diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/admin.php | 17 | ||||
-rw-r--r-- | mod/dfrn_confirm.php | 17 | ||||
-rw-r--r-- | mod/dirfind.php | 3 | ||||
-rw-r--r-- | mod/hostxrd.php | 22 | ||||
-rw-r--r-- | mod/install.php | 93 | ||||
-rw-r--r-- | mod/item.php | 39 | ||||
-rw-r--r-- | mod/network.php | 15 | ||||
-rw-r--r-- | mod/notes.php | 10 | ||||
-rw-r--r-- | mod/photos.php | 72 | ||||
-rw-r--r-- | mod/ping.php | 8 | ||||
-rw-r--r-- | mod/profiles.php | 13 | ||||
-rw-r--r-- | mod/redir.php | 2 | ||||
-rw-r--r-- | mod/register.php | 37 | ||||
-rw-r--r-- | mod/search.php | 6 | ||||
-rw-r--r-- | mod/wallmessage.php | 4 |
15 files changed, 226 insertions, 132 deletions
diff --git a/mod/admin.php b/mod/admin.php index 2810c8a8a..d19118b78 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -115,7 +115,7 @@ function admin_content(&$a) { $aside['logs'] = Array($a->get_baseurl(true)."/admin/logs/", t("Logs"), "logs"); $t = get_markup_template("admin_aside.tpl"); - $a->page['aside'] = replace_macros( $t, array( + $a->page['aside'] .= replace_macros( $t, array( '$admin' => $aside, '$h_pending' => t('User registrations waiting for confirmation'), '$admurl'=> $a->get_baseurl(true)."/admin/" @@ -182,6 +182,7 @@ function admin_page_summary(&$a) { Array( t('Community/Celebrity Account'), 0), Array( t('Automatic Friend Account'), 0) ); + $users=0; foreach ($r as $u){ $accounts[$u['page-flags']][1] = $u['count']; $users+= $u['count']; } @@ -190,10 +191,22 @@ function admin_page_summary(&$a) { $r = q("SELECT COUNT(id) as `count` FROM `register`"); $pending = $r[0]['count']; + $r = q("select count(*) as total from deliverq where 1"); + $deliverq = (($r) ? $r[0]['total'] : 0); + + $r = q("select count(*) as total from queue where 1"); + $queue = (($r) ? $r[0]['total'] : 0); + + // We can do better, but this is a quick queue status + + $queues = array( 'label' => t('Message queues'), 'deliverq' => $deliverq, 'queue' => $queue ); + + $t = get_markup_template("admin_summary.tpl"); return replace_macros($t, array( '$title' => t('Administration'), '$page' => t('Summary'), + '$queues' => $queues, '$users' => Array( t('Registered users'), $users), '$accounts' => $accounts, '$pending' => Array( t('Pending registrations'), $pending), @@ -417,7 +430,7 @@ function admin_page_site(&$a) { '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), '$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices), - '$register_text' => array('register_text', t("Register text"), htmlentities($a->config['register_text'], ENT_QUOTES), t("Will be displayed prominently on the registration page.")), + '$register_text' => array('register_text', t("Register text"), htmlentities($a->config['register_text'], ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")), '$abandon_days' => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')), '$allowed_sites' => array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")), '$allowed_email' => array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")), diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 227d72cbf..564ae5ca2 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -144,19 +144,12 @@ function dfrn_confirm_post(&$a,$handsfree = null) { * worried about key leakage than anybody cracking it. * */ + require_once('include/crypto.php'); - $res = openssl_pkey_new(array( - 'digest_alg' => 'sha1', - 'private_key_bits' => 4096, - 'encrypt_key' => false ) - ); - - $private_key = ''; - - openssl_pkey_export($res, $private_key); + $res = new_keypair(1024); - $pubkey = openssl_pkey_get_details($res); - $public_key = $pubkey["key"]; + $private_key = $res['prvkey']; + $public_key = $res['pubkey']; // Save the private key. Send them the public key. @@ -507,7 +500,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { ); if($contact && $g && intval($g[0]['def_gid'])) { require_once('include/group.php'); - group_add_member($uid,'',$contact[0]['id'],$g[0]['def_gid']); + group_add_member($uid,'',$contact['id'],$g[0]['def_gid']); } // Let's