aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/dirsearch.php20
-rw-r--r--mod/invite.php3
-rw-r--r--mod/item.php10
-rw-r--r--mod/magic.php19
-rw-r--r--mod/manage.php5
-rw-r--r--mod/message.php15
-rw-r--r--mod/page.php31
-rw-r--r--mod/photo.php7
-rw-r--r--mod/photos.php5
-rw-r--r--mod/ping.php2
-rw-r--r--mod/pubsites.php4
-rw-r--r--mod/removeme.php21
-rw-r--r--mod/rpost.php2
-rw-r--r--mod/siteinfo.php10
-rw-r--r--mod/webpages.php25
15 files changed, 128 insertions, 51 deletions
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index dcacef651..6315cae31 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -121,9 +121,10 @@ function dirsearch_content(&$a) {
else {
$qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage);
if($return_total) {
- $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d) and not ( xchan_flags & %d ) $safesql ",
+ $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql ",
intval(XCHAN_FLAGS_HIDDEN),
- intval(XCHAN_FLAGS_ORPHAN)
+ intval(XCHAN_FLAGS_ORPHAN),
+ intval(XCHAN_FLAGS_DELETED)
);
if($r) {
$ret['total_items'] = $r[0]['total'];
@@ -161,9 +162,10 @@ function dirsearch_content(&$a) {
}
else {
- $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ",
+ $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ",
intval(XCHAN_FLAGS_HIDDEN),
- intval(XCHAN_FLAGS_ORPHAN)
+ intval(XCHAN_FLAGS_ORPHAN),
+ intval(XCHAN_FLAGS_DELETED)
);
}
@@ -225,6 +227,8 @@ function list_public_sites() {
if($r) {
$ret['success'] = true;
$ret['sites'] = array();
+ $insecure = array();
+
foreach($r as $rr) {
if($rr['site_access'] == ACCESS_FREE)
@@ -243,7 +247,13 @@ function list_public_sites() {
else
$register = 'closed';
- $ret['sites'][] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location']);
+ if(strpos($rr['site_url'],'https://') !== false)
+ $ret['sites'][] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location']);
+ else
+ $insecure[] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location']);
+ }
+ if($insecure) {
+ $ret['sites'] = array_merge($ret['sites'],$insecure);
}
}
return $ret;
diff --git a/mod/invite.php b/mod/invite.php
index bceca4515..e23ed7d2a 100644
--- a/mod/invite.php
+++ b/mod/invite.php
@@ -142,13 +142,14 @@ function invite_content(&$a) {
'$default_message' => t('You are cordially invited to join me and some other close friends on the Red Matrix - a revolutionary new decentralised communication and information tool.') . "\r\n" . "\r\n"
. $linktxt
. (($invonly) ? "\r\n" . "\r\n" . t('You will need to supply this invitation code: $invite_code') . "\r\n" . "\r\n" : '')
-
. t('Please visit my channel at')
. "\r\n" . "\r\n"
. z_root() . "/channel/" . $channel['channel_address']
. "\r\n" . "\r\n"
. t('Once you have registered (on ANY Red Matrix site - they are all inter-connected), please connect with my Red Matrix channel address:')
. "\r\n" . "\r\n" . $ob['xchan_addr']
+ . "\r\n" . "\r\n" . t('Click the [Register] link on the following page to join.') . "\r\n" . "\r\n" . z_root()
+
. "\r\n" . "\r\n" . t('For more information about the Red Matrix Project and why it has the potential to change the internet as we know it, please visit http://getzot.com') . "\r\n" . "\r\n" ,
'$submit' => t('Submit')
));
diff --git a/mod/item.php b/mod/item.php
index be24d242c..b564c7545 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -412,12 +412,18 @@ function item_post(&$a) {
* now. So now we'll look for links of uploaded photos and attachments that are in the
* post and set them to the same permissions as the post itself.
*
+ * If the post was end-to-end encrypted we can't find images and attachments in the body,
+ * use our media_str input instead which only contains these elements - but only do this
+ * when encrypted content exists because the photo/attachment may have been removed from
+ * the post and we should keep it private. If it's encrypted we have no way of knowing
+ * so we'll set the permissions regardless and realise that the media may not be
+ * referenced in the post.
