diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/admin.php | 33 | ||||
-rw-r--r-- | mod/attach.php | 45 | ||||
-rw-r--r-- | mod/contacts.php | 10 | ||||
-rw-r--r-- | mod/dfrn_confirm.php | 2 | ||||
-rw-r--r-- | mod/dfrn_notify.php | 25 | ||||
-rw-r--r-- | mod/display.php | 37 | ||||
-rw-r--r-- | mod/events.php | 9 | ||||
-rw-r--r-- | mod/friendika.php | 2 | ||||
-rw-r--r-- | mod/fsuggest.php | 111 | ||||
-rw-r--r-- | mod/group.php | 16 | ||||
-rw-r--r-- | mod/item.php | 29 | ||||
-rw-r--r-- | mod/lostpass.php | 8 | ||||
-rw-r--r-- | mod/match.php | 9 | ||||
-rw-r--r-- | mod/msearch.php | 5 | ||||
-rw-r--r-- | mod/network.php | 49 | ||||
-rw-r--r-- | mod/notifications.php | 75 | ||||
-rw-r--r-- | mod/photo.php | 36 | ||||
-rw-r--r-- | mod/photos.php | 72 | ||||
-rw-r--r-- | mod/ping.php | 10 | ||||
-rw-r--r-- | mod/profile.php | 43 | ||||
-rw-r--r-- | mod/profperm.php | 17 | ||||
-rw-r--r-- | mod/register.php | 3 | ||||
-rw-r--r-- | mod/regmod.php | 3 | ||||
-rw-r--r-- | mod/salmon.php | 15 | ||||
-rw-r--r-- | mod/search.php | 31 | ||||
-rw-r--r-- | mod/starred.php | 35 | ||||
-rw-r--r-- | mod/webfinger.php | 4 | ||||
-rw-r--r-- | mod/xrd.php | 2 |
28 files changed, 413 insertions, 323 deletions
diff --git a/mod/admin.php b/mod/admin.php index 920adf05d..8f0b2c93d 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -327,11 +327,8 @@ function admin_page_site(&$a) { * Users admin page */ function admin_page_users_post(&$a){ - $users=array(); $pending=array(); - foreach($_POST as $k=>$v){ - if (substr($k,0,5)=="user_") $users[] = substr($k,5,strlen($k)-5); - if (substr($k,0,8)=="pending_") $users[] = substr($k,8,strlen($k)-8); - } + $pending = ( x(£_POST, 'pending') ? $_POST['pending'] : Array() ); + $users = ( x($_POST, 'user') ? $_POST['user'] : Array() ); if (x($_POST,'page_users_block')){ foreach($users as $uid){ @@ -350,13 +347,13 @@ function admin_page_users_post(&$a){ } if (x($_POST,'page_users_approve')){ - require_once("include/regmod.php"); + require_once("mod/regmod.php"); foreach($pending as $hash){ user_allow($hash); } } if (x($_POST,'page_users_deny')){ - require_once("include/regmod.php"); + require_once("mod/regmod.php"); foreach($pending as $hash){ user_deny($hash); } @@ -409,22 +406,22 @@ function admin_page_users(&$a){ $a->set_pager_itemspage(100); } - $users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro` , `lastitem`.`lastitem_date` - FROM ( - SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid` + $users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro`, `lastitem`.`lastitem_date` + FROM + (SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid` FROM `item` WHERE `item`.`type` = 'wall' - GROUP BY `item`.`uid` - ) AS `lastitem` , `user` - LEFT JOIN `contact` ON `user`.`uid` = `contact`.`uid` - WHERE `user`.`verified` =1 - AND `contact`.`self` =1 - AND `lastitem`.`uid` = `user`.`uid` + GROUP BY `item`.`uid`) AS `lastitem` + RIGHT OUTER JOIN `user` ON `user`.`uid` = `lastitem`.`uid`, + `contact` + WHERE + `user`.`uid` = `contact`.`uid` + AND `user`.`verified` =1 + AND `contact`.`self` =1 ORDER BY `contact`.`name` LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']) - ); function _setup_users($e){ @@ -459,7 +456,7 @@ function admin_page_users(&$a){ '$unblock' => t('Unblock'), '$h_users' => t('Users'), - '$th_users' => array( t('Name'), t('Email'), t('Register date'), t('Last login'), t('Last item'), t('Account') ), + '$th_users' => array( t('Name'), t('Email'), t('Register date'), t('Last login'), t('Last item'), t('Account') ), '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'), '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'), diff --git a/mod/attach.php b/mod/attach.php index 3953d3aa1..ae6540201 100644 --- a/mod/attach.php +++ b/mod/attach.php @@ -1,5 +1,7 @@ <?php +require_once('include/security.php'); + function attach_init(&$a) { if($a->argc != 2) { @@ -9,6 +11,8 @@ function attach_init(&$a) { $item_id = intval($a->argv[1]); + // Check for existence, which will also provide us the owner uid + $r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", intval($item_id) ); @@ -17,39 +21,7 @@ function attach_init(&$a) { return; } - $owner = $r[0]['uid']; - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - if(local_user() && ($owner == $_SESSION['uid'])) { - - // Owner can always see his/her photos - $sql_extra = ''; - - } - elseif(remote_user()) { - - // authenticated visitor - here lie dragons - - $groups = init_groups_visitor($_SESSION['visitor_id']); - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), - dbesc($gs), - dbesc($gs) - ); - } + $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the attachment @@ -57,17 +29,14 @@ function attach_init(&$a) { dbesc($item_id) ); - if(count($r)) { - $data = $r[0]['data']; - } - else { + if(! count($r)) { notice( t('Permission denied.') . EOL); return; } header('Content-type: ' . $r[0]['filetype']); header('Content-disposition: attachment; filename=' . $r[0]['filename']); - echo $data; + echo $r[0]['data']; killme(); // NOTREACHED }
\ No newline at end of file diff --git a/mod/contacts.php b/mod/contacts.php index e7a800500..7a97b53d2 100644 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -11,8 +11,9 @@ function contacts_init(&$a) { if($a->config['register_policy'] != REGISTER_CLOSED) $a->page['aside'] .= '<div class="side-link" id="side-invite-link" ><a href="invite" >' . t("Invite Friends") . '</a></div>'; - if(strlen(get_config('system','directory_submit_url'))) - $a->page['aside'] .= '<div class="side-link" id="side-match-link"><a href="match" >' . t('Find People With Shared Interests') . '</a></div>'; + + $a->page['aside'] .= '<div class="side-link" id="side-match-link"><a href="match" >' + . t('Find People With Shared Interests') . '</a></div>'; $tpl = get_markup_template('follow.tpl'); $a->page['aside'] .= replace_macros($tpl,array( @@ -268,6 +269,10 @@ function contacts_content(&$a) { if($r[0]['last-update'] !== '0000-00-00 00:00:00') $last_update .