diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/dirsearch.php | 20 | ||||
-rw-r--r-- | mod/invite.php | 3 | ||||
-rw-r--r-- | mod/item.php | 10 | ||||
-rw-r--r-- | mod/magic.php | 19 | ||||
-rw-r--r-- | mod/manage.php | 5 | ||||
-rw-r--r-- | mod/message.php | 15 | ||||
-rw-r--r-- | mod/page.php | 31 | ||||
-rw-r--r-- | mod/photo.php | 7 | ||||
-rw-r--r-- | mod/photos.php | 5 | ||||
-rw-r--r-- | mod/ping.php | 2 | ||||
-rw-r--r-- | mod/pubsites.php | 4 | ||||
-rw-r--r-- | mod/removeme.php | 21 | ||||
-rw-r--r-- | mod/rpost.php | 2 | ||||
-rw-r--r-- | mod/siteinfo.php | 10 | ||||
-rw-r--r-- | mod/webpages.php | 25 |
15 files changed, 128 insertions, 51 deletions
diff --git a/mod/dirsearch.php b/mod/dirsearch.php index dcacef651..6315cae31 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -121,9 +121,10 @@ function dirsearch_content(&$a) { else { $qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage); if($return_total) { - $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d) and not ( xchan_flags & %d ) $safesql ", + $r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql ", intval(XCHAN_FLAGS_HIDDEN), - intval(XCHAN_FLAGS_ORPHAN) + intval(XCHAN_FLAGS_ORPHAN), + intval(XCHAN_FLAGS_DELETED) ); if($r) { $ret['total_items'] = $r[0]['total']; @@ -161,9 +162,10 @@ function dirsearch_content(&$a) { } else { - $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ", + $r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where ( $logic $sql_extra ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) and not ( xchan_flags & %d ) $safesql $order $qlimit ", intval(XCHAN_FLAGS_HIDDEN), - intval(XCHAN_FLAGS_ORPHAN) + intval(XCHAN_FLAGS_ORPHAN), + intval(XCHAN_FLAGS_DELETED) ); } @@ -225,6 +227,8 @@ function list_public_sites() { if($r) { $ret['success'] = true; $ret['sites'] = array(); + $insecure = array(); + foreach($r as $rr) { if($rr['site_access'] == ACCESS_FREE) @@ -243,7 +247,13 @@ function list_public_sites() { else $register = 'closed'; - $ret['sites'][] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location']); + if(strpos($rr['site_url'],'https://') !== false) + $ret['sites'][] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location']); + else + $insecure[] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location']); + } + if($insecure) { + $ret['sites'] = array_merge($ret['sites'],$insecure); } } return $ret; diff --git a/mod/invite.php b/mod/invite.php index bceca4515..e23ed7d2a 100644 --- a/mod/invite.php +++ b/mod/invite.php @@ -142,13 +142,14 @@ function invite_content(&$a) { '$default_message' => t('You are cordially invited to join me and some other close friends on the Red Matrix - a revolutionary new decentralised communication and information tool.') . "\r\n" . "\r\n" . $linktxt . (($invonly) ? "\r\n" . "\r\n" . t('You will need to supply this invitation code: $invite_code') . "\r\n" . "\r\n" : '') - . t('Please visit my channel at') . "\r\n" . "\r\n" . z_root() . "/channel/" . $channel['channel_address'] . "\r\n" . "\r\n" . t('Once you have registered (on ANY Red Matrix site - they are all inter-connected), please connect with my Red Matrix channel address:') . "\r\n" . "\r\n" . $ob['xchan_addr'] + . "\r\n" . "\r\n" . t('Click the [Register] link on the following page to join.') . "\r\n" . "\r\n" . z_root() + . "\r\n" . "\r\n" . t('For more information about the Red Matrix Project and why it has the potential to change the internet as we know it, please visit http://getzot.com') . "\r\n" . "\r\n" , '$submit' => t('Submit') )); diff --git a/mod/item.php b/mod/item.php index be24d242c..b564c7545 100644 --- a/mod/item.php +++ b/mod/item.php @@ -412,12 +412,18 @@ function item_post(&$a) { * now. So now we'll look for links of uploaded photos and attachments that are in the * post and set them to the same permissions as the post itself. * + * If the post was end-to-end encrypted we can't find images and attachments in the body, + * use our media_str input instead which only contains these elements - but only do this + * when encrypted content exists because the photo/attachment may have been removed from + * the post and we should keep it private. If it's encrypted we have no way of knowing + * so we'll set the permissions regardless and realise that the media may not be + * referenced in the post. */ if(! $preview) { - fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],$body,$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); + fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); - fix_attached_file_permissions($channel,$observer['xchan_hash'],$body,$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); + fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny); } diff --git a/mod/magic.php b/mod/magic.php index 44aa19ead..4794f86a8 100644 --- a/mod/magic.php +++ b/mod/magic.php @@ -6,6 +6,8 @@ function magic_init(&$a) { logger('mod_magic: invoked', LOGGER_DEBUG); + logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA); + $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); $hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : ''); $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); @@ -31,10 +33,20 @@ function magic_init(&$a) { if(count($b) >= 2) { $u = $b[0] . '//' . $b[2]; + $x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash - where hubloc_url = '%s' order by hubloc_id desc limit 1", + where hubloc_url = '%s' order by hubloc_id desc limit 5", dbesc($u) ); + + if($x) { + // They must have a valid hubloc_addr + while(! strpos($x[0]['hubloc_addr'],'@')) { + array_shift($x); + } + } + + } } @@ -125,7 +137,10 @@ function magic_init(&$a) { dbesc(datetime_convert()) ); - goaway($x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@')) + $target_url = $x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@')) ; + logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); + + goaway($target_url . '/?f=&auth=' . $channel['channel_address'] . '@' . $a->get_hostname() . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION); } diff --git a/mod/manage.php b/mod/manage.php index 27e45aa47..a2f65b271 100644 --- a/mod/manage.php +++ b/mod/manage.php @@ -36,8 +36,9 @@ function manage_content(&$a) { $channels = null; if(local_user()) { - $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d order by channel_name ", - intval(get_account_id()) + $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", + intval(get_account_id()), + intval(PAGE_REMOVED) ); $selected_channel = null; diff --git a/mod/message.php b/mod/message.php index c03875e24..f992a6fa1 100644 --- a/mod/message.php +++ b/mod/message.php @@ -212,6 +212,12 @@ function message_content(&$a) { $channel = $a->get_channel(); head_set_icon($channel['xchan_photo_s']); + $cipher = get_pconfig(local_user(),'system','default_cipher'); + if(! $cipher) + $cipher = 'aes256'; + + + $tpl = get_markup_template('mail_head.tpl'); $header = replace_macros($tpl, array( '$messages' => t('Messages'), @@ -328,6 +334,11 @@ function message_content(&$a) { '$defexpire' => '', '$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'), '$expires' => t('Set expiration date'), + '$feature_encrypt' => ((feature_enabled(local_user(),'content_encrypt')) ? 'block' : 'none'), + '$encrypt' => t('Encrypt text'), + '$cipher' => $cipher, + + )); return $o; @@ -506,6 +517,10 @@ function message_content(&$a) { '$defexpire' => '', '$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'), '$expires' => t('Set expiration date'), + '$feature_encrypt' => ((feature_enabled(local_user(),'content_encrypt')) ? 'block' : 'none'), + '$encrypt' => t('Encrypt text'), + '$cipher' => $cipher, + )); return $o; diff --git a/mod/page.php b/mod/page.php index 452341cb1..403016eb2 100644 --- a/mod/page.php +++ b/mod/page.php @@ -53,20 +53,38 @@ function page_content(&$a) { else $revision = " order by revision desc "; + require_once('include/security.php'); + $sql_options = item_permissions_sql($u[0]['channel_id']); $r = q("select item.* from item left join item_id on item.id = item_id.iid where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and - item_restrict = %d $revision limit 1", + item_restrict = %d $sql_options $revision limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE) ); if(! $r) { - notice( t('Item not found.') . EOL); + + // Check again with no permissions clause to see if it is a permissions issue + + $x = q("select item.* from item left join item_id on item.id = item_id.iid + where item.uid = %d and sid = '%s' and service = 'WEBPAGE' and + item_restrict = %d $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), + intval(ITEM_WEBPAGE) + ); + if($x) { + // Yes, it's there. You just aren't allowed to see it. + notice( t('Permission denied.') . EOL); + } + else { + notice( t('Page not found.') . EOL); + } return; } -dbg(1); + if($r[0]['layout_mid']) { $l = q("select body from item where mid = '%s' and uid = %d limit 1", dbesc($r[0]['layout_mid']), @@ -78,12 +96,11 @@ dbg(1); comanche_parser(get_app(),$l[0]['body']); } } -dbg(0); -logger('layout: ' . print_r($a->layout,true)); + // logger('layout: ' . print_r($a->layout,true)); - // Use of widgets should be determined by Comanche, but we don't have it yet, so... + // Use of widgets should be determined by Comanche, but we don't have it on system pages yet, so... if ($perms['write_pages']) { $chan = $a->channel['channel_id']; @@ -95,7 +112,7 @@ logger('layout: ' . print_r($a->layout,true)); xchan_query($r); $r = fetch_post_tags($r,true); - $o .