send our user to the contact editor in case they want to diff --git a/mod/dirfind.php b/mod/dirfind.php index 34c54dd91..5c5d0e933 100644 --- a/mod/dirfind.php +++ b/mod/dirfind.php @@ -17,6 +17,9 @@ function dirfind_init(&$a) { function dirfind_content(&$a) { $search = notags(trim($_REQUEST['search'])); + + if(strpos($search,'@') === 0) + $search = substr($search,1); $o = ''; diff --git a/mod/hostxrd.php b/mod/hostxrd.php index fe61a874c..9b2411f26 100644 --- a/mod/hostxrd.php +++ b/mod/hostxrd.php @@ -8,26 +8,10 @@ function hostxrd_init(&$a) { $pubkey = get_config('system','site_pubkey'); if(! $pubkey) { + $res = new_keypair(1024); - // should only have to ever do this once. - - $res=openssl_pkey_new(array( - 'digest_alg' => 'sha1', - 'private_key_bits' => 4096, - 'encrypt_key' => false )); - - - $prvkey = ''; - - openssl_pkey_export($res, $prvkey); - - // Get public key - - $pkey = openssl_pkey_get_details($res); - $pubkey = $pkey["key"]; - - set_config('system','site_prvkey', $prvkey); - set_config('system','site_pubkey', $pubkey); + set_config('system','site_prvkey', $res['prvkey']); + set_config('system','site_pubkey', $res['pubkey']); } $tpl = file_get_contents('view/xrd_host.tpl'); diff --git a/mod/install.php b/mod/install.php index 6f5552076..6d6232a95 100644 --- a/mod/install.php +++ b/mod/install.php @@ -4,6 +4,12 @@ $install_wizard_pass=1; function install_init(&$a){ + + // $baseurl/install/testrwrite to test if rewite in .htaccess is working + if ($a->argc==2 && $a->argv[1]=="testrewrite") { + echo "ok"; + killme(); + } global $install_wizard_pass; if (x($_POST,'pass')) $install_wizard_pass = intval($_POST['pass']); @@ -110,14 +116,7 @@ function install_content(&$a) { $wizard_status = ""; $install_title = t('Friendica Social Communications Server - Setup'); - if(x($a->data,'txt') && strlen($a->data['txt'])) { - $tpl = get_markup_template('install.tpl'); - return replace_macros($tpl, array( - '$title' => $install_title, - '$pass' => t('Database connection'), - '$text' => manual_config($a), - )); - } + if(x($a->data,'db_conn_failed')) { $install_wizard_pass = 2; @@ -128,39 +127,20 @@ function install_content(&$a) { $wizard_status = t('Could not create table.'); } + $db_return_text=""; if(x($a->data,'db_installed')) { $txt = '<p style="font-size: 130%;">'; $txt .= t('Your Friendica site database has been installed.') . EOL; - $txt .= t('IMPORTANT: You will need to [manually] setup a scheduled task for the poller.') . EOL ; - $txt .= t('Please see the file "INSTALL.txt".') . EOL ; - $txt .= '<br />'; - $txt .= '<a href="' . $a->get_baseurl() . '/register' . '">' . t('Proceed to registration') . '</a>' ; - $txt .= '</p>'; - - $tpl = get_markup_template('install.tpl'); - return replace_macros($tpl, array( - '$title' => $install_title, - '$pass' => t('Proceed with Installation'), - '$text' => $txt, - )); - + $db_return_text .= $txt; } if(x($a->data,'db_failed')) { $txt = t('You may need to import the file "database.sql" manually using phpmyadmin or mysql.') . EOL; $txt .= t('Please see the file "INSTALL.txt".') . EOL ."<hr>" ; $txt .= "<pre>".$a->data['db_failed'] . "</pre>". EOL ; - - $tpl = get_markup_template('install.tpl'); - return replace_macros($tpl, array( - '$title' => $install_title, - '$pass' => t('Database connection'), - '$status' => t('Database import failed.'), - '$text' => $txt, - )); - + $db_return_text .= $txt; } - + if($db && $db->connected) { $r = q("SELECT COUNT(*) as `total` FROM `user`"); if($r && count($r) && $r[0]['total']) { @@ -174,6 +154,19 @@ function install_content(&$a) { } } + if(x($a->data,'txt') && strlen($a->data['txt'])) { + $tpl = get_markup_template('install.tpl'); + $db_return_text .= manual_config($a); + } + + if ($db_return_text!