aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/chat.php6
-rw-r--r--mod/getfile.php97
-rw-r--r--mod/help.php14
-rw-r--r--mod/notes.php12
-rw-r--r--mod/photos.php71
-rw-r--r--mod/wall_attach.php17
6 files changed, 177 insertions, 40 deletions
diff --git a/mod/chat.php b/mod/chat.php
index 75c364008..375d069be 100644
--- a/mod/chat.php
+++ b/mod/chat.php
@@ -208,6 +208,12 @@ function chat_content(&$a) {
$o = profile_tabs($a,((local_channel() && local_channel() == App::$profile['profile_uid']) ? true : false),App::$profile['channel_address']);
+ if(! feature_enabled(App::$profile['profile_uid'],'ajaxchat')) {
+ notice( t('Feature disabled.') . EOL);
+ return $o;
+ }
+
+
$acl = new Zotlabs\Access\AccessList($channel);
$channel_acl = $acl->get();
diff --git a/mod/getfile.php b/mod/getfile.php
new file mode 100644
index 000000000..c0916de79
--- /dev/null
+++ b/mod/getfile.php
@@ -0,0 +1,97 @@
+<?php
+
+/**
+ * module: getfile
+ *
+ * used for synchronising files and photos across clones
+ *
+ * The site initiating the file operation will send a sync packet to known clones.
+ * They will respond by building the DB structures they require, then will provide a
+ * post request to this site to grab the file data. This is sent as a stream direct to
+ * disk at the other end, avoiding memory issues.
+ *
+ * Since magic-auth cannot easily be used by the CURL process at the other end,
+ * we will require a signed request which includes a timestamp. This should not be
+ * used without SSL and is potentially vulnerable to replay if an attacker decrypts
+ * the SSL traffic fast enough. The amount of time slop is configurable but defaults
+ * to 3 minutes.
+ *
+ */
+
+
+
+require_once('include/Contact.php');
+require_once('include/attach.php');
+
+function getfile_post(&$a) {
+
+ $hash = $_POST['hash'];
+ $time = $_POST['time'];
+ $sig = $_POST['signature'];
+ $resource = $_POST['resource'];
+ $revision = intval($_POST['revision']);
+
+ if(! $hash)
+ killme();
+
+ $channel = channelx_by_hash($hash);
+
+ if((! $channel) || (! $time) || (! $sig))
+ killme();
+
+ $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop'));
+ if($slop < 1)
+ $slop = 3;
+
+ $d1 = datetime_convert('UTC','UTC',"now + $slop minutes");
+ $d2 = datetime_convert('UTC','UTC',"now - $slop minutes");
+
+ if(($time > $d1) || ($time < $d2)) {
+ logger('time outside allowable range');
+ killme();
+ }
+
+ if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) {
+ logger('verify failed.');
+ killme();
+ }
+
+
+ $r = attach_by_hash($resource,$revision);
+
+ if(! $r['success']) {
+ notice( $r['message'] . EOL);
+ return;
+ }
+
+
+ $unsafe_types = array('text/html','text/css','application/javascript');
+
+ if(in_array($r['data']['filetype'],$unsafe_types)) {
+ header('Content-type: text/plain');
+ }
+ else {
+ header('Content-type: ' . $r['data']['filetype']);
+ }
+
+ header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"');
+ if(intval($r['data']['os_storage'])) {
+ $fname = dbunescbin($r['data']['data']);
+ if(strpos($fname,'store') !== false)
+ $istream = fopen($fname,'rb');
+ else
+ $istream = fopen('store/' . $channel['channel_address'] . '/' . $fname,'rb');
+ $ostream = fopen('php://output','wb');
+ if($istream && $ostream) {
+ pipe_streams($istream,$ostream);
+ fclose($istream);
+ fclose($ostream);
+ }
+ }
+ else
+ echo dbunescbin($r['data']['data']);
+ killme();
+
+
+
+} \ No newline at end of file
diff --git a/mod/help.php b/mod/help.php
index a266dbf7f..fb0339cd9 100644
--- a/mod/help.php
+++ b/mod/help.php
@@ -84,7 +84,21 @@ function doc_rank_sort($s1,$s2) {
}
+function load_context_help() {
+
+ $path = App::$cmd;
+ $args = App::$argv;
+
+ while($path) {
+ $context_help = load_doc_file('doc/context/' . $path . '/help.html');
+ if($context_help)
+ break;
+ array_pop($args);
+ $path = implode($args,'/');
+ }
+ return $context_help;
+}
function store_doc_file($s) {
diff --git a/mod/notes.php b/mod/notes.php
index 4bb97fc9e..9bf37d0f9 100644
--- a/mod/notes.php
+++ b/mod/notes.php
@@ -6,8 +6,18 @@ function notes_init(&$a) {
return;
$ret = array('success' => true);
- if($_REQUEST['note_text'] || $_REQUEST['note_text'] == '') {
+ if(array_key_exists('note_text',$_REQUEST)) {
$body = escape_tags($_REQUEST['note_text']);
+
+ // I've had my notes vanish into thin air twice in four years.