= ' ' . (($r[0]['last-update'] == $r[0]['success_update']) ? t("\x28Update was successful\x29") : t("\x28Update was not successful\x29")); + $lblsuggest = (($r[0]['network'] === NETWORK_DFRN) + ? '<div id="contact-suggest-wrapper"><a href="fsuggest/' . $r[0]['id'] . '" id="contact-suggest">' . t('Suggest friends') . '</a></div>' : ''); + + $o .= replace_macros($tpl,array( '$header' => t('Contact Editor'), '$submit' => t('Submit'), @@ -284,6 +289,7 @@ function contacts_content(&$a) { '$altcrepair' => t('Repair contact URL settings'), '$lblcrepair' => t("Repair contact URL settings \x28WARNING: Advanced\x29"), '$lblrecent' => t('View conversations'), + '$lblsuggest' => $lblsuggest, '$grps' => $grps, '$delete' => t('Delete contact'), '$poll_interval' => contact_poll_interval($r[0]['priority']), diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 7c11b78d5..e2094b1f3 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -507,7 +507,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { $local_uid = $r[0]['uid']; - if(! strstr($my_prvkey,'BEGIN RSA PRIVATE KEY')) { + if(! strstr($my_prvkey,'PRIVATE KEY')) { $message = t('Our site encryption key is apparently messed up.'); xml_status(3,$message); } diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index f6d1f2be5..64b5ec479 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -1,6 +1,6 @@ <?php -require_once('simplepie/simplepie.inc'); +require_once('library/simplepie/simplepie.inc'); require_once('include/items.php'); require_once('include/event.php'); @@ -165,13 +165,14 @@ function dfrn_notify_post(&$a) { $fsugg['name'] = notags(unxmlify($base['name'][0]['data'])); $fsugg['photo'] = notags(unxmlify($base['photo'][0]['data'])); $fsugg['url'] = notags(unxmlify($base['url'][0]['data'])); + $fsugg['request'] = notags(unxmlify($base['request'][0]['data'])); $fsugg['body'] = escape_tags(unxmlify($base['note'][0]['data'])); // Does our member already have a friend matching this description? $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `url` = '%s' AND `uid` = %d LIMIT 1", dbesc($fsugg['name']), - dbesc($fsuff['url']), + dbesc($fsugg['url']), intval($fsugg['uid']) ); if(count($r)) @@ -180,24 +181,25 @@ function dfrn_notify_post(&$a) { // Do we already have an fcontact record for this person? $fid = 0; - $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `photo` = '%s' LIMIT 1", + $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1", dbesc($fsugg['url']), - dbesc($fsuff['name']), - dbesc($fsugg['photo']) + dbesc($fsugg['name']), + dbesc($fsugg['request']) ); if(count($r)) { $fid = $r[0]['id']; } if(! $fid) - $r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo` ) VALUES ( '%s', '%s', '%s' ) ", - dbesc($fsuff['name']), + $r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo`,`request` ) VALUES ( '%s', '%s', '%s', '%s' ) ", + dbesc($fsugg['name']), dbesc($fsugg['url']), - dbesc($fsugg['photo']) + dbesc($fsugg['photo']), + dbesc($fsugg['request']) ); - $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `photo` = '%s' LIMIT 1", + $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1", dbesc($fsugg['url']), - dbesc($fsuff['name']), - dbesc($fsugg['photo']) + dbesc($fsugg['name']), + dbesc($fsugg['request']) ); if(count($r)) { $fid = $r[0]['id']; @@ -676,6 +678,7 @@ function dfrn_notify_post(&$a) { $ev['cid'] = $importer['id']; $ev['uid'] = $importer['uid']; $ev['uri'] = $item_id; + $ev['edited'] = $datarray['edited']; $r = q("SELECT * FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item_id), diff --git a/mod/display.php b/mod/display.php index fdb93e480..305a21825 100644 --- a/mod/display.php +++ b/mod/display.php @@ -59,42 +59,7 @@ function display_content(&$a) { if(count($r)) $a->page_contact = $r[0]; - $sql_extra = " - AND `allow_cid` = '' - AND `allow_gid` = '' - AND `deny_cid` = '' - AND `deny_gid` = '' - "; - - - // Profile owner - everything is visible - - if(local_user() && (local_user() == $a->profile['uid'])) { - $sql_extra = ''; - } - - // authenticated visitor - here lie dragons - // If $remotecontact is true, we know that not only is this a remotely authenticated - // person, but that it is *our* contact, which is important in multi-user mode. - - elseif($remote_contact) { - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), - dbesc($gs), - dbesc($gs) - ); - } + $sql_extra = permissions_sql($a->profile['uid'],$remote_contact,$groups); $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, diff --git a/mod/events.php b/mod/events.php index 642da3cb7..b0b54601f 100644 --- a/mod/events.php +++ b/mod/events.php @@ -183,7 +183,8 @@ function events_content(&$a) { $adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish); - $r = q("SELECT `event`.*, `item`.`id` AS `itemid`,`item`.`plink` FROM `event` LEFT JOIN `item` ON `item`.`event-id` = `event`.`id` + $r = q("SELECT `event`.*, `item`.`id` AS `itemid`,`item`.`plink`, + `item`.`author-name`, `item`.`author-avatar`, `item`.`author-link` FROM `event` LEFT JOIN `item` ON `item`.`event-id` = `event`.`id` WHERE `event`.`uid` = %d AND (( `adjust` = 0 AND `start` >= '%s' AND `start` <= '%s' ) OR ( `adjust` = 1 AND `start` >= '%s' AND `start` <= '%s' )) ", @@ -218,10 +219,6 @@ function events_content(&$a) { - - - - $last_date = ''; $fmt = t('l, F j'); @@ -235,7 +232,7 @@ function events_content(&$a) { $o .= '<hr /><a name="link-' . $j . '" ><div class="event-list-date">' . $d . '</div></a>'; $last_date = $d; $o .= format_event_html($rr); - $o .= '<a href="' . $a->get_baseurl() . '/events/event/' . $rr['id'] . '" title="' . t('Edit event') . '" class="edit-event-link icon pencil"></a>'; + $o .= ((! $rr['cid']) ? '<a href="' . $a->get_baseurl() . '/events/event/' . $rr['id'] . '" title="' . t('Edit event') . '" class="edit-event-link icon pencil"></a>' : ''); if($rr['plink']) $o .