="") { + return replace_macros($tpl, array( + '$title' => $install_title, + '$pass' => "", + '$text' => $db_return_text . what_next(), + )); + } + switch ($install_wizard_pass){ case 1: { // System check @@ -191,7 +184,8 @@ function install_content(&$a) { check_php($phpath, $checks); - + check_htaccess($checks); + function check_passed($v, $c){ if ($c['required']) $v = $v && $c['status']; @@ -321,14 +315,16 @@ function check_php(&$phpath, &$checks) { $help = ""; if(!$passed) { $help .= t('Could not find a command line version of PHP in the web server PATH.'). EOL; + $help .= t("If you don't have a command line version of PHP installed on server, you will not be able to run background polling via cron. See <a href='http://friendica.com/node/27'>'Activating scheduled tasks'</a>") . EOL ; + $help .= EOL . EOL ; $tpl = get_markup_template('field_input.tpl'); $help .= replace_macros($tpl, array( - '$field' => array('phpath', t('PHP executable path'), $phpath, t('Enter full path to php executable')), + '$field' => array('phpath', t('PHP executable path'), $phpath, t('Enter full path to php executable. You can leave this blank to continue the installation.')), )); $phpath=""; } - check_add($checks, t('Command line PHP'), $passed, true, $help); + check_add($checks, t('Command line PHP').($passed?" (<tt>$phpath</tt>)":""), $passed, false, $help); if($passed) { $str = autoname(8); @@ -422,14 +418,26 @@ function check_htconfig(&$checks) { $status=false; $help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL; $help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL; - $help .= t('Please check with your site documentation or support people to see if this situation can be corrected.').EOL; - $help .= t('If not, you may be required to perform a manual installation. Please see the file "INSTALL.txt" for instructions.').EOL; + $help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Friendica top folder.').EOL; + $help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "INSTALL.txt" for instructions.').EOL; } - check_add($checks, t('.htconfig.php is writable'), $status, true, $help); + check_add($checks, t('.htconfig.php is writable'), $status, false, $help); } +function check_htaccess(&$checks) { + $a = get_app(); + $status = true; + $help = ""; + $test = fetch_url($a->get_baseurl()."/install/testrewrite"); + if ($test!="ok") { + $status = false; + $help = t('Url rewrite in .htconfig is not working. Check your server configuration.'); + } + check_add($checks, t('Url rewrite is working'), $status, true, $help); +} + function manual_config(&$a) { $data = htmlentities($a->data['txt']); @@ -465,5 +473,16 @@ function load_database($db) { return $errors; } +function what_next() { + $a = get_app(); + $baseurl = $a->get_baseurl(); + return + t('<h1>What next</h1>') + ."<p>".t('IMPORTANT: You will need to [manually] setup a scheduled task for the poller.') + .t('Please see the file "INSTALL.txt".') + ."</p><p>" + .t("Go to your new Firendica node <a href='$baseurl/register'>registration page</a> and register as new user. Remember to use the same email you have entered as administrator email. This will allow you to enter the site admin panel.") + ."</p>"; +} diff --git a/mod/item.php b/mod/item.php index 639379fe0..df242d6f7 100644 --- a/mod/item.php +++ b/mod/item.php @@ -218,14 +218,23 @@ function item_post(&$a) { $private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0); - if(($parent_item) && - (($parent_item['private']) + // If this is a comment, set the permissions from the parent. + + if($parent_item) { + $private = 0; + + if(($parent_item['private']) || strlen($parent_item['allow_cid']) || strlen($parent_item['allow_gid']) || strlen($parent_item['deny_cid']) - || strlen($parent_item['deny_gid']) - )) { - $private = 1; + || strlen($parent_item['deny_gid'])) { + $private = 1; + } + + $str_contact_allow = $parent_item['allow_cid']; + $str_group_allow = $parent_item['allow_gid']; + $str_contact_deny = $parent_item['deny_cid']; + $str_group_deny = $parent_item['deny_gid']; } $pubmail_enable = ((x($_REQUEST,'pubmail_enable') && intval($_REQUEST['pubmail_enable']) && (! $private)) ? 