be called via ajax post
if(!is_site_admin()) {
@@ -958,6 +1026,10 @@ function admin_page_remoteupdate_post(&$a) {
killme();
}
+/**
+ * @param App $a
+ * @return string
+ */
function admin_page_remoteupdate(&$a) {
if(!is_site_admin()) {
return login(false);
diff --git a/mod/fbrowser.php b/mod/fbrowser.php
new file mode 100644
index 000000000..66ff9252e
--- /dev/null
+++ b/mod/fbrowser.php
@@ -0,0 +1,99 @@
+<?php
+/**
+ * @package Friendica\modules
+ * @subpackage FileBrowser
+ * @author Fabio Comuni <fabrixxm@kirgroup.com>
+ */
+
+/**
+ * @param App $a
+ */
+function fbrowser_content($a){
+
+ if (!local_user())
+ killme();
+
+ if ($a->argc==1)
+ killme();
+
+ //echo "<pre>"; var_dump($a->argv); killme();
+
+ switch($a->argv[1]){
+ case "image":
+ $path = array( array($a->get_baseurl()."/fbrowser/image/", t("Photos")));
+ $albums = false;
+ $sql_extra = "";
+ $sql_extra2 = " ORDER BY created DESC LIMIT 0, 10";
+
+ if ($a->argc==2){
+ $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d ",
+ intval(local_user())
+ );
+ // anon functions only from 5.3.0... meglio tardi che mai..
+ function folder1($el){return array(bin2hex($el['album']),$el['album']);}
+ $albums = array_map( "folder1" , $albums);
+
+ }
+
+ $album = "";
+ if ($a->argc==3){
+ $album = hex2bin($a->argv[2]);
+ $sql_extra = sprintf("AND `album` = '%s' ",dbesc($album));
+ $sql_extra2 = "";
+ $path[]=array($a->get_baseurl()."/fbrowser/image/".$a->argv[2]."/", $album);
+ }
+
+ $r = q("SELECT `resource-id`, `id`, `filename`, min(`scale`) AS `hiq`,max(`scale`) AS `loq`, `desc`
+ FROM `photo` WHERE `uid` = %d $sql_extra
+ GROUP BY `resource-id` $sql_extra2",
+ intval(local_user())
+ );
+
+
+ function files1($rr){ global $a; return array( $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['hiq'] . '.jpg', template_escape($rr['filename']), $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['loq'] . '.jpg'); }
+ $files = array_map("files1", $r);
+
+ $tpl = get_markup_template("filebrowser.tpl");
+ echo replace_macros($tpl, array(
+ '$type' => 'image',
+ '$baseurl' => $a->get_baseurl(),
+ '$path' => $path,
+ '$folders' => $albums,
+ '$files' =>$files,
+ ));
+
+
+ break;
+ case "file":
+ if ($a->argc==2){
+ $files = q("SELECT id, filename, filetype FROM `attach` WHERE `uid` = %d ",
+ intval(local_user())
+ );
+
+ function files2($rr){ global $a;
+ list($m1,$m2) = explode("/",$rr['filetype']);
+ $filetype = ( (file_exists("images/icons/$m1.png"))?$m1:"zip");
+ return array( $a->get_baseurl() . '/attach/' . $rr['id'], template_escape($rr['filename']), $a->get_baseurl() . '/images/icons/16/' . $filetype . '.png');
+ }
+ $files = array_map("files2", $files);
+ //echo "<pre>"; var_dump($files); killme();
+
+
+ $tpl = get_markup_template("filebrowser.tpl");
+ echo replace_macros($tpl, array(
+ '$type' => 'file',
+ '$baseurl' => $a->get_baseurl(),
+ '$path' => array( array($a->get_baseurl()."/fbrowser/image/", t("Files")) ),
+ '$folders' => false,
+ '$files' =>$files,
+ ));
+
+ }
+
+ break;
+ }
+
+
+ killme();
+
+}
diff --git a/mod/install.php b/mod/install.php
index 2eb98ee91..6f5552076 100644
--- a/mod/install.php
+++ b/mod/install.php
@@ -380,9 +380,9 @@ function check_funcs(&$checks) {
if(function_exists('apache_get_modules')){
if (! in_array('mod_rewrite',apache_get_modules())) {
- check_add($ck_funcs, t('Apace mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.'));
+ check_add($ck_funcs, t('Apache mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.'));
