diff options
Diffstat (limited to 'mod')
-rwxr-xr-x | mod/admin.php | 69 | ||||
-rwxr-xr-x | mod/contacts.php | 40 | ||||
-rw-r--r-- | mod/dfrn_confirm.php | 6 | ||||
-rwxr-xr-x | mod/dfrn_notify.php | 72 | ||||
-rwxr-xr-x | mod/dfrn_poll.php | 6 | ||||
-rwxr-xr-x | mod/dfrn_request.php | 29 | ||||
-rwxr-xr-x | mod/directory.php | 17 | ||||
-rwxr-xr-x | mod/display.php | 10 | ||||
-rwxr-xr-x | mod/filer.php | 23 | ||||
-rw-r--r-- | mod/filerm.php | 21 | ||||
-rwxr-xr-x | mod/group.php | 26 | ||||
-rwxr-xr-x | mod/item.php | 246 | ||||
-rwxr-xr-x | mod/manage.php | 2 | ||||
-rwxr-xr-x | mod/message.php | 26 | ||||
-rwxr-xr-x | mod/network.php | 37 | ||||
-rwxr-xr-x | mod/notifications.php | 44 | ||||
-rw-r--r-- | mod/notify.php | 4 | ||||
-rwxr-xr-x | mod/parse_url.php | 2 | ||||
-rwxr-xr-x | mod/photos.php | 11 | ||||
-rwxr-xr-x | mod/profile_photo.php | 18 | ||||
-rwxr-xr-x | mod/profiles.php | 42 | ||||
-rwxr-xr-x | mod/settings.php | 99 | ||||
-rwxr-xr-x | mod/share.php | 2 |
23 files changed, 543 insertions, 309 deletions
diff --git a/mod/admin.php b/mod/admin.php index 93714bb5f..a64b26903 100755 --- a/mod/admin.php +++ b/mod/admin.php @@ -37,7 +37,7 @@ function admin_post(&$a){ $func($a); } } - goaway($a->get_baseurl() . '/admin/plugins/' . $a->argv[2] ); + goaway($a->get_baseurl(true) . '/admin/plugins/' . $a->argv[2] ); return; // NOTREACHED break; case 'logs': @@ -49,7 +49,7 @@ function admin_post(&$a){ } } - goaway($a->get_baseurl() . '/admin' ); + goaway($a->get_baseurl(true) . '/admin' ); return; // NOTREACHED } @@ -68,11 +68,11 @@ function admin_content(&$a) { // array( url, name, extra css classes ) $aside = Array( - 'site' => Array($a->get_baseurl()."/admin/site/", t("Site") , "site"), - 'users' => Array($a->get_baseurl()."/admin/users/", t("Users") , "users"), - 'plugins'=> Array($a->get_baseurl()."/admin/plugins/", t("Plugins") , "plugins"), - 'themes' => Array($a->get_baseurl()."/admin/themes/", t("Themes") , "themes"), - 'update' => Array($a->get_baseurl()."/admin/update/", t("Update") , "update") + 'site' => Array($a->get_baseurl(true)."/admin/site/", t("Site") , "site"), + 'users' => Array($a->get_baseurl(true)."/admin/users/", t("Users") , "users"), + 'plugins'=> Array($a->get_baseurl(true)."/admin/plugins/", t("Plugins") , "plugins"), + 'themes' => Array($a->get_baseurl(true)."/admin/themes/", t("Themes") , "themes"), + 'update' => Array($a->get_baseurl(true)."/admin/update/", t("Update") , "update") ); /* get plugins admin page */ @@ -81,18 +81,18 @@ function admin_content(&$a) { $aside['plugins_admin']=Array(); foreach ($r as $h){ $plugin =$h['name']; - $aside['plugins_admin'][] = Array($a->get_baseurl()."/admin/plugins/".$plugin, $plugin, "plugin"); + $aside['plugins_admin'][] = Array($a->get_baseurl(true)."/admin/plugins/".$plugin, $plugin, "plugin"); // temp plugins with admin $a->plugins_admin[] = $plugin; } - $aside['logs'] = Array($a->get_baseurl()."/admin/logs/", t("Logs"), "logs"); + $aside['logs'] = Array($a->get_baseurl(true)."/admin/logs/", t("Logs"), "logs"); $t = get_markup_template("admin_aside.tpl"); $a->page['aside'] = replace_macros( $t, array( '$admin' => $aside, '$h_pending' => t('User registrations waiting for confirmation'), - '$admurl'=> $a->get_baseurl()."/admin/" + '$admurl'=> $a->get_baseurl(true)."/admin/" )); @@ -151,11 +151,7 @@ function admin_page_summary(&$a) { $r = q("SELECT COUNT(id) as `count` FROM `register`"); $pending = $r[0]['count']; - - - - - + $t = get_markup_template("admin_summary.tpl"); return replace_macros($t, array( '$title' => t('Administration'), @@ -210,7 +206,7 @@ function admin_page_site_post(&$a){ $dfrn_only = ((x($_POST,'dfrn_only')) ? True : False); $ostatus_disabled = !((x($_POST,'ostatus_disabled')) ? True : False); $diaspora_enabled = ((x($_POST,'diaspora_enabled')) ? True : False); - + $ssl_policy = ((x($_POST,'ssl_policy')) ? intval($_POST['ssl_policy']) : 0); set_config('config','sitename',$sitename); if ($banner==""){ @@ -222,6 +218,7 @@ function admin_page_site_post(&$a){ } else { set_config('system','banner', $banner); } + set_config('system','ssl_policy',$ssl_policy); set_config('system','language', $language); set_config('system','theme', $theme); set_config('system','maximagesize', $maximagesize); @@ -258,7 +255,7 @@ function admin_page_site_post(&$a){ set_config('system','diaspora_enabled', $diaspora_enabled); info( t('Site settings updated.') . EOL); - goaway($a->get_baseurl() . '/admin/site' ); + goaway($a->get_baseurl(true) . '/admin/site' ); return; // NOTREACHED } @@ -305,7 +302,13 @@ function admin_page_site(&$a) { REGISTER_APPROVE => t("Requires approval"), REGISTER_OPEN => t("Open") ); - + + $ssl_choices = array( + SSL_POLICY_NONE => t("No SSL policy, links will track page SSL state"), + SSL_POLICY_FULL => t("Force all links to use SSL"), + SSL_POLICY_SELFSIGN => t("Self-signed certificate, use SSL for local links only (discouraged)") + ); + $t = get_markup_template("admin_site.tpl"); return replace_macros($t, array( '$title' => t('Administration'), @@ -316,13 +319,13 @@ function admin_page_site(&$a) { '$corporate' => t('Policies'), '$advanced' => t('Advanced'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), // name, label, value, help string, extra data... '$sitename' => array('sitename', t("Site name"), htmlentities($a->config['sitename'], ENT_QUOTES), ""), '$banner' => array('banner', t("Banner/Logo"), $banner, ""), '$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices), '$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles"), $theme_choices), - + '$ssl_policy' => array('ssl_policy', t("SSL link policy"), (string) intval(get_config('system','ssl_policy')), t("Determines whether generated links should be forced to use SSL"), $ssl_choices), '$maximagesize' => array('maximagesize', t("Maximum image size"), get_config('system','maximagesize'), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")), '$register_policy' => array('register_policy', t("Register policy"), $a->config['register_policy'], "", $register_choices), @@ -389,7 +392,7 @@ function admin_page_users_post(&$a){ user_deny($hash); } } - goaway($a->get_baseurl() . '/admin/users' ); + goaway($a->get_baseurl(true) . '/admin/users' ); return; // NOTREACHED } @@ -399,7 +402,7 @@ function admin_page_users(&$a){ $user = q("SELECT * FROM `user` WHERE `uid`=%d", intval($uid)); if (count($user)==0){ notice( 'User not found' . EOL); - goaway($a->get_baseurl() . '/admin/users' ); + goaway($a->get_baseurl(true) . '/admin/users' ); return; // NOTREACHED } switch($a->argv[2]){ @@ -418,7 +421,7 @@ function admin_page_users(&$a){ notice( sprintf( ($user[0]['blocked']?t("User '%s' unblocked"):t("User '%s' blocked")) , $user[0]['username']) . EOL); }; break; } - goaway($a->get_baseurl() . '/admin/users' ); + goaway($a->get_baseurl(true) . '/admin/users' ); return; // NOTREACHED } @@ -497,7 +500,7 @@ function admin_page_users(&$a){ // values // - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$pending' => $pending, '$users' => $users, @@ -536,7 +539,7 @@ function admin_page_plugins(&$a){ info( sprintf( t("Plugin %s enabled."), $plugin ) ); } set_config("system","addon", implode(", ",$a->plugins)); - goaway($a->get_baseurl() . '/admin/plugins' ); + goaway($a->get_baseurl(true) . '/admin/plugins' ); return; // NOTREACHED } // display plugin details @@ -569,7 +572,7 @@ function admin_page_plugins(&$a){ '$page' => t('Plugins'), '$toggle' => t('Toggle'), '$settings' => t('Settings'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$plugin' => $plugin, '$status' => $status, @@ -607,7 +610,7 @@ function admin_page_plugins(&$a){ '$title' => t('Administration'), '$page' => t('Plugins'), '$submit' => t('Submit'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$function' => 'plugins', '$plugins' => $plugins )); @@ -713,7 +716,7 @@ function admin_page_themes(&$a){ info( sprintf('Theme %s disabled.',$theme)); set_config('system','allowed_themes',$s); - goaway($a->get_baseurl() . '/admin/themes' ); + goaway($a->get_baseurl(true) . '/admin/themes' ); return; // NOTREACHED } @@ -742,7 +745,7 @@ function admin_page_themes(&$a){ '$page' => t('Themes'), '$toggle' => t('Toggle'), '$settings' => t('Settings'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$plugin' => $theme, '$status' => $status, @@ -774,7 +777,7 @@ function admin_page_themes(&$a){ '$title' => t('Administration'), '$page' => t('Themes'), '$submit' => t('Submit'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$function' => 'themes', '$plugins' => $xthemes, '$experimental' => t('[Experimental]'), @@ -802,7 +805,7 @@ function admin_page_logs_post(&$a) { } info( t("Log