aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rwxr-xr-xmod/admin.php69
-rwxr-xr-xmod/contacts.php40
-rw-r--r--mod/dfrn_confirm.php6
-rwxr-xr-xmod/dfrn_notify.php72
-rwxr-xr-xmod/dfrn_poll.php6
-rwxr-xr-xmod/dfrn_request.php29
-rwxr-xr-xmod/directory.php17
-rwxr-xr-xmod/display.php10
-rwxr-xr-xmod/filer.php23
-rw-r--r--mod/filerm.php21
-rwxr-xr-xmod/group.php26
-rwxr-xr-xmod/item.php246
-rwxr-xr-xmod/manage.php2
-rwxr-xr-xmod/message.php26
-rwxr-xr-xmod/network.php37
-rwxr-xr-xmod/notifications.php44
-rw-r--r--mod/notify.php4
-rwxr-xr-xmod/parse_url.php2
-rwxr-xr-xmod/photos.php11
-rwxr-xr-xmod/profile_photo.php18
-rwxr-xr-xmod/profiles.php42
-rwxr-xr-xmod/settings.php99
-rwxr-xr-xmod/share.php2
23 files changed, 543 insertions, 309 deletions
diff --git a/mod/admin.php b/mod/admin.php
index 93714bb5f..a64b26903 100755
--- a/mod/admin.php
+++ b/mod/admin.php
@@ -37,7 +37,7 @@ function admin_post(&$a){
$func($a);
}
}
- goaway($a->get_baseurl() . '/admin/plugins/' . $a->argv[2] );
+ goaway($a->get_baseurl(true) . '/admin/plugins/' . $a->argv[2] );
return; // NOTREACHED
break;
case 'logs':
@@ -49,7 +49,7 @@ function admin_post(&$a){
}
}
- goaway($a->get_baseurl() . '/admin' );
+ goaway($a->get_baseurl(true) . '/admin' );
return; // NOTREACHED
}
@@ -68,11 +68,11 @@ function admin_content(&$a) {
// array( url, name, extra css classes )
$aside = Array(
- 'site' => Array($a->get_baseurl()."/admin/site/", t("Site") , "site"),
- 'users' => Array($a->get_baseurl()."/admin/users/", t("Users") , "users"),
- 'plugins'=> Array($a->get_baseurl()."/admin/plugins/", t("Plugins") , "plugins"),
- 'themes' => Array($a->get_baseurl()."/admin/themes/", t("Themes") , "themes"),
- 'update' => Array($a->get_baseurl()."/admin/update/", t("Update") , "update")
+ 'site' => Array($a->get_baseurl(true)."/admin/site/", t("Site") , "site"),
+ 'users' => Array($a->get_baseurl(true)."/admin/users/", t("Users") , "users"),
+ 'plugins'=> Array($a->get_baseurl(true)."/admin/plugins/", t("Plugins") , "plugins"),
+ 'themes' => Array($a->get_baseurl(true)."/admin/themes/", t("Themes") , "themes"),
+ 'update' => Array($a->get_baseurl(true)."/admin/update/", t("Update") , "update")
);
/* get plugins admin page */
@@ -81,18 +81,18 @@ function admin_content(&$a) {
$aside['plugins_admin']=Array();
foreach ($r as $h){
$plugin =$h['name'];
- $aside['plugins_admin'][] = Array($a->get_baseurl()."/admin/plugins/".$plugin, $plugin, "plugin");
+ $aside['plugins_admin'][] = Array($a->get_baseurl(true)."/admin/plugins/".$plugin, $plugin, "plugin");
// temp plugins with admin
$a->plugins_admin[] = $plugin;
}
- $aside['logs'] = Array($a->get_baseurl()."/admin/logs/", t("Logs"), "logs");
+ $aside['logs'] = Array($a->get_baseurl(true)."/admin/logs/", t("Logs"), "logs");
$t = get_markup_template("admin_aside.tpl");
$a->page['aside'] = replace_macros( $t, array(
'$admin' => $aside,
'$h_pending' => t('User registrations waiting for confirmation'),
- '$admurl'=> $a->get_baseurl()."/admin/"
+ '$admurl'=> $a->get_baseurl(true)."/admin/"
));
@@ -151,11 +151,7 @@ function admin_page_summary(&$a) {
$r = q("SELECT COUNT(id) as `count` FROM `register`");
$pending = $r[0]['count'];
-
-
-
-
-
+
$t = get_markup_template("admin_summary.tpl");
return replace_macros($t, array(
'$title' => t('Administration'),
@@ -210,7 +206,7 @@ function admin_page_site_post(&$a){
$dfrn_only = ((x($_POST,'dfrn_only')) ? True : False);
$ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False);
$diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False);
-
+ $ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0);
set_config('config','sitename',$sitename);
if ($banner==""){
@@ -222,6 +218,7 @@ function admin_page_site_post(&$a){
} else {
set_config('system','banner', $banner);
}
+ set_config('system','ssl_policy',$ssl_policy);
set_config('system','language', $language);
set_config('system','theme', $theme);
set_config('system','maximagesize', $maximagesize);
@@ -258,7 +255,7 @@ function admin_page_site_post(&$a){
set_config('system','diaspora_enabled', $diaspora_enabled);
info( t('Site settings updated.') . EOL);
- goaway($a->get_baseurl() . '/admin/site' );
+ goaway($a->get_baseurl(true) . '/admin/site' );
return; // NOTREACHED
}
@@ -305,7 +302,13 @@ function admin_page_site(&$a) {
REGISTER_APPROVE => t("Requires approval"),
REGISTER_OPEN => t("Open")
);
-
+
+ $ssl_choices = array(
+ SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"),
+ SSL_POLICY_FULL => t("Force all links to use SSL"),
+ SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)")
+ );
+
$t = get_markup_template("admin_site.tpl");
return replace_macros($t, array(
'$title' => t('Administration'),
@@ -316,13 +319,13 @@ function admin_page_site(&$a) {
'$corporate' => t('Policies'),
'$advanced' => t('Advanced'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
// name, label, value, help string, extra data...
'$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), ""),
'$banner' => array('banner', t("Banner/Logo"), $banner, ""),
'$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
'$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices),
-
+ '$ssl_policy' => array('ssl_policy', t("SSL link policy"), (string) intval(get_config('system','ssl_policy')), t("Determines whether generated links should be forced to use SSL"), $ssl_choices),
'$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
'$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices),
@@ -389,7 +392,7 @@ function admin_page_users_post(&$a){
user_deny($hash);
}
}
- goaway($a->get_baseurl() . '/admin/users' );
+ goaway($a->get_baseurl(true) . '/admin/users' );
return; // NOTREACHED
}
@@ -399,7 +402,7 @@ function admin_page_users(&$a){
$user = q("SELECT * FROM `user` WHERE `uid`=%d", intval($uid));
if (count($user)==0){
notice( 'User not found' . EOL);
- goaway($a->get_baseurl() . '/admin/users' );
+ goaway($a->get_baseurl(true) . '/admin/users' );
return; // NOTREACHED
}
switch($a->argv[2]){
@@ -418,7 +421,7 @@ function admin_page_users(&$a){
notice( sprintf( ($user[0]['blocked']?t("User '%s' unblocked"):t("User '%s' blocked")) , $user[0]['username']) . EOL);
}; break;
}
- goaway($a->get_baseurl() . '/admin/users' );
+ goaway($a->get_baseurl(true) . '/admin/users' );
return; // NOTREACHED
}
@@ -497,7 +500,7 @@ function admin_page_users(&$a){
// values //
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$pending' => $pending,
'$users' => $users,
@@ -536,7 +539,7 @@ function admin_page_plugins(&$a){
info( sprintf( t("Plugin %s enabled."), $plugin ) );
}
set_config("system","addon", implode(", ",$a->plugins));
- goaway($a->get_baseurl() . '/admin/plugins' );
+ goaway($a->get_baseurl(true) . '/admin/plugins' );
return; // NOTREACHED
}
// display plugin details
@@ -569,7 +572,7 @@ function admin_page_plugins(&$a){
'$page' => t('Plugins'),
'$toggle' => t('Toggle'),
'$settings' => t('Settings'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$plugin' => $plugin,
'$status' => $status,
@@ -607,7 +610,7 @@ function admin_page_plugins(&$a){
'$title' => t('Administration'),
'$page' => t('Plugins'),
'$submit' => t('Submit'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$function' => 'plugins',
'$plugins' => $plugins
));
@@ -713,7 +716,7 @@ function admin_page_themes(&$a){
info( sprintf('Theme %s disabled.',$theme));
set_config('system','allowed_themes',$s);
- goaway($a->get_baseurl() . '/admin/themes' );
+ goaway($a->get_baseurl(true) . '/admin/themes' );
return; // NOTREACHED
}
@@ -742,7 +745,7 @@ function admin_page_themes(&$a){
'$page' => t('Themes'),
'$toggle' => t('Toggle'),
'$settings' => t('Settings'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$plugin' => $theme,
'$status' => $status,
@@ -774,7 +777,7 @@ function admin_page_themes(&$a){
'$title' => t('Administration'),
'$page' => t('Themes'),
'$submit' => t('Submit'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$function' => 'themes',
'$plugins' => $xthemes,
'$experimental' => t('[Experimental]'),
@@ -802,7 +805,7 @@ function admin_page_logs_post(&$a) {
}
info( t("Log settings updated.") );
- goaway($a->get_baseurl() . '/admin/logs' );
+ goaway($a->get_baseurl(true) . '/admin/logs' );
return; // NOTREACHED
}
@@ -856,7 +859,7 @@ readable.");
'$submit' => t('Submit'),
'$clear' => t('Clear'),
'$data' => $data,
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$logname' => get_config('system','logfile'),
// name, label, value, help string, extra data...