*/
if(! $preview) {
- fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],$body,$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
+ fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
- fix_attached_file_permissions($channel,$observer['xchan_hash'],$body,$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
+ fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
}
diff --git a/mod/magic.php b/mod/magic.php
index 44aa19ead..4794f86a8 100644
--- a/mod/magic.php
+++ b/mod/magic.php
@@ -6,6 +6,8 @@ function magic_init(&$a) {
logger('mod_magic: invoked', LOGGER_DEBUG);
+ logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA);
+
$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
$hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : '');
$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
@@ -31,10 +33,20 @@ function magic_init(&$a) {
if(count($b) >= 2) {
$u = $b[0] . '//' . $b[2];
+
$x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
- where hubloc_url = '%s' order by hubloc_id desc limit 1",
+ where hubloc_url = '%s' order by hubloc_id desc limit 5",
dbesc($u)
);
+
+ if($x) {
+ // They must have a valid hubloc_addr
+ while(! strpos($x[0]['hubloc_addr'],'@')) {
+ array_shift($x);
+ }
+ }
+
+
}
}
@@ -125,7 +137,10 @@ function magic_init(&$a) {
dbesc(datetime_convert())
);
- goaway($x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@'))
+ $target_url = $x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@')) ;
+ logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG);
+
+ goaway($target_url
. '/?f=&auth=' . $channel['channel_address'] . '@' . $a->get_hostname()
. '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION);
}
diff --git a/mod/manage.php b/mod/manage.php
index 27e45aa47..a2f65b271 100644
--- a/mod/manage.php
+++ b/mod/manage.php
@@ -36,8 +36,9 @@ function manage_content(&$a) {
$channels = null;
if(local_user()) {
- $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d order by channel_name ",
- intval(get_account_id())
+ $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ",
+ intval(get_account_id()),
+ intval(PAGE_REMOVED)
);
$selected_channel = null;
diff --git a/mod/message.php b/mod/message.php
index c03875e24..f992a6fa1 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -212,6 +212,12 @@ function message_content(&$a) {
$channel = $a->get_channel();
head_set_icon($channel['xchan_photo_s']);
+ $cipher = get_pconfig(local_user(),'system','default_cipher');
+ if(! $cipher)
+ $cipher = 'aes256';
+
+
+
$tpl = get_markup_template('mail_head.tpl');
$header = replace_macros($tpl, array(
'$messages' => t('Messages'),
@@ -328,6 +334,11 @@ function message_content(&$a) {
'$defexpire' => '',
'$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'),
'$expires' => t('Set expiration date'),
+ '$feature_encrypt' => ((feature_enabled(local_user(),'content_encrypt')) ? 'block' : 'none'),
+ '$encrypt' => t('Encrypt text'),
+ '$cipher' => $cipher,
+
+
));
return $o;
@@ -506,6 +517,10 @@ function message_content(&$a) {
'$defexpire' => '',
'$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'),
'$expires' => t('Set expiration date'),
+ '$feature_encrypt' => ((feature_enabled(local_user(),'content_encrypt')) ? 'block' : 'none'),
+ '$encrypt' => t('Encrypt text'),
+ '$cipher' => $cipher,
+
));
return $o;
diff --git a/mod/page.php b/mod/page.php
index 452341cb1..403016eb2 100644
--- a/mod/page.php
+++ b/mod/page.php
@@ -53,20 +53,38 @@ function page_content(&$a) {
else
$revision = " order by revision desc ";
+ require_once('include/security.php');
+ $sql_options = item_permissions_sql($u[0]['channel_id']);
$r = q("select item.* from item left join item_id on item.id = item_id.iid
where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and
- item_restrict = %d $revision limit 1",
+ item_restrict = %d $sql_options $revision limit 1",
intval($u[0]['channel_id']),
dbesc($page_id),
intval(ITEM_WEBPAGE)
);
if(! $r) {
- notice( t('Item not found.') . EOL);
+
+ // Check again with no permissions clause to see if it is a permissions issue
+
+ $x = q("select item.* from item left join item_id on item.id = item_id.iid
+ where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and
+ item_restrict = %d $revision limit 1",
+ intval($u[0]['channel_id']),
+ dbesc($page_id),
+ intval(ITEM_WEBPAGE)
+ );
+ if($x) {
+ // Yes, it's there. You just aren't allowed to see it.
+ notice( t('Permission denied.') . EOL);
+ }
+ else {
+ notice( t('Page not found.') . EOL);
+ }
return;
}
-dbg(1);
+
if($r[0]['layout_mid']) {
$l = q("select body from item where mid = '%s' and uid = %d limit 1",
dbesc($r[0]['layout_mid']),
@@ -78,12 +96,11 @@ dbg(1);
comanche_parser(get_app(),$l[0]['body']);
}
}
-dbg(0);
-logger('layout: ' . print_r($a->layout,true));
+ // logger('layout: ' . print_r($a->layout,true));
- // Use of widgets should be determined by Comanche, but we don't have it yet, so...