settings updated.") ); - goaway($a->get_baseurl() . '/admin/logs' ); + goaway($a->get_baseurl(true) . '/admin/logs' ); return; // NOTREACHED } @@ -856,7 +859,7 @@ readable."); '$submit' => t('Submit'), '$clear' => t('Clear'), '$data' => $data, - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$logname' => get_config('system','logfile'), // name, label, value, help string, extra data... @@ -901,7 +904,7 @@ function admin_page_remoteupdate(&$a) { $tpl = get_markup_template("admin_remoteupdate.tpl"); return replace_macros($tpl, array( - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$submit' => t("Update now"), '$close' => t("Close"), '$localversion' => FRIENDICA_VERSION, diff --git a/mod/contacts.php b/mod/contacts.php index 001bf12af..78c8d4092 100755 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -61,7 +61,7 @@ function contacts_post(&$a) { if(! count($orig_record)) { notice( t('Could not access contact record.') . EOL); - goaway($a->get_baseurl() . '/contacts'); + goaway($a->get_baseurl(true) . '/contacts'); return; // NOTREACHED } @@ -141,7 +141,7 @@ function contacts_content(&$a) { if(! count($orig_record)) { notice( t('Could not access contact record.') . EOL); - goaway($a->get_baseurl() . '/contacts'); + goaway($a->get_baseurl(true) . '/contacts'); return; // NOTREACHED } @@ -149,7 +149,7 @@ function contacts_content(&$a) { // pull feed and consume it, which should subscribe to the hub. proc_run('php',"include/poller.php","$contact_id"); - goaway($a->get_baseurl() . '/contacts/' . $contact_id); + goaway($a->get_baseurl(true) . '/contacts/' . $contact_id); // NOTREACHED } @@ -164,7 +164,7 @@ function contacts_content(&$a) { //notice( t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL ); info( (($blocked) ? t('Contact has been blocked') : t('Contact has been unblocked')) . EOL ); } - goaway($a->get_baseurl() . '/contacts/' . $contact_id); + goaway($a->get_baseurl(true) . '/contacts/' . $contact_id); return; // NOTREACHED } @@ -178,7 +178,7 @@ function contacts_content(&$a) { if($r) { info( (($readonly) ? t('Contact has been ignored') : t('Contact has been unignored')) . EOL ); } - goaway($a->get_baseurl() . '/contacts/' . $contact_id); + goaway($a->get_baseurl(true) . '/contacts/' . $contact_id); return; // NOTREACHED } @@ -220,9 +220,9 @@ function contacts_content(&$a) { contact_remove($orig_record[0]['id']); info( t('Contact has been removed.') . EOL ); if(x($_SESSION,'return_url')) - goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); + goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']); else - goaway($a->get_baseurl() . '/contacts'); + goaway($a->get_baseurl(true) . '/contacts'); return; // NOTREACHED } } @@ -233,7 +233,7 @@ function contacts_content(&$a) { $contact = $a->data['contact']; $tpl = get_markup_template('contact_head.tpl'); - $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl())); + $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true))); require_once('include/contact_selectors.php'); @@ -295,17 +295,17 @@ function contacts_content(&$a) { $tabs = array( array( 'label' => (($contact['blocked']) ? t('Unblock') : t('Block') ), - 'url' => $a->get_baseurl() . '/contacts/' . $contact_id . '/block', + 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/block', 'sel' => '', ), array( 'label' => (($contact['readonly']) ? t('Unignore') : t('Ignore') ), - 'url' => $a->get_baseurl() . '/contacts/' . $contact_id . '/ignore', + 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/ignore', 'sel' => '', ), array( 'label' => t('Repair'), - 'url' => $a->get_baseurl() . '/crepair/' . $contact_id, + 'url' => $a->get_baseurl(true) . '/crepair/' . $contact_id, 'sel' => '', ) ); @@ -322,7 +322,7 @@ function contacts_content(&$a) { '$lbl_info1' => t('Contact Information / Notes'), '$infedit' => t('Edit contact notes'), '$common_text' => $common_text, - '$common_link' => $a->get_baseurl() . '/common/' . $contact['id'], + '$common_link' => $a->get_baseurl(true) . '/common/' . $contact['id'], '$all_friends' => $all_friends, '$relation_text' => $relation_text, '$visit' => sprintf( t('Visit %s\'s profile [%s]'),$contact['name'],$contact['url']), @@ -397,30 +397,30 @@ function contacts_content(&$a) { $tabs = array( array( 'label' => t('All Contacts'), - 'url' => $a->get_baseurl() . '/contacts/all', + 'url' => $a->get_baseurl(true) . '/contacts/all', 'sel' => ($all) ? 'active' : '', ), array( 'label' => t('Unblocked Contacts'), - 'url' => $a->get_baseurl() . '/contacts', + 'url' => $a->get_baseurl(true) . '/contacts', 'sel' => ((! $all) && (! $blocked) && (! $hidden) && (! $search) && (! $nets) && (! $ignored)) ? 'active' : '', ), array( 'label' => t('Blocked Contacts'), - 'url' => $a->get_baseurl() . '/contacts/blocked', + 'url' => $a->get_baseurl(true) . '/contacts/blocked', 'sel' => ($blocked) ? 'active' : '', ), array( 'label' => t('Ignored Contacts'), - 'url' => $a->get_baseurl() . '/contacts/ignored', + 'url' => $a->get_baseurl(true) . '/contacts/ignored', 'sel' => ($ignored) ? 'active' : '', ), array( 'label' => t('Hidden Contacts'), - 'url' => $a->get_baseurl() . '/contacts/hidden', + 'url' => $a->get_baseurl(true) . '/contacts/hidden', 'sel' => ($hidden) ? 'active' : '', ), @@ -445,7 +445,7 @@ function contacts_content(&$a) { $r = q("SELECT COUNT(*) AS `total` FROM `contact` - WHERE `uid` = %d AND `pending` = 0 $sql_extra $sql_extra2 ", + WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ", intval($_SESSION['uid'])); if(count($r)) { $a->set_pager_total($r[0]['total']); @@ -454,7 +454,7 @@ function contacts_content(&$a) { - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `pending` = 0 $sql_extra $sql_extra2 ORDER BY `name` ASC LIMIT %d , %d ", + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ORDER BY `name` ASC LIMIT %d , %d ", intval($_SESSION['uid']), intval($a->pager['start']), intval($a->pager['itemspage']) @@ -465,8 +465,6 @@ function contacts_content(&$a) { if(count($r)) { foreach($r as $rr) { - if($rr['self']) - continue; switch($rr['rel']) { case CONTACT_IS_FRIEND: diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 0bc3ea7df..2f4fb7045 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -207,6 +207,9 @@ function dfrn_confirm_post(&$a,$handsfree = null) { if($duplex == 1) $params['duplex'] = 1; + if($user['page-flags'] == PAGE_COMMUNITY) + $params['page'] = 1; + logger('dfrn_confirm: Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA); /** @@ -522,6 +525,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { $source_url = ((x($_POST,'source_url')) ? hex2bin($_POST['source_url']) : ''); $aes_key = ((x($_POST,'aes_key')) ? $_POST['aes_key'] : ''); $duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 ); + $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0 ); $version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); logger('dfrn_confirm: requestee contacted: ' . $node); @@ -677,6 +681,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { `blocked` = 0, `pending` = 0, `duplex` = %d, + `forum` = %d, `network` = '%s' WHERE `id` = %d LIMIT 1 ", dbesc($photos[0]), @@ -687,6 +692,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { dbesc(datetime_convert()), dbesc(datetime_convert()), intval($duplex), + intval($page), dbesc(NETWORK_DFRN), intval($dfrn_record) ); diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 0c0c27e3d..71860ac3b 100755 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -14,6 +14,8 @@ function dfrn_notify_post(&$a) { $key = ((x($_POST,'key')) ? $_POST['key'] : ''); $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0); $perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r'); + $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none'); + $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0); $writable = (-1); if($dfrn_version >= 2.21) { @@ -86,14 +88,76 @@ function dfrn_notify_post(&$a) { $importer = $r[0]; - if(($writable != (-1)) && ($writable != $importer['writable'])) { - q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1", - intval($writable), + if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $page)) { + q("UPDATE `contact` SET `writable` = %d, forum = %d WHERE `id` = %d LIMIT 1", + intval(($writable == (-1)) ? $importer['writable'] : $writable), + intval($page), intval($importer['id']) ); - $importer['writable'] = $writable; + if($writable != (-1)) + $importer['writable'] = $writable; + $importer['forum'] = $page; } + // if contact's ssl policy changed, update our links + + $ssl_changed = false; + + if($ssl_policy == 'self' && strstr($importer['url'],'https:')) { + $ssl_changed = true; + $importer['url'] = str_replace('https:','http:',$importer['url']); + $importer['nurl'] = normalise_link($importer['url']); + $importer['photo'] = str_replace('https:','http:',$importer['photo']); + $importer['thumb'] = str_replace('https:','http:',$importer['thumb']); + $importer['micro'] = str_replace('https:','http:',$importer['micro']); + $importer['request'] = str_replace('https:','http:',$importer['request']); + $importer['notify'] = str_replace('https:','http:',$importer['notify']); + $importer['poll'] = str_replace('https:','http:',$importer['poll']); + $importer['confirm'] = str_replace('https:','http:',$importer['confirm']); + $importer['poco'] = str_replace('https:','http:',$importer['poco']); + } + + if($ssl_policy == 'full' && strstr($importer['url'],'http:')) { + $ssl_changed = true; + $importer['url'] = str_replace('http:','https:',$importer['url']); + $importer['nurl'] = normalise_link($importer['url']); + $importer['photo'] = str_replace('http:','https:',$importer['photo']); + $importer['thumb'] = str_replace('http:','https:',$importer['thumb']); + $importer['micro'] = str_replace('http:','https:',$importer['micro']); + $importer['request'] = str_replace('http:','https:',$importer['request']); + $importer['notify'] = str_replace('http:','https:',$importer['notify']); + $importer['poll'] = str_replace('http:','https:',$importer['poll']); + $importer['confirm'] = str_replace('http:','https:',$importer['confirm']); + $importer['poco'] = str_replace('http:','https:',$importer['poco']); + } + + if($ssl_changed) { + q("update contact set + url = '%s', + nurl = '%s', + photo = '%s', + thumb = '%s', + micro = '%s', + request = '%s', + notify = '%s', + poll = '%s', + confirm = '%s', + poco = '%s' + where id = %d limit 1", + dbesc($importer['url']), + dbesc($importer['nurl']), + dbesc($importer['photo']), + dbesc($importer['thumb']), + dbesc($importer['micro']), + dbesc($importer['request']), + dbesc($importer['notify']), + dbesc($importer['poll']), + dbesc($importer['confirm']), + dbesc($importer['poco']), + intval($importer['id']) + ); + } + logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']); logger('dfrn_notify: data: ' . $data, LOGGER_DATA); diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index b12e07132..fe5cd4906 100755 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -199,7 +199,7 @@ function dfrn_poll_post(&$a) { $ptype = ((x($_POST,'type')) ? $_POST['type'] : ''); $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); $perm = ((x($_POST,'perm')) ? $_POST['perm'] : 'r'); - + if($ptype === 'profile-check') { if((strlen($challenge)) && (strlen($sec))) { @@ -358,8 +358,8 @@ function dfrn_poll_post(&$a) { intval($contact_id) ); } - } - + } + header("Content-type: application/atom+xml"); $o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction); echo $o; diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index bc159137d..c2d37dac7 100755 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -43,7 +43,7 @@ function dfrn_request_post(&$a) { return; - if($_POST['cancel']) { + if(x($_POST, 'cancel')) { goaway(z_root()); } @@ -77,9 +77,10 @@ function dfrn_request_post(&$a) { * Lookup the contact based on their URL (which is the only unique thing we have at the moment) */ - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1", intval(local_user()), - dbesc($dfrn_url) + dbesc($dfrn_url), + dbesc(normalise_link($dfrn_url)) ); if(count($r)) { @@ -666,7 +667,25 @@ function dfrn_request_content(&$a) { $page_desc = sprintf( t('Diaspora members: Please do not use this form. Instead, enter "%s" into your Diaspora search bar.'), $target_addr) . EOL . EOL; - $page_desc .= t("Please enter your 'Identity Address' from one of the following supported social networks:"); + $page_desc .= t("Please enter your 'Identity Address' from one of the following supported communications networks:"); + + // see if we are allowed to have NETWORK_MAIL2 contacts + + $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1); + if(get_config('system','dfrn_only')) + $mail_disabled = 1; + + if(! $mail_disabled) { + $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", + intval($a->profile['uid']) + ); + if(! count($r)) + $mail_disabled = 1; + } + + $emailnet = (($mail_disabled) ? '' : t("<strike>Connect as an email follower</strike> \x28Coming soon\x29")); + + $invite_desc = t('If you are not yet a member of the free social web, <a href="http://dir.friendica.com/siteinfo">follow this link to find a public Friendica site and join us today</a>.'); $o .= replace_macros($tpl,array( '$header' => t('Friend/Connection Request'), @@ -682,6 +701,8 @@ function dfrn_request_content(&$a) { '$diaspora' => t('Diaspora'), '$diasnote' => t('- please share from your own site as noted above'), '$your_address' => t('Your Identity Address:'), + '$invite_desc' => $invite_desc, + '$emailnet' => $emailnet, '$submit' => t('Submit Request'), '$cancel' => t('Cancel'), '$nickname' => $a->argv[1], diff --git a/mod/directory.php b/mod/directory.php index 962188945..7f18bd026 100755 --- a/mod/directory.php +++ b/mod/directory.php @@ -25,10 +25,6 @@ function directory_post(&$a) { function directory_content(&$a) { - $everything = (($a->argc > 1 && $a->argv[1] === 'all' && is_site_admin()) ? true : false); - if(x($_SESSION,'submanage') && intval($_SESSION['submanage'])) - $everything = false; - if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) { notice( t('Public access denied.') . EOL); return; @@ -52,12 +48,6 @@ function directory_content(&$a) { } $admin = ''; - if(is_site_admin()) { - if($everything) - $admin = '<ul><li><div id="directory-admin-link"><a href="' . $a->get_baseurl() . '/directory' . '">' . t('Normal site view') . '</a></div></li></ul>'; - else - $admin = '<ul><li><div id="directory-admin-link"><a href="' . $a->get_baseurl() . '/directory/all' . '">' . t('Admin - View all site entries') . '</a></div></li></ul>'; - } $o .= replace_macros($tpl, array( '$search' => $search, @@ -73,17 +63,14 @@ function directory_content(&$a) { $search = dbesc($search); $sql_extra = ((strlen($search)) ? " AND MATCH (`profile`.`name`, `user`.`nickname`, `pdesc`, `locality`,`region`,`country-name`,`gender`,`marital`,`sexual`,`about`,`romance`,`work`,`education`,`pub_keywords`,`prv_keywords` ) AGAINST ('$search' IN BOOLEAN MODE) " : ""); - $publish = ((get_config('system','publish_all') || $everything) ? '' : " AND `publish` = 1 " ); + $publish = ((get_config('system','publish_all')) ? '' : " AND `publish` = 1 " ); $r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra "); if(count($r)) $a->set_pager_total($r[0]['total']); - if($everything) - $order = " ORDER BY `register_date` DESC "; - else - $order = " ORDER BY `name` ASC "; + $order = " ORDER BY `name` ASC "; $r = q("SELECT `profile`.*, `profile`.`uid` AS `profile_uid`, `user`.`nickname`, `user`.`timezone` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is-default` = 1 $publish AND `user`.`blocked` = 0 $sql_extra $order LIMIT %d , %d ", diff --git a/mod/display.php b/mod/display.php index f428149e8..81ed174ac 100755 --- a/mod/display.php +++ b/mod/display.php @@ -16,7 +16,15 @@ function display_content(&$a) { $o = '<div id="live-display"></div>' . "\r\n"; - $a->page['htmlhead'] .= '<script>$(document).ready(function() { $(".comment-edit-wrapper textarea").contact_autocomplete(baseurl+"/acl"); });</script>'; + $a->page['htmlhead'] .= <<<EOT +<script> +$(document).ready(function() { + $(".comment-edit-wrapper textarea").contact_autocomplete(baseurl+"/acl"); + // make auto-complete work in more places + $(".wall-item-comment-wrapper textarea").contact_autocomplete(baseurl+"/acl"); +}); +</script> +EOT; $nick = (($a->argc > 1) ? $a->argv[1] : ''); diff --git a/mod/filer.php b/mod/filer.php new file mode 100755 index 000000000..a9e213536 --- /dev/null +++ b/mod/filer.php @@ -0,0 +1,23 @@ +<?php + +require_once('include/security.php'); +require_once('include/bbcode.php'); +require_once('include/items.php'); + + +function filer_content(&$a) { + + if(! local_user()) { + killme(); + } + + $term = notags(trim($_GET['term'])); + $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0); + + logger('filer: tag ' . $term . ' item ' . $item_id); + + if($item_id && strlen($term)) + file_tag_save_file(local_user(),$item_id,$term); + + killme(); +} diff --git a/mod/filerm.php b/mod/filerm.php new file mode 100644 index 000000000..66b684dc9 --- /dev/null +++ b/mod/filerm.php @@ -0,0 +1,21 @@ +<?php + +function filerm_content(&$a) { + + if(! local_user()) { + killme(); + } + + $term = notags(trim($_GET['term'])); + $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0); + + logger('filerm: tag ' . $term . ' item ' . $item_id); + + if($item_id && strlen($term)) + file_tag_unsave_file(local_user(),$item_id,$term); + + if(x($_SESSION,'return_url')) + goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); + + killme(); +} diff --git a/mod/group.php b/mod/group.php index 13401ef0d..a282dbccf 100755 --- a/mod/group.php +++ b/mod/group.php @@ -21,6 +21,8 @@ function group_post(&$a) { } if(($a->argc == 2) && ($a->argv[1] === 'new')) { + check_form_security_token_redirectOnErr('/group/new', 'group_edit'); + $name = notags(trim($_POST['groupname'])); $r = group_add(local_user(),$name); if($r) { @@ -35,6 +37,8 @@ function group_post(&$a) { return; // NOTREACHED } if(($a->argc == 2) && (intval($a->argv[1]))) { + check_form_security_token_redirectOnErr('/group', 'group_edit'); + $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval(local_user()) @@ -62,7 +66,8 @@ function group_post(&$a) { } function group_content(&$a) { - + $change = false; + if(! local_user()) { notice( t('Permission denied') . EOL); return; @@ -83,14 +88,17 @@ function group_content(&$a) { return replace_macros($tpl, $context + array( '$title' => t('Create a group of contacts/friends.'), - '$gname' => array('groupname',t('Group Name: '),$group['name'], ''), + '$gname' => array('groupname',t('Group Name: '), '', ''), '$gid' => 'new', + '$form_security_token' => get_form_security_token("group_edit"), )); } if(($a->argc == 3) && ($a->argv[1] === 'drop')) { + check_form_security_token_redirectOnErr('/group', 'group_drop', 't'); + if(intval($a->argv[2])) { $r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[2]), @@ -108,6 +116,8 @@ function group_content(&$a) { } if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) { + check_form_security_token_ForbiddenOnErr('group_member_change', 't'); + $r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1", intval($a->argv[2]), intval(local_user()) @@ -155,7 +165,8 @@ function group_content(&$a) { $drop_tpl = get_markup_template('group_drop.tpl'); $drop_txt = replace_macros($drop_tpl, array( '$id' => $group['id'], - '$delete' => t('Delete') + '$delete' => t('Delete'), + '$form_security_token' => get_form_security_token("group_drop"), )); $celeb = ((($a->user['page-flags'] == PAGE_SOAPBOX) || ($a->user['page-flags'] == PAGE_COMMUNITY)) ? true : false); @@ -166,6 +177,7 @@ function group_content(&$a) { '$gname' => array('groupname',t('Group Name: '),$group['name'], ''), '$gid' => $group['id'], '$drop' => $drop_txt, + '$form_security_token' => get_form_security_token('group_edit'), ); } @@ -177,14 +189,14 @@ function group_content(&$a) { 'label_members' => t('Members'), 'members' => array(), 'label_contacts' => t('All Contacts'), - 'contacts' => arraY(), + 'contacts' => array(), ); - + $sec_token = addslashes(get_form_security_token('group_member_change')); $textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false); foreach($members as $member) { if($member['url']) { - $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;'; + $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;'; $groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode); } else @@ -199,7 +211,7 @@ function group_content(&$a) { $textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false); foreach($r as $member) { if(! in_array($member['id'],$preselected)) { - $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . '); return true;'; + $member['click'] = 'groupChangeMember(' . $group['id'] . ',' . $member['id'] . ',\'' . $sec_token . '\'); return true;'; $groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode); } } diff --git a/mod/item.php b/mod/item.php index 81d7c753b..fe570075f 100755 --- a/mod/item.php +++ b/mod/item.php @@ -425,110 +425,7 @@ function item_post(&$a) { if(count($tags)) { foreach($tags as $tag) { - - if(isset($profile)) - unset($profile); - if(strpos($tag,'#') === 0) { - if(strpos($tag,'[url=')) - continue; - $basetag = str_replace('_',' ',substr($tag,1)); - $body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body); - - $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; - if(! stristr($str_tags,$newtag)) { - if(strlen($str_tags)) - $str_tags .= ','; - $str_tags .= $newtag; - } - continue; - } - if(strpos($tag,'@') === 0) { - if(strpos($tag,'[url=')) - continue; - $stat = false; - $name = substr($tag,1); - if((strpos($name,'@')) || (strpos($name,'http://'))) { - $newname = $name; - $links = @lrdd($name); - if(count($links)) { - foreach($links as $link) { - if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') - $profile = $link['@attributes']['href']; - if($link['@attributes']['rel'] === 'salmon') { - if(strlen($inform)) - $inform .= ','; - $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']); - } - } - } - } - else { - $newname = $name; - $alias = ''; - $tagcid = 0; - if(strrpos($newname,'+')) { - $tagcid = intval(substr($newname,strrpos($newname,'+') + 1)); - if(strpos($name,' ')) - $name = substr($name,0,strpos($name,' ')); - } - if($tagcid) { - $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($tagcid), - intval($profile_uid) - ); - } - elseif(strstr($name,'_') || strstr($name,' ')) { - $newname = str_replace('_',' ',$name); - $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", - dbesc($newname), - intval($profile_uid) - ); - } - else { - $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", - dbesc($name), - dbesc($name), - intval($profile_uid) - ); - } - if(count($r)) { - $profile = $r[0]['url']; - if($r[0]['network'] === 'stat') { - $newname = $r[0]['nick']; - $stat = true; - if($r[0]['alias']) - $alias = $r[0]['alias']; - } - else - $newname = $r[0]['name']; - if(strlen($inform)) - $inform .= ','; - $inform .= 'cid:' . $r[0]['id']; - } - } - if($profile) { - $body = str_replace('@' . $name, '@' . '[url=' . $profile . ']' . $newname . '[/url]', $body); - $profile = str_replace(',','%2c',$profile); - $newtag = '@[url=' . $profile . ']' . $newname . '[/url]'; - if(! stristr($str_tags,$newtag)) { - if(strlen($str_tags)) - $str_tags .= ','; - $str_tags .= $newtag; - } - - // Status.Net seems to require the numeric ID URL in a mention if the person isn't - // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both. - - if(strlen($alias)) { - $newtag = '@[url=' . $alias . ']' . $newname . '[/url]'; - if(! stristr($str_tags,$newtag)) { - if(strlen($str_tags)) - $str_tags .= ','; - $str_tags .= $newtag; - } - } - } - } + handle_tag($a, $body, $inform, $str_tags, $profile_uid, $tag); } } @@ -627,7 +524,7 @@ function item_post(&$a) { if($preview) { require_once('include/conversation.php'); - $o = conversation(&$a,array(array_merge($contact_record,$datarray)),'search',false,true); + $o = conversation($a,array(array_merge($contact_record,$datarray)),'search',false,true); logger('preview: ' . $o); echo json_encode(array('preview' => $o)); killme(); @@ -922,3 +819,142 @@ function item_content(&$a) { drop_item($a->argv[2]); } } + +/** + * This function removes the tag $tag from the text $body and replaces it with + * the appropiate link. + * + * @param unknown_type $body the text to replace the tag in + * @param unknown_type $inform a comma-seperated string containing everybody to inform + * @param unknown_type $str_tags string to add the tag to + * @param unknown_type $profile_uid + * @param unknown_type $tag the tag to replace + */ +function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { + //is it a hash tag? + if(strpos($tag,'#') === 0) { + //if the tag is replaced... + if(strpos($tag,'[url=')) + //...do nothing + return; + //base tag has the tags name only + $basetag = str_replace('_',' ',substr($tag,1)); + //create text for link + $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; + //replace tag by the link + $body = str_replace($tag, $newtag, $body); + + //is the link already in str_tags? + if(! stristr($str_tags,$newtag)) { + //append or set str_tags + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; + } + return; + } + //is it a person tag? + if(strpos($tag,'@') === 0) { + //is it already replaced? + if(strpos($tag,'[url=')) + return; + $stat = false; + //get the person's name + $name = substr($tag,1); + //is it a link or a full dfrn address? + if((strpos($name,'@')) || (strpos($name,'http://'))) { + $newname = $name; + //get the profile links + $links = @lrdd($name); + if(count($links)) { + //for all links, collect how is to inform and how's profile is to link + foreach($links as $link) { + if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') + $profile = $link['@attributes']['href']; + if($link['@attributes']['rel'] === 'salmon') { + if(strlen($inform)) + $inform .