= '<a href="' . $rr['plink'] . '" title="' . t('link to source') . '" target="external-link" class="plink-event-link icon remote-link"></a></div>'; diff --git a/mod/friendika.php b/mod/friendika.php index 7762bfbb5..8c034c4ac 100644 --- a/mod/friendika.php +++ b/mod/friendika.php @@ -21,7 +21,7 @@ function friendika_init(&$a) { 'register_policy' => $register_policy[$a->config['register_policy']], 'admin' => $admin, 'site_name' => $a->config['sitename'], - + 'info' => ((x($a->config,'info')) ? $a->config['info'] : '') ); echo json_encode($data); diff --git a/mod/fsuggest.php b/mod/fsuggest.php new file mode 100644 index 000000000..9ef8f4c55 --- /dev/null +++ b/mod/fsuggest.php @@ -0,0 +1,111 @@ +<?php + + +function fsuggest_post(&$a) { + + if(! local_user()) { + return; + } + + if($a->argc != 2) + return; + + $contact_id = intval($a->argv[1]); + + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval(local_user()) + ); + if(! count($r)) { + notice( t('Contact not found.') . EOL); + return; + } + $contact = $r[0]; + + $new_contact = intval($_POST['suggest']); + + $hash = random_string(); + + $note = escape_tags(trim($_POST['note'])); + + if($new_contact) { + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($new_contact), + intval(local_user()) + ); + if(count($r)) { + + $x = q("INSERT INTO `fsuggest` ( `uid`,`cid`,`name`,`url`,`request`,`photo`,`note`,`created`) + VALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')", + intval(local_user()), + intval($contact_id), + dbesc($r[0]['name']), + dbesc($r[0]['url']), + dbesc($r[0]['request']), + dbesc($r[0]['photo']), + dbesc($hash), + dbesc(datetime_convert()) + ); + $r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1", + dbesc($hash), + intval(local_user()) + ); + if(count($r)) { + $fsuggest_id = $r[0]['id']; + q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", + dbesc($note), + intval($fsuggest_id), + intval(local_user()) + ); + proc_run('php', 'include/notifier.php', 'suggest' , $fsuggest_id); + } + + info( t('Friend suggestion sent.') . EOL); + } + + } + + +} + + + +function fsuggest_content(&$a) { + + require_once('include/acl_selectors.php'); + + if(! local_user()) { + notice( t('Permission denied.') . EOL); + return; + } + + if($a->argc != 2) + return; + + $contact_id = intval($a->argv[1]); + + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($contact_id), + intval(local_user()) + ); + if(! count($r)) { + notice( t('Contact not found.') . EOL); + return; + } + $contact = $r[0]; + + $o = '<h3>' . t('Suggest Friends') . '</h3>'; + + $o .= '<div id="fsuggest-desc" >' . sprintf( t('Suggest a friend for %s'), $contact['name']) . '</div>'; + + $o .= '<form id="fsuggest-form" action="fsuggest/' . $contact_id . '" method="post" >'; + + $o .= contact_selector('suggest','suggest-select', false, + array('size' => 4, 'exclude' => $contact_id, 'networks' => 'DFRN_ONLY', 'single' => true)); + + + $o .= '<div id="fsuggest-submit-wrapper"><input id="fsuggest-submit" type="submit" name="submit" value="' . t('Submit') . '" /></div>'; + $o .= '</form>'; + + return $o; +}
\ No newline at end of file diff --git a/mod/group.php b/mod/group.php index 2d7ea8c11..981796f67 100644 --- a/mod/group.php +++ b/mod/group.php @@ -7,7 +7,7 @@ function validate_members(&$item) { function group_init(&$a) { if(local_user()) { require_once('include/group.php'); - $a->page['aside'] = group_side(); + $a->page['aside'] = group_side('contacts','group',false,(($a->argc > 1) ? intval($a->argv[1]) : 0)); } } @@ -68,6 +68,14 @@ function group_content(&$a) { return; } + // Switch to text mod interface if we have more than 'n' contacts or group members + + $switchtotext = get_pconfig(local_user(),'system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = get_config('system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = 400; + if(($a->argc == 2) && ($a->argv[1] === 'new')) { $tpl = get_markup_template('group_new.tpl'); $o .= replace_macros($tpl,array( @@ -170,10 +178,11 @@ function group_content(&$a) { $o .= '<div id="group-members">'; $o .= '<h3>' . t('Members') . '</h3>'; + $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false); foreach($members as $member) { if($member['url']) { $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;'; - $o .= micropro($member,true,'mpgroup'); + $o .= micropro($member,true,'mpgroup', $textmode); } else group_rmv_member(local_user(),$group['name'],$member['id']); @@ -189,10 +198,11 @@ function group_content(&$a) { ); if(count($r)) { + $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); foreach($r as $member) { if(! in_array($member['id'],$preselected)) { $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;'; - $o .= micropro($member,true,'mpall'); + $o .= micropro($member,true,'mpall', $textmode); } } } diff --git a/mod/item.php b/mod/item.php index 84fe237b3..8a4f8293c 100644 --- a/mod/item.php +++ b/mod/item.php @@ -61,7 +61,7 @@ function item_post(&$a) { $profile_uid = ((x($_POST,'profile_uid')) ? intval($_POST['profile_uid']) : 0); $post_id = ((x($_POST['post_id'])) ? intval($_POST['post_id']) : 0); - $app = ((x($_POST['source'])) ? notags($_POST['source']) : ''); + $app = ((x($_POST['source'])) ? strip_tags($_POST['source']) : ''); if(! can_write_wall($a,$profile_uid)) { notice( t('Permission denied.') . EOL) ; @@ -244,6 +244,10 @@ function item_post(&$a) { } + /** + * Next link in any attachment references we find in the post. + */ + $match = false; if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) { @@ -265,10 +269,6 @@ function item_post(&$a) { } } - - - - /** * Fold multi-line [code] sequences */ @@ -285,13 +285,21 @@ function item_post(&$a) { $tags = get_tags($body); - if(($parent_contact) && ($parent_contact['network'] === 'stat') && ($parent_contact['nick']) && (! in_array('@' . $parent_contact['nick'],$tags))) { + /** + * add a statusnet style reply tag if the original post was from there + * and we are replying, and there isn't one already + */ + + if(($parent_contact) && ($parent_contact['network'] === 'stat') + && ($parent_contact['nick']) && (! in_array('@' . $parent_contact['nick'],$tags))) { $body = '@' . $parent_contact['nick'] . ' ' . $body; $tags[] = '@' . $parent_contact['nick']; } if(count($tags)) { foreach($tags as $tag) { + if(isset($profile)) + unset($profile); if(strpos($tag,'#') === 0) { if(strpos($tag,'[url=')) continue; @@ -325,7 +333,7 @@ function item_post(&$a) { else { $newname = $name; $alias = ''; - if(strstr($name,'_')) { + if(strstr($name,'_') || strstr($name,' ')) { $newname = str_replace('_',' ',$name); $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), @@ -419,6 +427,7 @@ function item_post(&$a) { $datarray['author-avatar'] = $author['thumb']; $datarray['created'] = datetime_convert(); $datarray['edited'] = datetime_convert(); + $datarray['received'] = datetime_convert(); $datarray['changed'] = datetime_convert(); $datarray['uri'] = $uri; $datarray['title'] = $title; @@ -445,6 +454,7 @@ function item_post(&$a) { $datarray['parent'] = $parent; $datarray['self'] = $self; + $datarray['prvnets'] = $user['prvnets']; if($orig_post) $datarray['edit'] = true; @@ -472,9 +482,9 @@ function item_post(&$a) { $r = q("INSERT INTO `item` (`uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, - `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `changed`, `uri`, `title`, `body`, `app`, `location`, `coord`, + `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `received`, `changed`, `uri`, `title`, `body`, `app`, `location`, `coord`, `tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach` ) - VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s' )", + VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s' )", intval($datarray['uid']), dbesc($datarray['type']), intval($datarray['wall']), @@ -488,6 +498,7 @@ function item_post(&$a) { dbesc($datarray['author-avatar']), dbesc($datarray['created']), dbesc($datarray['edited']), + dbesc($datarray['received']), dbesc($datarray['changed']), dbesc($datarray['uri']), dbesc($datarray['title']), diff --git a/mod/lostpass.php b/mod/lostpass.php index e0bf6eed7..3453a0db4 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -7,12 +7,16 @@ function lostpass_post(&$a) { if(! $email) goaway($a->get_baseurl()); - $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1", + $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1", dbesc($email), dbesc($email) ); - if(! count($r)) + + if(! count($r)) { + notice( t('No valid account found.') . EOL); goaway($a->get_baseurl()); + } + $uid = $r[0]['uid']; $username = $r[0]['username']; diff --git a/mod/match.php b/mod/match.php index 2d6456b54..5dd80fe3e 100644 --- a/mod/match.php +++ b/mod/match.php @@ -15,7 +15,7 @@ function match_content(&$a) { if(! count($r)) return; if(! $r[0]['pub_keywords'] && (! $r[0]['prv_keywords'])) { - notice('No keywords to match. Please add keywords to your default profile.'); + notice( t('No keywords to match. Please add keywords to your default profile.') . EOL); return; } @@ -27,7 +27,10 @@ function match_content(&$a) { if($a->pager['page'] != 1) $params['p'] = $a->pager['page']; - $x = post_url('http://dir.friendika.com/msearch', $params); + if(strlen(get_config('system','directory_submit_url'))) + $x = post_url('http://dir.friendika.com/msearch', $params); + else + $x = post_url($a->get_baseurl() . '/msearch', $params); $j = json_decode($x); @@ -40,7 +43,7 @@ function match_content(&$a) { foreach($j->results as $jj) { $o .= '<div class="profile-match-wrapper"><div class="profile-match-photo">'; - $o .= '<a href="' . $jj->url . '">' . '<img src="' . $jj->photo . '" alt="' . $jj->name . '" title="' . $jj->name . '[' . $jj->url . ']' . '" /></a></div>'; + $o .= '<a href="' . $jj->url . '">' . '<img src="' . $jj->photo . '" alt="' . $jj->name . '" title="' . $jj->name . '[' . $jj->tags . ']' . '" /></a></div>'; $o .= '<div class="profile-match-break"></div>'; $o .= '<div class="profile-match-name"><a href="' . $jj->url . '" title="' . $jj->name . '[' . $jj->url .']' . '">' . $jj->name . '</a></div>'; $o .= '<div class="profile-match-end"></div></div>'; diff --git a/mod/msearch.php b/mod/msearch.php index dc9496295..7d9bbe9e7 100644 --- a/mod/msearch.php +++ b/mod/msearch.php @@ -16,7 +16,7 @@ function msearch_post(&$a) { if(count($r)) $total = $r[0]['total']; - $r = q("SELECT `username`, `nickname`, `user`.`uid` FROM `user` LEFT JOIN `profile` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `hidewall` = 0 AND MATCH `pub_keywords` AGAINST ('%s') LIMIT %d , %d ", + $r = q("SELECT `pub_keywords`, `username`, `nickname`, `user`.`uid` FROM `user` LEFT JOIN `profile` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 AND `hidewall` = 0 AND MATCH `pub_keywords` AGAINST ('%s') LIMIT %d , %d ", dbesc($search), intval($startrec), intval($perpage) @@ -28,7 +28,8 @@ function msearch_post(&$a) { $results[] = array( 'name' => $rr['name'], 'url' => $a->get_baseurl() . '/profile/' . $rr['nickname'], - 'photo' => $a->get_baseurl() . '/photo/avatar/' . $rr['uid'] . 'jpg' + 'photo' => $a->get_baseurl() . '/photo/avatar/' . $rr['uid'] . 'jpg', + 'tags' => str_replace(array(',',' '),array(' ',' '),$rr['pub_keywords']) ); } diff --git a/mod/network.php b/mod/network.php index 75775ba50..28e540283 100644 --- a/mod/network.php +++ b/mod/network.php @@ -7,13 +7,14 @@ function network_init(&$a) { return; } - + $group_id = (($a->argc > 1 && intval($a->argv[1])) ? intval($a->argv[1]) : 0); + require_once('include/group.php'); if(! x($a->page,'aside')) $a->page['aside'] = ''; $search = ((x($_GET,'search')) ? escape_tags($_GET['search']) : ''); - $srchurl = '/network' . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : ''); + $srchurl = '/network' . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '') . ((x($_GET,'star')) ? '?star=' . $_GET['star'] : ''); $a->page['aside'] .= search($search,'netsearch-box',$srchurl); @@ -21,15 +22,33 @@ function network_init(&$a) { $a->page['aside'] .= '<div id="network-new-link">'; - + $a->page['aside'] .= '<div id="network-view-link">'; if(($a->argc > 1 && $a->argv[1] === 'new') || ($a->argc > 2 && $a->argv[2] === 'new') || x($_GET,'search')) - $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '') . '">' . t('Normal View') . '</a>'; - else - $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . $a->cmd . '/new' . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '">' . t('New Item View') . '</a>'; + $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '') . '">' . t('View Conversations') . '</a></div>'; + else { + $a->page['aside'] .= '<a href="' . $a->get_baseurl() . '/' . $a->cmd . '/new' . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '">' . t('View New Items') . '</a></div>'; + + if(x($_GET,'star')) + $a->page['aside'] .= '<div id="network-star-link">' + . '<a class="network-star" href="' . $a->get_baseurl() . '/' . $a->cmd + . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '">' + . t('View Any Items') . '</a>' + . '<span class="network-star icon starred"></span>' + . '<span class="network-star icon unstarred"></span>' + . '<div class="clear"></div></div>'; + else + $a->page['aside'] .= '<div id="network-star-link">' + . '<a class="network-star" href="' . $a->get_baseurl() . '/' . $a->cmd + . ((x($_GET,'cid')) ? '/?cid=' . $_GET['cid'] : '') . '&star=1" >' + . t('View Starred Items') . '</a>' + . '<span class="network-star icon starred"></span>' + . '<div class="clear"></div></div>'; + + } $a->page['aside'] .= '</div>'; - $a->page['aside'] .= group_side('network','network',true); + $a->page['aside'] .= group_side('network','network',true,$group_id); } @@ -50,6 +69,7 @@ function network_content(&$a, $update = 0) { require_once('include/acl_selectors.php'); $cid = ((x($_GET['cid'])) ? intval($_GET['cid']) : 0); + $star = ((x($_GET['star'])) ? intval($_GET['star']) : 0); if(($a->argc > 2) && $a->argv[2] === 'new') $nouveau = true; @@ -108,6 +128,7 @@ function network_content(&$a, $update = 0) { . "; var netargs = '" . substr($a->cmd,8) . ((x($_GET,'cid')) ? '?cid=' . $_GET['cid'] : '') . ((x($_GET,'search')) ? '?search=' . $_GET['search'] : '') + . ((x($_GET,'star')) ? '?star=' . $_GET['star'] : '') . "'; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; } @@ -116,7 +137,7 @@ function network_content(&$a, $update = 0) { // level which items you've seen and which you haven't. If you're looking // at the top level network page just mark everything seen. - if((! $group) && (! $cid)) { + if((! $group) && (! $cid) && (! $star)) { $r = q("UPDATE `item` SET `unseen` = 0 WHERE `unseen` = 1 AND `uid` = %d", intval($_SESSION['uid']) @@ -127,7 +148,9 @@ function network_content(&$a, $update = 0) { // that belongs to you, hence you can see all of it. We will filter by group if // desired. - $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) "; + $star_sql = (($star) ? " AND `starred` = 1 " : ''); + + $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` $star_sql ) "; if($group) { $r = q("SELECT `name`, `id` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", @@ -151,7 +174,8 @@ function network_content(&$a, $update = 0) { info( t('Group is empty')); } - $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` REGEXP '<" . intval($group) . ">' )) "; + + $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` $star_sql AND ( `contact-id` IN ( $contact_str ) OR `allow_gid` REGEXP '<" . intval($group) . ">' )) "; $o = '<h2>' . t('Group: ') . $r[0]['name'] . '</h2>' . $o; } elseif($cid) { @@ -161,7 +185,7 @@ function network_content(&$a, $update = 0) { intval($cid) ); if(count($r)) { - $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` AND `contact-id` IN ( " . intval($cid) . " )) "; + $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` $star_sql AND `contact-id` IN ( " . intval($cid) . " )) "; $o = '<h2>' . t('Contact: ') . $r[0]['name'] . '</h2>' . $o; if($r[0]['network'] !== NETWORK_MAIL && $r[0]['network'] !== NETWORK_DFRN && $r[0]['network'] !== NETWORK_FACEBOOK && $r[0]['writable'] && (! get_pconfig(local_user(),'system','nowarn_insecure'))) { notice( t('Private messages to this person are at risk of public disclosure.') . EOL); @@ -183,6 +207,7 @@ function network_content(&$a, $update = 0) { if(x($_GET,'search')) $sql_extra .= " AND `item`.`body` REGEXP '" . dbesc(escape_tags($_GET['search'])) . "' "; + $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` @@ -212,7 +237,7 @@ function network_content(&$a, $update = 0) { AND `contact`.`id` = `item`.`contact-id` AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra - ORDER BY `item`.`created` DESC LIMIT %d ,%d ", + ORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($_SESSION['uid']), intval($a->pager['start']), intval($a->pager['itemspage']) diff --git a/mod/notifications.php b/mod/notifications.php index a3339199e..c6f073058 100644 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -13,11 +13,9 @@ function notifications_post(&$a) { if($request_id) { - $r = q("SELECT * FROM `intro` - WHERE `id` = %d - AND `uid` = %d LIMIT 1", - intval($request_id), - intval(local_user()) + $r = q("SELECT * FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($request_id), + intval(local_user()) ); if(count($r)) { @@ -28,14 +26,22 @@ function notifications_post(&$a) { notice( t('Invalid request identifier.') . EOL); return; } + + // If it is a friend suggestion, the contact is not a new friend but an existing friend + // that should not be deleted. + + $fid = $r[0]['fid']; + if($_POST['submit'] == t('Discard')) { $r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", intval($intro_id) ); - $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 LIMIT 1", - intval($contact_id), - intval(local_user()) - ); + if(! $fid) { + $r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 LIMIT 1", + intval($contact_id), + intval(local_user()) + ); + } return; } if($_POST['submit'] == t('Ignore')) { @@ -81,18 +87,41 @@ function notifications_content(&$a) { $a->set_pager_itemspage(20); } - $r = q("SELECT `intro`.`id` AS `intro_id`, `intro`.*, `contact`.* - FROM `intro` LEFT JOIN `contact` ON `intro`.`contact-id` = `contact`.`id` + $r = q("SELECT `intro`.`id` AS `intro_id`, `intro`.*, `contact`.*, `fcontact`.`name` AS `fname`,`fcontact`.`url` AS `furl`,`fcontact`.`photo` AS `fphoto`,`fcontact`.`request` AS `frequest` + FROM `intro` LEFT JOIN `contact` ON `contact`.`id` = `intro`.`contact-id` LEFT JOIN `fcontact` ON `intro`.`fid` = `fcontact`.`id` WHERE `intro`.`uid` = %d $sql_extra AND `intro`.`blocked` = 0 ", intval($_SESSION['uid'])); if(($r !== false) && (count($r))) { - + $sugg = get_markup_template('suggestions.tpl'); $tpl = get_markup_template("intros.tpl"); foreach($r as $rr) { + if($rr['fid']) { + + $return_addr = bin2hex($a->user['nickname'] . '@' . $a->get_hostname() . (($a->path) ? '/' . $a->path : '')); + $o .