} else {
- check_add($ck_funcs, t('Apace mod_rewrite module'), true, true, "");
+ check_add($ck_funcs, t('Apache mod_rewrite module'), true, true, "");
}
}
if(! function_exists('curl_init')){
@@ -464,3 +464,6 @@ function load_database($db) {
}
return $errors;
}
+
+
+
diff --git a/mod/item.php b/mod/item.php
index 7f0ca3fc3..642a6758a 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -759,7 +759,7 @@ function item_post(&$a) {
}
else {
logger('mod_item: unable to retrieve post that was just stored.');
- notify( t('System error. Post not saved.'));
+ notice( t('System error. Post not saved.') . EOL);
goaway($a->get_baseurl() . "/" . $return_path );
// NOTREACHED
}
diff --git a/mod/photo.php b/mod/photo.php
index 3a7025120..1d38fe8e4 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -4,6 +4,30 @@ require_once('include/security.php');
function photo_init(&$a) {
+ // To-Do:
+ // - checking with realpath
+ // - checking permissions
+ /*
+ $cache = get_config('system','itemcache');
+ if (($cache != '') and is_dir($cache)) {
+ $cachefile = $cache."/".$a->argc."-".$a->argv[1]."-".$a->argv[2]."-".$a->argv[3];
+ if (file_exists($cachefile)) {
+ $data = file_get_contents($cachefile);
+
+ if(function_exists('header_remove')) {
+ header_remove('Pragma');
+ header_remove('pragma');
+ }
+
+ header("Content-type: image/jpeg");
+ header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT");
+ header("Cache-Control: max-age=" . (3600*24));
+ echo $data;
+ killme();
+ // NOTREACHED
+ }
+ }*/
+
switch($a->argc) {
case 4:
$person = $a->argv[3];
@@ -27,6 +51,7 @@ function photo_init(&$a) {
if(isset($type)) {
+
/**
* Profile photos
*/
@@ -144,6 +169,10 @@ function photo_init(&$a) {
}
}
+ // Writing in cachefile
+ if (isset($cachefile) && $cachefile != '')
+ file_put_contents($cachefile, $data);
+
if(function_exists('header_remove')) {
header_remove('Pragma');
header_remove('pragma');
diff --git a/mod/photos.php b/mod/photos.php
index 2a808cb41..8da94841e 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -330,7 +330,6 @@ function photos_post(&$a) {
// Create item container
$title = '';
- $basename = basename($filename);
$uri = item_new_uri($a->get_hostname(),$page_owner_uid);
$arr = array();
diff --git a/mod/profile.php b/mod/profile.php
index 51f944412..de1e27248 100644
--- a/mod/profile.php
+++ b/mod/profile.php
@@ -17,6 +17,7 @@ function profile_init(&$a) {
goaway($a->get_baseurl() . '/profile/' . $r[0]['nickname']);
}
else {
+ logger('profile error: mod_profile ' . $a->query_string, LOGGER_DEBUG);
notice( t('Requested profile is not available.') . EOL );
$a->error = 404;
return;
diff --git a/mod/randprof.php b/mod/randprof.php
index 53d7425e9..6713a81d9 100644
--- a/mod/randprof.php
+++ b/mod/randprof.php
@@ -5,6 +5,6 @@ function randprof_init(&$a) {
require_once('include/Contact.php');
$x = random_profile();
if($x)
- goaway($x);
+ goaway(zrl($x));
goaway($a->get_baseurl() . '/profile');
}
diff --git a/mod/wall_attach.php b/mod/wall_attach.php
index bee7c29dc..03d9f5105 100644
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -98,8 +98,13 @@ function wall_attach_post(&$a) {
killme();
}
- echo '<br /><br />[attachment]' . $r[0]['id'] . '[/attachment]' . '<br />';
+ $lf = '<br />';
+ if(local_user() && intval(get_pconfig(local_user(),'system','plaintext')))
+ $lf = "\n";
+
+ echo $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
+
killme();
// NOTREACHED
}