@@ -901,7 +904,7 @@ function admin_page_remoteupdate(&$a) {
$tpl = get_markup_template("admin_remoteupdate.tpl");
return replace_macros($tpl, array(
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$submit' => t("Update now"),
'$close' => t("Close"),
'$localversion' => FRIENDICA_VERSION,
diff --git a/mod/contacts.php b/mod/contacts.php
index 001bf12af..78c8d4092 100755
--- a/mod/contacts.php
+++ b/mod/contacts.php
@@ -61,7 +61,7 @@ function contacts_post(&$a) {
if(! count($orig_record)) {
notice( t('Could not access contact record.') . EOL);
- goaway($a->get_baseurl() . '/contacts');
+ goaway($a->get_baseurl(true) . '/contacts');
return; // NOTREACHED
}
@@ -141,7 +141,7 @@ function contacts_content(&$a) {
if(! count($orig_record)) {
notice( t('Could not access contact record.') . EOL);
- goaway($a->get_baseurl() . '/contacts');
+ goaway($a->get_baseurl(true) . '/contacts');
return; // NOTREACHED
}
@@ -149,7 +149,7 @@ function contacts_content(&$a) {
// pull feed and consume it, which should subscribe to the hub.
proc_run('php',"include/poller.php","$contact_id");
- goaway($a->get_baseurl() . '/contacts/' . $contact_id);
+ goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
// NOTREACHED
}
@@ -164,7 +164,7 @@ function contacts_content(&$a) {
//notice( t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL );
info( (($blocked) ? t('Contact has been blocked') : t('Contact has been unblocked')) . EOL );
}
- goaway($a->get_baseurl() . '/contacts/' . $contact_id);
+ goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
return; // NOTREACHED
}
@@ -178,7 +178,7 @@ function contacts_content(&$a) {
if($r) {
info( (($readonly) ? t('Contact has been ignored') : t('Contact has been unignored')) . EOL );
}
- goaway($a->get_baseurl() . '/contacts/' . $contact_id);
+ goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
return; // NOTREACHED
}
@@ -220,9 +220,9 @@ function contacts_content(&$a) {
contact_remove($orig_record[0]['id']);
info( t('Contact has been removed.') . EOL );
if(x($_SESSION,'return_url'))
- goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+ goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']);
else
- goaway($a->get_baseurl() . '/contacts');
+ goaway($a->get_baseurl(true) . '/contacts');
return; // NOTREACHED
}
}
@@ -233,7 +233,7 @@ function contacts_content(&$a) {
$contact = $a->data['contact'];
$tpl = get_markup_template('contact_head.tpl');
- $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
+ $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true)));
require_once('include/contact_selectors.php');
@@ -295,17 +295,17 @@ function contacts_content(&$a) {
$tabs = array(
array(
'label' => (($contact['blocked']) ? t('Unblock') : t('Block') ),
- 'url' => $a->get_baseurl() . '/contacts/' . $contact_id . '/block',
+ 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/block',
'sel' => '',
),
array(
'label' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ),
- 'url' => $a->get_baseurl() . '/contacts/' . $contact_id . '/ignore',
+ 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/ignore',
'sel' => '',
),
array(
'label' => t('Repair'),
- 'url' => $a->get_baseurl() . '/crepair/' . $contact_id,
+ 'url' => $a->get_baseurl(true) . '/crepair/' . $contact_id,
'sel' => '',
)
);
@@ -322,7 +322,7 @@ function contacts_content(&$a) {
'$lbl_info1' => t('Contact Information / Notes'),
'$infedit' => t('Edit contact notes'),
'$common_text' => $common_text,
- '$common_link' => $a->get_baseurl() . '/common/' . $contact['id'],
+ '$common_link' => $a->get_baseurl(true) . '/common/' . $contact['id'],
'$all_friends' => $all_friends,
'$relation_text' => $relation_text,
'$visit' => sprintf( t('Visit %s\'s profile [%s]'),$contact['name'],$contact['url']),
@@ -397,30 +397,30 @@ function contacts_content(&$a) {
$tabs = array(
array(
'label' => t('All Contacts'),
- 'url' => $a->get_baseurl() . '/contacts/all',
+ 'url' => $a->get_baseurl(true) . '/contacts/all',
'sel' => ($all) ? 'active' : '',
),
array(
'label' => t('Unblocked Contacts'),
- 'url' => $a->get_baseurl() . '/contacts',
+ 'url' => $a->get_baseurl(true) . '/contacts',
'sel' => ((! $all) && (! $blocked) && (! $hidden) && (! $search) && (! $nets) && (! $ignored)) ? 'active' : '',
),
array(
'label' => t('Blocked Contacts'),
- 'url' => $a->get_baseurl() . '/contacts/blocked',
+ 'url' => $a->get_baseurl(true) . '/contacts/blocked',
'sel' => ($blocked) ? 'active' : '',
),
array(
'label' => t('Ignored Contacts'),
- 'url' => $a->get_baseurl() . '/contacts/ignored',
+ 'url' => $a->get_baseurl(true) . '/contacts/ignored',
'sel' => ($ignored) ? 'active' : '',
),
array(
'label' => t('Hidden Contacts'),
- 'url' => $a->get_baseurl() . '/contacts/hidden',
+ 'url' => $a->get_baseurl(true) . '/contacts/hidden',
'sel' => ($hidden) ? 'active' : '',
),
@@ -445,7 +445,7 @@ function contacts_content(&$a) {
$r = q("SELECT COUNT(*) AS `total` FROM `contact`
- WHERE `uid` = %d AND `pending` = 0 $sql_extra $sql_extra2 ",
+ WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ",
intval($_SESSION['uid']));
if(count($r)) {
$a->set_pager_total($r[0]['total']);
@@ -454,7 +454,7 @@ function contacts_content(&$a) {
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `pending` = 0 $sql_extra $sql_extra2 ORDER BY `name` ASC LIMIT %d , %d ",
+ $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ORDER BY `name` ASC LIMIT %d , %d ",
intval($_SESSION['uid']),
intval($a->pager['start']),
intval($a->pager['itemspage'])
@@ -465,8 +465,6 @@ function contacts_content(&$a) {
if(count($r)) {
foreach($r as $rr) {
- if($rr['self'])
- continue;
switch($rr['rel']) {
case CONTACT_IS_FRIEND:
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php
index 0bc3ea7df..2f4fb7045 100644
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@@ -207,6 +207,9 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if($duplex == 1)
$params['duplex'] = 1;
+ if($user['page-flags'] == PAGE_COMMUNITY)
+ $params['page'] = 1;
+
logger('dfrn_confirm: Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA);
/**
@@ -522,6 +525,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$source_url = ((x($_POST,'source_url')) ? hex2bin($_POST['source_url']) : '');
$aes_key = ((x($_POST,'aes_key')) ? $_POST['aes_key'] : '');
$duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 );
+ $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0 );
$version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
logger('dfrn_confirm: requestee contacted: ' . $node);
@@ -677,6 +681,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
`blocked` = 0,
`pending` = 0,
`duplex` = %d,
+ `forum` = %d,
`network` = '%s' WHERE `id` = %d LIMIT 1
",
dbesc($photos[0]),
@@ -687,6 +692,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($duplex),
+ intval($page),
dbesc(NETWORK_DFRN),
intval($dfrn_record)
);
diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php
index 0c0c27e3d..71860ac3b 100755
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@@ -14,6 +14,8 @@ function dfrn_notify_post(&$a) {
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
+ $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
+ $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0);
$writable = (-1);
if($dfrn_version >= 2.21) {
@@ -86,14 +88,76 @@ function dfrn_notify_post(&$a) {
$importer = $r[0];
- if(($writable != (-1)) && ($writable != $importer['writable'])) {
- q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1",
- intval($writable),
+ if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $page)) {
+ q("UPDATE `contact` SET `writable` = %d, forum = %d WHERE `id` = %d LIMIT 1",
+ intval(($writable == (-1)) ? $importer['writable'] : $writable),
+ intval($page),
intval($importer['id'])
);
- $importer['writable'] = $writable;
+ if($writable != (-1))
+ $importer['writable'] = $writable;
+ $importer['forum'] = $page;
}
+ // if contact's ssl policy changed, update our links
+
+ $ssl_changed = false;
+
+ if($ssl_policy == 'self' && strstr($importer['url'],'https:')) {
+ $ssl_changed = true;
+ $importer['url'] = str_replace('https:','http:',$importer['url']);
+ $importer['nurl'] = normalise_link($importer['url']);
+ $importer['photo'] = str_replace('https:','http:',$importer['photo']);
+ $importer['thumb'] = str_replace('https:','http:',$importer['thumb']);
+ $importer['micro'] = str_replace('https:','http:',$importer['micro']);