= replace_macros($sugg,array( + '$str_notifytype' => t('Notification type: '), + '$notify_type' => t('Friend Suggestion'), + '$intro_id' => $rr['intro_id'], + '$madeby' => sprintf( t('suggested by %s'),$rr['name']), + '$contact_id' => $rr['contact-id'], + '$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/default-profile.jpg"), + '$fullname' => $rr['fname'], + '$url' => $rr['furl'], + '$knowyou' => $knowyou, + '$approve' => t('Approve'), + '$note' => $rr['note'], + '$request' => $rr['frequest'] . '?addr=' . $return_addr, + '$ignore' => t('Ignore'), + '$discard' => t('Discard') + + )); + + continue; + } $friend_selected = (($rr['network'] !== 'stat') ? ' checked="checked" ' : ' disabled '); $fan_selected = (($rr['network'] === 'stat') ? ' checked="checked" disabled ' : ''); $dfrn_tpl = get_markup_template('netfriend.tpl'); @@ -138,28 +167,6 @@ function notifications_content(&$a) { else info( t('No notifications.') . EOL); - if ($a->config['register_policy'] == REGISTER_APPROVE && - $a->config['admin_email'] === $a->user['email']){ - $o .= '<h1>' . t('User registrations waiting for confirm') . '</h1>' . "\r\n"; - - $r = q("SELECT `register`.*, `contact`.`name`, `user`.`email` - FROM `register` - LEFT JOIN `contact` ON `register`.`uid` = `contact`.`uid` - LEFT JOIN `user` ON `register`.`uid` = `user`.`uid`;"); - if(($r !== false) && (count($r))) { - $o .= '<ul>'; - foreach($r as $rr) { - $o .= '<li>' . sprintf('%s (%s) : ', $rr['name'],$rr['email']) - . '<a href="regmod/allow/' . $rr['hash'] .'">' . t('Approve') - . '</a> - <a href="regmod/deny/' . $rr['hash'] . '">' . t('Deny') . '</a></li>' . "\r\n"; - } - $o .= "</ul>"; - } - else - info( t('No registrations.') . EOL); - - } - $o .= paginate($a); return $o; } diff --git a/mod/photo.php b/mod/photo.php index 3bea7e72d..9809aa418 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -1,5 +1,7 @@ <?php +require_once('include/security.php'); + function photo_init(&$a) { switch($a->argc) { @@ -73,39 +75,7 @@ function photo_init(&$a) { ); if(count($r)) { - $owner = $r[0]['uid']; - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - if(local_user() && ($owner == $_SESSION['uid'])) { - - // Owner can always see his/her photos - $sql_extra = ''; - - } - elseif(remote_user()) { - - // authenticated visitor - here lie dragons - - $groups = init_groups_visitor($_SESSION['visitor_id']); - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), - dbesc($gs), - dbesc($gs) - ); - } + $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the photo diff --git a/mod/photos.php b/mod/photos.php index bbdb8b7e9..3e0ec5802 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -3,6 +3,7 @@ require_once('include/Photo.php'); require_once('include/items.php'); require_once('include/acl_selectors.php'); require_once('include/bbcode.php'); +require_once('include/security.php'); function photos_init(&$a) { @@ -23,7 +24,9 @@ function photos_init(&$a) { $a->data['user'] = $r[0]; - $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d", + $sql_extra = permissions_sql($a->data['user']['uid']); + + $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d $sql_extra ", intval($a->data['user']['uid']) ); @@ -35,7 +38,11 @@ function photos_init(&$a) { $o .= '<ul>'; foreach($albums as $album) { - if((! strlen($album['album'])) || ($album['album'] == t('Contact Photos'))) + + // don't show contact photos. We once trasnlated this name, but then you could still access it under + // a different language setting. Now we store the name in English and check in English (and translated for legacy albums). + + if((! strlen($album['album'])) || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos'))) continue; $o .= '<li>' . '<a href="photos/' . $a->argv[1] . '/album/' . bin2hex($album['album']) . '" />' . $album['album'] . '</a></li>'; } @@ -133,7 +140,7 @@ function photos_post(&$a) { if(($a->argc > 3) && ($a->argv[2] === 'album')) { $album = hex2bin($a->argv[3]); - if($album == t('Profile Photos') || $album == t('Contact Photos')) { + if($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } @@ -376,6 +383,8 @@ function photos_post(&$a) { if(count($tags)) { foreach($tags as $tag) { + if(isset($profile)) + unset($profile); if(strpos($tag,'@') === 0) { $name = substr($tag,1); if((strpos($name,'@')) || (strpos($name,'http://'))) { @@ -397,7 +406,7 @@ function photos_post(&$a) { } else { $newname = $name; - if(strstr($name,'_')) { + if(strstr($name,'_') || strstr($name,' ')) { $newname = str_replace('_',' ',$name); $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), @@ -590,6 +599,9 @@ function photos_post(&$a) { $filesize = intval($_FILES['userfile']['size']); } + + logger('photos: upload: received file: ' . $filename . ' as ' . $src . ' ' . $filesize . ' bytes', LOGGER_DEBUG); + $maximagesize = get_config('system','maximagesize'); if(($maximagesize) && ($filesize > $maximagesize)) { @@ -600,6 +612,14 @@ function photos_post(&$a) { return; } + if(! $filesize) { + notice( t('Image file is empty.') . EOL); + @unlink($src); + $foo = 0; + call_hooks('photo_post_end',$foo); + return; + } + logger('mod/photos.php: photos_post(): loading the contents of ' . $src , 'LOGGER_DEBUG'); $imagedata = @file_get_contents($src); @@ -755,8 +775,6 @@ function photos_content(&$a) { $owner_uid = $a->data['user']['uid']; - - $community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false); if((local_user()) && (local_user() == $owner_uid)) @@ -807,34 +825,7 @@ function photos_content(&$a) { return; } - // default permissions - anonymous user - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - // Profile owner - everything is visible - - if(local_user() && (local_user() == $owner_uid)) { - $sql_extra = ''; - } - elseif(remote_user()) { - // authenticated visitor - here lie dragons - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval(remote_user()), - intval(remote_user()), - dbesc($gs), - dbesc($gs) - ); - } + $sql_extra = permissions_sql($owner_uid,$remote_contact,$groups); $o = ""; @@ -867,7 +858,7 @@ function photos_content(&$a) { $albumselect .