diff options
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/admin.php | 120 | ||||
| -rw-r--r-- | mod/fbrowser.php | 99 | ||||
| -rw-r--r-- | mod/install.php | 7 | ||||
| -rw-r--r-- | mod/item.php | 2 | ||||
| -rw-r--r-- | mod/photo.php | 29 | ||||
| -rw-r--r-- | mod/photos.php | 1 | ||||
| -rw-r--r-- | mod/profile.php | 1 | ||||
| -rw-r--r-- | mod/randprof.php | 2 | ||||
| -rw-r--r-- | mod/wall_attach.php | 7 |
9 files changed, 238 insertions, 30 deletions
diff --git a/mod/admin.php b/mod/admin.php index 7386dc5a3..cdc45c8e3 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -4,7 +4,11 @@ * Friendica admin */ require_once("include/remoteupdate.php"); - + + +/** + * @param App $a + */ function admin_post(&$a){ @@ -67,6 +71,10 @@ function admin_post(&$a){ return; // NOTREACHED } +/** + * @param App $a + * @return string + */ function admin_content(&$a) { if(!is_site_admin()) { @@ -74,7 +82,7 @@ function admin_content(&$a) { } if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) - return; + return ""; /** * Side bar links @@ -147,6 +155,7 @@ function admin_content(&$a) { if(is_ajax()) { echo $o; killme(); + return ''; } else { return $o; } @@ -155,6 +164,8 @@ function admin_content(&$a) { /** * Admin Summary Page + * @param App $a + * @return string */ function admin_page_summary(&$a) { $r = q("SELECT `page-flags`, COUNT(uid) as `count` FROM `user` GROUP BY `page-flags`"); @@ -188,12 +199,15 @@ function admin_page_summary(&$a) { /** * Admin Site Page + * @param App $a */ function admin_page_site_post(&$a){ if (!x($_POST,"page_site")){ return; } + check_form_security_token_redirectOnErr('/admin/site', 'admin_site'); + $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : ''); $banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false); $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); @@ -298,7 +312,7 @@ function admin_page_site_post(&$a){ } else { set_config('system','directory_submit_url', $global_directory); } - set_config('system','directory_search_url', $global_search_url); + set_config('system','block_extended_register', $no_multi_reg); set_config('system','no_openid', $no_openid); set_config('system','no_regfullname', $no_regfullname); @@ -317,7 +331,11 @@ function admin_page_site_post(&$a){ return; // NOTREACHED } - + +/** + * @param App $a + * @return string + */ function admin_page_site(&$a) { /* Installed langs */ @@ -408,6 +426,7 @@ function admin_page_site(&$a) { '$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""), '$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")), + '$form_security_token' => get_form_security_token("admin_site"), )); @@ -416,11 +435,15 @@ function admin_page_site(&$a) { /** * Users admin page + * + * @param App $a */ function admin_page_users_post(&$a){ $pending = ( x($_POST, 'pending') ? $_POST['pending'] : Array() ); $users = ( x($_POST, 'user') ? $_POST['user'] : Array() ); - + + check_form_security_token_redirectOnErr('/admin/users', 'admin_users'); + if (x($_POST,'page_users_block')){ foreach($users as $uid){ q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s", @@ -452,7 +475,11 @@ function admin_page_users_post(&$a){ goaway($a->get_baseurl(true) . '/admin/users' ); return; // NOTREACHED } - + +/** + * @param App $a + * @return string + */ function admin_page_users(&$a){ if ($a->argc>2) { $uid = $a->argv[3]; @@ -460,10 +487,11 @@ function admin_page_users(&$a){ if (count($user)==0){ notice( 'User not found' . EOL); goaway($a->get_baseurl(true) . '/admin/users' ); - return; // NOTREACHED + return ''; // NOTREACHED } switch($a->argv[2]){ case "delete":{ + check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); // delete user require_once("include/Contact.php"); user_remove($uid); @@ -471,6 +499,7 @@ function admin_page_users(&$a){ notice( sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL); }; break; case "block":{ + check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't'); q("UPDATE `user` SET `blocked`=%d WHERE `uid`=%s", intval( 1-$user[0]['blocked'] ), intval( $uid ) @@ -479,7 +508,7 @@ function admin_page_users(&$a){ }; break; } goaway($a->get_baseurl(true) . '/admin/users' ); - return; // NOTREACHED + return ''; // NOTREACHED } @@ -555,6 +584,7 @@ function admin_page_users(&$a){ '$confirm_delete_multi' => t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'), '$confirm_delete' => t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'), + '$form_security_token' => get_form_security_token("admin_users"), // values // '$baseurl' => $a->get_baseurl(true), @@ -567,10 +597,12 @@ function admin_page_users(&$a){ } -/* +/** * Plugins admin page + * + * @param App $a + * @return string */ - function admin_page_plugins(&$a){ /** @@ -580,10 +612,12 @@ function admin_page_plugins(&$a){ $plugin = $a->argv[2]; if (!is_file("addon/$plugin/$plugin.php")){ notice( t("Item not found.") ); - return; + return ''; } if (x($_GET,"a") && $_GET['a']=="t"){ + check_form_security_token_redirectOnErr('/admin/plugins', 'admin_themes', 't'); + // Toggle plugin status $idx = array_search($plugin, $a->plugins); if ($idx !== false){ @@ -597,7 +631,7 @@ function admin_page_plugins(&$a){ } set_config("system","addon", implode(", ",$a->plugins)); goaway($a->get_baseurl(true) . '/admin/plugins' ); - return; // NOTREACHED + return ''; // NOTREACHED } // display plugin details require_once('library/markdown.php'); @@ -641,7 +675,9 @@ function admin_page_plugins(&$a){ '$admin_form' => $admin_form, '$function' => 'plugins', '$screenshot' => '', - '$readme' => $readme + '$readme' => $readme, + + '$form_security_token' => get_form_security_token("admin_themes"), )); } @@ -670,10 +706,16 @@ function admin_page_plugins(&$a){ '$submit' => t('Submit'), '$baseurl' => $a->get_baseurl(true), '$function' => 'plugins', - '$plugins' => $plugins + '$plugins' => $plugins, + '$form_security_token' => get_form_security_token("admin_themes"), )); } +/** + * @param array $themes + * @param string $th + * @param int $result + */ function toggle_theme(&$themes,$th,&$result) { for($x = 0; $x < count($themes); $x ++) { if($themes[$x]['name'] === $th) { @@ -689,6 +731,11 @@ function toggle_theme(&$themes,$th,&$result) { } } +/** + * @param array $themes + * @param string $th + * @return int + */ function theme_status($themes,$th) { for($x = 0; $x < count($themes); $x ++) { if($themes[$x]['name'] === $th) { @@ -702,9 +749,12 @@ function theme_status($themes,$th) { } return 0; } - +/** + * @param array $themes + * @return string + */ function rebuild_theme_table($themes) { $o = ''; if(count($themes)) { @@ -720,10 +770,12 @@ function rebuild_theme_table($themes) { } -/* +/** * Themes admin page + * + * @param App $a + * @return string */ - function admin_page_themes(&$a){ $allowed_themes_str = get_config('system','allowed_themes'); @@ -740,7 +792,7 @@ function admin_page_themes(&$a){ foreach($files as $file) { $f = basename($file); $is_experimental = intval(file_exists($file . '/experimental')); - $is_unsupported = 1-(intval(file_exists($file . '/unsupported'))); + $is_supported = 1-(intval(file_exists($file . '/unsupported'))); // Is not used yet $is_allowed = intval(in_array($f,$allowed_themes)); $themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed); } @@ -748,7 +800,7 @@ function admin_page_themes(&$a){ if(! count($themes)) { notice( t('No themes found.')); - return; + return ''; } /** @@ -759,10 +811,11 @@ function admin_page_themes(&$a){ $theme = $a->argv[2]; if(! is_dir("view/theme/$theme")){ notice( t("Item not found.") ); - return; + return ''; } if (x($_GET,"a") && $_GET['a']=="t"){ + check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't'); // Toggle theme status @@ -775,7 +828,7 @@ function admin_page_themes(&$a){ set_config('system','allowed_themes',$s); goaway($a->get_baseurl(true) . '/admin/themes' ); - return; // NOTREACHED + return ''; // NOTREACHED } // display theme details @@ -826,7 +879,9 @@ function admin_page_themes(&$a){ '$str_author' => t('Author: '), '$str_maintainer' => t('Maintainer: '), '$screenshot' => $screenshot, - '$readme' => $readme + '$readme' => $readme, + + '$form_security_token' => get_form_security_token("admin_themes"), )); } @@ -852,17 +907,21 @@ function admin_page_themes(&$a){ '$function' => 'themes', '$plugins' => $xthemes, '$experimental' => t('[Experimental]'), - '$unsupported' => t('[Unsupported]') + '$unsupported' => t('[Unsupported]'), + '$form_security_token' => get_form_security_token("admin_themes"), )); } /** * Logs admin page + * + * @param App $a */ function admin_page_logs_post(&$a) { if (x($_POST,"page_logs")) { + check_form_security_token_redirectOnErr('/admin/logs', 'admin_logs'); $logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : ''); $debugging = ((x($_POST,'debugging')) ? true : false); @@ -879,7 +938,11 @@ function admin_page_logs_post(&$a) { goaway($a->get_baseurl(true) . '/admin/logs' ); return; // NOTREACHED } - + +/** + * @param App $a + * @return string + */ function admin_page_logs(&$a){ $log_choices = Array( @@ -937,9 +1000,14 @@ readable."); '$debugging' => array('debugging', t("Debugging"),get_config('system','debugging'), ""), '$logfile' => array('logfile', t("Log file"), get_config('system','logfile'), t("Must be writable by web server. Relative to your Friendica top-level directory.")), '$loglevel' => array('loglevel', t("Log level"), get_config('system','loglevel'), "", $log_choices), + + '$form_security_token' => get_form_security_token("admin_logs"), )); } +/** + * @param App $a + */ function admin_page_remoteupdate_post(&$a) { // this function should be called via ajax post if(!is_site_admin()) { @@ -958,6 +1026,10 @@ function admin_page_remoteupdate_post(&$a) { killme(); } +/** + * @param App $a + * @return string + */ function admin_page_remoteupdate(&$a) { if(!is_site_admin()) { return login(false); diff --git a/mod/fbrowser.php b/mod/fbrowser.php new file mode 100644 index 000000000..66ff9252e --- /dev/null +++ b/mod/fbrowser.php @@ -0,0 +1,99 @@ +<?php +/** + * @package Friendica\modules + * @subpackage FileBrowser + * @author Fabio Comuni <fabrixxm@kirgroup.com> + */ + +/** + * @param App $a + */ +function fbrowser_content($a){ + + if (!local_user()) + killme(); + + if ($a->argc==1) + killme(); + + //echo "<pre>"; var_dump($a->argv); killme(); + + switch($a->argv[1]){ + case "image": + $path = array( array($a->get_baseurl()."/fbrowser/image/", t("Photos"))); + $albums = false; + $sql_extra = ""; + $sql_extra2 = " ORDER BY created DESC LIMIT 0, 10"; + + if ($a->argc==2){ + $albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d ", + intval(local_user()) + ); + // anon functions only from 5.3.0... meglio tardi che mai.. + function folder1($el){return array(bin2hex($el['album']),$el['album']);} + $albums = array_map( "folder1" , $albums); + + } + + $album = ""; + if ($a->argc==3){ + $album = hex2bin($a->argv[2]); + $sql_extra = sprintf("AND `album` = '%s' ",dbesc($album)); + $sql_extra2 = ""; + $path[]=array($a->get_baseurl()."/fbrowser/image/".$a->argv[2]."/", $album); + } + + $r = q("SELECT `resource-id`, `id`, `filename`, min(`scale`) AS `hiq`,max(`scale`) AS `loq`, `desc` + FROM `photo` WHERE `uid` = %d $sql_extra + GROUP BY `resource-id` $sql_extra2", + intval(local_user()) + ); + + + function files1($rr){ global $a; return array( $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['hiq'] . '.jpg', template_escape($rr['filename']), $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['loq'] . '.jpg'); } + $files = array_map("files1", $r); + + $tpl = get_markup_template("filebrowser.tpl"); + echo replace_macros($tpl, array( + '$type' => 'image', + '$baseurl' => $a->get_baseurl(), + '$path' => $path, + '$folders' => $albums, + '$files' =>$files, + )); + + + break; + case "file": + if ($a->argc==2){ + $files = q("SELECT id, filename, filetype FROM `attach` WHERE `uid` = %d ", + intval(local_user()) + ); + + function files2($rr){ global $a; + list($m1,$m2) = explode("/",$rr['filetype']); + $filetype = ( (file_exists("images/icons/$m1.png"))?$m1:"zip"); + return array( $a->get_baseurl() . '/attach/' . $rr['id'], template_escape($rr['filename']), $a->get_baseurl() . '/images/icons/16/' . $filetype . '.png'); + } + $files = array_map("files2", $files); + //echo "<pre>"; var_dump($files); killme(); + + + $tpl = get_markup_template("filebrowser.tpl"); + echo replace_macros($tpl, array( + '$type' => 'file', + '$baseurl' => $a->get_baseurl(), + '$path' => array( array($a->get_baseurl()."