+ $importer['request'] = str_replace('https:','http:',$importer['request']);
+ $importer['notify'] = str_replace('https:','http:',$importer['notify']);
+ $importer['poll'] = str_replace('https:','http:',$importer['poll']);
+ $importer['confirm'] = str_replace('https:','http:',$importer['confirm']);
+ $importer['poco'] = str_replace('https:','http:',$importer['poco']);
+ }
+
+ if($ssl_policy == 'full' && strstr($importer['url'],'http:')) {
+ $ssl_changed = true;
+ $importer['url'] = str_replace('http:','https:',$importer['url']);
+ $importer['nurl'] = normalise_link($importer['url']);
+ $importer['photo'] = str_replace('http:','https:',$importer['photo']);
+ $importer['thumb'] = str_replace('http:','https:',$importer['thumb']);
+ $importer['micro'] = str_replace('http:','https:',$importer['micro']);
+ $importer['request'] = str_replace('http:','https:',$importer['request']);
+ $importer['notify'] = str_replace('http:','https:',$importer['notify']);
+ $importer['poll'] = str_replace('http:','https:',$importer['poll']);
+ $importer['confirm'] = str_replace('http:','https:',$importer['confirm']);
+ $importer['poco'] = str_replace('http:','https:',$importer['poco']);
+ }
+
+ if($ssl_changed) {
+ q("update contact set
+ url = '%s',
+ nurl = '%s',
+ photo = '%s',
+ thumb = '%s',
+ micro = '%s',
+ request = '%s',
+ notify = '%s',
+ poll = '%s',
+ confirm = '%s',
+ poco = '%s'
+ where id = %d limit 1",
+ dbesc($importer['url']),
+ dbesc($importer['nurl']),
+ dbesc($importer['photo']),
+ dbesc($importer['thumb']),
+ dbesc($importer['micro']),
+ dbesc($importer['request']),
+ dbesc($importer['notify']),
+ dbesc($importer['poll']),
+ dbesc($importer['confirm']),
+ dbesc($importer['poco']),
+ intval($importer['id'])
+ );
+ }
+
logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
logger('dfrn_notify: data: ' . $data, LOGGER_DATA);
diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php
index b12e07132..fe5cd4906 100755
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@@ -199,7 +199,7 @@ function dfrn_poll_post(&$a) {
$ptype = ((x($_POST,'type')) ? $_POST['type'] : '');
$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
$perm = ((x($_POST,'perm')) ? $_POST['perm'] : 'r');
-
+
if($ptype === 'profile-check') {
if((strlen($challenge)) && (strlen($sec))) {
@@ -358,8 +358,8 @@ function dfrn_poll_post(&$a) {
intval($contact_id)
);
}
- }
-
+ }
+
header("Content-type: application/atom+xml");
$o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction);
echo $o;
diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php
index bc159137d..c2d37dac7 100755
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@@ -43,7 +43,7 @@ function dfrn_request_post(&$a) {
return;
- if($_POST['cancel']) {
+ if(x($_POST, 'cancel')) {
goaway(z_root());
}
@@ -77,9 +77,10 @@ function dfrn_request_post(&$a) {
* Lookup the contact based on their URL (which is the only unique thing we have at the moment)
*/
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1",
+ $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1",
intval(local_user()),
- dbesc($dfrn_url)
+ dbesc($dfrn_url),
+ dbesc(normalise_link($dfrn_url))
);
if(count($r)) {
@@ -666,7 +667,25 @@ function dfrn_request_content(&$a) {
$page_desc = sprintf( t('Diaspora members: Please do not use this form. Instead, enter "%s" into your Diaspora search bar.'),
$target_addr) . EOL . EOL;
- $page_desc .= t("Please enter your 'Identity Address' from one of the following supported social networks:");
+ $page_desc .= t("Please enter your 'Identity Address' from one of the following supported communications networks:");
+
+ // see if we are allowed to have NETWORK_MAIL2 contacts
+
+ $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
+ if(get_config('system','dfrn_only'))
+ $mail_disabled = 1;
+
+ if(! $mail_disabled) {
+ $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1",
+ intval($a->profile['uid'])
+ );
+ if(! count($r))
+ $mail_disabled = 1;
+ }
+
+ $emailnet = (($mail_disabled) ? '' : t("<strike>Connect as an email follower</strike> \x28Coming soon\x29"));
+
+ $invite_desc = t('If you are not yet a member of the free social web, <a href="http://dir.friendica.com/siteinfo">follow this link to find a public Friendica site and join us today</a>.');
$o .= replace_macros($tpl,array(
'$header' => t('Friend/Connection Request'),
@@ -682,6 +701,8 @@ function dfrn_request_content(&$a) {
'$diaspora' => t('Diaspora'),
'$diasnote' => t('- please share from your own site as noted above'),
'$your_address' => t('Your Identity Address:'),
+ '$invite_desc' => $invite_desc,
+ '$emailnet' => $emailnet,
'$submit' => t('Submit Request'),
'$cancel' => t('Cancel'),
'$nickname' => $a->argv[1],
diff --git a/mod/directory.php b/mod/directory.php
index 962188945..7f18bd026 100755
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -25,10 +25,6 @@ function directory_post(&$a) {
function directory_content(&$a) {
- $everything = (($a->argc > 1 && $a->argv[1] === 'all' && is_site_admin()) ? true : false);
- if(x($_SESSION,'submanage') && intval($_SESSION['submanage']))
- $everything = false;
-
if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
notice( t('Public access denied.') . EOL);
return;
@@ -52,12 +48,6 @@ function directory_content(&$a) {
}
$admin = '';
- if(is_site_admin()) {
- if($everything)
- $admin = '<ul><li><div id="directory-admin-link"><a href="' . $a->get_baseurl() . '/directory' . '">' . t('Normal site view') . '</a></div></li></ul>';
- else
- $admin = '<ul><li><div id="directory-admin-link"><a href="' . $a->get_baseurl() . '/directory/all' . '">' . t('Admin - View all site entries') . '</a></div></li></ul>';
- }
$o .= replace_macros($tpl, array(
'$search' => $search,
@@ -73,17 +63,14 @@ function directory_content(&$a) {
$search = dbesc($search);
$sql_extra = ((strlen($search)) ? " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` ) AGAINST ('$search' IN BOOLEAN MODE) " : "");
- $publish = ((get_config('system','publish_all') || $everything) ? '' : " AND `publish` = 1 " );
+ $publish = ((get_config('system','publish_all')) ? '' : " AND `publish` = 1 " );
$r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra ");
if(count($r))
$a->set_pager_total($r[0]['total']);
- if($everything)
- $order = " ORDER BY `register_date` DESC ";
- else
- $order = " ORDER BY `name` ASC ";
+ $order = " ORDER BY `name` ASC ";
$r = q("SELECT `profile`.*, `profile`.`uid` AS `profile_uid`, `user`.`nickname`, `user`.`timezone` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra $order LIMIT %d , %d ",
diff --git a/mod/display.php b/mod/display.php
index f428149e8..81ed174ac 100755
--- a/mod/display.php
+++ b/mod/display.php
@@ -16,7 +16,15 @@ function display_content(&$a) {
$o = '<div id="live-display"></div>' . "\r\n";
- $a->page['htmlhead'] .= '<script>$(document).ready(function() { $(".comment-edit-wrapper textarea").contact_autocomplete(baseurl+"/acl"); });</script>';
+ $a->page['htmlhead'] .= <<<EOT
+<script>
+$(document).ready(function() {
+ $(".comment-edit-wrapper textarea").contact_autocomplete(baseurl+"/acl");
+ // make auto-complete work in more places
+ $(".wall-item-comment-wrapper textarea").contact_autocomplete(baseurl+"/acl");
+});
+</script>
+EOT;
$nick = (($a->argc > 1) ? $a->argv[1] : '');
diff --git a/mod/filer.php b/mod/filer.php
new file mode 100755
index 000000000..a9e213536
--- /dev/null
+++ b/mod/filer.php
@@ -0,0 +1,23 @@
+<?php
+
+require_once('include/security.php');
+require_once('include/bbcode.php');
+require_once('include/items.php');
+
+
+function filer_content(&$a) {
+
+ if(! local_user()) {
+ killme();
+ }
+
+ $term = notags(trim($_GET['term']));
+ $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
+
+ logger('filer: tag ' . $term . ' item ' . $item_id);
+
+ if($item_id && strlen($term))
+ file_tag_save_file(local_user(),$item_id,$term);
+
+ killme();
+}
diff --git a/mod/filerm.php b/mod/filerm.php
new file mode 100644
index 000000000..66b684dc9
--- /dev/null
+++ b/mod/filerm.php
@@ -0,0 +1,21 @@
+<?php
+
+function filerm_content(&$a) {
+
+ if(! local_user()) {
+ killme();
+ }
+
+ $term = notags(trim($_GET['term']));
+ $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
+
+ logger('filerm: tag ' . $term . ' item ' . $item_id);
+
+ if($item_id && strlen($term))