= '<option value="" selected="selected" > </option>'; if(count($a->data['albums'])) { foreach($a->data['albums'] as $album) { - if(($album['album'] === '') || ($album['album'] == t('Contact Photos'))) + if(($album['album'] === '') || ($album['album'] === 'Contact Photos') || ($album['album'] === t('Contact Photos'))) continue; $albumselect .= '<option value="' . $album['album'] . '">' . $album['album'] . '</option>'; } @@ -936,7 +927,7 @@ function photos_content(&$a) { $o .= '<h3>' . $album . '</h3>'; if($cmd === 'edit') { - if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) { + if(($album !== t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) { if($can_post) { $edit_tpl = get_markup_template('album_edit.tpl'); $o .= replace_macros($edit_tpl,array( @@ -951,7 +942,7 @@ function photos_content(&$a) { } } else { - if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) { + if(($album !== t('Profile Photos')) && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) { if($can_post) { $o .= '<div id="album-edit-link"><a href="'. $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">' @@ -1119,6 +1110,7 @@ function photos_content(&$a) { } $tags=Null; + if(count($linked_items) && strlen($link_item['tag'])) { $arr = explode(',',$link_item['tag']); // parse tags and add links @@ -1337,9 +1329,10 @@ function photos_content(&$a) { // Default - show recent photos with upload link (if applicable) //$o = ''; - $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' + $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' $sql_extra GROUP BY `resource-id`", intval($a->data['user']['uid']), + dbesc('Contact Photos'), dbesc( t('Contact Photos')) ); if(count($r)) { @@ -1348,9 +1341,10 @@ function photos_content(&$a) { } $r = q("SELECT `resource-id`, `id`, `filename`, `album`, max(`scale`) AS `scale` FROM `photo` - WHERE `uid` = %d AND `album` != '%s' + WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' $sql_extra GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['user']['uid']), + dbesc('Contact Photos'), dbesc( t('Contact Photos')), intval($a->pager['start']), intval($a->pager['itemspage']) diff --git a/mod/ping.php b/mod/ping.php index 6e8618bbd..7c31f00c9 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -25,14 +25,6 @@ function ping_init(&$a) { ); $intro = $r[0]['total']; - if (($a->config['register_policy'] == REGISTER_APPROVE) && (is_site_admin())) { - $r = q("SELECT COUNT(*) AS `total` FROM `register`"); - $register = $r[0]['total']; - } else { - $register = "0"; - } - - $myurl = $a->get_baseurl() . '/profile/' . $a->user['nickname'] ; $r = q("SELECT COUNT(*) AS `total` FROM `mail` WHERE `uid` = %d AND `seen` = 0 AND `from-url` != '%s' ", @@ -43,7 +35,7 @@ function ping_init(&$a) { $mail = $r[0]['total']; header("Content-type: text/xml"); - echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<result><register>$register</register><intro>$intro</intro><mail>$mail</mail><net>$network</net><home>$home</home></result>\r\n"; + echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<result><intro>$intro</intro><mail>$mail</mail><net>$network</net><home>$home</home></result>\r\n"; killme(); } diff --git a/mod/profile.php b/mod/profile.php index f2dd7f4df..e9b144ffd 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -164,48 +164,19 @@ function profile_content(&$a, $update = 0) { } } - // Construct permissions - - // default permissions - anonymous user - - $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' "; - - // Profile owner - everything is visible - if($is_owner) { - $sql_extra = ''; - - // Oh - while we're here... reset the Unseen messages - $r = q("UPDATE `item` SET `unseen` = 0 WHERE `wall` = 1 AND `unseen` = 1 AND `uid` = %d", - intval($_SESSION['uid']) + intval(local_user()) ); - } - // authenticated visitor - here lie dragons - // If $remotecontact is true, we know that not only is this a remotely authenticated - // person, but that it is *our* contact, which is important in multi-user mode. - - elseif($remote_contact) { - $gs = '<<>>'; // should be impossible to match - if(count($groups)) { - foreach($groups as $g) - $gs .= '|<' . intval($g) . '>'; - } - $sql_extra = sprintf( - " AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) - AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) - AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' ) - AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", - - intval($_SESSION['visitor_id']), - intval($_SESSION['visitor_id']), - dbesc($gs), - dbesc($gs) - ); - } + /** + * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups + */ + + $sql_extra = permissions_sql($a->profile['profile_uid'],$remote_contact,$groups); + $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` diff --git a/mod/profperm.php b/mod/profperm.php index e70992a2b..33479cad1 100644 --- a/mod/profperm.php +++ b/mod/profperm.php @@ -26,6 +26,15 @@ function profperm_content(&$a) { return; } + // Switch to text mod interface if we have more than 'n' contacts or group members + + $switchtotext = get_pconfig(local_user(),'system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = get_config('system','groupedit_image_limit'); + if($switchtotext === false) + $switchtotext = 400; + + if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) { $r = q("SELECT `id` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `self` = 0 AND `network` = 'dfrn' AND `id` = %d AND `uid` = %d LIMIT 1", @@ -103,10 +112,13 @@ function profperm_content(&$a) { $o .= '<div id="prof-members">'; $o .= '<h3>' . t('Visible To') . '</h3>'; + + $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false); + foreach($members as $member) { if($member['url']) { $member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['id'] . '); return true;'; - $o .= micropro($member,true,'mpprof'); + $o .= micropro($member,true,'mpprof', $textmode); } } $o .