= prepare_page($r[0]); + $o .= prepare_body($r[0],true); return $o; } diff --git a/mod/photo.php b/mod/photo.php index fffc15e53..3e86b02ba 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -112,17 +112,18 @@ function photo_init(&$a) { // There won't be many completely unauthorised people seeing this because // they won't have the photo link, so there's a reasonable chance that the person // might be able to obtain permission to view it. - + $r = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `scale` = %d LIMIT 1", dbesc($photo), intval($resolution) ); + if($r) { - logger('mod_photo: forbidden. ' . $a->query_string()); + logger('mod_photo: forbidden. ' . $a->query_string); $observer = $a->get_observer(); logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)')); $data = file_get_contents('images/nosign.png'); - $mimetype = 'image/jpeg'; + $mimetype = 'image/png'; $prvcachecontrol = true; } } diff --git a/mod/photos.php b/mod/photos.php index fe5777fe9..43c74851a 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -42,7 +42,7 @@ function photos_init(&$a) { $a->set_widget('photo_albums',photos_album_widget($a->data['channel'],$observer,$a->data['albums'])); } - $a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "';</script>" ; + $a->page['htmlhead'] .= "<script> var ispublic = '" . t('everybody') . "'; var profile_uid = " . (($a->data['channel']) ? $a->data['channel']['channel_id'] : 0) . "; </script>" ; } @@ -1079,7 +1079,8 @@ function photos_content(&$a) { '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), - '$ww' => '' + '$ww' => '', + '$feature_encrypt' => false )); } } diff --git a/mod/ping.php b/mod/ping.php index 76d84d0e4..414f06e53 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -253,7 +253,7 @@ function ping_init(&$a) { $result[] = array( - 'notify_link' => $a->get_baseurl() . '/events/event/' . $rr['event_hash'], + 'notify_link' => $a->get_baseurl() . '/events', // FIXME this takes you to an edit page and it may not be yours, we really want to just view the single event --> '/events/event/' . $rr['event_hash'], 'name' => $rr['xchan_name'], 'url' => $rr['xchan_url'], 'photo' => $rr['xchan_photo_s'], diff --git a/mod/pubsites.php b/mod/pubsites.php index 0441f928b..c15ba31ac 100644 --- a/mod/pubsites.php +++ b/mod/pubsites.php @@ -22,7 +22,7 @@ function pubsites_content(&$a) { $o .= '<h1>' . t('Public Sites') . '</h1>'; $o .= '<div class="descriptive-text">' . - t('The listed sites allow public registration into the Red Matrix. All sites in the matrix are interlinked so membership on any of them conveys membership in the matrix as a whole. Some sites may require subscription or provide tiered service plans. The provider links may provide additional details.') . '</div>' . EOL; + t('The listed sites allow public registration into the Red Matrix. All sites in the matrix are interlinked so membership on any of them conveys membership in the matrix as a whole. Some sites may require subscription or provide tiered service plans. The provider links <strong>may</strong> provide additional details.') . '</div>' . EOL; $ret = z_fetch_url($url); if($ret['success']) { @@ -30,7 +30,7 @@ function pubsites_content(&$a) { if($j) { $o .= '<table border="1"><tr><td>' . t('Site URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td><td>' . t('Location') . '</td></tr>'; foreach($j['sites'] as $jj) { - $o .= '<tr><td>' . '<a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url']) . '" >' . $jj['url'] . '</a>' . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><td>' . $jj['location'] . '</td></tr>'; + $o .= '<tr><td>' . '<a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url'] . '/register' ) . '" >' . $jj['url'] . '</a>' . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><td>' . $jj['location'] . '</td></tr>'; } $o .= '</table>'; diff --git a/mod/removeme.php b/mod/removeme.php index ee88bd76a..7af4719bd 100644 --- a/mod/removeme.php +++ b/mod/removeme.php @@ -17,13 +17,17 @@ function removeme_post(&$a) { if($_POST['verify'] !== $_SESSION['remove_account_verify']) return; - $encrypted = hash('whirlpool',trim($_POST['qxz_password'])); - if((strlen($a->user['password'])) && ($encrypted === $a->user['password'])) { - require_once('include/Contact.php'); - user_remove($a->user['uid']); - // NOTREACHED - } + $account = $a->get_account(); + + if(! account_verify_password($account['account_email'],$_POST['qxz_password'])) + return; + + require_once('include/Contact.php'); + + $global_remove = intval($_POST['global']); + + channel_remove(local_user(),1 - $global_remove); } @@ -42,9 +46,10 @@ function removeme_content(&$a) { $o .