= ','; + $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']); + } + } + } + } else { //if it is a name rather than an address + $newname = $name; + $alias = ''; + $tagcid = 0; + //is it some generated name? + if(strrpos($newname,'+')) { + //get the id + $tagcid = intval(substr($newname,strrpos($newname,'+') + 1)); + //remove the next word from tag's name + if(strpos($name,' ')) { + $name = substr($name,0,strpos($name,' ')); + } + } + if($tagcid) { //if there was an id + //select contact with that id from the logged in user's contact list + $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($tagcid), + intval($profile_uid) + ); + } elseif(strstr($name,'_') || strstr($name,' ')) { //no id + //get the real name + $newname = str_replace('_',' ',$name); + //select someone from this user's contacts by name + $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", + dbesc($newname), + intval($profile_uid) + ); + } else { + //select someone by attag or nick and the name passed in + $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", + dbesc($name), + dbesc($name), + intval($profile_uid) + ); + } + //$r is set, if someone could be selected + if(count($r)) { + $profile = $r[0]['url']; + //set newname to nick, find alias + if($r[0]['network'] === 'stat') { + $newname = $r[0]['nick']; + $stat = true; + if($r[0]['alias']) + $alias = $r[0]['alias']; + } + else + $newname = $r[0]['name']; + //add person's id to $inform + if(strlen($inform)) + $inform .= ','; + $inform .= 'cid:' . $r[0]['id']; + } + } + //if there is an url for this persons profile + if(isset($profile)) { + //create profile link + $profile = str_replace(',','%2c',$profile); + $newtag = '@[url=' . $profile . ']' . $newname . '[/url]'; + $body = str_replace('@' . $name, $newtag, $body); + //append tag to str_tags + if(! stristr($str_tags,$newtag)) { + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; + } + + // Status.Net seems to require the numeric ID URL in a mention if the person isn't + // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both. + + if(strlen($alias)) { + $newtag = '@[url=' . $alias . ']' . $newname . '[/url]'; + if(! stristr($str_tags,$newtag)) { + if(strlen($str_tags)) + $str_tags .= ','; + $str_tags .= $newtag; + } + } + } + } +} diff --git a/mod/manage.php b/mod/manage.php index ec4dcd8a0..84dfa6917 100755 --- a/mod/manage.php +++ b/mod/manage.php @@ -74,7 +74,7 @@ function manage_post(&$a) { if($limited_id) $_SESSION['submanage'] = $original_id; - goaway($a->get_baseurl() . '/profile/' . $a->user['nickname']); + goaway($a->get_baseurl(true) . '/profile/' . $a->user['nickname']); // NOTREACHED } diff --git a/mod/message.php b/mod/message.php index 57d45ee3c..0907abd77 100755 --- a/mod/message.php +++ b/mod/message.php @@ -56,23 +56,23 @@ function message_content(&$a) { return; } - $myprofile = $a->get_baseurl() . '/profile/' . $a->user['nickname']; + $myprofile = $a->get_baseurl(true) . '/profile/' . $a->user['nickname']; $tabs = array( array( 'label' => t('Inbox'), - 'url'=> $a->get_baseurl() . '/message', + 'url'=> $a->get_baseurl(true) . '/message', 'sel'=> (($a->argc == 1) ? 'active' : ''), ), array( 'label' => t('Outbox'), - 'url' => $a->get_baseurl() . '/message/sent', + 'url' => $a->get_baseurl(true) . '/message/sent', 'sel'=> (($a->argv[1] == 'sent') ? 'active' : ''), ), array( 'label' => t('New Message'), - 'url' => $a->get_baseurl() . '/message/new', + 'url' => $a->get_baseurl(true) . '/message/new', 'sel'=> (($a->argv[1] == 'new') ? 'active' : ''), ), ); @@ -99,7 +99,7 @@ function message_content(&$a) { if($r) { info( t('Message deleted.') . EOL ); } - goaway($a->get_baseurl() . '/message' ); + goaway($a->get_baseurl(true) . '/message' ); } else { $r = q("SELECT `parent-uri`,`convid` FROM `mail` WHERE `id` = %d AND `uid` = %d LIMIT 1", @@ -129,7 +129,7 @@ function message_content(&$a) { if($r) info( t('Conversation removed.') . EOL ); } - goaway($a->get_baseurl() . '/message' ); + goaway($a->get_baseurl(true) . '/message' ); } } @@ -146,7 +146,7 @@ function message_content(&$a) { $tpl = get_markup_template('msg-header.tpl'); $a->page['htmlhead'] .= replace_macros($tpl, array( - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'), '$nickname' => $a->user['nickname'], '$linkurl' => t('Please enter a link URL:') @@ -154,7 +154,7 @@ function message_content(&$a) { $preselect = (isset($a->argv[2])?array($a->argv[2]):false); - $select = contact_select('messageto','message-to-select', $preselect, 4, true); + $select = contact_select('messageto','message-to-select', $preselect, 4, true, false, false, 10); $tpl = get_markup_template('prv_message.tpl'); $o .= replace_macros($tpl,array( '$header' => t('Send Private Message'), @@ -192,9 +192,9 @@ function message_content(&$a) { $a->set_pager_total($r[0]['total']); $r = q("SELECT max(`mail`.`created`) AS `mailcreated`, min(`mail`.`seen`) AS `mailseen`, - `mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb` + `mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb` , `contact`.`network` FROM `mail` LEFT JOIN `contact` ON `mail`.`contact-id` = `contact`.`id` - WHERE `mail`.`uid` = %d AND `from-url` $eq '%s' GROUP BY `parent-uri` ORDER BY `created` DESC LIMIT %d , %d ", + WHERE `mail`.`uid` = %d AND `from-url` $eq '%s' GROUP BY `parent-uri` ORDER BY `mailcreated` DESC LIMIT %d , %d ", intval(local_user()), dbesc($myprofile), intval($a->pager['start']), @@ -210,7 +210,7 @@ function message_content(&$a) { $o .= replace_macros($tpl, array( '$id' => $rr['id'], '$from_name' =>$rr['from-name'], - '$from_url' => (($rr['network'] === NETWORK_DFRN) ? $a->get_baseurl() . '/redir/' . $rr['contact-id'] : $rr['url']), + '$from_url' => (($rr['network'] === NETWORK_DFRN) ? $a->get_baseurl(true) . '/redir/' . $rr['contact-id'] : $rr['url']), '$sparkle' => ' sparkle', '$from_photo' => $rr['thumb'], '$subject' => template_escape((($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>')), @@ -267,7 +267,7 @@ function message_content(&$a) { $a->page['htmlhead'] .= replace_macros($tpl, array( '$nickname' => $a->user['nickname'], - '$baseurl' => $a->get_baseurl() + '$baseurl' => $a->get_baseurl(true) )); @@ -278,7 +278,7 @@ function message_content(&$a) { $sparkle = ''; } else { - $from_url = $a->get_baseurl() . '/redir/' . $message['contact-id']; + $from_url = $a->get_baseurl(true) . '/redir/' . $message['contact-id']; $sparkle = ' sparkle'; } $o .= replace_macros($tpl, array( diff --git a/mod/network.php b/mod/network.php index 861b5ab73..9ec8c23b5 100755 --- a/mod/network.php +++ b/mod/network.php @@ -44,13 +44,16 @@ function network_init(&$a) { } $a->page['aside'] .= group_side('network','network',true,$group_id); - $a->page['aside'] .= networks_widget($a->get_baseurl() . '/network',(($_GET['nets']) ? $_GET['nets'] : '')); + $a->page['aside'] .= networks_widget($a->get_baseurl(true) . '/network',(x($_GET, 'nets') ? $_GET['nets'] : '')); $a->page['aside'] .= saved_searches($search); + $a->page['aside'] .= fileas_widget($a->get_baseurl(true) . '/network',(x($_GET, 'file') ? $_GET['file'] : '')); } function saved_searches($search) { + $a = get_app(); + $srchurl = '/network?f=' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : '') . ((x($_GET,'star')) ? '&star=' . $_GET['star'] : '') @@ -132,15 +135,15 @@ function network_content(&$a, $update = 0) { $starred_active = 'active'; } - if($_GET['bmark']) { + if(x($_GET,'bmark')) { $bookmarked_active = 'active'; } - if($_GET['conv']) { + if(x($_GET,'conv')) { $conv_active = 'active'; } - if($_GET['spam']) { + if(x($_GET,'spam')) { $spam_active = 'active'; } @@ -166,38 +169,38 @@ function network_content(&$a, $update = 0) { $tabs = array( array( 'label' => t('Commented Order'), - 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?f=&cid=' . $_GET['cid'] : ''), + 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '?f=&cid=' . $_GET['cid'] : ''), 'sel'=>$all_active, ), array( 'label' => t('Posted Order'), - 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), + 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . '?f=&order=post' . ((x($_GET,'cid')) ? '&cid=' . $_GET['cid'] : ''), 'sel'=>$postord_active, ), array( 'label' => t('Personal'), - 'url' => $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1', + 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&conv=1', 'sel' => $conv_active, ), array( 'label' => t('New'), - 'url' => $a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . '/new' . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : ''), + 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . '/new' . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : ''), 'sel' => $new_active, ), array( 'label' => t('Starred'), - 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1', + 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&star=1', 'sel'=>$starred_active, ), array( - 'label' => t('Bookmarks'), - 'url'=>$a->get_baseurl() . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&bmark=1', + 'label' => t('Shared Links'), + 'url'=>$a->get_baseurl(true) . '/' . str_replace('/new', '', $a->cmd) . ((x($_GET,'cid')) ? '/?f=&cid=' . $_GET['cid'] : '') . '&bmark=1', 'sel'=>$bookmarked_active, ), // array( // 'label' => t('Spam'), -// 'url'=>$a->get_baseurl() . '/network?f=&spam=1' +// 'url'=>$a->get_baseurl(true) . '/network?f=&spam=1' // 'sel'=> $spam_active, // ), @@ -248,7 +251,7 @@ function network_content(&$a, $update = 0) { $def_acl = array('allow_cid' => '<' . intval($cid) . '>'); if(! $update) { - if(group) { + if($group) { if(($t = group_public_members($group)) && (! get_pconfig(local_user(),'system','nowarn_insecure'))) { notice( sprintf( tt('Warning: This group contains %s member from an insecure network.', 'Warning: This group contains %s members from an insecure network.', @@ -299,7 +302,7 @@ function network_content(&$a, $update = 0) { if($update) killme(); notice( t('No such group') . EOL ); - goaway($a->get_baseurl() . '/network'); + goaway($a->get_baseurl(true) . '/network'); // NOTREACHED } @@ -331,7 +334,7 @@ function network_content(&$a, $update = 0) { } else { notice( t('Invalid contact.') . EOL); - goaway($a->get_baseurl() . '/network'); + goaway($a->get_baseurl(true) . '/network'); // NOTREACHED } } @@ -498,7 +501,9 @@ function network_content(&$a, $update = 0) { $items = conv_sort($items,$ordering); - } + } else { + $items = array(); + } } diff --git a/mod/notifications.php b/mod/notifications.php index 99031a1d5..d478b5163 100755 --- a/mod/notifications.php +++ b/mod/notifications.php @@ -42,12 +42,12 @@ function notifications_post(&$a) { intval(local_user()) ); } - goaway($a->get_baseurl() . '/notifications/intros'); + goaway($a->get_baseurl(true) . '/notifications/intros'); } if($_POST['submit'] == t('Ignore')) { $r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1", intval($intro_id)); - goaway($a->get_baseurl() . '/notifications/intros'); + goaway($a->get_baseurl(true) . '/notifications/intros'); } } } @@ -69,32 +69,32 @@ function notifications_content(&$a) { $tabs = array( array( 'label' => t('System'), - 'url'=>$a->get_baseurl() . '/notifications/system', + 'url'=>$a->get_baseurl(true) . '/notifications/system', 'sel'=> (($a->argv[1] == 'system') ? 'active' : ''), ), array( 'label' => t('Network'), - 'url'=>$a->get_baseurl() . '/notifications/network', + 'url'=>$a->get_baseurl(true) . '/notifications/network', 'sel'=> (($a->argv[1] == 'network') ? 'active' : ''), ), array( 'label' => t('Personal'), - 'url'=>$a->get_baseurl() . '/notifications/personal', + 'url'=>$a->get_baseurl(true) . '/notifications/personal', 'sel'=> (($a->argv[1] == 'personal') ? 'active' : ''), ), array( 'label' => t('Home'), - 'url' => $a->get_baseurl() . '/notifications/home', + 'url' => $a->get_baseurl(true) . '/notifications/home', 'sel'=> (($a->argv[1] == 'home') ? 'active' : ''), ), array( 'label' => t('Introductions'), - 'url' => $a->get_baseurl() . '/notifications/intros', + 'url' => $a->get_baseurl(true) . '/notifications/intros', 'sel'=> (($a->argv[1] == 'intros') ? 'active' : ''), ), array( 'label' => t('Messages'), - 'url' => $a->get_baseurl() . '/message', + 'url' => $a->get_baseurl(true) . '/message', 'sel'=> '', ), ); @@ -244,7 +244,7 @@ function notifications_content(&$a) { switch($it['verb']){ case ACTIVITY_LIKE: $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -253,7 +253,7 @@ function notifications_content(&$a) { case ACTIVITY_DISLIKE: $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -267,7 +267,7 @@ function notifications_content(&$a) { $it['fname'] = $obj->title; $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), '$item_when' => relative_date($it['created']) @@ -281,7 +281,7 @@ function notifications_content(&$a) { $tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments); $notif_content .= replace_macros($tpl,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => $item_text, '$item_when' => relative_date($it['created']) @@ -314,7 +314,7 @@ function notifications_content(&$a) { if (count($r) > 0) { foreach ($r as $it) { $notif_content .= replace_macros($not_tpl,array( - '$item_link' => $a->get_baseurl().'/notify/view/'. $it['id'], + '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'], '$item_image' => $it['photo'], '$item_text' => strip_tags(bbcode($it['msg'])), '$item_when' => relative_date($it['date']) @@ -334,7 +334,7 @@ function notifications_content(&$a) { $notif_tpl = get_markup_template('notifications.tpl'); - $myurl = $a->get_baseurl() . '/profile/'. $a->user['nickname']; + $myurl = $a->get_baseurl(true) . '/profile/'. $a->user['nickname']; $myurl = substr($myurl,strpos($myurl,'://')+3); $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); $diasp_url = str_replace('/profile/','/u/',$myurl); @@ -369,7 +369,7 @@ function notifications_content(&$a) { switch($it['verb']){ case ACTIVITY_LIKE: $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -378,7 +378,7 @@ function notifications_content(&$a) { case ACTIVITY_DISLIKE: $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -392,7 +392,7 @@ function notifications_content(&$a) { $it['fname'] = $obj->title; $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), '$item_when' => relative_date($it['created']) @@ -406,7 +406,7 @@ function notifications_content(&$a) { $tpl = (($it['id'] == $it['parent']) ? $tpl_item_posts : $tpl_item_comments); $notif_content .= replace_macros($tpl,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => $item_text, '$item_when' => relative_date($it['created']) @@ -456,7 +456,7 @@ function notifications_content(&$a) { switch($it['verb']){ case ACTIVITY_LIKE: $notif_content .= replace_macros($tpl_item_likes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s liked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -465,7 +465,7 @@ function notifications_content(&$a) { break; case ACTIVITY_DISLIKE: $notif_content .= replace_macros($tpl_item_dislikes,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s disliked %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) @@ -479,7 +479,7 @@ function notifications_content(&$a) { $it['fname'] = $obj->title; $notif_content .= replace_macros($tpl_item_friends,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s is now friends with %s"), $it['author-name'], $it['fname']), '$item_when' => relative_date($it['created']) @@ -488,7 +488,7 @@ function notifications_content(&$a) { break; default: $notif_content .= replace_macros($tpl_item_comments,array( - '$item_link' => $a->get_baseurl().'/display/'.$a->user['nickname']."/".$it['parent'], + '$item_link' => $a->get_baseurl(true).'/display/'.$a->user['nickname']."/".$it['parent'], '$item_image' => $it['author-avatar'], '$item_text' => sprintf( t("%s commented on %s's post"), $it['author-name'], $it['pname']), '$item_when' => relative_date($it['created']) diff --git a/mod/notify.php b/mod/notify.php index a572b1534..ae8273a1d 100644 --- a/mod/notify.php +++ b/mod/notify.php @@ -20,7 +20,7 @@ function notify_init(&$a) { goaway($r[0]['link']); } - goaway($a->get_baseurl()); + goaway($a->get_baseurl(true)); } if($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all' ) { @@ -51,7 +51,7 @@ function notify_content(&$a) { if (count($r) > 0) { foreach ($r as $it) { $notif_content .= replace_macros($not_tpl,array( - '$item_link' => $a->get_baseurl().'/notify/view/'. $it['id'], + '$item_link' => $a->get_baseurl(true).'/notify/view/'. $it['id'], '$item_image' => $it['photo'], '$item_text' => strip_tags(bbcode($it['msg'])), '$item_when' => relative_date($it['date']) diff --git a/mod/parse_url.php b/mod/parse_url.php index e0b378f68..27dac4d5d 100755 --- a/mod/parse_url.php +++ b/mod/parse_url.php @@ -188,7 +188,7 @@ function parse_url_content(&$a) { if(! $text) { logger('parsing meta'); - $items = $domhead->getElementsByTagName('meta'); + $items = (isset($domhead) && is_object($domhead) ? $domhead->getElementsByTagName('meta') : null); if($items) { foreach($items as $item) { $property = $item->getAttribute('property'); diff --git a/mod/photos.php b/mod/photos.php index e40ae0d74..b294f0a66 100755 --- a/mod/photos.php +++ b/mod/photos.php @@ -1081,6 +1081,17 @@ function photos_content(&$a) { } + if(! $cmd !== 'edit') { + $a->page['htmlhead'] .= '<script> + $(document).keydown(function(event) {' . "\n"; + + if($prevlink) + $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n"; + if($nextlink) + $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n"; + $a->page['htmlhead'] .