1 : 0); @@ -281,18 +290,16 @@ function item_post(&$a) { $author = null; $self = false; - if(($_SESSION['uid']) && ($_SESSION['uid'] == $profile_uid)) { + if((local_user()) && (local_user() == $profile_uid)) { $self = true; $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid']) ); } - else { - if((x($_SESSION,'visitor_id')) && (intval($_SESSION['visitor_id']))) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", - intval($_SESSION['visitor_id']) - ); - } + elseif(remote_user()) { + $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", + intval(remote_user()) + ); } if(count($r)) { @@ -302,7 +309,7 @@ function item_post(&$a) { // get contact info for owner - if($profile_uid == $_SESSION['uid']) { + if($profile_uid == local_user()) { $contact_record = $author; } else { @@ -313,8 +320,6 @@ function item_post(&$a) { $contact_record = $r[0]; } - - $post_type = notags(trim($_REQUEST['type'])); if($post_type === 'net-comment') { @@ -350,13 +355,15 @@ function item_post(&$a) { $image_uri = substr($image_uri,0, strpos($image_uri,'-')); if(! strlen($image_uri)) continue; - $srch = '<' . intval($contact_record['id']) . '>'; + $srch = '<' . intval($contact_id) . '>'; + $r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' AND `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($srch), dbesc($image_uri), intval($profile_uid) ); + if(! count($r)) continue; diff --git a/mod/network.php b/mod/network.php index e59839ccc..fbfe2de4f 100644 --- a/mod/network.php +++ b/mod/network.php @@ -108,6 +108,10 @@ function network_content(&$a, $update = 0) { return login(false); } + $arr = array('query' => $a->query_string); + + call_hooks('network_content_init', $arr); + $o = ''; // item filter tabs @@ -157,7 +161,7 @@ function network_content(&$a, $update = 0) { $all_active = 'active'; } - + $postord_active = ''; if($all_active && x($_GET,'order') && $_GET['order'] !== 'comment') { @@ -410,16 +414,15 @@ function network_content(&$a, $update = 0) { if($conv) { $myurl = $a->get_baseurl() . '/profile/'. $a->user['nickname']; $myurl = substr($myurl,strpos($myurl,'://')+3); - $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); + $myurl = str_replace('www.','',$myurl); $diasp_url = str_replace('/profile/','/u/',$myurl); $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", - dbesc(protect_sprintf('%s' . $myurl)), - dbesc(protect_sprintf('%' . $myurl . '\\]%')), - dbesc(protect_sprintf('%' . $diasp_url . '\\]%')) + dbesc(protect_sprintf('%' . $myurl)), + dbesc(protect_sprintf('%' . $myurl . ']%')), + dbesc(protect_sprintf('%' . $diasp_url . ']%')) ); } - if($update) { // only setup pagination on initial page view diff --git a/mod/notes.php b/mod/notes.php index e6e2b44fb..64cc17a65 100644 --- a/mod/notes.php +++ b/mod/notes.php @@ -80,8 +80,9 @@ function notes_content(&$a,$update = false) { $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - WHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 + AND `item`.`deleted` = 0 AND `item`.`origin` = 1 + AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`self` = 1 AND `item`.`id` = `item`.`parent` AND `item`.`wall` = 0 $sql_extra ", intval(local_user()) @@ -95,8 +96,9 @@ function notes_content(&$a,$update = false) { $r = q("SELECT `item`.`id` AS `item_id`, `contact`.`uid` AS `contact-uid` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + and `item`.`moderated` = 0 AND `item`.`origin` = 1 + AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`self` = 1 AND `item`.`id` = `item`.`parent` AND `item`.`wall` = 0 $sql_extra ORDER BY `item`.`created` DESC LIMIT %d ,%d ", diff --git a/mod/photos.php b/mod/photos.php index 8da94841e..3ce6f9934 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -287,6 +287,7 @@ function photos_post(&$a) { if(($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) { + $desc = ((x($_POST,'desc')) ? notags(trim($_POST['desc'])) : ''); $rawtags = ((x($_POST,'newtag')) ? notags(trim($_POST['newtag'])) : ''); $item_id = ((x($_POST,'item_id')) ? intval($_POST['item_id']) : 0); @@ -300,7 +301,61 @@ function photos_post(&$a) { if(! strlen($albname)) $albname = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y'); + + + if((x($_POST,'rotate') !