= replace_macros($tpl, array( '$basedir' => $a->get_baseurl(), '$hash' => $hash, - '$title' => t('Remove My Account'), - '$desc' => t('This will completely remove your account. Once this has been done it is not recoverable.'), + '$title' => t('Remove This Channel'), + '$desc' => t('This will completely remove this channel from the network. Once this has been done it is not recoverable.'), '$passwd' => t('Please enter your password for verification:'), + '$global' => array('global', t('Remove this channel and all its clones from the network'), false, t('By default only the instance of the channel located on this hub will be removed from the network')), '$submit' => t('Remove My Account') )); diff --git a/mod/rpost.php b/mod/rpost.php index 820799218..8e01ef5d4 100644 --- a/mod/rpost.php +++ b/mod/rpost.php @@ -17,6 +17,7 @@ require_once('include/zot.php'); * f= placeholder, often required * title= Title of post * body= Body of post + * source= Source application * remote_return= absolute URL to return after posting is finished * type= choices are 'html' or 'bbcode', default is 'bbcode' * @@ -107,6 +108,7 @@ function rpost_content(&$a) { 'profile_uid' => local_user(), 'title' => $_REQUEST['title'], 'body' => $_REQUEST['body'], + 'source' => ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''), 'return_path' => 'rpost/return' ); diff --git a/mod/siteinfo.php b/mod/siteinfo.php index f2f444fac..a64b5df20 100644 --- a/mod/siteinfo.php +++ b/mod/siteinfo.php @@ -79,14 +79,14 @@ function siteinfo_content(&$a) { $o = replace_macros(get_markup_template('siteinfo.tpl'), array( '$title' => t('Red'), - '$description' => t('This is Red - another decentralized, distributed communications project by the folks at Friendica.'), + '$description' => t('This is a hub of the Red Matrix - a global cooperative network of decentralised privacy enhanced websites.'), '$version' => $version, '$web_location' => t('Running at web location') . ' ' . z_root(), - '$visit' => t('Please visit <a href="http://friendica.com">Friendica.com</a> to learn more about the Friendica and/or Red project.'), + '$visit' => t('Please visit <a href="http://getzot.com">GetZot.com</a> to learn more about the Red Matrix.'), '$bug_text' => t('Bug reports and issues: please visit'), - '$bug_link_url' => 'http://bugs.friendica.com', - '$bug_link_text' => 'Bugs.Friendica.com', - '$contact' => t('Suggestions, praise, donations, etc. - please email "Info" at Friendica - dot com'), + '$bug_link_url' => 'https://github.com/friendica/red/issues', + '$bug_link_text' => 'redmatrix issues', + '$contact' => t('Suggestions, praise, donations, etc. - please email "redmatrix" at librelist - dot com'), '$plugins_text' => $plugins_text, '$plugins_list' => $plugins_list )); diff --git a/mod/webpages.php b/mod/webpages.php index 2c5728531..5257bc91d 100644 --- a/mod/webpages.php +++ b/mod/webpages.php @@ -57,13 +57,16 @@ function webpages_content(&$a) { // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages // Nickname is set to the observers xchan, and profile_uid to the owners. This lets you post pages at other people's channels. -require_once ('include/conversation.php'); + require_once ('include/conversation.php'); + require_once('include/acl_selectors.php'); + $x = array( 'webpage' => ITEM_WEBPAGE, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), 'bang' => (($group || $cid) ? '!' : ''), + 'acl' => ((local_user() && local_user() == $owner) ? populate_acl($a->get_channel()) : ''), 'visitor' => 'block', 'profile_uid' => intval($owner), 'mimetype' => $mimetype, @@ -76,18 +79,18 @@ require_once ('include/conversation.php'); //Get a list of webpages. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. //TODO - this should be replaced with pagelist_widget -$r = q("select * from item_id where uid = %d and service = 'WEBPAGE' order by sid asc", - intval($owner) -); + $r = q("select item_id.* from item_id left join item on item_id.iid = item.id where item_id.uid = %d and service = 'WEBPAGE' order by item.created desc", + intval($owner) + ); - $pages = null; + $pages = null; - if($r) { - $pages = array(); - foreach($r as $rr) { - $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); - } - } + if($r) { + $pages = array(); + foreach($r as $rr) { + $pages[$rr['iid']][] = array('url' => $rr['iid'],'title' => $rr['sid']); + } + } //Build the base URL for edit links |