= '});</script>'; + } + if($prevlink) $prevlink = array($prevlink, '<div class="icon prev"></div>') ; diff --git a/mod/profile_photo.php b/mod/profile_photo.php index e3dbdaf39..d1fd08eba 100755 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -15,11 +15,13 @@ function profile_photo_init(&$a) { function profile_photo_post(&$a) { - if(! local_user()) { - notice ( t('Permission denied.') . EOL ); - return; - } - + if(! local_user()) { + notice ( t('Permission denied.') . EOL ); + return; + } + + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) { // phase 2 - we have finished cropping @@ -148,7 +150,9 @@ function profile_photo_content(&$a) { notice( t('Permission denied.') . EOL ); return; }; - + + check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo'); + $resource_id = $a->argv[2]; //die(":".local_user()); $r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC", @@ -203,6 +207,7 @@ function profile_photo_content(&$a) { '$lbl_upfile' => t('Upload File:'), '$title' => t('Upload Profile Photo'), '$submit' => t('Upload'), + '$form_security_token' => get_form_security_token("profile_photo"), '$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . $a->get_baseurl() . '">' . t('skip this step') . '</a>' : '<a href="'. $a->get_baseurl() . '/photos/' . $a->user['nickname'] . '">' . t('select a photo from your photo albums') . '</a>') )); @@ -218,6 +223,7 @@ function profile_photo_content(&$a) { '$image_url' => $a->get_baseurl() . '/photo/' . $filename, '$title' => t('Crop Image'), '$desc' => t('Please adjust the image cropping for optimum viewing.'), + '$form_security_token' => get_form_security_token("profile_photo"), '$done' => t('Done Editing') )); return $o; diff --git a/mod/profiles.php b/mod/profiles.php index ccd7d5474..7b3b6ccc1 100755 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -21,6 +21,9 @@ function profiles_post(&$a) { notice( t('Profile not found.') . EOL); return; } + + check_form_security_token_redirectOnErr('/profiles', 'profile_edit'); + $is_default = (($orig[0]['is-default']) ? 1 : 0); $profile_name = notags(trim($_POST['profile_name'])); @@ -237,9 +240,11 @@ function profiles_content(&$a) { ); if(! count($r)) { notice( t('Profile not found.') . EOL); - goaway($a->get_baseurl() . '/profiles'); + goaway($a->get_baseurl(true) . '/profiles'); return; // NOTREACHED } + + check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't'); // move every contact using this profile as their default to the user default @@ -255,7 +260,7 @@ function profiles_content(&$a) { if($r) info( t('Profile deleted.') . EOL); - goaway($a->get_baseurl() . '/profiles'); + goaway($a->get_baseurl(true) . '/profiles'); return; // NOTREACHED } @@ -264,6 +269,8 @@ function profiles_content(&$a) { if(($a->argc > 1) && ($a->argv[1] === 'new')) { + + check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't'); $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d", intval(local_user())); @@ -290,11 +297,14 @@ function profiles_content(&$a) { info( t('New profile created.') . EOL); if(count($r3) == 1) - goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']); - goaway($a->get_baseurl() . '/profiles'); - } + goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']); + + goaway($a->get_baseurl(true) . '/profiles'); + } if(($a->argc > 2) && ($a->argv[1] === 'clone')) { + + check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't'); $r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d", intval(local_user())); @@ -329,10 +339,12 @@ function profiles_content(&$a) { ); info( t('New profile created.') . EOL); if(count($r3) == 1) - goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']); - goaway($a->get_baseurl() . '/profiles'); - return; // NOTREACHED - } + goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']); + + goaway($a->get_baseurl(true) . '/profiles'); + + return; // NOTREACHED + } if(($a->argc > 1) && (intval($a->argv[1]))) { @@ -361,7 +373,7 @@ function profiles_content(&$a) { )); - $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl())); + $a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true))); $a->page['htmlhead'] .= "<script type=\"text/javascript\" src=\"js/country.js\" ></script>"; $f = get_config('system','birthday_input_format'); @@ -371,6 +383,9 @@ function profiles_content(&$a) { $is_default = (($r[0]['is-default']) ? 1 : 0); $tpl = get_markup_template("profile_edit.tpl"); $o .= replace_macros($tpl,array( + '$form_security_token' => get_form_security_token("profile_edit"), + '$profile_clone_link' => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"), + '$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"), '$banner' => t('Edit Profile Details'), '$submit' => t('Submit'), '$viewprof' => t('View this profile'), @@ -410,7 +425,7 @@ function profiles_content(&$a) { '$lbl_work' => t('Work/employment'), '$lbl_school' => t('School/education'), '$disabled' => (($is_default) ? 'onclick="return false;" style="color: #BBBBFF;"' : ''), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$profile_id' => $r[0]['id'], '$profile_name' => $r[0]['profile-name'], '$default' => (($is_default) ? '<p id="profile-edit-default-desc">' . t('This is your <strong>public</strong> profile.<br />It <strong>may</strong> be visible to anybody using the internet.') . '</p>' : ""), @@ -460,7 +475,8 @@ function profiles_content(&$a) { $o .= replace_macros($tpl_header,array( '$header' => t('Edit/Manage Profiles'), '$chg_photo' => t('Change profile photo'), - '$cr_new' => t('Create New Profile') + '$cr_new' => t('Create New Profile'), + '$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new") )); @@ -473,7 +489,7 @@ function profiles_content(&$a) { '$alt' => t('Profile Image'), '$profile_name' => $rr['profile-name'], '$visible' => (($rr['is-default']) ? '<strong>' . t('visible to everybody') . '</strong>' - : '<a href="' . $a->get_baseurl() . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>') + : '<a href="' . $a->get_baseurl(true) . '/profperm/' . $rr['id'] . '" />' . t('Edit visibility') . '</a>') )); } } diff --git a/mod/settings.php b/mod/settings.php index 2ef582fdf..3a8ad29d2 100755 --- a/mod/settings.php +++ b/mod/settings.php @@ -53,16 +53,20 @@ function settings_post(&$a) { $old_page_flags = $a->user['page-flags']; if(($a->argc > 1) && ($a->argv[1] === 'oauth') && x($_POST,'remove')){ + check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); + $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); - goaway($a->get_baseurl()."/settings/oauth/"); + goaway($a->get_baseurl(true)."/settings/oauth/"); return; } if(($a->argc > 2) && ($a->argv[1] === 'oauth') && ($a->argv[2] === 'edit'||($a->argv[2] === 'add')) && x($_POST,'submit')) { + check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); + $name = ((x($_POST,'name')) ? $_POST['name'] : ''); $key = ((x($_POST,'key')) ? $_POST['key'] : ''); $secret = ((x($_POST,'secret')) ? $_POST['secret'] : ''); @@ -100,18 +104,23 @@ function settings_post(&$a) { local_user()); } } - goaway($a->get_baseurl()."/settings/oauth/"); + goaway($a->get_baseurl(true)."/settings/oauth/"); return; } if(($a->argc > 1) && ($a->argv[1] == 'addon')) { + check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon'); + call_hooks('plugin_settings_post', $_POST); return; } if(($a->argc > 1) && ($a->argv[1] == 'connectors')) { - - if(x($_POST['imap-submit'])) { + + check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors'); + + if(x($_POST, 'imap-submit')) { + $mail_server = ((x($_POST,'mail_server')) ? $_POST['mail_server'] : ''); $mail_port = ((x($_POST,'mail_port')) ? $_POST['mail_port'] : ''); $mail_ssl = ((x($_POST,'mail_ssl')) ? strtolower(trim($_POST['mail_ssl'])) : ''); @@ -185,7 +194,8 @@ function settings_post(&$a) { return; } - + check_form_security_token_redirectOnErr('/settings', 'settings'); + call_hooks('settings_post', $_POST); if((x($_POST,'npassword')) || (x($_POST,'confirm'))) { @@ -401,7 +411,7 @@ function settings_post(&$a) { } - goaway($a->get_baseurl() . '/settings' ); + goaway($a->get_baseurl(true) . '/settings' ); return; // NOTREACHED } @@ -425,27 +435,27 @@ function settings_content(&$a) { $tabs = array( array( 'label' => t('Account settings'), - 'url' => $a->get_baseurl().'/settings', + 'url' => $a->get_baseurl(true).'/settings', 'sel' => (($a->argc == 1)?'active':''), ), array( 'label' => t('Connector settings'), - 'url' => $a->get_baseurl().'/settings/connectors', + 'url' => $a->get_baseurl(true).'/settings/connectors', 'sel' => (($a->argc > 1) && ($a->argv[1] === 'connectors')?'active':''), ), array( 'label' => t('Plugin settings'), - 'url' => $a->get_baseurl().'