/fbrowser/image/", t("Files")) ), + '$folders' => false, + '$files' =>$files, + )); + + } + + break; + } + + + killme(); + +} diff --git a/mod/install.php b/mod/install.php index 2eb98ee91..6f5552076 100644 --- a/mod/install.php +++ b/mod/install.php @@ -380,9 +380,9 @@ function check_funcs(&$checks) { if(function_exists('apache_get_modules')){ if (! in_array('mod_rewrite',apache_get_modules())) { - check_add($ck_funcs, t('Apace mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.')); + check_add($ck_funcs, t('Apache mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.')); } else { - check_add($ck_funcs, t('Apace mod_rewrite module'), true, true, ""); + check_add($ck_funcs, t('Apache mod_rewrite module'), true, true, ""); } } if(! function_exists('curl_init')){ @@ -464,3 +464,6 @@ function load_database($db) { } return $errors; } + + + diff --git a/mod/item.php b/mod/item.php index 7f0ca3fc3..642a6758a 100644 --- a/mod/item.php +++ b/mod/item.php @@ -759,7 +759,7 @@ function item_post(&$a) { } else { logger('mod_item: unable to retrieve post that was just stored.'); - notify( t('System error. Post not saved.')); + notice( t('System error. Post not saved.') . EOL); goaway($a->get_baseurl() . "/" . $return_path ); // NOTREACHED } diff --git a/mod/photo.php b/mod/photo.php index 3a7025120..1d38fe8e4 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -4,6 +4,30 @@ require_once('include/security.php'); function photo_init(&$a) { + // To-Do: + // - checking with realpath + // - checking permissions + /* + $cache = get_config('system','itemcache'); + if (($cache != '') and is_dir($cache)) { + $cachefile = $cache."/".$a->argc."-".$a->argv[1]."-".$a->argv[2]."-".$a->argv[3]; + if (file_exists($cachefile)) { + $data = file_get_contents($cachefile); + + if(function_exists('header_remove')) { + header_remove('Pragma'); + header_remove('pragma'); + } + + header("Content-type: image/jpeg"); + header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); + header("Cache-Control: max-age=" . (3600*24)); + echo $data; + killme(); + // NOTREACHED + } + }*/ + switch($a->argc) { case 4: $person = $a->argv[3]; @@ -27,6 +51,7 @@ function photo_init(&$a) { if(isset($type)) { + /** * Profile photos */ @@ -144,6 +169,10 @@ function photo_init(&$a) { } } + // Writing in cachefile + if (isset($cachefile) && $cachefile != '') + file_put_contents($cachefile, $data); + if(function_exists('header_remove')) { header_remove('Pragma'); header_remove('pragma'); diff --git a/mod/photos.php b/mod/photos.php index 2a808cb41..8da94841e 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -330,7 +330,6 @@ function photos_post(&$a) { // Create item container $title = ''; - $basename = basename($filename); $uri = item_new_uri($a->get_hostname(),$page_owner_uid); $arr = array(); diff --git a/mod/profile.php b/mod/profile.php index 51f944412..de1e27248 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -17,6 +17,7 @@ function profile_init(&$a) { goaway($a->get_baseurl() . '/profile/' . $r[0]['nickname']); } else { + logger('profile error: mod_profile ' . $a->query_string, LOGGER_DEBUG); notice( t('Requested profile is not available.') . EOL ); $a->error = 404; return; diff --git a/mod/randprof.php b/mod/randprof.php index 53d7425e9..6713a81d9 100644 --- a/mod/randprof.php +++ b/mod/randprof.php @@ -5,6 +5,6 @@ function randprof_init(&$a) { require_once('include/Contact.php'); $x = random_profile(); if($x) - goaway($x); + goaway(zrl($x)); goaway($a->get_baseurl() . '/profile'); } diff --git a/mod/wall_attach.php b/mod/wall_attach.php index bee7c29dc..03d9f5105 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -98,8 +98,13 @@ function wall_attach_post(&$a) { killme(); } - echo '<br /><br />[attachment]' . $r[0]['id'] . '[/attachment]' . '<br />'; + $lf = '<br />'; + if(local_user() && intval(get_pconfig(local_user(),'system','plaintext'))) + $lf = "\n"; + + echo $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf; + killme(); // NOTREACHED } |