+ file_tag_unsave_file(local_user(),$item_id,$term);
+
+ if(x($_SESSION,'return_url'))
+ goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+
+ killme();
+}
diff --git a/mod/group.php b/mod/group.php
index 13401ef0d..a282dbccf 100755
--- a/mod/group.php
+++ b/mod/group.php
@@ -21,6 +21,8 @@ function group_post(&$a) {
}
if(($a->argc == 2) && ($a->argv[1] === 'new')) {
+ check_form_security_token_redirectOnErr('/group/new', 'group_edit');
+
$name = notags(trim($_POST['groupname']));
$r = group_add(local_user(),$name);
if($r) {
@@ -35,6 +37,8 @@ function group_post(&$a) {
return; // NOTREACHED
}
if(($a->argc == 2) && (intval($a->argv[1]))) {
+ check_form_security_token_redirectOnErr('/group', 'group_edit');
+
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
intval(local_user())
@@ -62,7 +66,8 @@ function group_post(&$a) {
}
function group_content(&$a) {
-
+ $change = false;
+
if(! local_user()) {
notice( t('Permission denied') . EOL);
return;
@@ -83,14 +88,17 @@ function group_content(&$a) {
return replace_macros($tpl, $context + array(
'$title' => t('Create a group of contacts/friends.'),
- '$gname' => array('groupname',t('Group Name: '),$group['name'], ''),
+ '$gname' => array('groupname',t('Group Name: '), '', ''),
'$gid' => 'new',
+ '$form_security_token' => get_form_security_token("group_edit"),
));
}
if(($a->argc == 3) && ($a->argv[1] === 'drop')) {
+ check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
+
if(intval($a->argv[2])) {
$r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[2]),
@@ -108,6 +116,8 @@ function group_content(&$a) {
}
if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
+ check_form_security_token_ForbiddenOnErr('group_member_change', 't');
+
$r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1",
intval($a->argv[2]),
intval(local_user())
@@ -155,7 +165,8 @@ function group_content(&$a) {
$drop_tpl = get_markup_template('group_drop.tpl');
$drop_txt = replace_macros($drop_tpl, array(
'$id' => $group['id'],
- '$delete' => t('Delete')
+ '$delete' => t('Delete'),
+ '$form_security_token' => get_form_security_token("group_drop"),
));
$celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false);
@@ -166,6 +177,7 @@ function group_content(&$a) {
'$gname' => array('groupname',t('Group Name: '),$group['name'], ''),
'$gid' => $group['id'],
'$drop' => $drop_txt,
+ '$form_security_token' => get_form_security_token('group_edit'),
);
}
@@ -177,14 +189,14 @@ function group_content(&$a) {
'label_members' => t('Members'),
'members' => array(),
'label_contacts' => t('All Contacts'),
- 'contacts' => arraY(),
+ 'contacts' => array(),
);
-
+ $sec_token = addslashes(get_form_security_token('group_member_change'));
$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
foreach($members as $member) {
if($member['url']) {
- $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;';
+ $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;';
$groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode);
}
else
@@ -199,7 +211,7 @@ function group_content(&$a) {
$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
foreach($r as $member) {
if(! in_array($member['id'],$preselected)) {
- $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;';
+ $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;';
$groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode);
}
}
diff --git a/mod/item.php b/mod/item.php
index 81d7c753b..fe570075f 100755
--- a/mod/item.php
+++ b/mod/item.php
@@ -425,110 +425,7 @@ function item_post(&$a) {
if(count($tags)) {
foreach($tags as $tag) {
-
- if(isset($profile))
- unset($profile);
- if(strpos($tag,'#') === 0) {
- if(strpos($tag,'[url='))
- continue;
- $basetag = str_replace('_',' ',substr($tag,1));
- $body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body);
-
- $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
- continue;
- }
- if(strpos($tag,'@') === 0) {
- if(strpos($tag,'[url='))
- continue;
- $stat = false;
- $name = substr($tag,1);
- if((strpos($name,'@')) || (strpos($name,'http://'))) {
- $newname = $name;
- $links = @lrdd($name);
- if(count($links)) {
- foreach($links as $link) {
- if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
- $profile = $link['@attributes']['href'];
- if($link['@attributes']['rel'] === 'salmon') {
- if(strlen($inform))
- $inform .= ',';
- $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
- }
- }
- }
- }
- else {
- $newname = $name;
- $alias = '';
- $tagcid = 0;
- if(strrpos($newname,'+')) {
- $tagcid = intval(substr($newname,strrpos($newname,'+') + 1));
- if(strpos($name,' '))
- $name = substr($name,0,strpos($name,' '));
- }
- if($tagcid) {
- $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($tagcid),
- intval($profile_uid)
- );
- }
- elseif(strstr($name,'_') || strstr($name,' ')) {
- $newname = str_replace('_',' ',$name);
- $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
- dbesc($newname),
- intval($profile_uid)
- );
- }
- else {
- $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
- dbesc($name),
- dbesc($name),
- intval($profile_uid)
- );
- }
- if(count($r)) {
- $profile = $r[0]['url'];
- if($r[0]['network'] === 'stat') {
- $newname = $r[0]['nick'];
- $stat = true;
- if($r[0]['alias'])
- $alias = $r[0]['alias'];
- }
- else
- $newname = $r[0]['name'];
- if(strlen($inform))
- $inform .= ',';
- $inform .= 'cid:' . $r[0]['id'];
- }
- }
- if($profile) {
- $body = str_replace('@' . $name, '@' . '[url=' . $profile . ']' . $newname . '[/url]', $body);
- $profile = str_replace(',','%2c',$profile);
- $newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
-
- // Status.Net seems to require the numeric ID URL in a mention if the person isn't
- // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
-
- if(strlen($alias)) {
- $newtag = '@[url=' . $alias . ']' . $newname . '[/url]';
- if(! stristr($str_tags,$newtag)) {
- if(strlen($str_tags))
- $str_tags .= ',';
- $str_tags .= $newtag;
- }
- }
- }
- }
+ handle_tag($a, $body, $inform, $str_tags, $profile_uid, $tag);
}
}
@@ -627,7 +524,7 @@ function item_post(&$a) {
if($preview) {
require_once('include/conversation.php');
- $o = conversation(&$a,array(array_merge($contact_record,$datarray)),'search',false,true);
+ $o = conversation($a,array(array_merge($contact_record,$datarray)),'search',false,true);
logger('preview: ' . $o);
echo json_encode(array('preview' => $o));
killme();
@@ -922,3 +819,142 @@ function item_content(&$a) {
drop_item($a->argv[2]);
}
}
+
+/**
+ * This function removes the tag $tag from the text $body and replaces it with
+ * the appropiate link.
+ *
+ * @param unknown_type $body the text to replace the tag in
+ * @param unknown_type $inform a comma-seperated string containing everybody to inform
+ * @param unknown_type $str_tags string to add the tag to
+ * @param unknown_type $profile_uid
+ * @param unknown_type $tag the tag to replace
+ */
+function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
+ //is it a hash tag?
+ if(strpos($tag,'#') === 0) {
+ //if the tag is replaced...
+ if(strpos($tag,'[url='))
+ //...do nothing
+ return;
+ //base tag has the tags name only
+ $basetag = str_replace('_',' ',substr($tag,1));
+ //create text for link
+ $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]';
+ //replace tag by the link
+ $body = str_replace($tag, $newtag, $body);
+
+ //is the link already in str_tags?
+ if(! stristr($str_tags,$newtag)) {
+ //append or set str_tags
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+ return;
+ }
+ //is it a person tag?
+ if(strpos($tag,'@') === 0) {
+ //is it already replaced?
+ if(strpos($tag,'[url='))
+ return;
+ $stat = false;
+ //get the person's name
+ $name = substr($tag,1);
+ //is it a link or a full dfrn address?
+ if((strpos($name,'@')) || (strpos($name,'http://'))) {
+ $newname = $name;
+ //get the profile links
+ $links = @lrdd($name);
+ if(count($links)) {
+ //for all links, collect how is to inform and how's profile is to link
+ foreach($links as $link) {
+ if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
+ $profile = $link['@attributes']['href'];
+ if($link['@attributes']['rel'] === 'salmon') {
+ if(strlen($inform))
+ $inform .= ',';
+ $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
+ }
+ }
+ }
+ } else { //if it is a name rather than an address
+ $newname = $name;
+ $alias = '';
+ $tagcid = 0;
+ //is it some generated name?