/settings/addon', + 'url' => $a->get_baseurl(true).'/settings/addon', 'sel' => (($a->argc > 1) && ($a->argv[1] === 'addon')?'active':''), ), array( 'label' => t('Connections'), - 'url' => $a->get_baseurl() . '/settings/oauth', + 'url' => $a->get_baseurl(true) . '/settings/oauth', 'sel' => (($a->argc > 1) && ($a->argv[1] === 'oauth')?'active':''), ), array( 'label' => t('Export personal data'), - 'url' => $a->get_baseurl() . '/uexport', + 'url' => $a->get_baseurl(true) . '/uexport', 'sel' => '' ) ); @@ -460,6 +470,7 @@ function settings_content(&$a) { if(($a->argc > 2) && ($a->argv[2] === 'add')) { $tpl = get_markup_template("settings_oauth_edit.tpl"); $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth"), '$tabs' => $tabs, '$title' => t('Add application'), '$submit' => t('Submit'), @@ -486,6 +497,7 @@ function settings_content(&$a) { $tpl = get_markup_template("settings_oauth_edit.tpl"); $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_oauth"), '$tabs' => $tabs, '$title' => t('Add application'), '$submit' => t('Update'), @@ -500,10 +512,12 @@ function settings_content(&$a) { } if(($a->argc > 3) && ($a->argv[2] === 'delete')) { + check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't'); + $r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", dbesc($a->argv[3]), local_user()); - goaway($a->get_baseurl()."/settings/oauth/"); + goaway($a->get_baseurl(true)."/settings/oauth/"); return; } @@ -518,7 +532,8 @@ function settings_content(&$a) { $tpl = get_markup_template("settings_oauth.tpl"); $o .= replace_macros($tpl, array( - '$baseurl' => $a->get_baseurl(), + '$form_security_token' => get_form_security_token("settings_oauth"), + '$baseurl' => $a->get_baseurl(true), '$title' => t('Connected Apps'), '$add' => t('Add application'), '$edit' => t('Edit'), @@ -544,6 +559,7 @@ function settings_content(&$a) { $tpl = get_markup_template("settings_addons.tpl"); $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_addon"), '$title' => t('Plugin Settings'), '$tabs' => $tabs, '$settings_addons' => $settings_addons @@ -586,28 +602,28 @@ function settings_content(&$a) { $tpl = get_markup_template("settings_connectors.tpl"); $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_connectors"), + '$title' => t('Connector Settings'), '$tabs' => $tabs, - '$diasp_enabled' => $diasp_enabled, - '$ostat_enabled' => $ostat_enabled, - - '$h_imap' => t('Email/Mailbox Setup'), - '$imap_desc' => t("If you wish to communicate with email contacts using this service \x28optional\x29, please specify how to connect to your mailbox."), - '$imap_lastcheck' => array('imap_lastcheck', t('Last successful email check:'), $mail_chk,''), - '$mail_disabled' => (($mail_disabled) ? t('Email access is disabled on this site.') : ''), - '$mail_server' => array('mail_server', t('IMAP server name:'), $mail_server, ''), - '$mail_port' => array('mail_port', t('IMAP port:'), $mail_port, ''), - '$mail_ssl' => array('mail_ssl', t('Security:'), strtoupper($mail_ssl), '', array( ''=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')), - '$mail_user' => array('mail_user', t('Email login name:'), $mail_user, ''), - '$mail_pass' => array('mail_pass', t('Email password:'), '', ''), - '$mail_replyto' => array('mail_replyto', t('Reply-to address:'), '', 'Optional'), - '$mail_pubmail' => array('mail_pubmail', t('Send public posts to all email contacts:'), $mail_pubmail, ''), - '$mail_action' => array('mail_action', t('Action after import:'), $mail_action, '', array(0=>t('None'), 1=>t('Delete'), 2=>t('Mark as seen'), 3=>t('Move to folder'))), - '$mail_movetofolder' => array('mail_movetofolder', t('Move to folder:'), $mail_movetofolder, ''), - '$submit' => t('Submit'), - - + '$diasp_enabled' => $diasp_enabled, + '$ostat_enabled' => $ostat_enabled, + + '$h_imap' => t('Email/Mailbox Setup'), + '$imap_desc' => t("If you wish to communicate with email contacts using this service \x28optional\x29, please specify how to connect to your mailbox."), + '$imap_lastcheck' => array('imap_lastcheck', t('Last successful email check:'), $mail_chk,''), + '$mail_disabled' => (($mail_disabled) ? t('Email access is disabled on this site.') : ''), + '$mail_server' => array('mail_server', t('IMAP server name:'), $mail_server, ''), + '$mail_port' => array('mail_port', t('IMAP port:'), $mail_port, ''), + '$mail_ssl' => array('mail_ssl', t('Security:'), strtoupper($mail_ssl), '', array( ''=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')), + '$mail_user' => array('mail_user', t('Email login name:'), $mail_user, ''), + '$mail_pass' => array('mail_pass', t('Email password:'), '', ''), + '$mail_replyto' => array('mail_replyto', t('Reply-to address:'), '', 'Optional'), + '$mail_pubmail' => array('mail_pubmail', t('Send public posts to all email contacts:'), $mail_pubmail, ''), + '$mail_action' => array('mail_action', t('Action after import:'), $mail_action, '', array(0=>t('None'), 1=>t('Delete'), 2=>t('Mark as seen'), 3=>t('Move to folder'))), + '$mail_movetofolder' => array('mail_movetofolder', t('Move to folder:'), $mail_movetofolder, ''), + '$submit' => t('Submit'), '$settings_connectors' => $settings_connectors )); @@ -636,20 +652,20 @@ function settings_content(&$a) { $blocktags = $a->user['blocktags']; $expire_items = get_pconfig(local_user(), 'expire','items'); - $expire_items = (($expire_items===false)?1:$expire_items); // default if not set: 1 + $expire_items = (($expire_items===false)? '1' : $expire_items); // default if not set: 1 $expire_notes = get_pconfig(local_user(), 'expire','notes'); - $expire_notes = (($expire_notes===false)?1:$expire_notes); // default if not set: 1 + $expire_notes = (($expire_notes===false)? '1' : $expire_notes); // default if not set: 1 $expire_starred = get_pconfig(local_user(), 'expire','starred'); - $expire_starred = (($expire_starred===false)?1:$expire_starred); // default if not set: 1 + $expire_starred = (($expire_starred===false)? '1' : $expire_starred); // default if not set: 1 $expire_photos = get_pconfig(local_user(), 'expire','photos'); - $expire_photos = (($expire_photos===false)?0:$expire_photos); // default if not set: 0 + $expire_photos = (($expire_photos===false)? '0' : $expire_photos); // default if not set: 0 $suggestme = get_pconfig(local_user(), 'system','suggestme'); - $suggestme = (($suggestme===false)?0:$suggestme); // default if not set: 0 + $suggestme = (($suggestme===false)? '0': $suggestme); // default if not set: 0 $browser_update = intval(get_pconfig(local_user(), 'system','update_interval')); $browser_update = (($browser_update == 0) ? 40 : $browser_update / 1000); // default if not set: 40 seconds @@ -720,13 +736,13 @@ function settings_content(&$a) { )); $blockwall = replace_macros($opt_tpl,array( - '$field' => array('blockwall', t('Allow friends to post to your profile page?'), ! $a->user['blockwall'], '', array(t('No'),t('Yes'))), + '$field' => array('blockwall', t('Allow friends to post to your profile page?'), (intval($a->user['blockwall']) ? '0' : '1'), '', array(t('No'),t('Yes'))), )); $blocktags = replace_macros($opt_tpl,array( - '$field' => array('blocktags', t('Allow friends to tag your posts?'), ! $a->user['blocktags'], '', array(t('No'),t('Yes'))), + '$field' => array('blocktags', t('Allow friends to tag your posts?'), (intval($a->user['blocktags']) ? '0' : '1'), '', array(t('No'),t('Yes'))), )); @@ -773,7 +789,7 @@ function settings_content(&$a) { $theme_selected = (!x($_SESSION,'theme')? $default_theme : $_SESSION['theme']); - $subdir = ((strlen($a->get_path())) ? '<br />' . t('or') . ' ' . $a->get_baseurl() . '/profile/' . $nickname : ''); + $subdir = ((strlen($a->get_path())) ? '<br />' . t('or') . ' ' . $a->get_baseurl(true) . '/profile/' . $nickname : ''); $tpl_addr = get_markup_template("settings_nick_set.tpl"); @@ -803,8 +819,9 @@ function settings_content(&$a) { '$ptitle' => t('Account Settings'), '$submit' => t('Submit'), - '$baseurl' => $a->get_baseurl(), + '$baseurl' => $a->get_baseurl(true), '$uid' => local_user(), + '$form_security_token' => get_form_security_token("settings"), '$nickname_block' => $prof_addr, diff --git a/mod/share.php b/mod/share.php index f6c025e3c..47bb851a4 100755 --- a/mod/share.php +++ b/mod/share.php @@ -17,7 +17,7 @@ function share_init(&$a) { $o = ''; if(local_user() && intval(get_pconfig(local_user(),'system','plaintext'))) { - $o .= '♲ [url=' . $r[0]['author-link'] . ']' . $r[0]['author-name'] . '[/url]'; + $o .= "\xE2\x99\xb2" . ' [url=' . $r[0]['author-link'] . ']' . $r[0]['author-name'] . '[/url]' . "\n"; if($r[0]['title']) $o .= '[b]' . $r[0]['title'] . '[/b]' . "\n"; $o .= $r[0]['body'] . "\n"; |