= '</div><div id="prof-members-end"></div>'; @@ -120,10 +132,11 @@ function profperm_content(&$a) { ); if(count($r)) { + $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); foreach($r as $member) { if(! in_array($member['id'],$ingroup)) { $member['click'] = 'profChangeMember(' . $profile['id'] . ',' . $member['id'] . '); return true;'; - $o .= micropro($member,true,'mpprof'); + $o .= micropro($member,true,'mpprof',$textmode); } } } diff --git a/mod/register.php b/mod/register.php index 78dc75f77..7aaf74792 100644 --- a/mod/register.php +++ b/mod/register.php @@ -71,6 +71,8 @@ function register_post(&$a) { $err = ''; + // collapse multiple spaces in name + $username = preg_replace('/ +/',' ',$username); if(mb_strlen($username) > 48) $err .= t('Please use a shorter name.') . EOL; @@ -93,6 +95,7 @@ function register_post(&$a) { $err .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL; } + if(! allowed_email($email)) $err .= t('Your email domain is not among those allowed on this site.') . EOL; diff --git a/mod/regmod.php b/mod/regmod.php index 8e6a577d4..76ea4062e 100644 --- a/mod/regmod.php +++ b/mod/regmod.php @@ -1,6 +1,9 @@ <?php function user_allow($hash) { + + $a = get_app(); + $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1", dbesc($hash) ); diff --git a/mod/salmon.php b/mod/salmon.php index c2f76aa0a..721eae437 100644 --- a/mod/salmon.php +++ b/mod/salmon.php @@ -1,14 +1,11 @@ <?php -// TODO: -// add relevant contacts so they can use this - // There is a lot of debug stuff in here because this is quite a // complicated process to try and sort out. require_once('include/salmon.php'); -require_once('simplepie/simplepie.inc'); +require_once('library/simplepie/simplepie.inc'); function salmon_return($val) { @@ -133,9 +130,9 @@ function salmon_post(&$a) { // Setup RSA stuff to verify the signature - set_include_path(get_include_path() . PATH_SEPARATOR . 'phpsec'); + set_include_path(get_include_path() . PATH_SEPARATOR . 'library' . PATH_SEPARATOR . 'phpsec'); - require_once('phpsec/Crypt/RSA.php'); + require_once('library/phpsec/Crypt/RSA.php'); $key_info = explode('.',$key); @@ -186,7 +183,11 @@ function salmon_post(&$a) { if(! count($r)) { logger('mod-salmon: Author unknown to us.'); } - if((count($r)) && ($r[0]['readonly'])) { + + // is this a follower? Or have we ignored the person? + // If so we can not accept this post. + + if((count($r)) && (($r[0]['readonly']) || ($r[0]['rel'] == REL_VIP) || ($r[0]['blocked']))) { logger('mod-salmon: Ignoring this author.'); salmon_return(202); // NOTREACHED diff --git a/mod/search.php b/mod/search.php index 9c82b38e8..c20d1274e 100644 --- a/mod/search.php +++ b/mod/search.php @@ -35,13 +35,9 @@ function search_content(&$a) { if(! $search) return $o; - - $sql_extra = " - AND `item`.`allow_cid` = '' - AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' - AND `item`.`deny_gid` = '' - "; + // Here is the way permissions work in the search module... + // Only public wall posts can be shown + // OR your own posts if you are a logged in member $s_bool = "AND MATCH (`item`.`body`) AGAINST ( '%s' IN BOOLEAN MODE )"; $s_regx = "AND `item`.`body` REGEXP '%s' "; @@ -52,12 +48,12 @@ function search_content(&$a) { $search_alg = $s_regx; $r = q("SELECT COUNT(*) AS `total` - FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` + FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `profile` ON `profile`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 - AND ( `wall` = 1 OR `contact`.`uid` = %d ) - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 - $search_alg - $sql_extra ", + AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `profile`.`hidewall` = 0) + OR `item`.`uid` = %d ) + AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `profile`.`is-default` = 1 + $search_alg ", intval(local_user()), dbesc($search) ); @@ -74,14 +70,15 @@ function search_content(&$a) { `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`, - `user`.`nickname` + `user`.`nickname`, `profile`.`hidewall` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` + LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` + LEFT JOIN `profile` ON `profile`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 - AND ( `wall` = 1 OR `contact`.`uid` = %d ) - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + AND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `profile`.`hidewall` = 0 ) + OR `item`.`uid` = %d ) + AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `profile`.`is-default` = 1 $search_alg - $sql_extra ORDER BY `parent` DESC ", intval(local_user()), dbesc($search) diff --git a/mod/starred.php b/mod/starred.php new file mode 100644 index 000000000..035b81e76 --- /dev/null +++ b/mod/starred.php @@ -0,0 +1,35 @@ +<?php + + +function starred_init(&$a) { + + $starred = 0; + + if(! local_user()) + killme(); + if($a->argc > 1) + $message_id = intval($a->argv[1]); + if(! $message_id) + killme(); + + $r = q("SELECT starred FROM item WHERE uid = %d AND id = %d LIMIT 1", + intval(local_user()), + intval($message_id) + ); + if(! count($r)) + killme(); + + if(! intval($r[0]['starred'])) + $starred = 1; + + $r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d LIMIT 1", + intval($starred), + intval(local_user()), + intval($message_id) + ); + + // the json doesn't really matter, it will either be 0 or 1 + + echo json_encode($starred); + killme(); +} diff --git a/mod/webfinger.php b/mod/webfinger.php index dd6d72a13..f6d6026b4 100644 --- a/mod/webfinger.php +++ b/mod/webfinger.php @@ -13,12 +13,14 @@ function webfinger_content(&$a) { $o .= '<br /><br />'; if(x($_GET,'addr')) { - $addr = $_GET['addr']; + $addr = trim($_GET['addr']); if(strpos($addr,'@' !== false)) $res = webfinger($addr); else $res = lrdd($addr); + $o .= '<pre>'; $o .= str_replace("\n",'<br />',print_r($res,true)); + $o .= '</pre>'; } return $o; }
\ No newline at end of file diff --git a/mod/xrd.php b/mod/xrd.php index 8ac6ff7cf..de0c20ea5 100644 --- a/mod/xrd.php +++ b/mod/xrd.php @@ -24,7 +24,7 @@ function xrd_content(&$a) { $salmon_key = salmon_key($r[0]['spubkey']); - + header('Access-Control-Allow-Origin: *'); header("Content-type: text/xml"); $tpl = file_get_contents('view/xrd_person.tpl'); |