diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/chat.php | 6 | ||||
| -rw-r--r-- | mod/getfile.php | 97 | ||||
| -rw-r--r-- | mod/help.php | 14 | ||||
| -rw-r--r-- | mod/notes.php | 12 |
4 files changed, 128 insertions, 1 deletions
diff --git a/mod/chat.php b/mod/chat.php index 75c364008..375d069be 100644 --- a/mod/chat.php +++ b/mod/chat.php @@ -208,6 +208,12 @@ function chat_content(&$a) { $o = profile_tabs($a,((local_channel() && local_channel() == App::$profile['profile_uid']) ? true : false),App::$profile['channel_address']); + if(! feature_enabled(App::$profile['profile_uid'],'ajaxchat')) { + notice( t('Feature disabled.') . EOL); + return $o; + } + + $acl = new Zotlabs\Access\AccessList($channel); $channel_acl = $acl->get(); diff --git a/mod/getfile.php b/mod/getfile.php new file mode 100644 index 000000000..c0916de79 --- /dev/null +++ b/mod/getfile.php @@ -0,0 +1,97 @@ +<?php + +/** + * module: getfile + * + * used for synchronising files and photos across clones + * + * The site initiating the file operation will send a sync packet to known clones. + * They will respond by building the DB structures they require, then will provide a + * post request to this site to grab the file data. This is sent as a stream direct to + * disk at the other end, avoiding memory issues. + * + * Since magic-auth cannot easily be used by the CURL process at the other end, + * we will require a signed request which includes a timestamp. This should not be + * used without SSL and is potentially vulnerable to replay if an attacker decrypts + * the SSL traffic fast enough. The amount of time slop is configurable but defaults + * to 3 minutes. + * + */ + + + +require_once('include/Contact.php'); +require_once('include/attach.php'); + +function getfile_post(&$a) { + + $hash = $_POST['hash']; + $time = $_POST['time']; + $sig = $_POST['signature']; + $resource = $_POST['resource']; + $revision = intval($_POST['revision']); + + if(! $hash) + killme(); + + $channel = channelx_by_hash($hash); + + if((! $channel) || (! $time) || (! $sig)) + killme(); + + $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop')); + if($slop < 1) + $slop = 3; + + $d1 = datetime_convert('UTC','UTC',"now + $slop minutes"); + $d2 = datetime_convert('UTC','UTC',"now - $slop minutes"); + + if(($time > $d1) || ($time < $d2)) { + logger('time outside allowable range'); + killme(); + } + + if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) { + logger('verify failed.'); + killme(); + } + + + $r = attach_by_hash($resource,$revision); + + if(! $r['success']) { + notice( $r['message'] . EOL); + return; + } + + + $unsafe_types = array('text/html','text/css','application/javascript'); + + if(in_array($r['data']['filetype'],$unsafe_types)) { + header('Content-type: text/plain'); + } + else { + header('Content-type: ' . $r['data']['filetype']); + } + + header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"'); + if(intval($r['data']['os_storage'])) { + $fname = dbunescbin($r['data']['data']); + if(strpos($fname,'store') !== false) + $istream = fopen($fname,'rb'); + else + $istream = fopen('store/' . $channel['channel_address'] . '/' . $fname,'rb'); + $ostream = fopen('php://output','wb'); + if($istream && $ostream) { + pipe_streams($istream,$ostream); + fclose($istream); + fclose($ostream); + } + } + else + echo dbunescbin($r['data']['data']); + killme(); + + + +}
\ No newline at end of file diff --git a/mod/help.php b/mod/help.php index a266dbf7f..fb0339cd9 100644 --- a/mod/help.php +++ b/mod/help.php @@ -84,7 +84,21 @@ function doc_rank_sort($s1,$s2) { } +function load_context_help() { + + $path = App::$cmd; + $args = App::$argv; + + while($path) { + $context_help = load_doc_file('doc/context/' . $path . '/help.html'); + if($context_help) + break; + array_pop($args); + $path = implode($args,'/'); + } + return $context_help; +} function store_doc_file($s) { diff --git a/mod/notes.php b/mod/notes.php index 4bb97fc9e..9bf37d0f9 100644 --- a/mod/notes.php +++ b/mod/notes.php @@ -6,8 +6,18 @@ function notes_init(&$a) { return; $ret = array('success' => true); - if($_REQUEST['note_text'] || $_REQUEST['note_text'] == '') { + if(array_key_exists('note_text',$_REQUEST)) { $body = escape_tags($_REQUEST['note_text']); + + // I've had my notes vanish into thin air twice in four years. + // Provide a backup copy if there were contents previously + // and there are none being saved now. + + if(! $body) { + $old_text = get_pconfig(local_channel(),'notes','text'); + if($old_text) + set_pconfig(local_channel(),'notes','text.bak',$old_text); + } set_pconfig(local_channel(),'notes','text',$body); } |