+ // Provide a backup copy if there were contents previously
+ // and there are none being saved now.
+
+ if(! $body) {
+ $old_text = get_pconfig(local_channel(),'notes','text');
+ if($old_text)
+ set_pconfig(local_channel(),'notes','text.bak',$old_text);
+ }
set_pconfig(local_channel(),'notes','text',$body);
}
diff --git a/mod/photos.php b/mod/photos.php
index 0adbf752a..bf904db22 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -126,6 +126,34 @@ function photos_post(&$a) {
if($_REQUEST['dropalbum'] == t('Delete Album')) {
+
+ // This is dangerous because we combined file storage and photos into one interface
+ // This function will remove all photos from any directory with the same name since
+ // we have not passed the path value.
+
+ // The correct solution would be to use a full pathname from your storage root for 'album'
+ // We also need to prevent/block removing the storage root folder.
+
+ $folder_hash = '';
+
+ $r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'",
+ intval($page_owner_uid),
+ dbesc($album)
+ );
+ if(! $r) {
+ notice( t('Album not found.') . EOL);
+ return;
+ }
+ if(count($r) > 1) {
+ notice( t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL);
+ return;
+ }
+ else {
+ $folder_hash = $r[0]['hash'];
+ }
+
+
+
$res = array();
// get the list of photos we are about to delete
@@ -149,9 +177,6 @@ function photos_post(&$a) {
if($r) {
foreach($r as $i) {
attach_delete($page_owner_uid, $i['resource_id'], 1 );
- // This is now being done in attach_delete()
- // drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */);
- // proc_run('php','include/notifier.php','drop',$i['id']);
}
}
@@ -163,6 +188,15 @@ function photos_post(&$a) {
// @FIXME do the same for the linked attach
+ if($folder_hash) {
+ attach_delete($page_owner_uid,$folder_hash, 1);
+
+ $sync = attach_export_data(App::$data['channel'],$folder_hash, true);
+
+ if($sync)
+ build_sync_packet($page_owner_uid,array('file' => array($sync)));
+ }
+
}
goaway(z_root() . '/photos/' . App::$data['channel']['channel_address']);
@@ -183,23 +217,11 @@ function photos_post(&$a) {
);
if($r) {
-/*
- q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'",
- intval($page_owner_uid),
- dbesc($r[0]['resource_id'])
- );
-*/
attach_delete($page_owner_uid, $r[0]['resource_id'], 1 );
-/*
- $i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1",
- dbesc($r[0]['resource_id']),
- intval($page_owner_uid)
- );
- if(count($i)) {
- drop_item($i[0]['id'],true,DROPITEM_PHASE1);
- $url = z_root();
- }
-*/
+ $sync = attach_export_data(App::$data['channel'],$r[0]['resource_id'], true);
+
+ if($sync)
+ build_sync_packet($page_owner_uid,array('file' => array($sync)));
}
goaway(z_root() . '/photos/' . App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
@@ -218,7 +240,7 @@ function photos_post(&$a) {
$acl->set_from_array($_POST);
$perm = $acl->get();
- $resource_id = App::$argv[2];
+ $resource_id = argv(2);
if(! strlen($albname))
$albname = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y');
@@ -443,6 +465,11 @@ function photos_post(&$a) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
return; // NOTREACHED
+ $sync = attach_export_data(App::$data['channel'],$resource_id);
+
+ if($sync)
+ build_sync_packet($page_owner_uid,array('file' => array($sync)));
+
}
@@ -555,8 +582,8 @@ function photos_content(&$a) {
$o = "";
- $o .= "<script> var profile_uid = " . App::$profile['profile_uid']
- . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; </script>\r\n";
+ $o .= "<script> var profile_uid = " . App::$profile['profile_uid']
+ . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; </script>\r\n";
// tabs
diff --git a/mod/wall_attach.php b/mod/wall_attach.php
index 75786b479..7f054705f 100644
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -23,23 +23,6 @@ function wall_attach_post(&$a) {
$observer = App::get_observer();
-// if($_FILES['userfile']['tmp_name']) {
-// $x = @getimagesize($_FILES['userfile']['tmp_name']);
-// logger('getimagesize: ' . print_r($x,true), LOGGER_DATA);
-// if(($x) && ($x[2] === IMAGETYPE_GIF || $x[2] === IMAGETYPE_JPEG || $x[2] === IMAGETYPE_PNG)) {
-// $args = array( 'source' => 'editor', 'visible' => 0, 'contact_allow' => array($channel['channel_hash']));
-// $ret = photo_upload($channel,$observer,$args);
-// if($ret['success']) {
-// echo "\n\n" . $ret['body'] . "\n\n";
-// killme();
-// }
-// if($using_api)
-// return;
-// notice($ret['message']);
-// killme();
-// }
-// }
-
$def_album = get_pconfig($channel['channel_id'],'system','photo_path');
$def_attach = get_pconfig($channel['channel_id'],'system','attach_path');
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 22:40:10 +0000