+ // Use of widgets should be determined by Comanche, but we don't have it on system pages yet, so...
if ($perms['write_pages']) {
$chan = $a->channel['channel_id'];
@@ -95,7 +112,7 @@ logger('layout: ' . print_r($a->layout,true));
xchan_query($r);
$r = fetch_post_tags($r,true);
- $o .= prepare_page($r[0]);
+ $o .= prepare_body($r[0],true);
return $o;
}
diff --git a/mod/photo.php b/mod/photo.php
index fffc15e53..3e86b02ba 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -112,17 +112,18 @@ function photo_init(&$a) {
// There won't be many completely unauthorised people seeing this because
// they won't have the photo link, so there's a reasonable chance that the person
// might be able to obtain permission to view it.
-
+
$r = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `scale` = %d LIMIT 1",
dbesc($photo),
intval($resolution)
);
+
if($r) {
- logger('mod_photo: forbidden. ' . $a->query_string());
+ logger('mod_photo: forbidden. ' . $a->query_string);
$observer = $a->get_observer();
logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)'));
$data = file_get_contents('images/nosign.png');
- $mimetype = 'image/jpeg';
+ $mimetype = 'image/png';
$prvcachecontrol = true;
}
}
diff --git a/mod/photos.php b/mod/photos.php
index fe5777fe9..43c74851a 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -42,7 +42,7 @@ function photos_init(&$a) {
$a->set_widget('photo_albums',photos_album_widget($a->data['channel'],$observer,$a->data['albums']));
}
- $a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "';</script>" ;
+ $a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "'; var profile_uid = " . (($a->data['channel']) ? $a->data['channel']['channel_id'] : 0) . "; </script>" ;
}
@@ -1079,7 +1079,8 @@ function photos_content(&$a) {
'$comment' => t('Comment'),
'$submit' => t('Submit'),
'$preview' => t('Preview'),
- '$ww' => ''
+ '$ww' => '',
+ '$feature_encrypt' => false
));
}
}
diff --git a/mod/ping.php b/mod/ping.php
index 76d84d0e4..414f06e53 100644
--- a/mod/ping.php
+++ b/mod/ping.php
@@ -253,7 +253,7 @@ function ping_init(&$a) {
$result[] = array(
- 'notify_link' => $a->get_baseurl() . '/events/event/' . $rr['event_hash'],
+ 'notify_link' => $a->get_baseurl() . '/events', // FIXME this takes you to an edit page and it may not be yours, we really want to just view the single event --> '/events/event/' . $rr['event_hash'],
'name' => $rr['xchan_name'],
'url' => $rr['xchan_url'],
'photo' => $rr['xchan_photo_s'],
diff --git a/mod/pubsites.php b/mod/pubsites.php
index 0441f928b..c15ba31ac 100644
--- a/mod/pubsites.php
+++ b/mod/pubsites.php
@@ -22,7 +22,7 @@ function pubsites_content(&$a) {
$o .= '<h1>' . t('Public Sites') . '</h1>';
$o .= '<div class="descriptive-text">' .
- t('The listed sites allow public registration into the Red Matrix. All sites in the matrix are interlinked so membership on any of them conveys membership in the matrix as a whole. Some sites may require subscription or provide tiered service plans. The provider links may provide additional details.') . '</div>' . EOL;
+ t('The listed sites allow public registration into the Red Matrix. All sites in the matrix are interlinked so membership on any of them conveys membership in the matrix as a whole. Some sites may require subscription or provide tiered service plans. The provider links <strong>may</strong> provide additional details.') . '</div>' . EOL;
$ret = z_fetch_url($url);
if($ret['success']) {
@@ -30,7 +30,7 @@ function pubsites_content(&$a) {
if($j) {
$o .= '<table border="1"><tr><td>' . t('Site URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td><td>' . t('Location') . '</td></tr>';
foreach($j['sites'] as $jj) {
- $o .= '<tr><td>' . '<a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url']) . '" >' . $jj['url'] . '</a>' . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><td>' . $jj['location'] . '</td></tr>';
+ $o .= '<tr><td>' . '<a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url'] . '/register' ) . '" >' . $jj['url'] . '</a>' . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><td>' . $jj['location'] . '</td></tr>';
}
$o .= '</table>';
diff --git a/mod/removeme.php b/mod/removeme.php
index ee88bd76a..7af4719bd 100644
--- a/mod/removeme.php
+++ b/mod/removeme.php
@@ -17,13 +17,17 @@ function removeme_post(&$a) {
if($_POST['verify'] !== $_SESSION['remove_account_verify'])
return;
- $encrypted = hash('whirlpool',trim($_POST['qxz_password']));
- if((strlen($a->user['password'])) && ($encrypted === $a->user['password'])) {
- require_once('include/Contact.php');
- user_remove($a->user['uid']);
- // NOTREACHED
- }
+ $account = $a->get_account();
+
+ if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+ return;
+