+ if(strrpos($newname,'+')) {
+ //get the id
+ $tagcid = intval(substr($newname,strrpos($newname,'+') + 1));
+ //remove the next word from tag's name
+ if(strpos($name,' ')) {
+ $name = substr($name,0,strpos($name,' '));
+ }
+ }
+ if($tagcid) { //if there was an id
+ //select contact with that id from the logged in user's contact list
+ $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+ intval($tagcid),
+ intval($profile_uid)
+ );
+ } elseif(strstr($name,'_') || strstr($name,' ')) { //no id
+ //get the real name
+ $newname = str_replace('_',' ',$name);
+ //select someone from this user's contacts by name
+ $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
+ dbesc($newname),
+ intval($profile_uid)
+ );
+ } else {
+ //select someone by attag or nick and the name passed in
+ $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
+ dbesc($name),
+ dbesc($name),
+ intval($profile_uid)
+ );
+ }
+ //$r is set, if someone could be selected
+ if(count($r)) {
+ $profile = $r[0]['url'];
+ //set newname to nick, find alias
+ if($r[0]['network'] === 'stat') {
+ $newname = $r[0]['nick'];
+ $stat = true;
+ if($r[0]['alias'])
+ $alias = $r[0]['alias'];
+ }
+ else
+ $newname = $r[0]['name'];
+ //add person's id to $inform
+ if(strlen($inform))
+ $inform .= ',';
+ $inform .= 'cid:' . $r[0]['id'];
+ }
+ }
+ //if there is an url for this persons profile
+ if(isset($profile)) {
+ //create profile link
+ $profile = str_replace(',','%2c',$profile);
+ $newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
+ $body = str_replace('@' . $name, $newtag, $body);
+ //append tag to str_tags
+ if(! stristr($str_tags,$newtag)) {
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+
+ // Status.Net seems to require the numeric ID URL in a mention if the person isn't
+ // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
+
+ if(strlen($alias)) {
+ $newtag = '@[url=' . $alias . ']' . $newname . '[/url]';
+ if(! stristr($str_tags,$newtag)) {
+ if(strlen($str_tags))
+ $str_tags .= ',';
+ $str_tags .= $newtag;
+ }
+ }
+ }
+ }
+}
diff --git a/mod/manage.php b/mod/manage.php
index ec4dcd8a0..84dfa6917 100755
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -74,7 +74,7 @@ function manage_post(&$a) {
if($limited_id)
$_SESSION['submanage'] = $original_id;
- goaway($a->get_baseurl() . '/profile/' . $a->user['nickname']);
+ goaway($a->get_baseurl(true) . '/profile/' . $a->user['nickname']);
// NOTREACHED
}
diff --git a/mod/message.php b/mod/message.php
index 57d45ee3c..0907abd77 100755
--- a/mod/message.php
+++ b/mod/message.php
@@ -56,23 +56,23 @@ function message_content(&$a) {
return;
}
- $myprofile = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
+ $myprofile = $a->get_baseurl(true) . '/profile/' . $a->user['nickname'];
$tabs = array(
array(
'label' => t('Inbox'),
- 'url'=> $a->get_baseurl() . '/message',
+ 'url'=> $a->get_baseurl(true) . '/message',
'sel'=> (($a->argc == 1) ? 'active' : ''),
),
array(
'label' => t('Outbox'),
- 'url' => $a->get_baseurl() . '/message/sent',
+ 'url' => $a->get_baseurl(true) . '/message/sent',
'sel'=> (($a->argv[1] == 'sent') ? 'active' : ''),
),
array(
'label' => t('New Message'),
- 'url' => $a->get_baseurl() . '/message/new',
+ 'url' => $a->get_baseurl(true) . '/message/new',
'sel'=> (($a->argv[1] == 'new') ? 'active' : ''),
),
);
@@ -99,7 +99,7 @@ function message_content(&$a) {
if($r) {
info( t('Message deleted.') . EOL );
}
- goaway($a->get_baseurl() . '/message' );
+ goaway($a->get_baseurl(true) . '/message' );
}
else {
$r = q("SELECT `parent-uri`,`convid` FROM `mail` WHERE `id` = %d AND `uid` = %d LIMIT 1",
@@ -129,7 +129,7 @@ function message_content(&$a) {
if($r)
info( t('Conversation removed.') . EOL );
}
- goaway($a->get_baseurl() . '/message' );
+ goaway($a->get_baseurl(true) . '/message' );
}
}
@@ -146,7 +146,7 @@ function message_content(&$a) {
$tpl = get_markup_template('msg-header.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array(
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
'$nickname' => $a->user['nickname'],
'$linkurl' => t('Please enter a link URL:')
@@ -154,7 +154,7 @@ function message_content(&$a) {
$preselect = (isset($a->argv[2])?array($a->argv[2]):false);
- $select = contact_select('messageto','message-to-select', $preselect, 4, true);
+ $select = contact_select('messageto','message-to-select', $preselect, 4, true, false, false, 10);
$tpl = get_markup_template('prv_message.tpl');
$o .= replace_macros($tpl,array(
'$header' => t('Send Private Message'),
@@ -192,9 +192,9 @@ function message_content(&$a) {
$a->set_pager_total($r[0]['total']);
$r = q("SELECT max(`mail`.`created`) AS `mailcreated`, min(`mail`.`seen`) AS `mailseen`,
- `mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb`
+ `mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb` , `contact`.`network`
FROM `mail` LEFT JOIN `contact` ON `mail`.`contact-id` = `contact`.`id`
- WHERE `mail`.`uid` = %d AND `from-url` $eq '%s' GROUP BY `parent-uri` ORDER BY `created` DESC LIMIT %d , %d ",
+ WHERE `mail`.`uid` = %d AND `from-url` $eq '%s' GROUP BY `parent-uri` ORDER BY `mailcreated` DESC LIMIT %d , %d ",
intval(local_user()),
dbesc($myprofile),
intval($a->pager['start']),
@@ -210,7 +210,7 @@ function message_content(&$a) {
$o .= replace_macros($tpl, array(
'$id' => $rr['id'],
'$from_name' =>$rr['from-name'],
- '$from_url' => (($rr['network'] === NETWORK_DFRN) ? $a->get_baseurl() . '/redir/' . $rr['contact-id'] : $rr['url']),
+ '$from_url' => (($rr['network'] === NETWORK_DFRN) ? $a->get_baseurl(true) . '/redir/' . $rr['contact-id'] : $rr['url']),
'$sparkle' => ' sparkle',
'$from_photo' => $rr['thumb'],
'$subject' => template_escape((($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>')),
@@ -267,7 +267,7 @@ function message_content(&$a) {
$a->page['htmlhead'] .= replace_macros($tpl, array(
'$nickname' => $a->user['nickname'],
- '$baseurl' => $a->get_baseurl()
+ '$baseurl' => $a->get_baseurl(true)
));
@@ -278,7 +278,7 @@ function message_content(&$a) {
$sparkle = '';
}
else {
- $from_url = $a->get_baseurl() . '/redir/' . $message['contact-id'];
+ $from_url = $a->get_baseurl(true) . '/redir/' . $message['contact-id'];
$sparkle = ' sparkle';
}
$o .= replace_macros($tpl, array(
diff --git a/mod/network.php b/mod/network.php
index 861b5ab73..9ec8c23b5 100755
--- a/mod/network.php
+++ b/mod/network.php
@@ -44,13 +44,16 @@ function network_init(&$a) {
}
$a->page['aside'] .= group_side('network','network',true,$group_id);
- $a->page['aside'] .= networks_widget($a->get_baseurl() . '/network',(($_GET['nets']) ? $_GET['nets'] : ''));
+ $a->page['aside'] .= networks_widget($a->get_baseurl(true) . '/network',(x($_GET, 'nets') ? $_GET['nets'] : ''));
$a->page['aside'] .= saved_searches($search);
+ $a->page['aside'] .= fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : ''));
}
function saved_searches($search) {
+ $a = get_app();
+
$srchurl = '/network?f='
. ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : '')
. ((x($_GET,'star')) ? '&star=' . $_GET['star'] : '')
@@ -132,15 +135,15 @@ function network_content(&$a, $update = 0) {
$starred_active = 'active';
}
- if($_GET['bmark']) {
+ if(x($_GET,'bmark')) {
$bookmarked_active = 'active';
}
- if($_GET['conv']) {
+ if(x($_GET,'conv')) {
$conv_active = 'active';
}
- if($_GET['spam']) {
+ if(x($_GET,'spam')) {
$spam_active = 'active';
}
@@ -166,38 +169,38 @@ function network_content(&$a, $update = 0) {
$tabs = array(
array(
'label' => t('Commented Order'),
- 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?f=&cid=' . $_GET['cid'] : ''),
+ 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?f=&cid=' . $_GET['cid'] : ''),
'sel'=>$all_active,
),
array(
'label' => t('Posted Order'),
- 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''),
+ 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''),
'sel'=>$postord_active,
),
array(
'label' => t('Personal'),
- 'url' => $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1',
+ 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1',
'sel' => $conv_active,
),
array(
'label' => t('New'),
- 'url' => $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . '/new' . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : ''),
+ 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . '/new' . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : ''),
'sel' => $new_active,
),
array(
'label' => t('Starred'),
- 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1',
+ 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1',
'sel'=>$starred_active,
),
array(
- 'label' => t('Bookmarks'),