== false) && (intval($_POST['rotate']) == 1)) { + logger('rotate'); + + $r = q("select * from photo where `resource-id` = '%s' and uid = %d and scale = 0 limit 1", + dbesc($resource_id), + intval($page_owner_uid) + ); + if(count($r)) { + $ph = new Photo($r[0]['data']); + if($ph->is_valid()) { + $ph->rotate(270); + + $width = $ph->getWidth(); + $height = $ph->getHeight(); + + $x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 0 limit 1", + dbesc($ph->imageString()), + intval($height), + intval($width), + dbesc($resource_id), + intval($page_owner_uid) + ); + + if($width > 640 || $height > 640) { + $ph->scaleImage(640); + $width = $ph->getWidth(); + $height = $ph->getHeight(); + $x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 1 limit 1", + dbesc($ph->imageString()), + intval($height), + intval($width), + dbesc($resource_id), + intval($page_owner_uid) + ); + } + + if($width > 320 || $height > 320) { + $ph->scaleImage(320); + $width = $ph->getWidth(); + $height = $ph->getHeight(); + + $x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 2 limit 1", + dbesc($ph->imageString()), + intval($height), + intval($width), + dbesc($resource_id), + intval($page_owner_uid) + ); + } + } + } + } $p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC", dbesc($resource_id), @@ -977,9 +1032,16 @@ function photos_content(&$a) { $tpl = get_markup_template('photo_album.tpl'); if(count($r)) + $twist = 'rotright'; foreach($r as $rr) { + if($twist == 'rotright') + $twist = 'rotleft'; + else + $twist = 'rotright'; + $o .= replace_macros($tpl,array( '$id' => $rr['id'], + '$twist' => ' ' . $twist . rand(2,4), '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'], '$phototitle' => t('View Photo'), '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.jpg', @@ -1098,7 +1160,7 @@ function photos_content(&$a) { $photo = array( 'href' => $a->get_baseurl() . '/photo/' . $hires['resource-id'] . '-' . $hires['scale'] . '.jpg', 'title'=> t('View Full Size'), - 'src' => $a->get_baseurl() . '/photo/' . $lores['resource-id'] . '-' . $lores['scale'] . '.jpg' + 'src' => $a->get_baseurl() . '/photo/' . $lores['resource-id'] . '-' . $lores['scale'] . '.jpg' . '?f=&_u=' . datetime_convert('','','','ymdhis') ); if($nextlink) @@ -1178,6 +1240,7 @@ function photos_content(&$a) { $edit_tpl = get_markup_template('photo_edit.tpl'); $edit = replace_macros($edit_tpl, array( '$id' => $ph[0]['id'], + '$rotate' => t('Rotate CW'), '$album' => template_escape($ph[0]['album']), '$newalbum' => t('New album name'), '$nickname' => $a->data['user']['nickname'], @@ -1400,9 +1463,16 @@ function photos_content(&$a) { $photos = array(); if(count($r)) { + $twist = 'rotright'; foreach($r as $rr) { + if($twist == 'rotright') + $twist = 'rotleft'; + else + $twist = 'rotright'; + $photos[] = array( 'id' => $rr['id'], + 'twist' => ' ' . $twist . rand(2,4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . ((($rr['scale']) == 6) ? 4 : $rr['scale']) . '.jpg', diff --git a/mod/ping.php b/mod/ping.php index 63aaa0f45..55dcb26bb 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -10,8 +10,16 @@ function ping_init(&$a) { <result>"; $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; + if(local_user()){ + // Different login session than the page that is calling us. + + if(intval($_GET['uid']) && intval($_GET['uid']) != local_user()) { + echo '<invalid>1</invalid></result>'; + killme(); + } + $firehose = intval(get_pconfig(local_user(),'system','notify_full')); $t = q("select count(*) as total from notify where uid = %d and seen = 0", diff --git a/mod/profiles.php b/mod/profiles.php index 26fc88765..ca3890eb9 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -146,7 +146,7 @@ function profiles_post(&$a) { $value = $marital; } if($withchanged) { - $changes[] = '♥ ' . t('Romantic Partner'); + $changes[] = '[color=#ff0000]♥[/color] ' . t('Romantic Partner'); $value = strip_tags($with); } if($work != $orig[0]['work']) { @@ -176,9 +176,18 @@ function profiles_post(&$a) { $changes[] = t('Interests'); $value = $interest; } - if($address != $orig[0]['address'] || $locality != $orig[0]['locality'] || $region != $orig[0]['region'] + if($address != $orig[0]['address']) { + $changes[] = t('Address'); + // New address not sent in notifications, potential privacy issues + // in case this leaks to unintended recipients. Yes, it's in the public + // profile but that doesn't mean we have to broadcast it to everybody. + } + if($locality != $orig[0]['locality'] || $region != $orig[0]['region'] || $country_name != $orig[0]['country-name']) { $changes[] = t('Location'); + $comma1 = ((($locality) && ($region || $country_name)) ? ', ' : ' '); + $comma2 = (($region && $country_name) ? ', ' : ''); + $value = $locality . $comma1 . $region . $comma2 . $country_name; } profile_activity($changes,$value); diff --git a/mod/redir.php b/mod/redir.php index 9223e5483..0f7b5cc23 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -6,7 +6,7 @@ function redir_init(&$a) { // traditional DFRN - if(local_user() && $a->argc == 2 && intval($a->argv[1])) { + if(local_user() && $a->argc > 1 && intval($a->argv[1])) { $cid = $a->argv[1]; diff --git a/mod/register.php b/mod/register.php index b60707d45..58bba8533 100644 --- a/mod/register.php +++ b/mod/register.php @@ -171,26 +171,17 @@ function register_post(&$a) { $new_password = autoname(6) . mt_rand(100,9999); $new_password_encoded = hash('whirlpool',$new_password); - $res=openssl_pkey_new(array( - 'digest_alg' => 'sha1', - 'private_key_bits' => 4096, - 'encrypt_key' => false )); + require_once('include/crypto.php'); - // Get private key + $result = new_keypair(1024); - if(empty($res)) { + if($result === false) { notice( t('SERIOUS ERROR: Generation of security keys failed.') . EOL); return; } - $prvkey = ''; - - openssl_pkey_export($res, $prvkey); - - // Get public key - - $pkey = openssl_pkey_get_details($res); - $pubkey = $pkey["key"]; + $prvkey = $result['prvkey']; + $pubkey = $result['pubkey']; /** * @@ -203,21 +194,9 @@ function register_post(&$a) { * */ - $sres=openssl_pkey_new(array( - 'digest_alg' => 'sha1', - 'private_key_bits' => 512, - 'encrypt_key' => false )); - - // Get private key - - $sprvkey = ''; - - openssl_pkey_export($sres, $sprvkey); - - // Get public key - - $spkey = openssl_pkey_get_details($sres); - $spubkey = $spkey["key"]; + $sres = new_keypair(512); + $sprvkey = $sres['prvkey']; + $spubkey = $sres['pubkey']; $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`, `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` ) diff --git a/mod/search.php b/mod/search.php index 635c87b70..3e6bf68aa 100644 --- a/mod/search.php +++ b/mod/search.php @@ -80,7 +80,7 @@ function search_content(&$a) { $o = '<div id="live-search"></div>' . "\r\n"; - $o .= '<h3>' . t('Search This Site') . '</h3>'; + $o .= '<h3>' . t('Search') . '</h3>'; if(x($a->data,'search')) $search = notags(trim($a->data['search'])); @@ -101,6 +101,10 @@ function search_content(&$a) { $tag = true; $search = substr($search,1); } + if(strpos($search,'@') === 0) { + require_once('mod/dirfind.php'); + return dirfind_content($a); + } if(! $search) return $o; diff --git a/mod/wallmessage.php b/mod/wallmessage.php index 1a4882b64..cf349775c 100644 --- a/mod/wallmessage.php +++ b/mod/wallmessage.php @@ -44,7 +44,7 @@ function wallmessage_post(&$a) { } // Work around doubled linefeeds in Tinymce 3.5b2 -dbg(1); + $body = str_replace("\r\n","\n",$body); $body = str_replace("\n\n","\n",$body); @@ -67,7 +67,7 @@ dbg(1); default: info( t('Message sent.') . EOL ); } -dbg(0); + // goaway($a->get_baseurl() . '/profile/' . $user['nickname']); } |