+ require_once('include/Contact.php');
+
+ $global_remove = intval($_POST['global']);
+
+ channel_remove(local_user(),1 - $global_remove);
}
@@ -42,9 +46,10 @@ function removeme_content(&$a) {
$o .= replace_macros($tpl, array(
'$basedir' => $a->get_baseurl(),
'$hash' => $hash,
- '$title' => t('Remove My Account'),
- '$desc' => t('This will completely remove your account. Once this has been done it is not recoverable.'),
+ '$title' => t('Remove This Channel'),
+ '$desc' => t('This will completely remove this channel from the network. Once this has been done it is not recoverable.'),
'$passwd' => t('Please enter your password for verification:'),
+ '$global' => array('global', t('Remove this channel and all its clones from the network'), false, t('By default only the instance of the channel located on this hub will be removed from the network')),
'$submit' => t('Remove My Account')
));
diff --git a/mod/rpost.php b/mod/rpost.php
index 820799218..8e01ef5d4 100644
--- a/mod/rpost.php
+++ b/mod/rpost.php
@@ -17,6 +17,7 @@ require_once('include/zot.php');
* f= placeholder, often required
* title= Title of post
* body= Body of post
+ * source= Source application
* remote_return= absolute URL to return after posting is finished
* type= choices are 'html' or 'bbcode', default is 'bbcode'
*
@@ -107,6 +108,7 @@ function rpost_content(&$a) {
'profile_uid' => local_user(),
'title' => $_REQUEST['title'],
'body' => $_REQUEST['body'],
+ 'source' => ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''),
'return_path' => 'rpost/return'
);
diff --git a/mod/siteinfo.php b/mod/siteinfo.php
index f2f444fac..a64b5df20 100644
--- a/mod/siteinfo.php
+++ b/mod/siteinfo.php
@@ -79,14 +79,14 @@ function siteinfo_content(&$a) {
$o = replace_macros(get_markup_template('siteinfo.tpl'), array(
'$title' => t('Red'),
- '$description' => t('This is Red - another decentralized, distributed communications project by the folks at Friendica.'),
+ '$description' => t('This is a hub of the Red Matrix - a global cooperative network of decentralised privacy enhanced websites.'),
'$version' => $version,
'$web_location' => t('Running at web location') . ' ' . z_root(),
- '$visit' => t('Please visit <a href="http://friendica.com">Friendica.com</a> to learn more about the Friendica and/or Red project.'),
+ '$visit' => t('Please visit <a href="http://getzot.com">GetZot.com</a> to learn more about the Red Matrix.'),
'$bug_text' => t('Bug reports and issues: please visit'),
- '$bug_link_url' => 'http://bugs.friendica.com',
- '$bug_link_text' => 'Bugs.Friendica.com',
- '$contact' => t('Suggestions, praise, donations, etc. - please email "Info" at Friendica - dot com'),
+ '$bug_link_url' => 'https://github.com/friendica/red/issues',
+ '$bug_link_text' => 'redmatrix issues',
+ '$contact' => t('Suggestions, praise, donations, etc. - please email "redmatrix" at librelist - dot com'),
'$plugins_text' => $plugins_text,
'$plugins_list' => $plugins_list
));
diff --git a/mod/webpages.php b/mod/webpages.php
index 2c5728531..5257bc91d 100644
--- a/mod/webpages.php
+++ b/mod/webpages.php
@@ -57,13 +57,16 @@ function webpages_content(&$a) {
// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages
// Nickname is set to the observers xchan, and profile_uid to the owners. This lets you post pages at other people's channels.
-require_once ('include/conversation.php');
+ require_once ('include/conversation.php');
+ require_once('include/acl_selectors.php');
+
$x = array(
'webpage' => ITEM_WEBPAGE,
'is_owner' => true,
'nickname' => $a->profile['channel_address'],
'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
'bang' => (($group || $cid) ? '!' : ''),
+ 'acl' => ((local_user() && local_user() == $owner) ? populate_acl($a->get_channel()) : ''),
'visitor' => 'block',
'profile_uid' => intval($owner),
'mimetype' => $mimetype,
@@ -76,18 +79,18 @@ require_once ('include/conversation.php');
//Get a list of webpages. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link.
//TODO - this should be replaced with pagelist_widget
-$r = q("select * from item_id where uid = %d and service = 'WEBPAGE' order by sid asc",
- intval($owner)
-);
+ $r = q("select item_id.* from item_id left join item on item_id.iid = item.id where item_id.uid = %d and service = 'WEBPAGE' order by item.created desc",
+ intval($owner)
+ );
- $pages = null;
+ $pages = null;
- if($r) {
- $pages = array();
- foreach($r as $rr) {
- $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']);
- }
- }
+ if($r) {
+ $pages = array();
+ foreach($r as $rr) {
+ $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']);
+ }
+ }
//Build the base URL for edit links
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-20 19:57:53 +0000