- 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&bmark=1',
+ 'label' => t('Shared Links'),
+ 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&bmark=1',
'sel'=>$bookmarked_active,
),
// array(
// 'label' => t('Spam'),
-// 'url'=>$a->get_baseurl() . '/network?f=&spam=1'
+// 'url'=>$a->get_baseurl(true) . '/network?f=&spam=1'
// 'sel'=> $spam_active,
// ),
@@ -248,7 +251,7 @@ function network_content(&$a, $update = 0) {
$def_acl = array('allow_cid' => '<' . intval($cid) . '>');
if(! $update) {
- if(group) {
+ if($group) {
if(($t = group_public_members($group)) && (! get_pconfig(local_user(),'system','nowarn_insecure'))) {
notice( sprintf( tt('Warning: This group contains %s member from an insecure network.',
'Warning: This group contains %s members from an insecure network.',
@@ -299,7 +302,7 @@ function network_content(&$a, $update = 0) {
if($update)
killme();
notice( t('No such group') . EOL );
- goaway($a->get_baseurl() . '/network');
+ goaway($a->get_baseurl(true) . '/network');
// NOTREACHED
}
@@ -331,7 +334,7 @@ function network_content(&$a, $update = 0) {
}
else {
notice( t('Invalid contact.') . EOL);
- goaway($a->get_baseurl() . '/network');
+ goaway($a->get_baseurl(true) . '/network');
// NOTREACHED
}
}
@@ -498,7 +501,9 @@ function network_content(&$a, $update = 0) {
$items = conv_sort($items,$ordering);
- }
+ } else {
+ $items = array();
+ }
}
diff --git a/mod/notifications.php b/mod/notifications.php
index 99031a1d5..d478b5163 100755
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -42,12 +42,12 @@ function notifications_post(&$a) {
intval(local_user())
);
}
- goaway($a->get_baseurl() . '/notifications/intros');
+ goaway($a->get_baseurl(true) . '/notifications/intros');
}
if($_POST['submit'] == t('Ignore')) {
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1",
intval($intro_id));
- goaway($a->get_baseurl() . '/notifications/intros');
+ goaway($a->get_baseurl(true) . '/notifications/intros');
}
}
}
@@ -69,32 +69,32 @@ function notifications_content(&$a) {
$tabs = array(
array(
'label' => t('System'),
- 'url'=>$a->get_baseurl() . '/notifications/system',
+ 'url'=>$a->get_baseurl(true) . '/notifications/system',
'sel'=> (($a->argv[1] == 'system') ? 'active' : ''),
),
array(
'label' => t('Network'),
- 'url'=>$a->get_baseurl() . '/notifications/network',
+ 'url'=>$a->get_baseurl(true) . '/notifications/network',
'sel'=> (($a->argv[1] == 'network') ? 'active' : ''),
),
array(
'label' => t('Personal'),
- 'url'=>$a->get_baseurl() . '/notifications/personal',
+ 'url'=>$a->get_baseurl(true) . '/notifications/personal',
'sel'=> (($a->argv[1] == 'personal') ? 'active' : ''),
),
array(
'label' => t('Home'),
- 'url' => $a->get_baseurl() . '/notifications/home',
+ 'url' => $a->get_baseurl(true) . '/notifications/home',
'sel'=> (($a->argv[1] == 'home') ? 'active' : ''),
),
array(
'label' => t('Introductions'),
- 'url' => $a->get_baseurl() . '/notifications/intros',
+ 'url' => $a->get_baseurl(true) . '/notifications/intros',
'sel'=> (($a->argv[1] == 'intros') ? 'active' : ''),
),
array(
'label' => t('Messages'),
- 'url' => $a->get_baseurl() . '/message',
+ 'url' => $a->get_baseurl(true) . '/message',
'sel'=> '',
),
);
@@ -244,7 +244,7 @@ function notifications_content(&$a) {
switch($it['verb']){
case ACTIVITY_LIKE:
$notif_content .= replace_macros($tpl_item_likes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -253,7 +253,7 @@ function notifications_content(&$a) {
case ACTIVITY_DISLIKE:
$notif_content .= replace_macros($tpl_item_dislikes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -267,7 +267,7 @@ function notifications_content(&$a) {
$it['fname'] = $obj->title;
$notif_content .= replace_macros($tpl_item_friends,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']),
'$item_when' => relative_date($it['created'])
@@ -281,7 +281,7 @@ function notifications_content(&$a) {
$tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments);
$notif_content .= replace_macros($tpl,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => $item_text,
'$item_when' => relative_date($it['created'])
@@ -314,7 +314,7 @@ function notifications_content(&$a) {
if (count($r) > 0) {
foreach ($r as $it) {
$notif_content .= replace_macros($not_tpl,array(
- '$item_link' => $a->get_baseurl().'/notify/view/'. $it['id'],
+ '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'],
'$item_image' => $it['photo'],
'$item_text' => strip_tags(bbcode($it['msg'])),
'$item_when' => relative_date($it['date'])
@@ -334,7 +334,7 @@ function notifications_content(&$a) {
$notif_tpl = get_markup_template('notifications.tpl');
- $myurl = $a->get_baseurl() . '/profile/'. $a->user['nickname'];
+ $myurl = $a->get_baseurl(true) . '/profile/'. $a->user['nickname'];
$myurl = substr($myurl,strpos($myurl,'://')+3);
$myurl = str_replace(array('www.','.'),array('','\\.'),$myurl);
$diasp_url = str_replace('/profile/','/u/',$myurl);
@@ -369,7 +369,7 @@ function notifications_content(&$a) {
switch($it['verb']){
case ACTIVITY_LIKE:
$notif_content .= replace_macros($tpl_item_likes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -378,7 +378,7 @@ function notifications_content(&$a) {
case ACTIVITY_DISLIKE:
$notif_content .= replace_macros($tpl_item_dislikes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -392,7 +392,7 @@ function notifications_content(&$a) {
$it['fname'] = $obj->title;
$notif_content .= replace_macros($tpl_item_friends,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']),
'$item_when' => relative_date($it['created'])
@@ -406,7 +406,7 @@ function notifications_content(&$a) {
$tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments);
$notif_content .= replace_macros($tpl,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => $item_text,
'$item_when' => relative_date($it['created'])
@@ -456,7 +456,7 @@ function notifications_content(&$a) {
switch($it['verb']){
case ACTIVITY_LIKE:
$notif_content .= replace_macros($tpl_item_likes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -465,7 +465,7 @@ function notifications_content(&$a) {
break;
case ACTIVITY_DISLIKE:
$notif_content .= replace_macros($tpl_item_dislikes,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
@@ -479,7 +479,7 @@ function notifications_content(&$a) {
$it['fname'] = $obj->title;
$notif_content .= replace_macros($tpl_item_friends,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']),
'$item_when' => relative_date($it['created'])
@@ -488,7 +488,7 @@ function notifications_content(&$a) {
break;
default:
$notif_content .= replace_macros($tpl_item_comments,array(
- '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'],
+ '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'],
'$item_image' => $it['author-avatar'],
'$item_text' => sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname']),
'$item_when' => relative_date($it['created'])
diff --git a/mod/notify.php b/mod/notify.php
index a572b1534..ae8273a1d 100644
--- a/mod/notify.php
+++ b/mod/notify.php
@@ -20,7 +20,7 @@ function notify_init(&$a) {
goaway($r[0]['link']);
}
- goaway($a->get_baseurl());
+ goaway($a->get_baseurl(true));
}
if($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all' ) {
@@ -51,7 +51,7 @@ function notify_content(&$a) {
if (count($r) > 0) {
foreach ($r as $it) {
$notif_content .= replace_macros($not_tpl,array(
- '$item_link' => $a->get_baseurl().'/notify/view/'. $it['id'],
+ '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'],
'$item_image' => $it['photo'],
'$item_text' => strip_tags(bbcode($it['msg'])),
'$item_when' => relative_date($it['date'])
diff --git a/mod/parse_url.php b/mod/parse_url.php
index e0b378f68..27dac4d5d 100755
--- a/mod/parse_url.php
+++ b/mod/parse_url.php
@@ -188,7 +188,7 @@ function parse_url_content(&$a) {
if(! $text) {
logger('parsing meta');
- $items = $domhead->getElementsByTagName('meta');
+ $items = (isset($domhead) && is_object($domhead) ? $domhead->getElementsByTagName('meta') : null);
if($items) {
foreach($items as $item) {
$property = $item->getAttribute('property');
diff --git a/mod/photos.php b/mod/photos.php
index e40ae0d74..b294f0a66 100755
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -1081,6 +1081,17 @@ function photos_content(&$a) {
}
+ if(! $cmd !== 'edit') {
+ $a->page['htmlhead'] .= '<script>
+ $(document).keydown(function(event) {' . "\n";
+
+ if($prevlink)
+ $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n";
+ if($nextlink)
+ $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n";
+ $a->page['htmlhead'] .= '});</script>';
+ }
+
if($prevlink)
$prevlink = array($prevlink, '<div class="icon prev"></div>') ;
diff --git a/mod/profile_photo.php b/mod/profile_photo.php
index e3dbdaf39..d1fd08eba 100755
--- a/mod/profile_photo.php
+++ b/mod/profile_photo.php
@@ -15,11 +15,13 @@ function profile_photo_init(&$a) {
function profile_photo_post(&$a) {
- if(! local_user()) {
- notice ( t('Permission denied.') . EOL );
- return;
- }
-
+ if(! local_user()) {
+ notice ( t('Permission denied.') . EOL );
+ return;
+ }
+
+ check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+
if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) {
// phase 2 - we have finished cropping
@@ -148,7 +150,9 @@ function profile_photo_content(&$a) {
notice( t('Permission denied.') . EOL );
return;
};
-
+
+ check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
+
$resource_id = $a->argv[2];
//die(":".local_user());
$r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC",
@@ -203,6 +207,7 @@ function profile_photo_content(&$a) {
'$lbl_upfile' => t('Upload File:'),
'$title' => t('Upload Profile Photo'),
'$submit' => t('Upload'),
+ '$form_security_token' => get_form_security_token("profile_photo"),
'$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . $a->get_baseurl() . '">' . t('skip this step') . '</a>' : '<a href="'. $a->get_baseurl() . '/photos/' . $a->user['nickname'] . '">' . t('select a photo from your photo albums') . '</a>')
));
@@ -218,6 +223,7 @@ function profile_photo_content(&$a) {
'$image_url' => $a->get_baseurl() . '/photo/' . $filename,
'$title' => t('Crop Image'),
'$desc' => t('Please adjust the image cropping for optimum viewing.'),
+ '$form_security_token' => get_form_security_token("profile_photo"),
'$done' => t('Done Editing')
));
return $o;
diff --git a/mod/profiles.php b/mod/profiles.php
index ccd7d5474..7b3b6ccc1 100755
--- a/mod/profiles.php
+++ b/mod/profiles.php
@@ -21,6 +21,9 @@ function profiles_post(&$a) {
notice( t('Profile not found.') . EOL);
return;
}
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
+
$is_default = (($orig[0]['is-default']) ? 1 : 0);
$profile_name = notags(trim($_POST['profile_name']));
@@ -237,9 +240,11 @@ function profiles_content(&$a) {
);
if(! count($r)) {
notice( t('Profile not found.') . EOL);
- goaway($a->get_baseurl() . '/profiles');
+ goaway($a->get_baseurl(true) . '/profiles');
return; // NOTREACHED
}
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't');
// move every contact using this profile as their default to the user default
@@ -255,7 +260,7 @@ function profiles_content(&$a) {
if($r)
info( t('Profile deleted.') . EOL);
- goaway($a->get_baseurl() . '/profiles');
+ goaway($a->get_baseurl(true) . '/profiles');
return; // NOTREACHED
}
@@ -264,6 +269,8 @@ function profiles_content(&$a) {
if(($a->argc > 1) && ($a->argv[1] === 'new')) {
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
intval(local_user()));
@@ -290,11 +297,14 @@ function profiles_content(&$a) {
info( t('New profile created.') . EOL);
if(count($r3) == 1)
- goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
- goaway($a->get_baseurl() . '/profiles');
- }
+ goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']);
+
+ goaway($a->get_baseurl(true) . '/profiles');
+ }
if(($a->argc > 2) && ($a->argv[1] === 'clone')) {
+
+ check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
intval(local_user()));
@@ -329,10 +339,12 @@ function profiles_content(&$a) {
);
info( t('New profile created.') . EOL);
if(count($r3) == 1)
- goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
- goaway($a->get_baseurl() . '/profiles');
- return; // NOTREACHED
- }
+ goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']);
+
+ goaway($a->get_baseurl(true) . '/profiles');
+
+ return; // NOTREACHED
+ }
if(($a->argc > 1) && (intval($a->argv[1]))) {
@@ -361,7 +373,7 @@ function profiles_content(&$a) {
));
- $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
+ $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true)));
$a->page['htmlhead'] .= "<script type=\"text/javascript\" src=\"js/country.js\" ></script>";
$f = get_config('system','birthday_input_format');
@@ -371,6 +383,9 @@ function profiles_content(&$a) {
$is_default = (($r[0]['is-default']) ? 1 : 0);
$tpl = get_markup_template("profile_edit.tpl");
$o .= replace_macros($tpl,array(
+ '$form_security_token' => get_form_security_token("profile_edit"),
+ '$profile_clone_link' => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"),
+ '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"),
'$banner' => t('Edit Profile Details'),
'$submit' => t('Submit'),
'$viewprof' => t('View this profile'),
@@ -410,7 +425,7 @@ function profiles_content(&$a) {
'$lbl_work' => t('Work/employment'),
'$lbl_school' => t('School/education'),
'$disabled' => (($is_default) ? 'onclick="return false;" style="color: #BBBBFF;"' : ''),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$profile_id' => $r[0]['id'],
'$profile_name' => $r[0]['profile-name'],
'$default' => (($is_default) ? '<p id="profile-edit-default-desc">' . t('This is your <strong>public</strong> profile.<br />It <strong>may</strong> be visible to anybody using the internet.') . '</p>' : ""),
@@ -460,7 +475,8 @@ function profiles_content(&$a) {
$o .= replace_macros($tpl_header,array(
'$header' => t('Edit/Manage Profiles'),
'$chg_photo' => t('Change profile photo'),
- '$cr_new' => t('Create New Profile')
+ '$cr_new' => t('Create New Profile'),
+ '$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new")
));
@@ -473,7 +489,7 @@ function profiles_content(&$a) {
'$alt' => t('Profile Image'),
'$profile_name' => $rr['profile-name'],
'$visible' => (($rr['is-default']) ? '<strong>' . t('visible to everybody') . '</strong>'
- : '<a href="' . $a->get_baseurl() . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>')
+ : '<a href="' . $a->get_baseurl(true) . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>')
));
}
}
diff --git a/mod/settings.php b/mod/settings.php
index 2ef582fdf..3a8ad29d2 100755
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -53,16 +53,20 @@ function settings_post(&$a) {
$old_page_flags = $a->user['page-flags'];
if(($a->argc > 1) && ($a->argv[1] === 'oauth') && x($_POST,'remove')){
+ check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
+
$key = $_POST['remove'];
q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
dbesc($key),
local_user());
- goaway($a->get_baseurl()."/settings/oauth/");
+ goaway($a->get_baseurl(true)."/settings/oauth/");
return;
}
if(($a->argc > 2) && ($a->argv[1] === 'oauth') && ($a->argv[2] === 'edit'||($a->argv[2] === 'add')) && x($_POST,'submit')) {
+ check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
+
$name = ((x($_POST,'name')) ? $_POST['name'] : '');
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
$secret = ((x($_POST,'secret')) ? $_POST['secret'] : '');
@@ -100,18 +104,23 @@ function settings_post(&$a) {
local_user());
}
}
- goaway($a->get_baseurl()."/settings/oauth/");
+ goaway($a->get_baseurl(true)."/settings/oauth/");
return;
}
if(($a->argc > 1) && ($a->argv[1] == 'addon')) {
+ check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon');
+
call_hooks('plugin_settings_post', $_POST);
return;
}
if(($a->argc > 1) && ($a->argv[1] == 'connectors')) {
-
- if(x($_POST['imap-submit'])) {
+
+ check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors');
+
+ if(x($_POST, 'imap-submit')) {
+
$mail_server = ((x($_POST,'mail_server')) ? $_POST['mail_server'] : '');
$mail_port = ((x($_POST,'mail_port')) ? $_POST['mail_port'] : '');
$mail_ssl = ((x($_POST,'mail_ssl')) ? strtolower(trim($_POST['mail_ssl'])) : '');
@@ -185,7 +194,8 @@ function settings_post(&$a) {
return;
}
-
+ check_form_security_token_redirectOnErr('/settings', 'settings');
+
call_hooks('settings_post', $_POST);
if((x($_POST,'npassword')) || (x($_POST,'confirm'))) {
@@ -401,7 +411,7 @@ function settings_post(&$a) {
}
- goaway($a->get_baseurl() . '/settings' );
+ goaway($a->get_baseurl(true) . '/settings' );
return; // NOTREACHED
}
@@ -425,27 +435,27 @@ function settings_content(&$a) {
$tabs = array(
array(
'label' => t('Account settings'),
- 'url' => $a->get_baseurl().'/settings',
+ 'url' => $a->get_baseurl(true).'/settings',
'sel' => (($a->argc == 1)?'active':''),
),
array(
'label' => t('Connector settings'),
- 'url' => $a->get_baseurl().'/settings/connectors',
+ 'url' => $a->get_baseurl(true).'/settings/connectors',
'sel' => (($a->argc > 1) && ($a->argv[1] === 'connectors')?'active':''),
),
array(
'label' => t('Plugin settings'),
- 'url' => $a->get_baseurl().'/settings/addon',
+ 'url' => $a->get_baseurl(true).'/settings/addon',
'sel' => (($a->argc > 1) && ($a->argv[1] === 'addon')?'active':''),
),
array(
'label' => t('Connections'),
- 'url' => $a->get_baseurl() . '/settings/oauth',
+ 'url' => $a->get_baseurl(true) . '/settings/oauth',
'sel' => (($a->argc > 1) && ($a->argv[1] === 'oauth')?'active':''),
),
array(
'label' => t('Export personal data'),
- 'url' => $a->get_baseurl() . '/uexport',
+ 'url' => $a->get_baseurl(true) . '/uexport',
'sel' => ''
)
);
@@ -460,6 +470,7 @@ function settings_content(&$a) {
if(($a->argc > 2) && ($a->argv[2] === 'add')) {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array(
+ '$form_security_token' => get_form_security_token("settings_oauth"),
'$tabs' => $tabs,
'$title' => t('Add application'),
'$submit' => t('Submit'),
@@ -486,6 +497,7 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array(
+ '$form_security_token' => get_form_security_token("settings_oauth"),
'$tabs' => $tabs,
'$title' => t('Add application'),
'$submit' => t('Update'),
@@ -500,10 +512,12 @@ function settings_content(&$a) {
}
if(($a->argc > 3) && ($a->argv[2] === 'delete')) {
+ check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
+
$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
dbesc($a->argv[3]),
local_user());
- goaway($a->get_baseurl()."/settings/oauth/");
+ goaway($a->get_baseurl(true)."/settings/oauth/");
return;
}
@@ -518,7 +532,8 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_oauth.tpl");
$o .= replace_macros($tpl, array(
- '$baseurl' => $a->get_baseurl(),
+ '$form_security_token' => get_form_security_token("settings_oauth"),
+ '$baseurl' => $a->get_baseurl(true),
'$title' => t('Connected Apps'),
'$add' => t('Add application'),
'$edit' => t('Edit'),
@@ -544,6 +559,7 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_addons.tpl");
$o .= replace_macros($tpl, array(
+ '$form_security_token' => get_form_security_token("settings_addon"),
'$title' => t('Plugin Settings'),
'$tabs' => $tabs,
'$settings_addons' => $settings_addons
@@ -586,28 +602,28 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_connectors.tpl");
$o .= replace_macros($tpl, array(
+ '$form_security_token' => get_form_security_token("settings_connectors"),
+
'$title' => t('Connector Settings'),
'$tabs' => $tabs,
- '$diasp_enabled' => $diasp_enabled,
- '$ostat_enabled' => $ostat_enabled,
-
- '$h_imap' => t('Email/Mailbox Setup'),
- '$imap_desc' => t("If you wish to communicate with email contacts using this service \x28optional\x29, please specify how to connect to your mailbox."),
- '$imap_lastcheck' => array('imap_lastcheck', t('Last successful email check:'), $mail_chk,''),
- '$mail_disabled' => (($mail_disabled) ? t('Email access is disabled on this site.') : ''),
- '$mail_server' => array('mail_server', t('IMAP server name:'), $mail_server, ''),
- '$mail_port' => array('mail_port', t('IMAP port:'), $mail_port, ''),
- '$mail_ssl' => array('mail_ssl', t('Security:'), strtoupper($mail_ssl), '', array( ''=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')),
- '$mail_user' => array('mail_user', t('Email login name:'), $mail_user, ''),
- '$mail_pass' => array('mail_pass', t('Email password:'), '', ''),
- '$mail_replyto' => array('mail_replyto', t('Reply-to address:'), '', 'Optional'),
- '$mail_pubmail' => array('mail_pubmail', t('Send public posts to all email contacts:'), $mail_pubmail, ''),
- '$mail_action' => array('mail_action', t('Action after import:'), $mail_action, '', array(0=>t('None'), 1=>t('Delete'), 2=>t('Mark as seen'), 3=>t('Move to folder'))),
- '$mail_movetofolder' => array('mail_movetofolder', t('Move to folder:'), $mail_movetofolder, ''),
- '$submit' => t('Submit'),
-
-
+ '$diasp_enabled' => $diasp_enabled,
+ '$ostat_enabled' => $ostat_enabled,
+
+ '$h_imap' => t('Email/Mailbox Setup'),
+ '$imap_desc' => t("If you wish to communicate with email contacts using this service \x28optional\x29, please specify how to connect to your mailbox."),
+ '$imap_lastcheck' => array('imap_lastcheck', t('Last successful email check:'), $mail_chk,''),
+ '$mail_disabled' => (($mail_disabled) ? t('Email access is disabled on this site.') : ''),
+ '$mail_server' => array('mail_server', t('IMAP server name:'), $mail_server, ''),
+ '$mail_port' => array('mail_port', t('IMAP port:'), $mail_port, ''),
+ '$mail_ssl' => array('mail_ssl', t('Security:'), strtoupper($mail_ssl), '', array( ''=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')),
+ '$mail_user' => array('mail_user', t('Email login name:'), $mail_user, ''),
+ '$mail_pass' => array('mail_pass', t('Email password:'), '', ''),
+ '$mail_replyto' => array('mail_replyto', t('Reply-to address:'), '', 'Optional'),
+ '$mail_pubmail' => array('mail_pubmail', t('Send public posts to all email contacts:'), $mail_pubmail, ''),
+ '$mail_action' => array('mail_action', t('Action after import:'), $mail_action, '', array(0=>t('None'), 1=>t('Delete'), 2=>t('Mark as seen'), 3=>t('Move to folder'))),
+ '$mail_movetofolder' => array('mail_movetofolder', t('Move to folder:'), $mail_movetofolder, ''),
+ '$submit' => t('Submit'),
'$settings_connectors' => $settings_connectors
));
@@ -636,20 +652,20 @@ function settings_content(&$a) {
$blocktags = $a->user['blocktags'];
$expire_items = get_pconfig(local_user(), 'expire','items');
- $expire_items = (($expire_items===false)?1:$expire_items); // default if not set: 1
+ $expire_items = (($expire_items===false)? '1' : $expire_items); // default if not set: 1
$expire_notes = get_pconfig(local_user(), 'expire','notes');
- $expire_notes = (($expire_notes===false)?1:$expire_notes); // default if not set: 1
+ $expire_notes = (($expire_notes===false)? '1' : $expire_notes); // default if not set: 1
$expire_starred = get_pconfig(local_user(), 'expire','starred');
- $expire_starred = (($expire_starred===false)?1:$expire_starred); // default if not set: 1
+ $expire_starred = (($expire_starred===false)? '1' : $expire_starred); // default if not set: 1
$expire_photos = get_pconfig(local_user(), 'expire','photos');
- $expire_photos = (($expire_photos===false)?0:$expire_photos); // default if not set: 0
+ $expire_photos = (($expire_photos===false)? '0' : $expire_photos); // default if not set: 0
$suggestme = get_pconfig(local_user(), 'system','suggestme');
- $suggestme = (($suggestme===false)?0:$suggestme); // default if not set: 0
+ $suggestme = (($suggestme===false)? '0': $suggestme); // default if not set: 0
$browser_update = intval(get_pconfig(local_user(), 'system','update_interval'));
$browser_update = (($browser_update == 0) ? 40 : $browser_update / 1000); // default if not set: 40 seconds
@@ -720,13 +736,13 @@ function settings_content(&$a) {
));
$blockwall = replace_macros($opt_tpl,array(
- '$field' => array('blockwall', t('Allow friends to post to your profile page?'), ! $a->user['blockwall'], '', array(t('No'),t('Yes'))),
+ '$field' => array('blockwall', t('Allow friends to post to your profile page?'), (intval($a->user['blockwall']) ? '0' : '1'), '', array(t('No'),t('Yes'))),
));
$blocktags = replace_macros($opt_tpl,array(
- '$field' => array('blocktags', t('Allow friends to tag your posts?'), ! $a->user['blocktags'], '', array(t('No'),t('Yes'))),
+ '$field' => array('blocktags', t('Allow friends to tag your posts?'), (intval($a->user['blocktags']) ? '0' : '1'), '', array(t('No'),t('Yes'))),
));
@@ -773,7 +789,7 @@ function settings_content(&$a) {
$theme_selected = (!x($_SESSION,'theme')? $default_theme : $_SESSION['theme']);
- $subdir = ((strlen($a->get_path())) ? '<br />' . t('or') . ' ' . $a->get_baseurl() . '/profile/' . $nickname : '');
+ $subdir = ((strlen($a->get_path())) ? '<br />' . t('or') . ' ' . $a->get_baseurl(true) . '/profile/' . $nickname : '');
$tpl_addr = get_markup_template("settings_nick_set.tpl");
@@ -803,8 +819,9 @@ function settings_content(&$a) {
'$ptitle' => t('Account Settings'),
'$submit' => t('Submit'),
- '$baseurl' => $a->get_baseurl(),
+ '$baseurl' => $a->get_baseurl(true),
'$uid' => local_user(),
+ '$form_security_token' => get_form_security_token("settings"),
'$nickname_block' => $prof_addr,
diff --git a/mod/share.php b/mod/share.php
index f6c025e3c..47bb851a4 100755
--- a/mod/share.php
+++ b/mod/share.php
@@ -17,7 +17,7 @@ function share_init(&$a) {
$o = '';
if(local_user() && intval(get_pconfig(local_user(),'system','plaintext'))) {
- $o .= '&#x2672; [url=' . $r[0]['author-link'] . ']' . $r[0]['author-name'] . '[/url]';
+ $o .= "\xE2\x99\xb2" . ' [url=' . $r[0]['author-link'] . ']' . $r[0]['author-name'] . '[/url]' . "\n";
if($r[0]['title'])
$o .= '[b]' . $r[0]['title'] . '[/b]' . "\n";
$o .= $r[0]['body'] . "\n";